1. 29 Oct, 2007 3 commits
  2. 28 Oct, 2007 1 commit
    • David Zeuthen's avatar
      rewrite authorization database and polkit-grant (now known as polkit-auth) · bed2fe1c
      David Zeuthen authored
      Also,
      
       - Rename polkit-list-actions to polkit-action.
       - Add a bash completion script to the polkit commandline tools.
      
      Authorizations are no longer world-readable. So for this to work with
      hal you now need to do this as root
      
       # polkit-auth --user haldaemon --grant org.freedesktop.policykit.read
      
      Distributions needs to do this in the %post scripts or similar.
      
      Sorry for this huge monster patch.
      bed2fe1c
  3. 23 Oct, 2007 4 commits
  4. 22 Oct, 2007 2 commits
  5. 21 Oct, 2007 3 commits
  6. 18 Oct, 2007 1 commit
  7. 13 Oct, 2007 3 commits
  8. 11 Oct, 2007 1 commit
  9. 27 Sep, 2007 3 commits
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      don't fail on unknown XML tags, just skip them · b420cc51
      David Zeuthen authored
      This change will futureproof libpolkit for extensions; e.g. if there's
      an OS upgrade where
      
       a) the PolicyKit package is upgraded to a version where support for a
          new tag <allow_foo> is added; and
      
       b) another package, using PolicyKit, is upgraded dropping a .policy
          file using the new <allow_foo> tag; then
      
      existing running processes using libpolkit will not fail. They will,
      however, not honor the new tags until the daemon process itself is
      restarted using e.g. condrestart.
      
      We also log to the system logger whenever we encouter unknown tags.
      b420cc51
    • David Zeuthen's avatar
      implement <allow_any> to specify default answer for any user · 4714fe72
      David Zeuthen authored
      This is useful in instances where the OS vendor wants to allow any
      user, even remote users logging in via ssh etc., but recognize that
      some sites may want to lock this down to a limited set of users.
      
      Suggested by Daniel P. Berrange <berrange@redhat.com>:
      
      <danpb>  my specific use case is that in libvirt we don't mind any user
               querying for VM status info by default
      <danpb>  but some admins may wish to lock that ability down
      <danpb>  so only designated users can query VM status
      <davidz> right
      <davidz> it makes sense
      <davidz> without having giving it too much thought; adding another stanza to
               the .policy file might make sense
      <davidz> <allow_non_session>yes</allow_non_session>
      <davidz> danpb: would that work?
      <danpb>  yeah, that'd do the trick
      <davidz> cool
      <davidz> I'll add it then
      4714fe72
  10. 26 Sep, 2007 1 commit
  11. 25 Sep, 2007 1 commit
  12. 10 Sep, 2007 3 commits
  13. 31 Aug, 2007 5 commits
  14. 28 Aug, 2007 1 commit
  15. 27 Aug, 2007 5 commits
  16. 24 Aug, 2007 3 commits