1. 21 Oct, 2007 1 commit
  2. 18 Oct, 2007 1 commit
  3. 13 Oct, 2007 3 commits
  4. 11 Oct, 2007 1 commit
  5. 27 Sep, 2007 3 commits
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      don't fail on unknown XML tags, just skip them · b420cc51
      David Zeuthen authored
      This change will futureproof libpolkit for extensions; e.g. if there's
      an OS upgrade where
      
       a) the PolicyKit package is upgraded to a version where support for a
          new tag <allow_foo> is added; and
      
       b) another package, using PolicyKit, is upgraded dropping a .policy
          file using the new <allow_foo> tag; then
      
      existing running processes using libpolkit will not fail. They will,
      however, not honor the new tags until the daemon process itself is
      restarted using e.g. condrestart.
      
      We also log to the system logger whenever we encouter unknown tags.
      b420cc51
    • David Zeuthen's avatar
      implement <allow_any> to specify default answer for any user · 4714fe72
      David Zeuthen authored
      This is useful in instances where the OS vendor wants to allow any
      user, even remote users logging in via ssh etc., but recognize that
      some sites may want to lock this down to a limited set of users.
      
      Suggested by Daniel P. Berrange <berrange@redhat.com>:
      
      <danpb>  my specific use case is that in libvirt we don't mind any user
               querying for VM status info by default
      <danpb>  but some admins may wish to lock that ability down
      <danpb>  so only designated users can query VM status
      <davidz> right
      <davidz> it makes sense
      <davidz> without having giving it too much thought; adding another stanza to
               the .policy file might make sense
      <davidz> <allow_non_session>yes</allow_non_session>
      <davidz> danpb: would that work?
      <danpb>  yeah, that'd do the trick
      <davidz> cool
      <davidz> I'll add it then
      4714fe72
  6. 26 Sep, 2007 1 commit
  7. 25 Sep, 2007 1 commit
  8. 10 Sep, 2007 3 commits
  9. 31 Aug, 2007 5 commits
  10. 28 Aug, 2007 1 commit
  11. 27 Aug, 2007 5 commits
  12. 24 Aug, 2007 9 commits
  13. 23 Aug, 2007 2 commits
    • Danny Kukawka's avatar
      fixed compiler warning about uid_t handling · c27e93f7
      Danny Kukawka authored
      This fixes the same problem with uid_t as we had with HAL some time ago
      on 64bit architectures in PolicyKit. This time I removed the useless check:
      
         uid == ((unsigned long) -1)
      
      because this is always false on 64bit (comparison is always false due to
      limited range of data type) and because the DBusError from the
      dbus_bus_get_unix_user() call is set if the function returns DBUS_UID_UNSET
      so we need only to check if the error is set.
      c27e93f7
    • Danny Kukawka's avatar
      fixed code documentation issues · 0d69cdc5
      Danny Kukawka authored
      Fixed code documentation issues:
       * s/<programlisting>/@code/
       * removed @void: from polkit_grant_new()
      0d69cdc5
  14. 22 Aug, 2007 2 commits
  15. 21 Aug, 2007 2 commits
    • David Zeuthen's avatar
      gracefully handle bad config/policy files, drop polkit-reload-config, syslog · 07b101ec
      David Zeuthen authored
       - don't abort/malfunction if the /etc/PolicyKit/PolicyKit.conf
         configuration file is malformed; simply just continue as normal
         but return 'no' to every question asked. Also use syslog(3) to
         report this to the system log
      
       - if a .policy file is malformed, simply skip it and still include
         other well-formed .policy files. Use syslog(3) to report if indeed
         a .policy file is malformed.
      
       - drop /var/lib/PolicyKit/reload and rely on inotify to detect changes to
         - /etc/PolicyKit/PolicyKit.conf
         - Policy files in /usr/share/PolicyKit/policy
         - privileges in /var/lib/PolicyKit and /var/run/PolicyKit
      
      As a result, changes made to /etc/PolicyKit/PolicyKit.conf (typically
      an admin edits this file) and .policy files (typically these can
      change on package upgrades) in /usr/share/PolicyKit/policy are
      instantly picked up.
      07b101ec
    • David Zeuthen's avatar