...
 
Commits (248)
((c-mode . ((indent-tabs-mode . nil)))))
*.o
.deps
/*.bak
/*.gcda
/*.gcno
/*.orig
/*.rej
/*.tab.c
/*~
/.*.sw[nop]
/.dirstamp
/.gitignore
/GPATH
/GRTAGS
/GSYMS
/GTAGS
/ID
/Makefile
/Makefile.in
/TAGS
/autom4te.cache
/config.cache
/config.h
/config.log
/config.lt
/config.status
/config.status.lineno
/configure
/configure.lineno
/intltool-extract.in
/intltool-merge.in
/intltool-update.in
/libtool
/po/*.gmo
/po/*.header
/po/*.mo
/po/*.sed
/po/*.sin
/po/.intltool-merge-cache
/po/Makefile
/po/Makefile.in
/po/Makefile.in.in
/po/Makefile.in.in~
/po/Makevars.template
/po/POTFILES
/po/Rules-quot
/po/polkit-1.pot
/po/stamp-it
/so_locations
/stamp-h1
/tags
......@@ -91,3 +91,13 @@ Coding Style
heuristically parse a file and accept not-well-formed
data). Avoiding heuristics is also important for security reasons;
if it looks funny, ignore it (or exit, or disconnect).
Code of Conduct
===
As with other projects hosted on freedesktop.org, Polkit follows its
Code of Conduct, based on the Contributor Covenant. Please conduct
yourself in a respectful and civilized manner when using the above
mailing lists, bug trackers, etc:
https://www.freedesktop.org/wiki/CodeOfConduct
## Process this file with automake to produce Makefile.in
SUBDIRS = actions data src docs po test
SUBDIRS = actions data src docs po
if BUILD_TEST
SUBDIRS += test
endif
NULL =
......@@ -30,3 +34,5 @@ publish-docs :
clean-local :
rm -f *~
-include $(top_srcdir)/git.mk
This diff is collapsed.
......@@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command
BUGS and DEVELOPMENT
====================
Please report bugs via the freedesktop.org bugzilla at
Please report non-security bugs via the freedesktop.org bugzilla at
https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit
SECURITY ISSUES
===============
polkit uses the same mechanism for reporting security issues as dbus,
the most recent copy of instructions can be found in the DBus git
repository:
http://cgit.freedesktop.org/dbus/dbus/tree/HACKING
A copy of the instructions as of 2015-06-04:
If you find a security vulnerability that is not known to the public,
please report it privately to dbus-security@lists.freedesktop.org
or by reporting a freedesktop.org bug that is marked as
restricted to the "D-BUS security group".
......@@ -14,3 +14,5 @@ clean-local :
DISTCLEANFILES = org.freedesktop.policykit.policy
EXTRA_DIST = org.freedesktop.policykit.policy.in
-include $(top_srcdir)/git.mk
......@@ -26,7 +26,7 @@ touch ChangeLog
}
(grep "^AM_PROG_LIBTOOL" configure.ac >/dev/null) && {
(libtool --version) < /dev/null > /dev/null 2>&1 || {
(libtoolize --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have libtool installed."
echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/"
......@@ -99,7 +99,7 @@ esac
fi
echo "Running aclocal $aclocalinclude ..."
aclocal $aclocalinclude
if grep "^AM_CONFIG_HEADER" configure.ac >/dev/null; then
if grep "^AC_CONFIG_HEADERS" configure.ac >/dev/null; then
echo "Running autoheader..."
autoheader
fi
......
dnl Macros to check the presence of generic (non-typed) symbols.
dnl Copyright (c) 2006-2008 Diego Pettenò <flameeyes@gmail.com>
dnl Copyright (c) 2006-2008 xine project
dnl Copyright (c) 2012 Lucas De Marchi <lucas.de.marchi@gmail.com>
dnl
dnl This program is free software; you can redistribute it and/or modify
dnl it under the terms of the GNU General Public License as published by
dnl the Free Software Foundation; either version 2, or (at your option)
dnl any later version.
dnl
dnl This program is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
dnl GNU General Public License for more details.
dnl
dnl You should have received a copy of the GNU General Public License
dnl along with this program; if not, write to the Free Software
dnl Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
dnl 02110-1301, USA.
dnl
dnl As a special exception, the copyright owners of the
dnl macro gives unlimited permission to copy, distribute and modify the
dnl configure scripts that are the output of Autoconf when processing the
dnl Macro. You need not follow the terms of the GNU General Public
dnl License when using or distributing such scripts, even though portions
dnl of the text of the Macro appear in them. The GNU General Public
dnl License (GPL) does govern all other use of the material that
dnl constitutes the Autoconf Macro.
dnl
dnl This special exception to the GPL applies to versions of the
dnl Autoconf Macro released by this project. When you make and
dnl distribute a modified version of the Autoconf Macro, you may extend
dnl this special exception to the GPL to apply to your modified version as
dnl well.
dnl Check if FLAG in ENV-VAR is supported by compiler and append it
dnl to WHERE-TO-APPEND variable. Note that we invert -Wno-* checks to
dnl -W* as gcc cannot test for negated warnings. If a C snippet is passed,
dnl use it, otherwise use a simple main() definition that just returns 0.
dnl CC_CHECK_FLAG_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG], [C-SNIPPET])
AC_DEFUN([CC_CHECK_FLAG_APPEND], [
AC_CACHE_CHECK([if $CC supports flag $3 in envvar $2],
AS_TR_SH([cc_cv_$2_$3]),
[eval "AS_TR_SH([cc_save_$2])='${$2}'"
eval "AS_TR_SH([$2])='${cc_save_$2} -Werror `echo "$3" | sed 's/^-Wno-/-W/'`'"
AC_LINK_IFELSE([AC_LANG_SOURCE(ifelse([$4], [],
[int main(void) { return 0; } ],
[$4]))],
[eval "AS_TR_SH([cc_cv_$2_$3])='yes'"],
[eval "AS_TR_SH([cc_cv_$2_$3])='no'"])
eval "AS_TR_SH([$2])='$cc_save_$2'"])
AS_IF([eval test x$]AS_TR_SH([cc_cv_$2_$3])[ = xyes],
[eval "$1='${$1} $3'"])
])
dnl CC_CHECK_FLAGS_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG1 FLAG2], [C-SNIPPET])
AC_DEFUN([CC_CHECK_FLAGS_APPEND], [
for flag in [$3]; do
CC_CHECK_FLAG_APPEND([$1], [$2], $flag, [$4])
done
])
dnl Check if the flag is supported by linker (cacheable)
dnl CC_CHECK_LDFLAGS([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND])
AC_DEFUN([CC_CHECK_LDFLAGS], [
AC_CACHE_CHECK([if $CC supports $1 flag],
AS_TR_SH([cc_cv_ldflags_$1]),
[ac_save_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $1"
AC_LINK_IFELSE([int main() { return 1; }],
[eval "AS_TR_SH([cc_cv_ldflags_$1])='yes'"],
[eval "AS_TR_SH([cc_cv_ldflags_$1])="])
LDFLAGS="$ac_save_LDFLAGS"
])
AS_IF([eval test x$]AS_TR_SH([cc_cv_ldflags_$1])[ = xyes],
[$2], [$3])
])
dnl define the LDFLAGS_NOUNDEFINED variable with the correct value for
dnl the current linker to avoid undefined references in a shared object.
AC_DEFUN([CC_NOUNDEFINED], [
dnl We check $host for which systems to enable this for.
AC_REQUIRE([AC_CANONICAL_HOST])
case $host in
dnl FreeBSD (et al.) does not complete linking for shared objects when pthreads
dnl are requested, as different implementations are present; to avoid problems
dnl use -Wl,-z,defs only for those platform not behaving this way.
*-freebsd* | *-openbsd*) ;;
*)
dnl First of all check for the --no-undefined variant of GNU ld. This allows
dnl for a much more readable command line, so that people can understand what
dnl it does without going to look for what the heck -z defs does.
for possible_flags in "-Wl,--no-undefined" "-Wl,-z,defs"; do
CC_CHECK_LDFLAGS([$possible_flags], [LDFLAGS_NOUNDEFINED="$possible_flags"])
break
done
;;
esac
AC_SUBST([LDFLAGS_NOUNDEFINED])
])
dnl Check for a -Werror flag or equivalent. -Werror is the GCC
dnl and ICC flag that tells the compiler to treat all the warnings
dnl as fatal. We usually need this option to make sure that some
dnl constructs (like attributes) are not simply ignored.
dnl
dnl Other compilers don't support -Werror per se, but they support
dnl an equivalent flag:
dnl - Sun Studio compiler supports -errwarn=%all
AC_DEFUN([CC_CHECK_WERROR], [
AC_CACHE_CHECK(
[for $CC way to treat warnings as errors],
[cc_cv_werror],
[CC_CHECK_CFLAGS_SILENT([-Werror], [cc_cv_werror=-Werror],
[CC_CHECK_CFLAGS_SILENT([-errwarn=%all], [cc_cv_werror=-errwarn=%all])])
])
])
AC_DEFUN([CC_CHECK_ATTRIBUTE], [
AC_REQUIRE([CC_CHECK_WERROR])
AC_CACHE_CHECK([if $CC supports __attribute__(( ifelse([$2], , [$1], [$2]) ))],
AS_TR_SH([cc_cv_attribute_$1]),
[ac_save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $cc_cv_werror"
AC_COMPILE_IFELSE([AC_LANG_SOURCE([$3])],
[eval "AS_TR_SH([cc_cv_attribute_$1])='yes'"],
[eval "AS_TR_SH([cc_cv_attribute_$1])='no'"])
CFLAGS="$ac_save_CFLAGS"
])
AS_IF([eval test x$]AS_TR_SH([cc_cv_attribute_$1])[ = xyes],
[AC_DEFINE(
AS_TR_CPP([SUPPORT_ATTRIBUTE_$1]), 1,
[Define this if the compiler supports __attribute__(( ifelse([$2], , [$1], [$2]) ))]
)
$4],
[$5])
])
AC_DEFUN([CC_ATTRIBUTE_CONSTRUCTOR], [
CC_CHECK_ATTRIBUTE(
[constructor],,
[void __attribute__((constructor)) ctor() { int a; }],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_FORMAT], [
CC_CHECK_ATTRIBUTE(
[format], [format(printf, n, n)],
[void __attribute__((format(printf, 1, 2))) printflike(const char *fmt, ...) { fmt = (void *)0; }],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_FORMAT_ARG], [
CC_CHECK_ATTRIBUTE(
[format_arg], [format_arg(printf)],
[char *__attribute__((format_arg(1))) gettextlike(const char *fmt) { fmt = (void *)0; }],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_VISIBILITY], [
CC_CHECK_ATTRIBUTE(
[visibility_$1], [visibility("$1")],
[void __attribute__((visibility("$1"))) $1_function() { }],
[$2], [$3])
])
AC_DEFUN([CC_ATTRIBUTE_NONNULL], [
CC_CHECK_ATTRIBUTE(
[nonnull], [nonnull()],
[void __attribute__((nonnull())) some_function(void *foo, void *bar) { foo = (void*)0; bar = (void*)0; }],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_UNUSED], [
CC_CHECK_ATTRIBUTE(
[unused], ,
[void some_function(void *foo, __attribute__((unused)) void *bar);],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_SENTINEL], [
CC_CHECK_ATTRIBUTE(
[sentinel], ,
[void some_function(void *foo, ...) __attribute__((sentinel));],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_DEPRECATED], [
CC_CHECK_ATTRIBUTE(
[deprecated], ,
[void some_function(void *foo, ...) __attribute__((deprecated));],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_ALIAS], [
CC_CHECK_ATTRIBUTE(
[alias], [weak, alias],
[void other_function(void *foo) { }
void some_function(void *foo) __attribute__((weak, alias("other_function")));],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_MALLOC], [
CC_CHECK_ATTRIBUTE(
[malloc], ,
[void * __attribute__((malloc)) my_alloc(int n);],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_PACKED], [
CC_CHECK_ATTRIBUTE(
[packed], ,
[struct astructure { char a; int b; long c; void *d; } __attribute__((packed));],
[$1], [$2])
])
AC_DEFUN([CC_ATTRIBUTE_CONST], [
CC_CHECK_ATTRIBUTE(
[const], ,
[int __attribute__((const)) twopow(int n) { return 1 << n; } ],
[$1], [$2])
])
AC_DEFUN([CC_FLAG_VISIBILITY], [
AC_REQUIRE([CC_CHECK_WERROR])
AC_CACHE_CHECK([if $CC supports -fvisibility=hidden],
[cc_cv_flag_visibility],
[cc_flag_visibility_save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $cc_cv_werror"
CC_CHECK_CFLAGS_SILENT([-fvisibility=hidden],
cc_cv_flag_visibility='yes',
cc_cv_flag_visibility='no')
CFLAGS="$cc_flag_visibility_save_CFLAGS"])
AS_IF([test "x$cc_cv_flag_visibility" = "xyes"],
[AC_DEFINE([SUPPORT_FLAG_VISIBILITY], 1,
[Define this if the compiler supports the -fvisibility flag])
$1],
[$2])
])
AC_DEFUN([CC_FUNC_EXPECT], [
AC_REQUIRE([CC_CHECK_WERROR])
AC_CACHE_CHECK([if compiler has __builtin_expect function],
[cc_cv_func_expect],
[ac_save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $cc_cv_werror"
AC_COMPILE_IFELSE([AC_LANG_SOURCE(
[int some_function() {
int a = 3;
return (int)__builtin_expect(a, 3);
}])],
[cc_cv_func_expect=yes],
[cc_cv_func_expect=no])
CFLAGS="$ac_save_CFLAGS"
])
AS_IF([test "x$cc_cv_func_expect" = "xyes"],
[AC_DEFINE([SUPPORT__BUILTIN_EXPECT], 1,
[Define this if the compiler supports __builtin_expect() function])
$1],
[$2])
])
AC_DEFUN([CC_ATTRIBUTE_ALIGNED], [
AC_REQUIRE([CC_CHECK_WERROR])
AC_CACHE_CHECK([highest __attribute__ ((aligned ())) supported],
[cc_cv_attribute_aligned],
[ac_save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $cc_cv_werror"
for cc_attribute_align_try in 64 32 16 8 4 2; do
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
int main() {
static char c __attribute__ ((aligned($cc_attribute_align_try))) = 0;
return c;
}])], [cc_cv_attribute_aligned=$cc_attribute_align_try; break])
done
CFLAGS="$ac_save_CFLAGS"
])
if test "x$cc_cv_attribute_aligned" != "x"; then
AC_DEFINE_UNQUOTED([ATTRIBUTE_ALIGNED_MAX], [$cc_cv_attribute_aligned],
[Define the highest alignment supported])
fi
])
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59c)
AC_INIT(polkit, 0.106, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
AM_INIT_AUTOMAKE(polkit, 0.106)
AM_CONFIG_HEADER(config.h)
AC_INIT([polkit], [0.116], [http://lists.freedesktop.org/mailman/listinfo/polkit-devel], , [http://www.freedesktop.org/wiki/Software/polkit])
AM_INIT_AUTOMAKE([])
AC_CONFIG_HEADERS(config.h)
AC_CONFIG_MACRO_DIR([buildutil])
AM_MAINTAINER_MODE
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
......@@ -22,19 +23,20 @@ AC_SUBST(LT_CURRENT)
AC_SUBST(LT_REVISION)
AC_SUBST(LT_AGE)
AC_USE_SYSTEM_EXTENSIONS
AC_ISC_POSIX
AC_PROG_CC
AM_PROG_CC_STDC
AC_HEADER_STDC
AM_PROG_LIBTOOL
AC_PROG_MAKE_SET
AC_PROG_LN_S
AC_SYS_LARGEFILE
AM_PROG_CC_C_O
AC_PROG_CXX
AX_CXX_COMPILE_STDCXX_11()
# Taken from dbus
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
AC_ARG_ENABLE(verbose-mode, [ --enable-verbose-mode support verbose debug mode],enable_verbose_mode=$enableval,enable_verbose_mode=$USE_MAINTAINER_MODE)
AC_ARG_ENABLE(man-pages, [ --enable-man-pages build manual pages],enable_man_pages=$enableval,enable_man_pages=yes)
if test "${enable_man_page}" != no; then
......@@ -52,83 +54,35 @@ GTK_DOC_CHECK([1.3])
#### gcc warning flags
if test "x$GCC" = "xyes"; then
changequote(,)dnl
case " $CFLAGS " in
*[\ \ ]-Wall[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wall" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wchar-subscripts[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wchar-subscripts" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wmissing-declarations[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wmissing-declarations" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wnested-externs[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wnested-externs" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wpointer-arith[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wpointer-arith" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wcast-align[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wcast-align" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wsign-compare[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wsign-compare" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wformat[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wformat" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wformat-security[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wformat-security" ;;
esac
if test "x$enable_ansi" = "xyes"; then
case " $CFLAGS " in
*[\ \ ]-ansi[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -ansi" ;;
esac
case " $CFLAGS " in
*[\ \ ]-D_POSIX_C_SOURCE*) ;;
*) CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=199309L" ;;
esac
case " $CFLAGS " in
*[\ \ ]-D_BSD_SOURCE[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -D_BSD_SOURCE" ;;
esac
case " $CFLAGS " in
*[\ \ ]-pedantic[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -pedantic" ;;
esac
fi
changequote([,])dnl
fi
CC_CHECK_FLAGS_APPEND([WARN_CFLAGS], [CFLAGS], [\
-pipe \
-Wall \
-Werror=empty-body \
-Werror=strict-prototypes \
-Werror=missing-prototypes \
-Werror=implicit-function-declaration \
"-Werror=format=2 -Werror=format-security -Werror=format-nonliteral" \
-Werror=pointer-arith -Werror=init-self \
-Werror=missing-declarations \
-Werror=return-type \
-Werror=overflow \
-Werror=int-conversion \
-Werror=parenthesis \
-Werror=incompatible-pointer-types \
-Werror=misleading-indentation \
-Werror=missing-include-dirs -Werror=aggregate-return \
-Werror=declaration-after-statement \
])
AC_SUBST(WARN_CFLAGS)
PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.30.0])
PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
PKG_CHECK_MODULES(LIBJS, [libjs >= 1.8.5])
PKG_CHECK_MODULES(LIBJS, [mozjs-52])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
AC_SUBST(LIBJS_LIBS)
EXPAT_LIB=""
......@@ -145,40 +99,129 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
AC_SUBST(EXPAT_LIBS)
AC_CHECK_FUNCS(clearenv)
AC_CHECK_FUNCS(clearenv fdatasync)
if test "x$GCC" = "xyes"; then
LDFLAGS="-Wl,--as-needed $LDFLAGS"
fi
dnl ---------------------------------------------------------------------------
dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
dnl - Check whether setnetgrent has a return value
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADERS([netgroup.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stddef.h>
#ifdef HAVE_NETGROUP_H
#include <netgroup.h>
#else
#include <netdb.h>
#endif
]], [[int r = setnetgrent (NULL);]])],
[AC_DEFINE([HAVE_SETNETGRENT_RETURN], 1, [Define to 1 if setnetgrent has return value])])
dnl ---------------------------------------------------------------------------
dnl - Check whether we want to build test
dnl ---------------------------------------------------------------------------
AC_ARG_ENABLE([test],
[AS_HELP_STRING([--disable-test], [Do not build tests])],
[enable_test=$enableval], [enable_test=yes])
have_libsystemd_login=no
AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
dnl ---------------------------------------------------------------------------
dnl - Select wether to use libsystemd-login, libelogind or ConsoleKit for session tracking
dnl ---------------------------------------------------------------------------
have_libsystemd=no
have_libelogind=no
SESSION_TRACKING=ConsoleKit
AC_ARG_ENABLE([libsystemd-login],
AS_HELP_STRING([--enable-libsystemd-login[=@<:@auto/yes/no@:>@]], [Use libsystemd-login (auto/yes/no)]),
[AS_HELP_STRING([--enable-libsystemd-login[=@<:@auto/yes/no@:>@]], [Use libsystemd (auto/yes/no)])],
[enable_libsystemd_login=$enableval],
[enable_libsystemd_login=auto])
if test "$enable_libsystemd_login" != "no"; then
PKG_CHECK_MODULES(LIBSYSTEMD_LOGIN,
[libsystemd-login],
have_libsystemd_login=yes,
have_libsystemd_login=no)
if test "$have_libsystemd_login" = "yes"; then
SESSION_TRACKING=libsystemd-login
PKG_CHECK_MODULES([LIBSYSTEMD],
[libsystemd],
[have_libsystemd=yes],
dnl if libsystemd is not available, fall back to the older libsystemd-login
[PKG_CHECK_MODULES([LIBSYSTEMD_LOGIN],
[libsystemd-login],
[
have_libsystemd=yes
LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
LIBSYSTEMD_LIBS="$LIBSYSTEMD_LOGIN_LIBS"
],
[have_libsystemd=no])])
if test "$have_libsystemd" = "yes"; then
SESSION_TRACKING=libsystemd-login
fi
fi
AC_ARG_ENABLE([libelogind],
[AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])],
[enable_libelogind=$enableval],
[enable_libelogind=auto])
dnl Using libelogind makes no sense when libsystemd-login is already in use
if test "$have_libsystemd" = "yes"; then
enable_libelogind=no
fi
if test "$enable_libelogind" != "no"; then
PKG_CHECK_MODULES([LIBELOGIND],
[libelogind],
[have_libelogind=yes])
if test "$have_libelogind" = "yes"; then
SESSION_TRACKING=libelogind
fi
fi
dnl libelogind is a drop-in replacement for libsystemd-login, so using it does
dnl not need any different actions than using libsystemd-login.
if test "$SESSION_TRACKING" != "ConsoleKit"; then
AC_DEFINE([HAVE_LIBSYSTEMD], 1, [Define to 1 if libsystemd or libelogind is available])
save_LIBS=$LIBS
if test "$have_libelogind" = "yes"; then
LIBS=$LIBELOGIND_LIBS
dnl We have to act like this was libsystemd-login
LIBSYSTEMD_CFLAGS=$LIBELOGIND_CFLAGS
LIBSYSTEMD_LIBS=$LIBELOGIND_LIBS
else
if test "$enable_libsystemd_login" = "yes"; then
AC_MSG_ERROR([libsystemd-login support requested but libsystemd-login library not found])
fi
LIBS=$LIBSYSTEMD_LIBS
fi
AC_CHECK_FUNCS(sd_uid_get_display)
LIBS=$save_LIBS
else
if test "$enable_libsystemd_login" = "yes"; then
AC_MSG_ERROR([libsystemd support requested but libsystemd or libsystemd-login library not found])
fi
if test "$enable_libelogind" = "yes"; then
AC_MSG_ERROR([libelogind support requested but libelogind library not found])
fi
fi
AC_SUBST(LIBSYSTEMD_LOGIN_CFLAGS)
AC_SUBST(LIBSYSTEMD_LOGIN_LIBS)
AM_CONDITIONAL(HAVE_LIBSYSTEMD_LOGIN, [test "$have_libsystemd_login" = "yes"], [Using libsystemd-login])
AS_IF([test "x$cross_compiling" != "xyes" ], [
AS_IF([test "$have_libsystemd" = "yes"], [
AS_IF([test ! -d /sys/fs/cgroup/systemd/ ], [
AS_IF([test "$enable_libsystemd_login" = "yes"], [
AC_MSG_WARN([libsystemd requested but system does not appear to be using systemd])
], [
AC_MSG_ERROR([libsystemd autoconfigured, but system does not appear to use systemd])
])
])
], [
AS_IF([test -d /sys/fs/cgroup/systemd/ ], [
AS_IF([test "$enable_libsystemd_login" = "no" ], [
AC_MSG_WARN([ConsoleKit requested but system appears to use systemd])
], [
AC_MSG_ERROR([ConsoleKit autoconfigured, but systemd is in use (missing libsystemd or libsystemd-login pkg-config?)])
])
])
])
])
AC_SUBST(LIBSYSTEMD_CFLAGS)
AC_SUBST(LIBSYSTEMD_LIBS)
AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
dnl ---------------------------------------------------------------------------
dnl - systemd unit / service files
......@@ -253,6 +296,11 @@ case $POLKIT_AUTHFW in
AC_DEFINE(POLKIT_AUTHFW_SHADOW, 1, [If using the Shadow authentication framework])
;;
bsdauth)
need_pam=no
AC_DEFINE(POLKIT_AUTHFW_BSDAUTH, 1, [If using the bsd_auth(3) authentication framework])
;;
*)
AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW])
;;
......@@ -261,6 +309,7 @@ esac
AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_SHADOW, [test x$POLKIT_AUTHFW = xshadow], [Using Shadow authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_BSDAUTH, [test x$POLKIT_AUTHFW = xbsdauth], [Using bsd_auth(3) authfw])
dnl ---------------------------------------------------------------------------
......@@ -346,7 +395,7 @@ fi
AC_SUBST(PAM_MODULE_DIR)
AC_ARG_WITH(os-type, [ --with-os-type=<os> distribution or OS (redhat/suse/gentoo/pardus/solaris)])
AC_ARG_WITH(os-type, [ --with-os-type=<os> distribution or OS (redhat/suse/gentoo/pardus/solaris/netbsd)])
#### Check our operating system (distro-tweaks required)
if test "z$with_os_type" = "z"; then
......@@ -375,8 +424,17 @@ if test x$with_os_type = x; then
with_os_type=solaris
elif test x$operating_system = xfreebsd ; then
with_os_type=freebsd
elif test x$operating_system = xnetbsd ; then
with_os_type=netbsd
else
with_os_type=unknown
case "$host_os" in
*netbsd*)
with_os_type=netbsd
;;
*)
with_os_type=unknown
::
esac
fi
fi
......@@ -407,7 +465,7 @@ elif test x$with_os_type = xsuse -o x$with_os_type = xsolaris ; then
PAM_FILE_INCLUDE_ACCOUNT=common-account
PAM_FILE_INCLUDE_PASSWORD=common-password
PAM_FILE_INCLUDE_SESSION=common-session
elif test x$with_os_type = xfreebsd ; then
elif test x$with_os_type = xfreebsd -o x$with_os_type = xnetbsd; then
PAM_FILE_INCLUDE_AUTH=system
PAM_FILE_INCLUDE_ACCOUNT=system
PAM_FILE_INCLUDE_PASSWORD=system
......@@ -440,6 +498,12 @@ case "$host_os" in
*freebsd*)
AC_DEFINE([HAVE_FREEBSD], 1, [Is this a FreeBSD system?])
;;
*netbsd*)
AC_DEFINE([HAVE_NETBSD], 1, [Is this an NetBSD system?])
;;
*openbsd*)
AC_DEFINE([HAVE_OPENBSD], 1, [Is this an OpenBSD system?])
;;
esac
GOBJECT_INTROSPECTION_CHECK([0.6.2])
......@@ -460,13 +524,17 @@ AC_SUBST([GETTEXT_PACKAGE])
AM_GLIB_GNU_GETTEXT
AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain])
AC_ARG_VAR([SUID_CFLAGS],
[CFLAGS used for binaries which are usually with the suid bit])
AC_ARG_VAR([SUID_LDFLAGS],
[LDFLAGS used for binaries which are usually with the suid bit])
AC_OUTPUT([
Makefile
actions/Makefile
data/Makefile
data/polkit-1
data/polkit-gobject-1.pc
data/polkit-backend-1.pc
data/polkit-agent-1.pc
src/Makefile
src/polkit/Makefile
......@@ -522,7 +590,6 @@ echo "
fi
echo "
Maintainer mode: ${USE_MAINTAINER_MODE}
Building verbose mode: ${enable_verbose_mode}
Building api docs: ${enable_gtk_doc}
Building man pages: ${enable_man_pages}
Building examples: ${enable_examples}
......
......@@ -32,7 +32,12 @@ endif
# ----------------------------------------------------------------------------------------------------
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc
pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc
# ----------------------------------------------------------------------------------------------------
itsdir = $(datadir)/gettext/its
dist_its_DATA = polkit.loc polkit.its
# ----------------------------------------------------------------------------------------------------
......@@ -60,3 +65,5 @@ EXTRA_DIST = \
clean-local :
rm -f *~ $(service_DATA) $(dbusconf_DATA) $(systemdservice_DATA)
-include $(top_srcdir)/git.mk
......@@ -8,7 +8,19 @@
<annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/>
<method name="BeginAuthentication">
<annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/>
<annotation name="org.gtk.EggDBus.DocString" value="<para>Called
by the PolicyKit daemon when the authentication agent needs the
user to authenticate as one of the identities in @identities for
the action with the identifier @action_id.</para><para>This
authentication is normally achieved via the
PolkitAgentSession API, which invokes a private
setuid helper process to verify the authentication. When
successful, it calls the
org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2()
method on the #org.freedesktop.PolicyKit1.Authority interface of
the PolicyKit daemon before returning. If the user dismisses the
authentication dialog, the authentication agent should return an
error.</para>"/>
<arg name="action_id" direction="in" type="s">
<annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/>
......
......@@ -283,7 +283,7 @@
<!-- ---------------------------------------------------------------------------------------------------- -->
<method name="RegisterAuthenticationAgent">
<annotation name="org.gtk.EggDBus.DocString" value="<para>Register an authentication agent.</para><para>Note that current versions of PolicyKit will only work if @session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged.</para>"/>
<annotation name="org.gtk.EggDBus.DocString" value="<para>Register an authentication agent.</para><para>Note that this should be called by the same effective UID which will be passed to org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2().</para>"/>
<arg name="subject" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.Type" value="Subject"/>
......@@ -313,7 +313,32 @@
</method>
<method name="AuthenticationAgentResponse">
<annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/>
<annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
authentication, intended only for use by a privileged helper process
internal to polkit. This method will fail unless a sufficiently privileged
caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/>
<arg name="cookie" direction="in" type="s">
<annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
</arg>
<arg name="identity" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.Type" value="Identity"/>
<annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/>
</arg>
</method>
<method name="AuthenticationAgentResponse2">
<annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
authentication, intended only for use by a privileged helper process
internal to polkit. This method will fail unless a sufficiently privileged
caller invokes it. Note this method was added in 0.114, and should be preferred over org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse()
as it fixes a security issue."/>
<arg name="uid" direction="in" type="u">
<annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program.
Must match the effective UID of the caller of org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent()."/>
</arg>
<arg name="cookie" direction="in" type="s">
<annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
......
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: polkit-backend-1
Description: PolicyKit Backend API
Version: @VERSION@
Libs: -L${libdir} -lpolkit-backend-1
Cflags: -I${includedir}/polkit-1
Requires: polkit-gobject-1
......@@ -11,3 +11,6 @@ Version: @VERSION@
Libs: -L${libdir} -lpolkit-gobject-1
Cflags: -I${includedir}/polkit-1
Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
# Programs using pkcheck can use this to determine
# whether or not it can be passed a uid.
pkcheck_supports_uid=true
<?xml version="1.0"?>
<its:rules xmlns:its="http://www.w3.org/2005/11/its"
version="2.0">
<its:translateRule selector="//*" translate="no"/>
<its:translateRule selector="//action/description |
//action/message"
translate="yes"/>
</its:rules>
<?xml version="1.0"?>
<locatingRules>
<locatingRule name="polkit policy" pattern="*.policy">
<documentRule localName="policyconfig" target="polkit.its"/>
</locatingRule>
</locatingRules>
......@@ -2,3 +2,5 @@
SUBDIRS = man polkit
EXTRA_DIST = version.xml.in
-include $(top_srcdir)/git.mk
......@@ -28,3 +28,5 @@ EXTRA_DIST = \
clean-local:
rm -f *~ *.1 *.8
-include $(top_srcdir)/git.mk
......@@ -56,7 +56,7 @@
<title>DESCRIPTION</title>
<para>
<command>pkaction</command> is used to obtain information about registered
polkit actions. If called with <option>--action-id</option> then all
polkit actions. If called without <option>--action-id</option> then all
actions are displayed. Otherwise the action <replaceable>action</replaceable>.
If called without the <option>--verbose</option> option only the name
of the action is shown. Otherwise details about the actions are shown.
......
......@@ -55,6 +55,9 @@
<arg choice="plain">
<replaceable>pid,pid-start-time</replaceable>
</arg>
<arg choice="plain">
<replaceable>pid,pid-start-time,uid</replaceable>
</arg>
</group>
</arg>
<arg choice="plain">
......@@ -90,7 +93,7 @@
<title>DESCRIPTION</title>
<para>
<command>pkcheck</command> is used to check whether a process, specified by
either <option>--process</option> or <option>--system-bus-name</option>,
either <option>--process</option> (see below) or <option>--system-bus-name</option>,
is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
option can be used zero or more times to pass details about <replaceable>action</replaceable>.
If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
......@@ -122,33 +125,33 @@ KEY1=VALUE1
KEY2=VALUE2
KEY3=VALUE3
...</programlisting>
Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed
Octets that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed
with <emphasis>\</emphasis>.
For example, the UTF-8 string <emphasis>føl,你好</emphasis> will be printed
as <emphasis>f\303\270l\54\344\275\240\345\245\275</emphasis>.
</para>
<para>
If the specificied process is not
If the specified process is not
authorized, <command>pkcheck</command> exits with a return value
of 1 and a diagnostic message is printed on standard error. Details
are printed on standard output.
</para>
<para>
If the specificied process is not
If the specified process is not
authorized because no suitable authentication agent is available or if the
<option>--allow-user-interaction</option> wasn't passed, <command>pkcheck</command>
exits with a return value of 2 and a diagnostic message is printed on standard error.
Details are printed on standard output.
</para>
<para>
If the specificied process is not authorized because the
If the specified process is not authorized because the
authentication dialog / request was dismissed by the user,
<command>pkcheck</command> exits with a return value of 3 and a
diagnostic message is printed on standard error. Details are
printed on standard output.
</para>
<para>
If an error occured while checking for authorization, <command>pkcheck</command> exits
If an error occurred while checking for authorization, <command>pkcheck</command> exits
with a return value of 127 with a diagnostic message printed on standard error.
</para>
<para>
......@@ -160,15 +163,23 @@ KEY3=VALUE3
<refsect1 id="pkcheck-notes">
<title>NOTES</title>
<para>
Since process identifiers can be recycled, the caller should always use
<replaceable>pid,pid-start-time</replaceable> to specify the process
to check for authorization when using the <option>--process</option> option.
The value of <replaceable>pid-start-time</replaceable>
can be determined by consulting e.g. the
Do not use either the bare <replaceable>pid</replaceable> or
<replaceable>pid,start-time</replaceable> syntax forms for
<option>--process</option>. There are race conditions in both.
New code should always use
<replaceable>pid,pid-start-time,uid</replaceable>. The value of
<replaceable>start-time</replaceable> can be determined by
consulting e.g. the
<citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
file system depending on the operating system. If only <replaceable>pid</replaceable>
is passed to the <option>--process</option> option, then <command>pkcheck</command>
will look up the start time itself but note that this may be racy.
file system depending on the operating system. If fewer than 3
arguments are passed, <command>pkcheck</command> will attempt to
look up them up internally, but note that this may be racy.
</para>
<para>
If your program is a daemon with e.g. a custom Unix domain
socket, you should determine the <replaceable>uid</replaceable>
parameter via operating system mechanisms such as
<literal>PEERCRED</literal>.
</para>
</refsect1>
......
......@@ -47,11 +47,12 @@
<refsect1 id="pkexec-description"><title>DESCRIPTION</title>
<para>
<command>pkexec</command> allows an authorized user to
execute <replaceable>PROGRAM</replaceable> as another
user. If <replaceable>username</replaceable> is not specified,
then the program will be executed as the administrative super
user, <emphasis>root</emphasis>.
<command>pkexec</command> allows an authorized user to execute
<replaceable>PROGRAM</replaceable> as another user. If
<replaceable>PROGRAM</replaceable> is not specified, the default
shell will be run. If <replaceable>username</replaceable> is
not specified, then the program will be executed as the
administrative super user, <emphasis>root</emphasis>.
</para>
</refsect1>
......@@ -134,7 +135,9 @@
annotation on an action with the value set to the full path of
the program. In addition to specifying the program, the
authentication message, description, icon and defaults can be
specified.
specified. If the <emphasis>org.freedesktop.policykit.exec.argv1</emphasis>
annotation is present, the action will only be picked if the
first argument to the program matches the value of the annotation.
</para>
<para>
Note that authentication messages may reference variables (see
......@@ -144,6 +147,43 @@
</para>
</refsect1>
<refsect1 id="pkexec-wrapper"><title>WRAPPER USAGE</title>
<para>
To avoid modifying existing software to prefix their
command-line invocations with <command>pkexec</command>,
it's possible to use <command>pkexec</command> in a
<ulink url="http://en.wikipedia.org/wiki/Shebang_(Unix)">she-bang wrapper</ulink>
like this:
</para>
<programlisting><![CDATA[
#!/usr/bin/pkexec /usr/bin/python
import os
import sys
print "Hello, I'm running as uid %d"%(os.getuid())
for n in range(len(sys.argv)):
print "arg[%d]=`%s'"%(n, sys.argv[n])
]]></programlisting>
<para>
If this script is installed into <filename>/usr/bin/my-pk-test</filename>,
then the following annotations
</para>
<programlisting><![CDATA[
[...]
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/python</annotate>
<annotate key="org.freedesktop.policykit.exec.argv1">/usr/bin/my-pk-test</annotate>
[...]
]]></programlisting>
<para>
can be used to select the appropriate polkit action. Be careful
to get the latter annotation right, otherwise it will match any
<command>pkexec</command> invocation of
<filename>/usr/bin/python</filename> scripts.
</para>
</refsect1>
<refsect1 id="pkexec-variables"><title>VARIABLES</title>
<para>
The following variables are set by
......
......@@ -356,7 +356,9 @@ System Context | |
<term><literal>auth_self</literal></term>
<listitem><para>Authentication by the owner of the
session that the client originates from is
required.</para></listitem>
required. Note that this is not restrictive enough for most
uses on multi-user systems; <literal>auth_admin</literal>* is
generally recommended.</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>auth_admin</literal></term>
......@@ -367,11 +369,13 @@ System Context | |
<term><literal>auth_self_keep</literal></term>
<listitem><para>Like <literal>auth_self</literal> but
the authorization is kept for a brief
period.</para></listitem>
period (e.g. five minutes). The warning about
<literal>auth_self</literal> above applies
likewise.</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>auth_admin_keep</literal></term>
<listitem><para>Like <literal>auth_admin</literal> but the authorization is kept for a brief period.</para></listitem>
<listitem><para>Like <literal>auth_admin</literal> but the authorization is kept for a brief period (e.g. five minutes).</para></listitem>
</varlistentry>
</variablelist>
</listitem>
......@@ -503,6 +507,19 @@ System Context | |
(in other words, the JavaScript interpreter used may change in future versions of polkit).
</para>
<para>
Authorization rules are intended for two specific audiences
</para>
<itemizedlist mark='opencircle' spacing='compact'>
<listitem><para>System Administrators</para></listitem>
<listitem><para>Special-purpose Operating Systems / Environments</para></listitem>
</itemizedlist>
<para>
and those audiences only. In particular, applications,
mechanisms and general-purpose operating systems must never
include any authorization rules.
</para>
<refsect2 id="polkit-rules-polkit">
<title>The <type>Polkit</type> type</title>
......@@ -514,7 +531,7 @@ System Context | |
<funcprototype>
<?dbhtml funcsynopsis-style='ansi'?>
<funcdef>void <function>addRule</function></funcdef>
<paramdef>string <function>function</function>(<parameter>action</parameter>, <parameter>subject</parameter>) {...}</paramdef>
<paramdef><type>polkit.Result</type> <function>function</function>(<parameter>action</parameter>, <parameter>subject</parameter>) {...}</paramdef>
</funcprototype>
</funcsynopsis>
......@@ -553,14 +570,42 @@ System Context | |
<filename class='directory'>/etc/polkit-1/rules.d</filename>
with a name that sorts before other rules files, for example
<filename>00-early-checks.rules</filename>. Each function should
return one of the values <literal>"no"</literal>,
<literal>"yes"</literal>, <literal>"auth_self"</literal>,
<literal>"auth_self_keep"</literal>,
<literal>"auth_admin"</literal>,
<literal>"auth_admin_keep"</literal> as defined above. If the
function returns <constant>null</constant>,
<constant>undefined</constant> or does not return a value at
all, the next function is tried.
return a value from <literal>polkit.Result</literal>
</para>
<programlisting><![CDATA[
polkit.Result = {
NO : "no",
YES : "yes",
AUTH_SELF : "auth_self",
AUTH_SELF_KEEP : "auth_self_keep",
AUTH_ADMIN : "auth_admin",
AUTH_ADMIN_KEEP : "auth_admin_keep",
NOT_HANDLED : null
};
]]></programlisting>
<para>
corresponding to the values that can be used as defaults. If
the function returns
<constant>polkit.Result.NOT_HANDLED</constant>,
<constant>null</constant>, <constant>undefined</constant> or
does not return a value at all, the next user function is
tried.
</para>
<para>
Keep in mind that if <constant>polkit.Result.AUTH_SELF_KEEP</constant>
or <constant>polkit.Result.AUTH_ADMIN_KEEP</constant> is returned,
authorization checks for the same action identifier and
subject will succeed (that is, return <constant>polkit.Result.YES</constant>) for the next
brief period (e.g. five minutes) <emphasis>even</emphasis> if
the variables passed along with the check are
different. Therefore, if the result of an authorization rule
depend on such variables, it should not use the
<constant>"*_KEEP"</constant> constants (if similar functionality
is required, the authorization rule can easily implement
temporary authorizations using the
<ulink url="https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/Date"><type>Date</type></ulink>
type for timestamps).
</para>
<para>
......@@ -809,7 +854,7 @@ May 24 14:28:50 thinkpad polkitd[32217]: /etc/polkit-1/rules.d/10-test.rules:4:
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.accounts.user-administration" &&
subject.isInGroup("admin")) {
return "yes";
return polkit.Result.YES;
}
});
]]></programlisting>
......@@ -834,9 +879,9 @@ polkit.addAdminRule(function(action, subject) {
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.hostname1.") == 0) {
if (subject.isInGroup("children")) {
return "no";
return polkit.Result.NO;
} else {
return "auth_self_keep";
return polkit.Result.AUTH_SELF_KEEP;
}
}
});
......@@ -849,14 +894,14 @@ polkit.addRule(function(action, subject) {
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
try {
// user-may-reboot exits with succeess (exit code 0)
// user-may-reboot exits with success (exit code 0)
// only if the passed username is authorized
polkit.spawn(["/opt/company/bin/user-may-reboot",
subject.user]);
return "yes";
return polkit.Result.YES;
} catch (error) {
// Nope, but do allow admin authentication
return "auth_admin";
return polkit.Result.AUTH_ADMIN;
}
}
});
......@@ -872,7 +917,7 @@ polkit.addRule(function(action, subject) {
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.policykit.exec" &&
action.lookup("program") == "/usr/bin/cat") {
return "auth_self";
return polkit.Result.AUTH_ADMIN;
}
});
]]></programlisting>
......@@ -894,7 +939,7 @@ polkit.addRule(function(action, subject) {
action.lookup("drive.vendor") == "SEAGATE" &&
action.lookup("drive.model") == "ST3300657SS" &&
subject.isInGroup("engineers")) {
return "yes";
return polkit.Result.YES;
}
}
});
......
......@@ -10,10 +10,13 @@ DOC_MODULE=polkit-1
DOC_MAIN_SGML_FILE=polkit-1-docs.xml
# Extra options to supply to gtkdoc-scan
SCAN_OPTIONS=--ignore-headers=config.h
SCAN_OPTIONS=
# The directory containing the source code. Relative to $(srcdir)
DOC_SOURCE_DIR=../../src
# Directories containing the source code.
# gtk-doc will search all .c and .h files beneath these paths
# for inline comments documenting functions and macros.
# e.g. DOC_SOURCE_DIR=$(top_srcdir)/gtk $(top_srcdir)/gdk
DOC_SOURCE_DIR=$(top_srcdir)/src/polkit $(top_srcdir)/src/polkitagent
# Used for dependencies
HFILE_GLOB=$(top_srcdir)/src/polkit*/*.h
......@@ -21,11 +24,13 @@ CFILE_GLOB=$(top_srcdir)/src/polkit*/*.c
# Headers to ignore
IGNORE_HFILES= \
polkitprivate.h \
polkitagenthelperprivate.h \
$(NULL)
# CFLAGS and LDFLAGS for compiling scan program. Only needed
# if $(DOC_MODULE).types is non-empty.
INCLUDES = \
AM_CPPFLAGS = \
$(GLIB_CFLAGS) \
-I$(top_srcdir)/src/polkit \
-I$(top_builddir)/src/polkit \
......@@ -45,6 +50,10 @@ MKDB_OPTIONS=--sgml-mode --output-format=xml --name-space=polkit
# Extra options to supply to gtkdoc-mktmpl
MKTMPL_OPTIONS=
# Extra options to supply to gtkdoc-mkhtml - workaround for incorrect check
# in gtk-doc-1.18
MKHTML_OPTIONS=--path=$(srcdir)
# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
content_files = \
overview.xml \
......@@ -58,6 +67,7 @@ content_files = \
../man/pkaction.xml \
../man/pkexec.xml \
../man/pkttyagent.xml \
../../COPYING \
$(NULL)
# Images to copy into HTML directory
......@@ -93,3 +103,5 @@ CLEANFILES += *~ \
-rf html xml \
$(NULL)
-include $(top_srcdir)/git.mk
......@@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id,
identifier <parameter>action_id</parameter>.</para><para>Upon
succesful authentication, the authentication agent must invoke
the <link
linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2()</link>
method on the <link
linkend="eggdbus-interface-org.freedesktop.PolicyKit1.Authority">org.freedesktop.PolicyKit1.Authority</link>
interface of the PolicyKit daemon before returning.
interface of the PolicyKit daemon before returning. This is normally
achieved via the <link linkend="PolkitAgentSession">PolkitAgentSession</link>
API, which invokes a private setuid helper process to verify the
authentication.
</para>
<para>
The authentication agent should not return until after authentication is complete.
......
......@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth
IN String object_path)
<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie,
IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie,
IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject,
OUT Array&lt;<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>&gt; temporary_authorizations)
<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject)
......@@ -699,7 +701,7 @@ RegisterAuthenticationAgent (IN <link linkend="eggdbus-struct-Subject">Subject<
IN String object_path)
</programlisting>
<para>
<para>Register an authentication agent.</para><para>Note that current versions of PolicyKit will only work if <parameter>session_id</parameter> is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged.</para>
<para>Register an authentication agent.</para><para>Note that this should be called by same effective UID which will be passed to <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2()</link>.</para>
</para>
<variablelist role="params">
<varlistentry>
......@@ -777,9 +779,55 @@ AuthenticationAgentResponse (IN String cookie,
IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
</programlisting>
<para>
Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it.
Method for authentication agents to invoke on successful
authentication, intended only for use by a privileged helper process
internal to polkit. This method will fail unless a sufficiently privileged
+caller invokes it. Deprecated in favor of <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2()</link>.
</para>
<variablelist role="params">
<varlistentry>
<term><literal>IN String <parameter>cookie</parameter></literal>:</term>
<listitem>
<para>
The cookie identifying the authentication request that was passed to the authentication agent.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term>
<listitem>
<para>
A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">
<title>AuthenticationAgentResponse2 ()</title>
<programlisting>
AuthenticationAgentResponse2 (IN uint32 uid,
IN String cookie,
IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
</programlisting>
<para>
Method for authentication agents to invoke on successful
authentication, intended only for use by a privileged helper process
internal to polkit. This method will fail unless a sufficiently privileged
caller invokes it. Note this method was introduced in 0.114 and should be
preferred over <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
as it fixes a security issue.
</para>
<variablelist role="params">
<varlistentry>
<term><literal>IN uint32 <parameter>uid</parameter></literal>:</term>
<listitem>
<para>
The user id of the agent; normally this is the owner of the parent pid
of the process that invoked the internal setuid helper.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>IN String <parameter>cookie</parameter></literal>:</term>
<listitem>
......
......@@ -72,6 +72,24 @@
</para>
</listitem>
<listitem>
<para>
<emphasis role='bold'>DO</emphasis> consider the impact of the
chosen implicit authorizations on multi-user systems. Generally,
ordinary users should be able to neither modify important system's
behavior for other users, nor view other users' private data. If
your application needs an authorization framework at all, it is
fairly likely that the default configuration should deny
authorization in at least some cases. Default to using
<literal>auth_admin</literal>* instead of
<literal>auth_self</literal>*. (On single-user desktops, the
single user is typically configured as a polkit administrator, so
the two variants behave equally. On multi-user systems,
non-administrator users will be restricted by the default
configuration.)
</para>
</listitem>
<listitem>
<para>
<emphasis role='bold'>DO</emphasis> pass polkit variables
......@@ -103,6 +121,33 @@
</para>
</listitem>
<listitem>
<para>
<emphasis role='bold'>DO</emphasis> make sure
your application works even when the
<literal>org.freedesktop.PolicyKit1</literal>
D-Bus service is not available (this can
happen if
<link linkend="polkitd.8"><citerefentry><refentrytitle>polkitd</refentrytitle><manvolnum>8</manvolnum></citerefentry></link>
is not installed or if the <emphasis>polkit.service</emphasis> systemd unit/service has been
<ulink url="http://0pointer.de/blog/projects/three-levels-of-off.html">masked</ulink>). If you are using the
<link linkend="ref-api">libpolkit-gobject-1</link> library this
means handling
<link linkend="polkit-authority-get-sync">polkit_authority_get_sync()</link>
or
<link linkend="polkit-authority-get-finish">polkit_authority_get_finish()</link>
returning <constant>NULL</constant> or
<link linkend="polkit-authority-check-authorization">polkit_authority_check_authorization()</link> /
<link linkend="polkit-authority-check-authorization-sync">polkit_authority_check_authorization_sync()</link>
failing with an error not in the
<link linkend="POLKIT-ERROR:CAPS">POLKIT_ERROR</link>
domain.
An appropriate way of dealing with the polkit authority
not being available, could be to allow only uid 0 to
perform operations, forbid all operations or something
else.
</para>
</listitem>
<listitem>
<para>
......@@ -169,6 +214,16 @@
</para>
</listitem>
<listitem>
<para>
<emphasis role='bold'>DON'T</emphasis> include any
authorization rules with your application as this is only
intended for administrators and special-purpose operating
<