Commit 8c71e37a authored by David Zeuthen's avatar David Zeuthen

prune TODO list and fix up single-header-file / API guard checks

parent b891d8a3
......@@ -467,7 +467,11 @@ echo "
"
echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned by root"
echo " and have mode 700"
echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned"
echo " by root and have mode 700"
echo
echo "NOTE: The file ${libexecdir}/polkit-agent-helper-1 must be owned"
echo " by root and have mode 4755 (setuid root binary)"
echo
Core TODO items
---------------
- document the D-Bus interfaces
- should be done in eggdbus; e.g.
- D-Bus XML --(eggdbus-binding-tool)--> DocBook --(gtk-doc)--> HTML
- properly document the GObject API
- maybe rename .policy to .action for policy XML files
- provide a polkit-validate-action-file-1 tool to check/validate
......@@ -18,14 +12,6 @@ Core TODO items
- write a PolicyKit 0.9.x -> polkit 1.0 porting guide
- provide a public ObtainAuthorization() method
- separate core API (e.g. CheckAuthorization()) from the administration API
(e.g. AddAuthorization()) both in the D-Bus interface and in the GObject
client libraries
- guard off administration API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC
- guard off backend API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC
- provide a way to tweak the defaults for actions (or maybe not)
......@@ -36,34 +22,21 @@ Core TODO items
- make sure simple operations work when no system bus is present
- e.g. %post RPM scripts adding/removing authorizations to identities
- rework the classes in the PolkitAgent* library so the API is easier to
work with
- for administrator authentication, make it possible to use 'wheel' group
sudo-style authentication (e.g. select one or more identities that the
user can choose to authenticate as)
- provide a way to cancel a CheckAuthorization() call
- maybe use file monitors on /var/lib/polkit-1 directories and
emit the Changed() signal
- PolkitAuthority probably needs locking around its singleton for
multithreaded backends
- rewrite the PolkitAgentAuthenticationSession class to use signals
instead of callbacks, maybe do the same for PolkitAgentAuthenticationAgent
- support authorization for identities other than Unix users in
PolkitAgentAuthenticationSessiono
multithreaded backends.
- consider adding POLKIT_AUTHORIZATION_RESULT_FAILED_CHALLENGE
- symbol visibility in shared libraries
Backend TODO items
------------------
- use a GIO extension point to decide what authority backend to use
- check / validate all incoming arguments
- and other security/paranoia stuff
......@@ -81,13 +54,9 @@ Backend TODO items
- allow backends to extend the syntax for subjects and identities, e.g.
have something like ipa-user:...
- rate-limit file monitoring in PolkitBackendActionPool
- avoid watching all name owner changes in PolkitBackendAuthority and
PolkitBackendServer
- get the right UID for Unix process subjects
- cache user information for dbus connections
polkit-gnome TODO items
......@@ -96,8 +65,8 @@ polkit-gnome TODO items
- show a notification icon when the session/user has temporary authorizations
- along with an option to give these up
- make the AuthenticationAgent process (which runs for the lifetime of the
session) spawn a process to display the authentication dialog
- maybe make the AuthenticationAgent process (which runs for the lifetime of
the session) spawn a process to display the authentication dialog
- to make it lighter on resource usage
- to work around Metacity focus stealing prevention bugs
......
......@@ -26,6 +26,7 @@ libpolkit_nullbackend_la_SOURCES = \
$(NULL)
libpolkit_nullbackend_la_CFLAGS = \
-DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
-DG_LOG_DOMAIN=\"PolkitNullBackend\" \
$(GLIB_CFLAGS) \
$(NULL)
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_ACTION_DESCRIPTION_H
#define __POLKIT_ACTION_DESCRIPTION_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_AUTHORITY_H
#define __POLKIT_AUTHORITY_H
......
......@@ -33,7 +33,10 @@
* @short_description: Authority Manager
* @stability: Unstable
*
* Checking claims.
* Manage authorizations.
*
* To use this unstable API you need to define the symbol
* <literal>POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE</literal>.
*/
struct _PolkitAuthorityManager
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_AUTHORITY_MANAGER_H
#define __POLKIT_AUTHORITY_MANAGER_H
......@@ -26,6 +30,8 @@
#include <gio/gio.h>
#include <polkit/polkittypes.h>
#if defined (POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE) || defined (_POLKIT_COMPILATION)
G_BEGIN_DECLS
#define POLKIT_TYPE_AUTHORITY_MANAGER (polkit_authority_manager_get_type())
......@@ -128,4 +134,6 @@ gboolean polkit_authority_manager_remove_authorization_finish
G_END_DECLS
#endif /* API hiding */
#endif /* __POLKIT_AUTHORITY_MANAGER_H */
......@@ -30,8 +30,12 @@
* SECTION:polkitauthorization
* @title: PolkitAuthorization
* @short_description: Authorization
* @stability: Unstable
*
* This class represents an explicit authorization.
*
* To use this unstable API you need to define the symbol
* <literal>POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE</literal>.
*/
struct _PolkitAuthorization
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_AUTHORIZATION_H
#define __POLKIT_AUTHORIZATION_H
......@@ -26,6 +30,8 @@
#include <gio/gio.h>
#include <polkit/polkittypes.h>
#if defined (POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE) || defined (_POLKIT_COMPILATION)
G_BEGIN_DECLS
#define POLKIT_TYPE_AUTHORIZATION (polkit_authorization_get_type())
......@@ -54,4 +60,6 @@ gboolean polkit_authorization_get_is_negative (PolkitAuthorization
G_END_DECLS
#endif /* API hiding */
#endif /* __POLKIT_AUTHORIZATION_H */
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_AUTHORIZATION_RESULT_H
#define __POLKIT_AUTHORIZATION_RESULT_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_CHECK_AUTHORIZATION_FLAGS_H
#define __POLKIT_CHECK_AUTHORIZATION_FLAGS_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_ERROR_H
#define __POLKIT_ERROR_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_IDENTITY_H
#define __POLKIT_IDENTITY_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_IMPLICIT_AUTHORIZATION_H
#define __POLKIT_IMPLICIT_AUTHORIZATION_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_SUBJECT_H
#define __POLKIT_SUBJECT_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_SYSTEM_BUS_NAME_H
#define __POLKIT_SYSTEM_BUS_NAME_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_UNIX_GROUP_H
#define __POLKIT_UNIX_GROUP_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_UNIX_PROCESS_H
#define __POLKIT_UNIX_PROCESS_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_UNIX_SESSION_H
#define __POLKIT_UNIX_SESSION_H
......
......@@ -19,6 +19,10 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_UNIX_USER_H
#define __POLKIT_UNIX_USER_H
......
......@@ -12,7 +12,6 @@ INCLUDES = \
-DPACKAGE_LIB_DIR=\""$(libdir)"\" \
-D_POSIX_PTHREAD_SEMANTICS \
-D_REENTRANT \
-DPOLKIT_AGENT_COMPILATION \
-DEGG_DBUS_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
$(NULL)
......@@ -48,6 +47,8 @@ libpolkit_agent_1_la_SOURCES = \
$(NULL)
libpolkit_agent_1_la_CFLAGS = \
-D_POLKIT_COMPILATION \
-D_POLKIT_AGENT_COMPILATION \
$(GLIB_CFLAGS) \
$(EGG_DBUS_CFLAGS) \
$(NULL)
......@@ -61,9 +62,19 @@ libpolkit_agent_1_la_LIBADD = \
libexec_PROGRAMS = polkit-agent-helper-1
polkit_agent_helper_1_SOURCES = polkitagenthelper.c
polkit_agent_helper_1_CFLAGS = $(GLIB_CFLAGS)
polkit_agent_helper_1_LDADD = $(AUTH_LIBS) $(top_builddir)/src/polkit/libpolkit-gobject-1.la
polkit_agent_helper_1_SOURCES = \
polkitagenthelper.c \
$(NULL)
polkit_agent_helper_1_CFLAGS = \
-D_POLKIT_COMPILATION \
$(GLIB_CFLAGS) \
$(NULL)
polkit_agent_helper_1_LDADD = \
$(AUTH_LIBS) \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(NULL)
# polkit-agent-helper-1 need to be setuid root because it's used to
# authenticate not only the invoking user, but possibly also root
......
......@@ -22,14 +22,14 @@
#ifndef __POLKIT_AGENT_H
#define __POLKIT_AGENT_H
#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (POLKIT_AGENT_COMPILATION)
#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (_POLKIT_AGENT_COMPILATION)
#error "libpolkitagent is unstable API and subject to change. You must define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this."
#endif
#define POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1
#define _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1
#include <polkitagent/polkitagenttypes.h>
#include <polkitagent/polkitagentlistener.h>
#include <polkitagent/polkitagentsession.h>
#undef POLKIT_AGENT_INSIDE_POLKIT_AGENT_H
#undef _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H
#endif /* __POLKIT_AGENT_H */
......@@ -19,7 +19,7 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION)
#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION)
#error "Only <polkitagent/polkitagent.h> can be included directly, this file may disappear or change contents"
#endif
......
......@@ -19,7 +19,7 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION)
#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION)
#error "Only <polkitagent/polkitagent.h> can be included directly, this file may disappear or change contents"
#endif
......
......@@ -19,7 +19,7 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION)
#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION)
#error "Only <polkitagent/polkitagent.h> can be included directly, this file may disappear or change contents"
#endif
......
......@@ -57,6 +57,7 @@ libpolkit_backend_1_la_SOURCES = \
$(NULL)
libpolkit_backend_1_la_CFLAGS = \
-D_POLKIT_COMPILATION \
-D_POLKIT_BACKEND_COMPILATION \
$(GLIB_CFLAGS) \
$(EGG_DBUS_CFLAGS) \
......
......@@ -24,6 +24,10 @@
#include <polkit/polkit.h>
#if !defined (POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (POLKIT_BACKEND_COMPILATION)
#error "libpolkitbackend is unstable API and subject to change. You must define POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this."
#endif
#define _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H 1
#include <polkitbackend/polkitbackendtypes.h>
#include <polkitbackend/polkitbackendauthority.h>
......
......@@ -21,7 +21,7 @@ polkitd_1_SOURCES = \
$(NULL)
polkitd_1_CFLAGS = \
-I$(top_srcdir)/src \
-DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
-DG_LOG_DOMAIN=\"polkitd-1\" \
$(GLIB_CFLAGS) \
$(NULL)
......
......@@ -24,6 +24,7 @@
#endif
#include <string.h>
#define POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE
#include <polkit/polkit.h>
static PolkitAuthority *authority;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment