1. 14 Nov, 2012 1 commit
  2. 11 Jul, 2012 1 commit
  3. 06 Jul, 2012 1 commit
  4. 07 Jun, 2012 1 commit
  5. 04 Jun, 2012 3 commits
  6. 25 May, 2012 1 commit
  7. 24 May, 2012 3 commits
  8. 23 May, 2012 5 commits
  9. 22 May, 2012 6 commits
  10. 21 May, 2012 5 commits
  11. 20 May, 2012 2 commits
  12. 12 Apr, 2012 1 commit
  13. 11 Apr, 2012 1 commit
  14. 22 Dec, 2011 1 commit
  15. 06 Dec, 2011 1 commit
  16. 18 Oct, 2011 1 commit
  17. 20 Sep, 2011 1 commit
    • David Zeuthen's avatar
      Add support for the org.freedesktop.policykit.imply annotation · 6bbd5189
      David Zeuthen authored
      For example, GNOME control center can now defined e.g.
      
        <action id="org.zee.example.meta">
          <description>Meta Action</description>
          <message>Example of a meta action, blabla</message>
          <defaults>
            <allow_any>no</allow_any>
            <allow_inactive>no</allow_inactive>
            <allow_active>auth_admin_keep</allow_active>
          </defaults>
          <annotate key="org.freedesktop.policykit.imply">org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others</annotate>
        </action>
      
      and set up a single GtkLockButton for a PolkitPermission for action id
      "org.zee.example.meta".
      
      When unlocked the given subject will now be authorized for the actions
      mentioned in the annotation.
      
      Example test program:
      
      int
      main (int argc, char *argv[])
      {
        PolkitSubject *subject;
        GtkWidget *window;
        GtkWidget *table;
        GMainLoop *loop;
        guint n;
      
        gtk_init (&argc, &argv);
      
        subject = polkit_unix_process_new (getpid ());
      
        window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
      
        table = gtk_table_new (1, 2, FALSE);
        for (n = 1; n < argc; n++)
          {
            const gchar *action_id = argv[n];
            GPermission *permission;
            GtkWidget *label;
            GtkWidget *lock_button;
            GError *error = NULL;
      
            label = gtk_label_new (action_id);
      
            permission = polkit_permission_new_sync (action_id, subject, NULL, &error);
            if (permission == NULL)
              {
                g_error ("Error constructing permission for action_id %s: %s (%s, %d)",
                         action_id, error->message, g_quark_to_string (error->domain), error->code);
                goto out;
              }
            lock_button = gtk_lock_button_new (permission);
            g_object_unref (permission);
      
            gtk_table_attach (GTK_TABLE (table), label,       0, 1, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
            gtk_table_attach (GTK_TABLE (table), lock_button, 1, 2, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
          }
        gtk_container_add (GTK_CONTAINER (window), table);
      
        gtk_widget_show_all (window);
      
        loop = g_main_loop_new (NULL, FALSE);
        g_main_loop_run (loop);
      
       out:
        ;
      }
      
      Compile with:
      
       gcc -o showpolkit showpolkit.c `pkg-config --cflags --libs polkit-gobject-1 gtk+-3.0` -g -O0
      
      Run with:
      
       ./showpolkit org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others org.zee.example.meta
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      6bbd5189
  18. 01 Aug, 2011 1 commit
    • Martin Pitt's avatar
      Bug 38769 — pkexec: Support running X11 apps · 7850d270
      Martin Pitt authored
      Introduce a new annotation flag "org.freedesktop.policykit.exec.allow_gui"
      which will cause pkexec to preserve $DISPLAY and $XAUTHORITY. With this, the
      remaining few legacy X11 programs which still need to run as root can finally
      be migrated away from gksu (or similar) to pkexec, with the help of some
      .polkit files. This will provide a consistent UI and also help with making the
      authentication dialogs less spoofable.
      
      Relax validate_environment_variable() to allow '/' in $XAUTHORITY, as this
      variable actually is a full path.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      7850d270
  19. 03 Mar, 2011 1 commit
    • David Zeuthen's avatar
      Deprecated PolkitBackendActionLookup · 02cebdb0
      David Zeuthen authored
      Instead, pass the untranslated message as polkit.message and set the
      gettext domain on polkit.gettext_domain. For printf()-style messages,
      occurences of the form $(name_of_key) in the translated version of
      polkit.message are expanded with the value of the property
      name_of_key. See the pkexec(1) mechanism for an example of how to use
      this.
      
      Additionally, the property polkit.icon_name can be set to the
      icon. Note that not all authentication agents use this - in
      particular, gnome-shell does not.
      
      It is no longer possible to set the details to be shown in the
      authentication dialog. It was never a good idea to hide information
      there anyway. Instead, the mechanism should format a meaningful
      message.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      02cebdb0
  20. 23 Feb, 2011 2 commits
  21. 22 Feb, 2011 1 commit