| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also, move init code into init.js instead of using a C string for
it...
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Additionally, add a "fallback" option. Also add support in this in the
pkttyagent(1) program.
This slightly breaks libpolkit-backend API by adding a GVariant* param
to one of the class vfuncs... but that API is already declared
unstable so that's fine.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This came up while working on
https://bugzilla.redhat.com/show_bug.cgi?id=804088
and is useful for example if it's not suitable or appropriate to link
against the polkit libraries.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This was reported here
https://bugzilla.gnome.org/show_bug.cgi?id=671486
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also, don't treat the integer returned by sd_session_get_uid() as a
boolean because that's just confusing.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also, don't treat the integer returned by sd_pid_get_session() as a
boolean because that's just confusing. Also, don't confuse memory
supposed to be freed by g_free() and free(3) with each other. See
https://bugzilla.redhat.com/show_bug.cgi?id=787222
for more details.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Fix autogen.sh to work when run from the builddir.
Also: switch over to using the gobject-introspection Makefile (which is
out-of-tree safe) instead of hardcoding our own version.
https://bugs.freedesktop.org/show_bug.cgi?id=44599
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
When configured with --enable-systemd, this patch makes
polkit use systemd for session tracking instead of ConsoleKit.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=43610
Added netgroup support and additional unit tests with MockLibc support.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=43608
Basic unittest support and a few tests. Adds basic unit tests for:
PolkitIdentity, PolkitUnixUser, PolkitUnixGroup,
PolkitBackendLocalAuthorizationStore, and PolkitBackendLocalAuthority.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This allows daemons running as a designated uid to check
authorizations. Based on a patch from Christopher James Halse Rogers
<chalserogers@gmail.com>.
https://bugs.freedesktop.org/show_bug.cgi?id=41025
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
For example, GNOME control center can now defined e.g.
<action id="org.zee.example.meta">
<description>Meta Action</description>
<message>Example of a meta action, blabla</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others</annotate>
</action>
and set up a single GtkLockButton for a PolkitPermission for action id
"org.zee.example.meta".
When unlocked the given subject will now be authorized for the actions
mentioned in the annotation.
Example test program:
int
main (int argc, char *argv[])
{
PolkitSubject *subject;
GtkWidget *window;
GtkWidget *table;
GMainLoop *loop;
guint n;
gtk_init (&argc, &argv);
subject = polkit_unix_process_new (getpid ());
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
table = gtk_table_new (1, 2, FALSE);
for (n = 1; n < argc; n++)
{
const gchar *action_id = argv[n];
GPermission *permission;
GtkWidget *label;
GtkWidget *lock_button;
GError *error = NULL;
label = gtk_label_new (action_id);
permission = polkit_permission_new_sync (action_id, subject, NULL, &error);
if (permission == NULL)
{
g_error ("Error constructing permission for action_id %s: %s (%s, %d)",
action_id, error->message, g_quark_to_string (error->domain), error->code);
goto out;
}
lock_button = gtk_lock_button_new (permission);
g_object_unref (permission);
gtk_table_attach (GTK_TABLE (table), label, 0, 1, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
gtk_table_attach (GTK_TABLE (table), lock_button, 1, 2, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
}
gtk_container_add (GTK_CONTAINER (window), table);
gtk_widget_show_all (window);
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);
out:
;
}
Compile with:
gcc -o showpolkit showpolkit.c `pkg-config --cflags --libs polkit-gobject-1 gtk+-3.0` -g -O0
Run with:
./showpolkit org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others org.zee.example.meta
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Some pam modules may attempt to display multi-line prompts to the
user. In these cases, PolicyKit was failing. This patch fixes the
issue by escaping the prompt before passing it and unescaping it
again.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=39315
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Introduce a new annotation flag "org.freedesktop.policykit.exec.allow_gui"
which will cause pkexec to preserve $DISPLAY and $XAUTHORITY. With this, the
remaining few legacy X11 programs which still need to run as root can finally
be migrated away from gksu (or similar) to pkexec, with the help of some
.polkit files. This will provide a consistent UI and also help with making the
authentication dialogs less spoofable.
Relax validate_environment_variable() to allow '/' in $XAUTHORITY, as this
variable actually is a full path.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
get_localized_data_for_challenge() would call expand_properties() with a NULL
"message" argument, causing a segfault.
|
|
In a nutshell, the parent process may change its uid (either real- or
effective uid) after launching pkexec. It can do this by exec()'ing
e.g. a setuid root program.
To avoid this problem, just use the uid the parent process had when it
executed pkexec. This happens to be the same uid of the pkexec process
itself.
Additionally, remove some dubious code that allowed pkexec to continue
when the parent process died as there is no reason to support
something like that. Also ensure that the pkexec process is killed if
the parent process dies.
This problem was pointed out by Neel Mehta <nmehta@google.com>.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This avoids a TOCTTOU problem.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This is needed to avoid possible TOCTTOU issues since a process can
change both its real uid and effective uid.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
On Linux, also switch to parsing /proc/<pid>/status instead of relying
on the st_uid returned by stat(2) to be the uid we want.
This was pointed out by Neel Mehta <nmehta@google.com>. Thanks!
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
See https://bugzilla.gnome.org/show_bug.cgi?id=644737#c6 for discussion.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Instead, pass the untranslated message as polkit.message and set the
gettext domain on polkit.gettext_domain. For printf()-style messages,
occurences of the form $(name_of_key) in the translated version of
polkit.message are expanded with the value of the property
name_of_key. See the pkexec(1) mechanism for an example of how to use
this.
Additionally, the property polkit.icon_name can be set to the
icon. Note that not all authentication agents use this - in
particular, gnome-shell does not.
It is no longer possible to set the details to be shown in the
authentication dialog. It was never a good idea to hide information
there anyway. Instead, the mechanism should format a meaningful
message.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This is much easier than writing a PolkitBackendActionLookup class and
installing an extension. On the downside it requires the caller to be
uid 0.
Example: http://people.freedesktop.org/~david/polkit-pass-messages.png
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=29712
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
In particular, avoid crashing for Zombies
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=27253
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Otherwise it's impossible to implement lock buttons.
https://bugs.freedesktop.org/show_bug.cgi?id=32334
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=30438
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Link polkit_agent_helper_1 against GLIB_LIBS.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=27081
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=30653
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
The authentication agent can use information this to inform the user
about the UI application that triggered the authentication request (if
any).
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
