| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Static local variable may not be enough since it doesn't provide locking.
Related to these udisksd warnings:
GLib-GObject-WARNING **: cannot register existing type `PolkitSubject'
Thanks to Hans de Goede for spotting this!
https://bugs.freedesktop.org/show_bug.cgi?id=65130
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=29936
|
|
(Inconsistent options are still accepted.)
https://bugs.freedesktop.org/show_bug.cgi?id=29936
|
|
... as required by GNU coding standards.
https://bugs.freedesktop.org/show_bug.cgi?id=29936
|
|
Convert pkaction and pkttyagent to use GOptionContext.
Don't convert pkcheck and only add --help output text because its
non-standard --details(which requires two arguments) can't be
implemented using GOptionContext.
Don't touch pkexec, in a (futile?) attempt to minimize the amount
of complex code running before authentication.
This leaves the option processing lax as it was (e.g. accepting
contradicting options, ignoring non-option arguments), and should only
affect the handling of --help and behavior when invalid arguments are
detected.
https://bugs.freedesktop.org/show_bug.cgi?id=29936
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=64336
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=64336
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=64336
|
|
Using integers or floating-point numbers could have resulted in a crash.
Use JSVAL_IS_STRING() instead of implicit conversion through
JS_ValueToString(); hopefully this will nudge the rule writer toward
thinking more about the string conversion and the format of the
resulting string.
https://bugs.freedesktop.org/show_bug.cgi?id=63575
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63575
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63575
|
|
From time to time, application developers just copy example
configuration without examining it in details. Because polkit is
typically used to control access to system-level operations, the policy
(and therefore the examples) should limit access to system
administrators only.
|
|
Based on work by Tim Lunn <tim@feathertop.org>, reworked on top of a
regular dynamically-linked js.
https://bugs.freedesktop.org/show_bug.cgi?id=59830
|
|
The new plan is to hard-require JS. See discussion in
https://bugs.freedesktop.org/show_bug.cgi?id=59830
This reverts commit 34cb6353b9affd6c04ea480df5fc39d0ca72319d.
Conflicts:
src/polkitbackend/polkitbackendjsauthority.c
|
|
This is future compatible with mozjs-17.0.
https://bugs.freedesktop.org/show_bug.cgi?id=59830
|
|
JSVAL_TO_STRING would barf on a null value, so don't
claim to handle it.
|
|
See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 .
|
|
... to silence warnings when g-ir-scanner warnings are enabled.
https://bugs.freedesktop.org/show_bug.cgi?id=63573
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63573
|
|
Fold PolkitImplicitAuthorization and PolkitCheckAuthorizationFlags
into the relevant classes in the section list; polkit-1-docs.xml is
already not including the enum documents.
https://bugs.freedesktop.org/show_bug.cgi?id=63573
|
|
All of these are a part of public API with some external users. Do the
minimum to avoid a warning; ideally we should also add a
*_DISABLE_DEPRECATED macro etc.
https://bugs.freedesktop.org/show_bug.cgi?id=63573
|
|
The related new_for_gvariant() is private already, this seems also
intended to be private. searchco.de doesn't show any external users.
https://bugs.freedesktop.org/show_bug.cgi?id=63573
|
|
The XML_ParserCreate_MM one was found by Florian Weimer in
https://bugzilla.redhat.com/show_bug.cgi?id=888728 .
This should cover everything found by valgrind on the JS authority
test, augmented with a call to
polkit_backend_authority_enumerate_actions() to verify the
XML_ParserCreate_MM case.
https://bugs.freedesktop.org/show_bug.cgi?id=63492
|
|
Mainly to avoid deprecation warnings about g_type_init().
https://bugs.freedesktop.org/show_bug.cgi?id=63440
|
|
This is required for WIFEXITED, WEXITSTATUS, WIFSIGNALED,
WTERMSIG. This must have been implicit and nobody noticed, but isn't
with SH4 architecture (Linux, Gentoo, GNU gcc and glibc).
http://bugs.freedesktop.org/show_bug.cgi?id=62220
|
|
For esr17, mozilla have removed many of the custom typedefs and
replaced them with standard types. For example jsuint -> guint32,
uintN -> unsigned and int32 -> gint32.
These changes are backwards compatible with js185
https://bugs.freedesktop.org/show_bug.cgi?id=59781
|
|
Various pam modules provide environment variables that are intended to be set
in the environment of the pam session. pkexec needs to process the output of
pam_getenvlist() to get these.
https://bugs.freedesktop.org/show_bug.cgi?id=62016
|
|
This is a good way for distributors to use -fPIE/-pie.
https://bugs.freedesktop.org/attachment.cgi?id=57584
|
|
This was pointed out in bug 57325.
https://bugs.freedesktop.org/show_bug.cgi?id=57325
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=35685
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=58869
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
The way it works is that if XAUTHORITY is unset, then its default
value is $HOME/.Xauthority. But since we're changing user identity
this will not work since $HOME will now change. Therefore, if
XAUTHORITY is unset, just set its default value before changing
identity. This bug only affected login managers using X Window
Authorization but not explicitly setting the XAUTHORITY variable.
You can argue that XAUTHORITY is broken since it forces uid-changing
apps like pkexec(1) to do more work - and get involved in intimate
details of how X works and so on - but that doesn't change how things
work.
Based on a patch from Peter Wu <lekensteyn@gmail.com>.
https://bugs.freedesktop.org/show_bug.cgi?id=51623
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
The SO-name rules for SpiderMonkey are a little bit weird and we were
opening wrong file. This problem was reported in
https://bugs.freedesktop.org/show_bug.cgi?id=57146
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
A number of downstream distributors have - one way or the other -
requested this feature.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
As per the intructions in the introspection Makefile, we should have a
line declaring a dependency between the .gir and .la files.
https://bugs.freedesktop.org/show_bug.cgi?id=57077
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
Note that otherwise we return a freed server object. Since later in
polkit_agent_listener_register_with_options we check against NULL to
determine failure, this makes for sad times later when we call
server_free() on it again.
https://bugs.freedesktop.org/show_bug.cgi?id=55776
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
For example, this can happen if the wheel group has no members. This
was reported in Red Hat bug 834494, see
https://bugzilla.redhat.com/show_bug.cgi?id=834494
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
This way an authorization rule can do this
return polkit.Result.YES;
which is slightly nicer than
return "yes";
https://bugs.freedesktop.org/show_bug.cgi?id=50983
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
The code for looking up localized strings for action descriptions
was manually trying to break locale names into pieces, but didn't
get it right for e.g. zh_CN.utf-8. Instead, use the GLib function
g_get_locale_variants(), which handles this (and more). This fixes
the translation problem reported in
https://bugzilla.gnome.org/show_bug.cgi?id=665497
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
... although it would be nicer to just rip out the CK bits and simply
hard-require libsystemd-login instead - it should work just fine on
non-systemd systems, same way systemd-udev works fine there.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
First, we were using == instead of =, as the author probably intended.
But after changing that, we're now assigning to const memory. Fix
that by writing to a temporary string buffer.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
... instead of the one I wrote myself.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This also removes the ability to change detail parameters which is
actually a good thing. If we later need a way to change the
authentication message, we can always add something like
polkit.addAuthenticationMessageRule() so the user can register a
function returning a string.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
