| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
See https://bugzilla.gnome.org/show_bug.cgi?id=644737#c6 for discussion.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Instead, pass the untranslated message as polkit.message and set the
gettext domain on polkit.gettext_domain. For printf()-style messages,
occurences of the form $(name_of_key) in the translated version of
polkit.message are expanded with the value of the property
name_of_key. See the pkexec(1) mechanism for an example of how to use
this.
Additionally, the property polkit.icon_name can be set to the
icon. Note that not all authentication agents use this - in
particular, gnome-shell does not.
It is no longer possible to set the details to be shown in the
authentication dialog. It was never a good idea to hide information
there anyway. Instead, the mechanism should format a meaningful
message.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This is much easier than writing a PolkitBackendActionLookup class and
installing an extension. On the downside it requires the caller to be
uid 0.
Example: http://people.freedesktop.org/~david/polkit-pass-messages.png
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=29712
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
In particular, avoid crashing for Zombies
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=27253
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Otherwise it's impossible to implement lock buttons.
https://bugs.freedesktop.org/show_bug.cgi?id=32334
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=30438
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Link polkit_agent_helper_1 against GLIB_LIBS.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=27081
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=30653
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
The authentication agent can use information this to inform the user
about the UI application that triggered the authentication request (if
any).
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
In particular ensure that we show
Incorrect permissions on /opt/gnome-shell/install/libexec/polkit-agent-helper-1
as a PAM error message if the permissions on the helper are incorrect
(e.g. if the helper is not setuid root).
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
These are defined in polkitenumtypes.h, don't re-define them.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=29816
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
We don't want this on by default because things like system daemons
(such as libvirtd) are using pkcheck(1) and in some unfortunate cases
these may have a tty attached.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
First of all, there was a glaring bug where we forgot to load the
GKeyFile for /var/run/ConsoleKit/database resulting in criticals like
this:
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
Furthermore, this resulted in the Authority returning "not authorized"
for subjects that should have been authorized. For an example, see
https://bugzilla.redhat.com/show_bug.cgi?id=624125
Fix this bug by calling ensure_database() to make sure the GKeyFile
contains information from /var/run/ConsoleKit/database. Also, since
there is a race (theoretical at least, but see
https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file
monitoring, also ensure that we are using the latest and greatest
version of /var/run/ConsoleKit/database.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This makes pkexec(1) work when e.g. logging in via ssh(1) or the linux
console but also when using `su -'. Example:
[davidz@x61 ~]$ su - bateman
Password:
[bateman@x61 ~]$ pkexec bash
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/bin/bash' as the super user
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
[root@x61 ~]#
Summary of changes
- Added a PolkitAgentTextListener class
- Add new polkit_agent_listener_register() (and _unregister()) API
- Deprecate polkit_agent_register_listener API
- Allow registering authentication agents for PolkitUnixProcess subjects
and prefer such agents to ones governing the session
- Make PolkitAgentSession use the thread-default GMainContext - otherwise
it won't work in spawned threads
- (finally) use PolkitAgentTextListener in pkexec(1) if authorization
via authentication is possible but no authentication agent was
found
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
In particular accept both "unix-process:<pid>,<starttime>" and
"unix-process:<pid>". For the latter, return an error if we cannot
lookup the starttime (for example if the given pid references a
non-existing process).
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Based on a patch from Jonathan Conder <j@skurvy.no-ip.org>, see
https://bugs.freedesktop.org/show_bug.cgi?id=25798
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
No need to export these classes
PolkitBackendActionPool
PolkitBackendSessionMonitor
PolkitBackendConfigSource
PolkitBackendLocalAuthorizationStore
since exporting them means we need to support their API and ABI
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also fix a locking bug.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
... and deprecate polkit_authority_get(). Also fix up locking in
PolkitAuthority.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Based on code from Matthias Clasen <mclasen@redhat.com>.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
There's no need to expose this as public API.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This is better implemented as a separate set of extension to the local
authority. The only current known user, PolkitLockButton, will be
ported away from using these interfaces.
Since polkit still hasn't reached 1.0 this removal of functionality is
OK especially since the NEWS file has already wanred something like
this may happen.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This is hit by the authentication agent in order to display a padlock
when temporary authorizations exist.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
E.g. actually clean up everything before exiting. This makes it much
easier to chase memory leaks.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
