| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
... instead of the unsafe g_thread_yield() busy-wait loop.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
... otherwise it things like admin-identities being set to
["unix-group:session"] won't work.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Any backend can now be implemented in JavaScript (if so desired) so we
don't need any of this any more.
Note that the libpolkitbackend library was never declared stable (the
preprocessor symbol POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE had
to be defined) so removing it is not an API/ABI break.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
It's useful to be more specific because we also want an option to
install a systemd .service file which you may not want even if you are
using libsystemd-login...
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
In fact, this test uncovered that we were evaluating the rules in the
wrong order. Fix this.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
... as the man page already says.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
... in addition to /etc/polkit/rules.d.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
We don't even know it and it's not worth reconstructing it.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Much safer and easier this way.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
... and also add polkit.quote() for quoting arguments when
constructing the command-line.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
For example, to set the authentication message, a JS function can
simply do
details["polkit.message"] = "Hey dude, XYZ, I need your password";
This can also be used to pass data back to the mechanism.
To make this work properly, we also introduce a slight change: the
a{ss} passed back to the mechanism (part of the AuthorizationResult
structure) will be initialized with the a{ss} the app passed itself in
the CheckAuthorization() call.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Otherwise it's hard to tell whether 'true' is a string or a boolean...
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also, move init code into init.js instead of using a C string for
it...
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Additionally, add a "fallback" option. Also add support in this in the
pkttyagent(1) program.
This slightly breaks libpolkit-backend API by adding a GVariant* param
to one of the class vfuncs... but that API is already declared
unstable so that's fine.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This came up while working on
https://bugzilla.redhat.com/show_bug.cgi?id=804088
and is useful for example if it's not suitable or appropriate to link
against the polkit libraries.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This was reported here
https://bugzilla.gnome.org/show_bug.cgi?id=671486
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also, don't treat the integer returned by sd_session_get_uid() as a
boolean because that's just confusing.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Also, don't treat the integer returned by sd_pid_get_session() as a
boolean because that's just confusing. Also, don't confuse memory
supposed to be freed by g_free() and free(3) with each other. See
https://bugzilla.redhat.com/show_bug.cgi?id=787222
for more details.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Fix autogen.sh to work when run from the builddir.
Also: switch over to using the gobject-introspection Makefile (which is
out-of-tree safe) instead of hardcoding our own version.
https://bugs.freedesktop.org/show_bug.cgi?id=44599
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
When configured with --enable-systemd, this patch makes
polkit use systemd for session tracking instead of ConsoleKit.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=43610
Added netgroup support and additional unit tests with MockLibc support.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=43608
Basic unittest support and a few tests. Adds basic unit tests for:
PolkitIdentity, PolkitUnixUser, PolkitUnixGroup,
PolkitBackendLocalAuthorizationStore, and PolkitBackendLocalAuthority.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This allows daemons running as a designated uid to check
authorizations. Based on a patch from Christopher James Halse Rogers
<chalserogers@gmail.com>.
https://bugs.freedesktop.org/show_bug.cgi?id=41025
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
For example, GNOME control center can now defined e.g.
<action id="org.zee.example.meta">
<description>Meta Action</description>
<message>Example of a meta action, blabla</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others</annotate>
</action>
and set up a single GtkLockButton for a PolkitPermission for action id
"org.zee.example.meta".
When unlocked the given subject will now be authorized for the actions
mentioned in the annotation.
Example test program:
int
main (int argc, char *argv[])
{
PolkitSubject *subject;
GtkWidget *window;
GtkWidget *table;
GMainLoop *loop;
guint n;
gtk_init (&argc, &argv);
subject = polkit_unix_process_new (getpid ());
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
table = gtk_table_new (1, 2, FALSE);
for (n = 1; n < argc; n++)
{
const gchar *action_id = argv[n];
GPermission *permission;
GtkWidget *label;
GtkWidget *lock_button;
GError *error = NULL;
label = gtk_label_new (action_id);
permission = polkit_permission_new_sync (action_id, subject, NULL, &error);
if (permission == NULL)
{
g_error ("Error constructing permission for action_id %s: %s (%s, %d)",
action_id, error->message, g_quark_to_string (error->domain), error->code);
goto out;
}
lock_button = gtk_lock_button_new (permission);
g_object_unref (permission);
gtk_table_attach (GTK_TABLE (table), label, 0, 1, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
gtk_table_attach (GTK_TABLE (table), lock_button, 1, 2, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
}
gtk_container_add (GTK_CONTAINER (window), table);
gtk_widget_show_all (window);
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);
out:
;
}
Compile with:
gcc -o showpolkit showpolkit.c `pkg-config --cflags --libs polkit-gobject-1 gtk+-3.0` -g -O0
Run with:
./showpolkit org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others org.zee.example.meta
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Some pam modules may attempt to display multi-line prompts to the
user. In these cases, PolicyKit was failing. This patch fixes the
issue by escaping the prompt before passing it and unescaping it
again.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=39315
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
Introduce a new annotation flag "org.freedesktop.policykit.exec.allow_gui"
which will cause pkexec to preserve $DISPLAY and $XAUTHORITY. With this, the
remaining few legacy X11 programs which still need to run as root can finally
be migrated away from gksu (or similar) to pkexec, with the help of some
.polkit files. This will provide a consistent UI and also help with making the
authentication dialogs less spoofable.
Relax validate_environment_variable() to allow '/' in $XAUTHORITY, as this
variable actually is a full path.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
get_localized_data_for_challenge() would call expand_properties() with a NULL
"message" argument, causing a segfault.
|
|
In a nutshell, the parent process may change its uid (either real- or
effective uid) after launching pkexec. It can do this by exec()'ing
e.g. a setuid root program.
To avoid this problem, just use the uid the parent process had when it
executed pkexec. This happens to be the same uid of the pkexec process
itself.
Additionally, remove some dubious code that allowed pkexec to continue
when the parent process died as there is no reason to support
something like that. Also ensure that the pkexec process is killed if
the parent process dies.
This problem was pointed out by Neel Mehta <nmehta@google.com>.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This avoids a TOCTTOU problem.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
This is needed to avoid possible TOCTTOU issues since a process can
change both its real uid and effective uid.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
On Linux, also switch to parsing /proc/<pid>/status instead of relying
on the st_uid returned by stat(2) to be the uid we want.
This was pointed out by Neel Mehta <nmehta@google.com>. Thanks!
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
