summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Revert "build: try harder to avoid systemd/consolekit misconfiguration"baserock/gnomeJavier Jardón2014-07-221-20/+0
| | | | This reverts commit 80a10b589fa606930b0dab2e2613e77b734d9a6b.
* Add morph file to disable man pagesJavier Jardón2014-07-221-0/+6
|
* sessionmonitor-systemd: prepare for D-Bus "user bus" modelKay Sievers2014-06-032-5/+26
| | | | | | | | | | | | In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the the user's "display" session instead. https://bugs.freedesktop.org/show_bug.cgi?id=78905
* polkitd: Fix problem with removing non-existent sourceLukasz Skalski2014-04-221-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=77167
* build: Fix several issues on FreeBSDTing-Wei Lan2014-02-185-2/+36
| | | | | | | | | | 1. Fallback to fsync() if fdatasync() is not available. 2. Check whether setnetgrent() has a return value. 3. Check whether the system has SIGPOLL. 4. Add configure option to disable test. mocklibc cannot be built on FreeBSD because of function prototype conflict. https://bugs.freedesktop.org/show_bug.cgi?id=73821
* pkexec: Support just plain "pkexec" to run shellColin Walters2014-02-182-22/+45
| | | | | | | | I use "pkexec bash" a lot, and it'd be nice to be able to just type "pkexec" and have it do what I want. Like how "su" will run the shell by default. https://bugs.freedesktop.org/show_bug.cgi?id=74933
* PolkitAgentSession: fix race between child and io watchesRui Matos2014-02-091-36/+11
| | | | | | | | | | | | | | | | The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. https://bugs.freedesktop.org/show_bug.cgi?id=60847
* Fix a memory leakMiloslav Trmač2013-12-071-1/+0
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=72426
* pkexec: Work around systemd injecting broken XDG_RUNTIME_DIRColin Walters2013-11-221-3/+30
| | | | | | | | | | This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html
* Use G_GNUC_BEGIN_IGNORE_DEPRECATIONS to avoid warning spamColin Walters2013-11-113-2/+18
| | | | | | | | | In these cases, we can't every drop use of our API which we deprecated for external callers; for example where a (deprecated) command line is invoking the deprecated API. This patch avoids having polkit developers get spammed by unfixable warnings.
* Port internals non-deprecated PolkitProcess API where possibleColin Walters2013-11-112-5/+5
| | | | | We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information.
* PolkitSystemBusName: Retrieve both pid and uidColin Walters2013-11-111-53/+118
| | | | | | | | | | | | For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future.
* sessionmonitor-systemd: Deduplicate code pathsColin Walters2013-11-111-41/+22
| | | | | | | | | | We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. https://bugs.freedesktop.org/show_bug.cgi?id=69538
* Don't discard error data returned by polkit_system_bus_name_get_user_syncMiloslav Trmač2013-11-111-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=71458
* Fixed compilation problem in the backendXabier Rodriguez Calvar2013-11-111-1/+1
|
* examples/cancel: Fix to securely lookup subjectColin Walters2013-11-091-1/+1
| | | | | | | | | | This is just an uninstalled example, but it needed the same fix as was done for pkexec with the 3b12cfac29dddd27f1f166a7574d8374cc1dccf2 commit. This drops use of deprecated API. https://bugs.freedesktop.org/show_bug.cgi?id=69538
* PolkitSystemBusName: Add public API to retrieve Unix userColin Walters2013-11-074-38/+62
| | | | | | | | | And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. https://bugs.freedesktop.org/show_bug.cgi?id=69538
* Post-release version bump to 0.113Miloslav Trmač2013-09-182-1/+33
|
* Update NEWS for release0.112Miloslav Trmač2013-09-181-4/+29
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* pkcheck: Support --process=pid,start-time,uid syntax tooColin Walters2013-09-183-11/+30
| | | | | | | | | | | | | | The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes
* polkitunixprocess: Deprecate racy APIsColin Walters2013-09-181-0/+2
| | | | | | It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact.
* Update the czech once more with newest pot file.Tomas Chvatal2013-06-041-22/+168
| | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=65313 Signed-off-by: Tomas Chvatal <tomas.chvatal@gmail.com>
* Add czech translation po file to distribution.Tomas Chvatal2013-06-032-0/+66
| | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=65313 Signed-off-by: Tomas Chvatal <tomas.chvatal@gmail.com>
* Use GOnce for interface type registrationTomas Bzatek2013-05-293-12/+18
| | | | | | | | | | | Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! https://bugs.freedesktop.org/show_bug.cgi?id=65130
* Post-release version bump to 0.112Miloslav Trmač2013-05-152-1/+31
|
* Update NEWS for release0.111Miloslav Trmač2013-05-151-5/+69
|
* Fix inclusion of COPYING into documentation with srcdir != builddirMiloslav Trmač2013-05-151-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=64197
* Exit pkaction with status 0 on successMiloslav Trmač2013-05-131-0/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=29936
* Refuse unrecognized command-line operandsMiloslav Trmač2013-05-133-0/+18
| | | | | | (Inconsistent options are still accepted.) https://bugs.freedesktop.org/show_bug.cgi?id=29936
* Add bug reporting address and home page to --help outputMiloslav Trmač2013-05-135-3/+22
| | | | | | ... as required by GNU coding standards. https://bugs.freedesktop.org/show_bug.cgi?id=29936
* Fix package version / bug report address mixingMiloslav Trmač2013-05-131-2/+2
| | | | | | | | | | PACKAGE_VERSION curently contains the mailing list address as well; this leaks into output of --version and other places. While at it, update AM_INIT_AUTOMAKE to the new form and use correct m4 quoting at least for these lines. https://bugs.freedesktop.org/show_bug.cgi?id=29936
* Don't spawn man for --helpMiloslav Trmač2013-05-134-186/+141
| | | | | | | | | | | | | | | | | | Convert pkaction and pkttyagent to use GOptionContext. Don't convert pkcheck and only add --help output text because its non-standard --details(which requires two arguments) can't be implemented using GOptionContext. Don't touch pkexec, in a (futile?) attempt to minimize the amount of complex code running before authentication. This leaves the option processing lax as it was (e.g. accepting contradicting options, ignoring non-option arguments), and should only affect the handling of --help and behavior when invalid arguments are detected. https://bugs.freedesktop.org/show_bug.cgi?id=29936
* Remove an unused va_startMiloslav Trmač2013-05-071-1/+0
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=64336
* Fix a memory leakMiloslav Trmač2013-05-071-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=64336
* Drop unused variableMiloslav Trmač2013-05-071-5/+0
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=64336
* Refuse non-string parameters to Polkit.spawn()Miloslav Trmač2013-05-061-0/+6
| | | | | | | | | | | Using integers or floating-point numbers could have resulted in a crash. Use JSVAL_IS_STRING() instead of implicit conversion through JS_ValueToString(); hopefully this will nudge the rule writer toward thinking more about the string conversion and the format of the resulting string. https://bugs.freedesktop.org/show_bug.cgi?id=63575
* Fix handling of null returned from _runRulesMiloslav Trmač2013-05-061-6/+6
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=63575
* Fix a TypeError when no admin rules are registeredMiloslav Trmač2013-05-061-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=63575
* More warnings about using auth_self*Miloslav Trmač2013-05-062-4/+28
| | | | | | Suggested by Colin Walters. https://bugs.freedesktop.org/show_bug.cgi?id=57284
* Use auth_admin* instead of auth_self* in examplesMiloslav Trmač2013-05-063-4/+4
| | | | | | | | From time to time, application developers just copy example configuration without examining it in details. Because polkit is typically used to control access to system-level operations, the policy (and therefore the examples) should limit access to system administrators only.
* man: Fix pkaction man page wrt to --action-id optionMichael Biebl2013-05-061-1/+1
| | | | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641527
* jsauthority: Work with mozjs-17.0 tooColin Walters2013-04-232-7/+57
| | | | | | | Based on work by Tim Lunn <tim@feathertop.org>, reworked on top of a regular dynamically-linked js. https://bugs.freedesktop.org/show_bug.cgi?id=59830
* Revert "Dynamically load libmozjs185.so and cope with it not being available"Colin Walters2013-04-232-304/+147
| | | | | | | | | | The new plan is to hard-require JS. See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=59830 This reverts commit 34cb6353b9affd6c04ea480df5fc39d0ca72319d. Conflicts: src/polkitbackend/polkitbackendjsauthority.c
* jsauthority: Use JSVAL_NULL rather than {0} struct initializationColin Walters2013-04-231-6/+6
| | | | | | This is future compatible with mozjs-17.0. https://bugs.freedesktop.org/show_bug.cgi?id=59830
* jsauthority: We can really only handle a stringColin Walters2013-04-231-1/+1
| | | | | JSVAL_TO_STRING would barf on a null value, so don't claim to handle it.
* Add a FIXME to polkitprivate.hMiloslav Trmač2013-04-181-0/+10
| | | | See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 .
* Add annotations for element types of returned listsMiloslav Trmač2013-04-152-16/+16
| | | | | | ... to silence warnings when g-ir-scanner warnings are enabled. https://bugs.freedesktop.org/show_bug.cgi?id=63573
* Fix an obvious docstring typo.Miloslav Trmač2013-04-151-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=63573
* Fold enum documentation into relevant classesMiloslav Trmač2013-04-152-25/+3
| | | | | | | | Fold PolkitImplicitAuthorization and PolkitCheckAuthorizationFlags into the relevant classes in the section list; polkit-1-docs.xml is already not including the enum documents. https://bugs.freedesktop.org/show_bug.cgi?id=63573
* Document deprecated functions.Miloslav Trmač2013-04-153-0/+19
| | | | | | | | All of these are a part of public API with some external users. Do the minimum to avoid a warning; ideally we should also add a *_DISABLE_DEPRECATED macro etc. https://bugs.freedesktop.org/show_bug.cgi?id=63573
View Lorry Controller Status