summaryrefslogtreecommitdiff
path: root/data/org.freedesktop.PolicyKit1.Authority.xml
Commit message (Collapse)AuthorAgeFilesLines
* docs: Update for changes to uid binding/AuthenticationAgentResponse2Miloslav Trmač2015-06-171-4/+7
| | | | | | | | | | | | | | | | - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters <walters@redhat.com>
* CVE-2015-4625: Bind use of cookies to specific uidsColin Walters2015-06-171-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač <mitr@redhat.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy <taviso@google.com> Reviewed-by: Miloslav Trmač <mitr@redhat.com> Signed-off-by: Colin Walters <walters@redhat.com>
* Add methods AddLockdownForAction() and RemoveLockdownForAction()David Zeuthen2009-11-111-2/+18
| | | | Now to implement this in the interactive authority...
* Clarify when AllowUserInteraction should and shouldn't be usedDavid Zeuthen2009-09-291-1/+1
| | | | See https://bugzilla.redhat.com/show_bug.cgi?id=526053 for more details.
* Add properties with information about the currently used authorityDavid Zeuthen2009-09-161-0/+31
| | | | | Also bump requirement on EggDBus to 0.6 (to be released later) for a bug-fix with flag properties.
* Implement lockdown for the Local Authority implementationDavid Zeuthen2009-09-121-1/+1
|
* Add polkit.retains_authorization_after_challenge to authz resultDavid Zeuthen2009-07-281-1/+1
| | | | | | | | | | | Also make this and other details available via methods on the PolkitAuthorizationResult object. See this and surrounding messages http://lists.freedesktop.org/archives/polkit-devel/2009-July/000189.html for more information.
* Allow unprivileged callers to check authorizationsDavid Zeuthen2009-07-261-2/+10
| | | | | | | | | But only allow this if - the caller and the subject being checked is the same user - no details are passed (otherwise dialogs can be spoofed) Also add a RevokeTemporaryAuthorizationById() method.
* Add support for querying and revoking temporary authorizationsDavid Zeuthen2009-07-201-6/+64
| | | | | | | Also change how authentication agents are registered (take a Subject instead of the session-id) and add convenience functions to asynchronously construct a PolkitUnixSession object given a process id (by querying ConsoleKit).
* Expand on the D-Bus docsDavid Zeuthen2009-06-081-7/+14
|
* Clarify docs for is_challenge member of the AuthorizationResult structDavid Zeuthen2009-05-291-1/+1
|
* Add a pkexec(1) commandDavid Zeuthen2009-05-151-1/+1
|
* Change the PolkitAuthorizationResult enumeration into an objectDavid Zeuthen2009-05-131-11/+13
|
* Only allow privileged apps to check authz and add ActionLookup interfaceDavid Zeuthen2009-05-131-27/+8
| | | | | Also remove the ObtainAuthorization() call and allow apps to pass details to CheckAuthorization.
* add the ObtainAuthorization() method and use in for the 'polkit-1 run' commandDavid Zeuthen2009-02-091-0/+47
| | | | Also add an example for this.
* implement cancellation of authorization checksDavid Zeuthen2009-02-081-1/+22
| | | | Also add a short example to test this.
* make authentication agents pass a session_id parameterDavid Zeuthen2009-02-081-1/+9
| | | | | | The session_id has got to be empty for now. The thinking is that in the future we might want to register an authentication agent that runs in secure desktop, e.g. a separate session from the user session.
* update for latest EggDBus changesDavid Zeuthen2009-02-071-26/+26
|
* fix up the D-Bus docs somewhatDavid Zeuthen2009-02-051-30/+45
|
* use new eggdbus feature to include enums/structs docs in the interface docsDavid Zeuthen2009-02-041-105/+105
|
* add docs for the Authority D-Bus interfaceDavid Zeuthen2009-02-031-6/+29
|
* move management functions to a separate D-Bus interface and GObject classDavid Zeuthen2009-02-011-61/+0
| | | | | | This will allow us, in the near future, to declare org.fd.PK1.Authority and PolkitAuthority as stable while allowing changes to how we manage the (local) authority even after 1.0.
* add Changed() signal that is fired when actions/authorizations changeDavid Zeuthen2009-01-271-0/+4
|
* finish authentication agent integrationDavid Zeuthen2009-01-211-0/+11
| | | | Yay, it works!
* add enumeration and handling of implicit authorizationsDavid Zeuthen2009-01-201-3/+51
| | | | Now to actually use them...
* add infrastructure for registering/unregistering authentication agentsDavid Zeuthen2009-01-201-0/+12
|
* split Subject into Subject and Identity and revise APIDavid Zeuthen2009-01-191-11/+31
| | | | ... also remove EnumerateSessions
* add remaining glue for {Add,Remove,Enumerate}AuthorizationDavid Zeuthen2009-01-181-12/+15
| | | | Now to finish implementing the local files backend....
* rename CheckClaim() to CheckAuthorization()David Zeuthen2009-01-181-15/+50
| | | | | Also get rid of AuthorizationClaim type and add D-Bus prototypes for a couple of other methods.
* add checks for whether someone is authorized to check authorizationsDavid Zeuthen2009-01-181-0/+3
|
* add PolkitUnixSession and associcated functionsDavid Zeuthen2009-01-161-3/+15
|
* remove attributes from AuthorizationClaim and CheckClaim()David Zeuthen2009-01-161-7/+1
|
* add polkit-1 man page and rework cmd/options handlingDavid Zeuthen2009-01-111-0/+1
|
* add serialization for subjects and implement Enumerate{Users,Groups}David Zeuthen2009-01-071-0/+4
|
* add subject interface and some classes implementing this interfaceDavid Zeuthen2009-01-061-5/+0
|
* update to latest EggDBus and rework how things are doneDavid Zeuthen2009-01-061-19/+41
|
* rework AuthorizationClaim to be a GInterface so we can pass it over D-BusDavid Zeuthen2008-12-071-0/+19
|
* turn PolkitActionDescription into an user defined structDavid Zeuthen2008-12-071-2/+30
| | | | | Now to port the XML parser and land it in polkitbackend so backends can easily implement EnumerateActions().
* use eggdbus to generate the AuthorizationResult enumerationDavid Zeuthen2008-12-071-1/+15
|
* change code style to be like GLib and generate error domainDavid Zeuthen2008-12-071-3/+13
| | | | Also port to use non-reffing structs in EggDBus HEAD.
* implement EnumerateUsers()David Zeuthen2008-12-031-7/+10
|
* initial commitDavid Zeuthen2008-11-061-0/+19
View Lorry Controller Status