| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
All of these are a part of public API with some external users. Do the
minimum to avoid a warning; ideally we should also add a
*_DISABLE_DEPRECATED macro etc.
https://bugs.freedesktop.org/show_bug.cgi?id=63573
|
|
|
|
|
|
| |
This is a good way for distributors to use -fPIE/-pie.
https://bugs.freedesktop.org/attachment.cgi?id=57584
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=58869
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
|
|
|
|
|
| |
As per the intructions in the introspection Makefile, we should have a
line declaring a dependency between the .gir and .la files.
https://bugs.freedesktop.org/show_bug.cgi?id=57077
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Note that otherwise we return a freed server object. Since later in
polkit_agent_listener_register_with_options we check against NULL to
determine failure, this makes for sad times later when we call
server_free() on it again.
https://bugs.freedesktop.org/show_bug.cgi?id=55776
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
|
|
|
|
| |
First, we were using == instead of =, as the author probably intended.
But after changing that, we're now assigning to const memory. Fix
that by writing to a temporary string buffer.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Additionally, add a "fallback" option. Also add support in this in the
pkttyagent(1) program.
This slightly breaks libpolkit-backend API by adding a GVariant* param
to one of the class vfuncs... but that API is already declared
unstable so that's fine.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
| |
This was reported here
https://bugzilla.gnome.org/show_bug.cgi?id=671486
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fix autogen.sh to work when run from the builddir.
Also: switch over to using the gobject-introspection Makefile (which is
out-of-tree safe) instead of hardcoding our own version.
https://bugs.freedesktop.org/show_bug.cgi?id=44599
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Some pam modules may attempt to display multi-line prompts to the
user. In these cases, PolicyKit was failing. This patch fixes the
issue by escaping the prompt before passing it and unescaping it
again.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=39315
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
See https://bugzilla.gnome.org/show_bug.cgi?id=644737#c6 for discussion.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=27253
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
Link polkit_agent_helper_1 against GLIB_LIBS.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In particular ensure that we show
Incorrect permissions on /opt/gnome-shell/install/libexec/polkit-agent-helper-1
as a PAM error message if the permissions on the helper are incorrect
(e.g. if the helper is not setuid root).
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=29816
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes pkexec(1) work when e.g. logging in via ssh(1) or the linux
console but also when using `su -'. Example:
[davidz@x61 ~]$ su - bateman
Password:
[bateman@x61 ~]$ pkexec bash
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/bin/bash' as the super user
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
[root@x61 ~]#
Summary of changes
- Added a PolkitAgentTextListener class
- Add new polkit_agent_listener_register() (and _unregister()) API
- Deprecate polkit_agent_register_listener API
- Allow registering authentication agents for PolkitUnixProcess subjects
and prefer such agents to ones governing the session
- Make PolkitAgentSession use the thread-default GMainContext - otherwise
it won't work in spawned threads
- (finally) use PolkitAgentTextListener in pkexec(1) if authorization
via authentication is possible but no authentication agent was
found
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for the shadow authentication framework instead of PAM.
Enable it by passing --with-authfw=shadow to configure.
This is done by splitting the polkitagenthelper source into separate
parts, one that does auth with PAM, and another that does auth with
shadow, sharing functions where appropriate.
Also, all PAM-dependendent code in all other files has been #ifdef'd.
The only affected file is src/programs/pkexec.c
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
| |
polkit-agent-helper calls pam_end on pam_h without setting pam_h to
NULL. This causes the error handler to call pam_end on the stale
handler if the send_dbus_message procedure fails, which in turn
generates a SIGSEGV.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
| |
libpolkit{agent,backend} use private symbols from libpolkit-gobject.
As we no longer export them, the build fails.
Move those symbols into a separate noinst lib libpolkit-private, which
those three libs can link against.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
| |
Use _polkit_agent_marshal prefix with glib-genmarshal to hide the
(autogenerated) symbols. Update the code accordingly.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
Add -export-symbols-regex '(^polkit_.*) to LDFLAGS for libpolkit*
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few issues with building polkit-0.93 on FreeBSD:
* No clearenv() function on FreeBSD
* While FreeBSD has a /proc, it is deprecated, and kinfo_proc should
be used instead.
* FreeBSD's printf() functions do not support the %m notation. This
is only supported for syslog().
* You can't call GINT_TO_POINTER() on a 64-bit value, as this will
break on 64-bit OSes.
The attached patch fixes these problems. First, a check for
clearenv() is added to configure. Second, I moved the check for
process uid to polkit/polkitunixprocess.c. This may not be ideal, but
it seems to fit, and reduces code duplication. Third, I replaces all
%m with %s ... g_strerror (errno). Finally, I replaced
GINT_TO_POINTER() with GSIZE_TO_POINTER.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
| |
Also change how authentication agents are registered (take a Subject
instead of the session-id) and add convenience functions to
asynchronously construct a PolkitUnixSession object given a process id
(by querying ConsoleKit).
|
| |
|
|
|
|
|
|
| |
This is because bindable GObject APIs should never return or accept a
GHashTable, see http://bugzilla.gnome.org/show_bug.cgi?id=581686#c6
for details.
|
|
|
|
|
| |
Also remove the ObtainAuthorization() call and allow apps to pass
details to CheckAuthorization.
|
| |
|
|
|
|
|
|
| |
The session_id has got to be empty for now. The thinking is that in
the future we might want to register an authentication agent that runs
in secure desktop, e.g. a separate session from the user session.
|
| |
|
| |
|
|
|
|
| |
make -j4 should work now
|
|
|
|
|
| |
Also use @stability in the docs to indicate that the interface is
currently subject to change.
|
| |
|