Browse Source

Imported Upstream version 0.8

tags/upstream/0.8^0
Michael Biebl 12 years ago
parent
commit
2cd494cb49
100 changed files with 4730 additions and 5766 deletions
  1. +758
    -27
      ChangeLog
  2. +4
    -1
      INSTALL
  3. +28
    -21
      Makefile.in
  4. +69
    -0
      NEWS
  5. +47
    -30
      aclocal.m4
  6. +15
    -0
      config.h.in
  7. +431
    -118
      configure
  8. +99
    -10
      configure.in
  9. +1
    -1
      data/Makefile.am
  10. +6
    -4
      data/Makefile.in
  11. +19
    -14
      depcomp
  12. +10
    -9
      doc/Makefile.in
  13. +4
    -0
      doc/TODO
  14. +6
    -6
      doc/html/PolicyKit.8.html
  15. +15
    -15
      doc/html/PolicyKit.conf.5.html
  16. +4
    -4
      doc/html/beyond-defaults.html
  17. +8
    -40
      doc/html/index.html
  18. +13
    -84
      doc/html/index.sgml
  19. +2
    -2
      doc/html/intro-define-problem.html
  20. +2
    -2
      doc/html/introduction.html
  21. +5
    -5
      doc/html/ix01.html
  22. +85
    -83
      doc/html/ix02.html
  23. +19
    -620
      doc/html/ix03.html
  24. +539
    -0
      doc/html/ix04.html
  25. +4
    -4
      doc/html/license.html
  26. +2
    -2
      doc/html/model-authentication-agent.html
  27. +2
    -2
      doc/html/model-concepts.html
  28. +2
    -2
      doc/html/model-theory-of-operation.html
  29. +2
    -2
      doc/html/model.html
  30. +7
    -7
      doc/html/polkit-action.1.html
  31. +139
    -16
      doc/html/polkit-auth.1.html
  32. +16
    -3
      doc/html/polkit-conf.html
  33. +6
    -6
      doc/html/polkit-config-file-validate.1.html
  34. +0
    -130
      doc/html/polkit-kit-entity.html
  35. +0
    -184
      doc/html/polkit-kit-file.html
  36. +0
    -715
      doc/html/polkit-kit-hash.html
  37. +0
    -364
      doc/html/polkit-kit-list.html
  38. +0
    -244
      doc/html/polkit-kit-memory.html
  39. +0
    -132
      doc/html/polkit-kit-message.html
  40. +0
    -210
      doc/html/polkit-kit-spawn.html
  41. +0
    -930
      doc/html/polkit-kit-string.html
  42. +0
    -158
      doc/html/polkit-kit-test.html
  43. +0
    -199
      doc/html/polkit-kit.html
  44. +6
    -6
      doc/html/polkit-policy-file-validate.1.html
  45. +140
    -27
      doc/html/polkit-polkit-action.html
  46. +220
    -56
      doc/html/polkit-polkit-authorization-constraint.html
  47. +57
    -57
      doc/html/polkit-polkit-authorization-db.html
  48. +46
    -46
      doc/html/polkit-polkit-authorization.html
  49. +43
    -43
      doc/html/polkit-polkit-caller.html
  50. +25
    -25
      doc/html/polkit-polkit-config.html
  51. +50
    -50
      doc/html/polkit-polkit-context.html
  52. +45
    -45
      doc/html/polkit-polkit-dbus.html
  53. +25
    -25
      doc/html/polkit-polkit-error.html
  54. +50
    -50
      doc/html/polkit-polkit-grant.html
  55. +30
    -30
      doc/html/polkit-polkit-policy-cache.html
  56. +41
    -41
      doc/html/polkit-polkit-policy-default.html
  57. +53
    -53
      doc/html/polkit-polkit-policy-file-entry.html
  58. +22
    -22
      doc/html/polkit-polkit-policy-file.html
  59. +16
    -16
      doc/html/polkit-polkit-result.html
  60. +25
    -25
      doc/html/polkit-polkit-seat.html
  61. +45
    -45
      doc/html/polkit-polkit-session.html
  62. +195
    -19
      doc/html/polkit-polkit-simple.html
  63. +116
    -17
      doc/html/polkit-polkit-sysdeps.html
  64. +21
    -21
      doc/html/polkit-polkit-types.html
  65. +2
    -2
      doc/html/polkit-spec-history.html
  66. +60
    -151
      doc/html/polkit.devhelp
  67. +61
    -152
      doc/html/polkit.devhelp2
  68. +4
    -4
      doc/html/ref-core.html
  69. +2
    -2
      doc/html/ref-design.html
  70. +0
    -84
      doc/html/ref-internal.html
  71. +2
    -2
      doc/html/tools-fileformats.html
  72. +4
    -2
      doc/man/Makefile.in
  73. +142
    -10
      doc/man/polkit-auth.xml
  74. +3
    -21
      doc/polkit-docs.xml
  75. +11
    -0
      doc/polkit-sections.txt
  76. +14
    -1
      doc/spec/polkit-spec-configuration.xml
  77. +1
    -1
      doc/tmpl/kit-hash.sgml
  78. +1
    -1
      doc/tmpl/kit-list.sgml
  79. +3
    -3
      doc/tmpl/kit-spawn.sgml
  80. +28
    -0
      doc/tmpl/polkit-action.sgml
  81. +38
    -0
      doc/tmpl/polkit-authorization-constraint.sgml
  82. +34
    -0
      doc/tmpl/polkit-simple.sgml
  83. +11
    -0
      doc/tmpl/polkit-sysdeps.sgml
  84. +1
    -1
      doc/version.xml
  85. +9
    -9
      doc/xml/kit-hash.xml
  86. +9
    -9
      doc/xml/kit-list.xml
  87. +9
    -9
      doc/xml/kit-spawn.xml
  88. +7
    -2
      doc/xml/kit.xml
  89. +66
    -0
      doc/xml/polkit-action.xml
  90. +118
    -15
      doc/xml/polkit-authorization-constraint.xml
  91. +1
    -1
      doc/xml/polkit-context.xml
  92. +123
    -0
      doc/xml/polkit-simple.xml
  93. +86
    -4
      doc/xml/polkit-sysdeps.xml
  94. +120
    -108
      install-sh
  95. +16
    -2
      intltool-extract.in
  96. +87
    -32
      intltool-merge.in
  97. +7
    -5
      intltool-update.in
  98. +4
    -4
      po/Makefile.in.in
  99. +4
    -2
      policy/Makefile.in
  100. +2
    -2
      policy/org.freedesktop.policykit.policy

+ 758
- 27
ChangeLog View File

@@ -1,3 +1,734 @@
commit b9c851f19dacd1dfeb92da836c183f7a90b06186
Author: David Zeuthen <davidz@redhat.com>
Date: Wed Apr 16 22:06:15 2008 -0400

update NEWS for release

NEWS | 63
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 62 insertions(+), 1 deletions(-)

commit 12582dad6560b2df9e3ea9e87a74419973908a47
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 15 21:03:26 2008 -0400

be careful about what symbols we export

src/polkit-dbus/Makefile.am | 9 ++--
src/polkit-dbus/polkit-dbus.c | 4 +-
src/polkit-grant/Makefile.am | 10 +++--
src/polkit/Makefile.am | 3 +-
src/polkit/polkit-action.c | 2 +-
src/polkit/polkit-authorization-constraint.c | 2 +-
src/polkit/polkit-authorization-db.c | 2 +-
src/polkit/polkit-authorization.c | 14 +++---
src/polkit/polkit-caller.c | 4 +-
src/polkit/polkit-config.c | 44 ++++++++++----------
src/polkit/polkit-context.c | 56
+++++++++++++-------------
src/polkit/polkit-debug.c | 10 +++--
src/polkit/polkit-debug.h | 4 +-
src/polkit/polkit-policy-cache.c | 8 ++--
src/polkit/polkit-policy-default.c | 16 ++++----
src/polkit/polkit-policy-file-entry.c | 6 +-
src/polkit/polkit-policy-file.c | 2 +-
src/polkit/polkit-seat.c | 2 +-
src/polkit/polkit-session.c | 6 +-
src/polkit/polkit-utils.c | 6 +-
tools/Makefile.am | 4 +-
21 files changed, 110 insertions(+), 104 deletions(-)

commit 1c4b06620cba12e8c22f2c6f22a7503436456fb2
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Apr 11 19:19:58 2008 -0400

ensure object is first in the list/hash iterator callback functions

This is useful for passing free / unref functions in.

src/kit/kit-hash.c | 12 ++++++------
src/kit/kit-hash.h | 8 ++++----
src/kit/kit-list.c | 6 +++---
src/kit/kit-list.h | 8 ++++----
src/polkit-dbus/polkit-dbus.c | 18 +++++++++---------
src/polkit/polkit-authorization-db.c | 2 +-
src/polkit/polkit-policy-file-entry.c | 10 +++++-----
7 files changed, 32 insertions(+), 32 deletions(-)

commit ea980bee14b790294ad644972be62ec3739a992f
Author: David Zeuthen <davidz@redhat.com>
Date: Thu Apr 10 12:47:13 2008 -0400

print warning to stderr if a policy file is malformed and we're
ignoring it

src/polkit/polkit-policy-cache.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

commit 149a3df1926c24b51b0f0336ac051473aed980fe
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 8 16:57:43 2008 -0400

fix issue where users allowed to change defaults can delete override
files

More details at

https://bugzilla.novell.com/show_bug.cgi?id=295341#c25

NEWS | 8 +++++++
configure.in | 7 ++++-
src/polkit-dbus/Makefile.am | 8 +++---
src/polkit-dbus/polkit-set-default-helper.c | 31
+++++++++-----------------
src/polkit/Makefile.am | 14 ++++++------
src/polkit/polkit-policy-file-entry.c | 4 +-
6 files changed, 37 insertions(+), 35 deletions(-)

commit 99310128ad956bdc1a27853a9f0274171c7aee40
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 8 15:51:39 2008 -0400

don't include libkit api docs

doc/polkit-docs.xml | 21 ---------------------
1 files changed, 0 insertions(+), 21 deletions(-)

commit 31da733c5b97a830afd92db6259e01a4cf9f5bd6
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 8 15:48:38 2008 -0400

fix build when tests are disabled

src/kit/kit-memory.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)

commit 228a6ec9691c7382a9794c79e34dbf1f5316528b
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 8 15:42:46 2008 -0400

don't leak the copied authorizations list on OOM

Now the test suite passes again.

src/kit/kit-list.c | 6 ++++--
src/polkit/polkit-authorization-db.c | 10 ++++++++--
2 files changed, 12 insertions(+), 4 deletions(-)

commit fdea41e34e67f4007ab8705dccfaede4b9e95304
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 8 15:41:54 2008 -0400

clear the right block when growing a string

src/kit/kit-string.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

commit d0d42aa293e8784c5a47f9cf8acf92236a51a414
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Apr 8 15:41:11 2008 -0400

print stack traces for where leaks were allocated

src/kit/kit-memory.c | 84
++++++++++++++++++++++++++++++++++++++++++++++++++
src/kit/kit-memory.h | 1 +
src/kit/kit-test.c | 4 ++-
3 files changed, 88 insertions(+), 1 deletions(-)

commit 00b85cf33fde2117ec1ea6fd89eb50fdb4d67be4
Author: Jim Li <Jim.Li@Sun.COM>
Date: Tue Apr 8 12:27:37 2008 -0400

add support for Solaris platform

Add support for Solaris platform. The patch contains some implement
for GNU library extentsion function which isn't support by Solaris,
for instance, vasprintf(), strndup(), clearenv(), and clearenv(). Also
rewriting some code which Sun compiler doesn't support, such as empty
union name.

configure.in | 18 +++-
src/kit/kit-file.h | 3 +
src/kit/kit-message.h | 5 +
src/kit/kit-spawn.c | 106 ++++++++--------
src/kit/kit-spawn.h | 6 +-
src/kit/kit-string.c | 20 +++
src/kit/kit-string.h | 4 +
src/kit/kit-test.c | 7 +
src/kit/kit.h | 6 +
src/polkit-dbus/polkit-read-auth-helper.c | 11 ++
src/polkit-dbus/polkit-resolve-exe-helper.c | 11 ++
src/polkit-dbus/polkit-set-default-helper.c | 11 ++
src/polkit-grant/polkit-explicit-grant-helper.c | 11 ++
src/polkit-grant/polkit-grant-helper-pam.c | 14 ++
src/polkit-grant/polkit-grant-helper.c | 11 ++
src/polkit-grant/polkit-grant.c | 44 +++++++
src/polkit-grant/polkit-revoke-helper.c | 11 ++
src/polkit/polkit-authorization-constraint.c | 30 +++---
src/polkit/polkit-context.c | 150
+++++++++++++++++++++++
src/polkit/polkit-debug.h | 4 +
src/polkit/polkit-error.h | 4 +
src/polkit/polkit-policy-cache.c | 3 +
src/polkit/polkit-policy-file.c | 20 +++
src/polkit/polkit-sysdeps.c | 56 +++++++++
tools/polkit-auth.c | 3 +
25 files changed, 496 insertions(+), 73 deletions(-)

commit 5bc86a14cc0e356bcf8b5f861674f842869b1be7
Author: Kees Cook <kees@outflux.net>
Date: Fri Apr 4 02:26:30 2008 -0400

fix for CVE-2008-1658: format string vulnerability in password input

http://bugs.freedesktop.org/show_bug.cgi?id=15295

configure.in | 10 ++++++++++
src/polkit-grant/polkit-grant-helper.c | 4 ++--
2 files changed, 12 insertions(+), 2 deletions(-)

commit 26c3fcb99014dcf1f01c6e9c5a7cb6db3e63b423
Author: David Zeuthen <davidz@redhat.com>
Date: Mon Mar 17 02:27:00 2008 -0400

remove more debug spew

src/polkit/polkit-authorization-db.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)

commit d6c6cd0838de24672996c241d6a7154e6bfea997
Author: David Zeuthen <davidz@redhat.com>
Date: Mon Mar 17 02:26:08 2008 -0400

remove debug spew

src/polkit-grant/polkit-revoke-helper.c | 1 -
src/polkit/polkit-authorization-db.c | 2 --
2 files changed, 0 insertions(+), 3 deletions(-)

commit 3c25a1759cf0795adcb199edbc762dd31599a815
Author: David Zeuthen <davidz@redhat.com>
Date: Mon Mar 17 02:21:02 2008 -0400

invalidate memory cache after revoking one shot authorization

src/kit/kit-list.c | 28 ++++++++++++++++++++++++++++
src/kit/kit-list.h | 1 +
src/polkit/polkit-authorization-db.c | 25 ++++++++++++++++++++++---
src/polkit/polkit-context.c | 2 +-
4 files changed, 52 insertions(+), 4 deletions(-)

commit 5fbde20956aab779fd9dc50b512564f544ff8170
Author: Jim Meyering <meyering@redhat.com>
Date: Tue Mar 4 14:21:29 2008 +0100

handle kit_strdup failure.

* tools/polkit-policy-file-validate.c (validate_file):

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>

tools/polkit-policy-file-validate.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

commit 038354db125c1471d283c30dbade9fbb7e1eefb1
Author: Jim Meyering <meyering@redhat.com>
Date: Tue Mar 4 14:19:45 2008 +0100

avoid unnecessary/leaky use of strdup.

* polkit-grant-helper.c (main): Move the declaration of "buf"
to the outer scope and use a pointer into it, instead.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>

src/polkit-grant/polkit-grant-helper.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

commit a8a97bc37d08da95b4e7a7907ba18a5e8447bc7e
Author: Jim Meyering <meyering@redhat.com>
Date: Tue Mar 4 14:09:52 2008 +0100

(do_auth): rename local: s/buf/password/

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>

src/polkit-grant/polkit-grant-helper-shadow.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)

commit 83445eb999c5e595f122a03e3a094a0d7941e67e
Author: Jim Meyering <meyering@redhat.com>
Date: Tue Mar 4 11:14:10 2008 +0100

remove unnecessary strdup.

* src/polkit-grant/polkit-grant-helper-shadow.c (do_auth):

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>

src/polkit-grant/polkit-grant-helper-shadow.c | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)

commit 798208df31032eb028b004442119a77f1bd0bb76
Author: Jim Meyering <meyering@redhat.com>
Date: Tue Mar 4 11:12:48 2008 +0100

handle kit_strdup_printf failure.

* src/polkit-dbus/polkit-dbus.c (polkit_caller_new_from_pid):

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>

src/polkit-dbus/polkit-dbus.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

commit c50aeb847526c51bfdc613067a361a4f64d60dcd
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Mar 4 16:12:43 2008 -0500

clarify docs for POLKIT_AUTHORIZATION_CONSTRAINT_TYPE_REQUIRE_EXE

src/polkit/polkit-authorization-constraint.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

commit 4aa626d0f8b9bf9a72880a567e48f472228eca8c
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Mar 4 15:10:24 2008 -0500

don't check key/values in KitHash; they are not neccesarily pointers

src/kit/kit-hash.c | 10 ++--------
1 files changed, 2 insertions(+), 8 deletions(-)

commit cef9da3c48fd209b581654a4a6735147b7c0d52e
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Feb 29 13:56:24 2008 -0500

fix typo in docs for polkit_dbus_error_parse_from_strings()

src/polkit-dbus/polkit-simple.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

commit d6d484216780acedf1545354464753528808bb09
Author: David Zeuthen <davidz@redhat.com>
Date: Thu Feb 28 12:28:39 2008 -0500

also add polkit_dbus_error_parse_from_strings() function

This is useful when using D-Bus bindings, such as dbus-glib, that
don't expose the DBusError object directly.

src/polkit-dbus/polkit-simple.c | 34 +++++++++++++++++++++++++++++++++-
src/polkit-dbus/polkit-simple.h | 1 +
2 files changed, 34 insertions(+), 1 deletions(-)

commit 58f0474286541970f6b535189514d706d9985cc2
Author: David Zeuthen <davidz@redhat.com>
Date: Wed Feb 27 20:05:30 2008 -0500

add convenience API to consistently report authorization failures
over D-Bus

src/polkit-dbus/polkit-simple.c | 153
+++++++++++++++++++++++++++++++++++++++
src/polkit-dbus/polkit-simple.h | 3 +
src/polkit/polkit-action.c | 94 +++++++++++++++++++++++-
src/polkit/polkit-action.h | 5 ++
4 files changed, 253 insertions(+), 2 deletions(-)

commit 2b1a2a69f6366534609a0671f3f2e92369cb3fa1
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Feb 26 17:19:31 2008 -0500

make polkit-policy-file-validate require that actions are properly
packaged

Meaning this bit was added to the spec:

The name of the XML file is significant. Each XML file can only
declare actions from the namespace of it's own name; for example
actions org.foobar.action-a, org.foobar.action-b and
org.foobar.action-c would all go into the file org.foobar.policy
while actions com.my-company.product-awesome.action-a,
com.mycompany.product-awesome.action-b would go into the file
com.mycompany.product-awesome.policy.

This is the output of the validator on a broken .policy file

$ polkit-policy-file-validate
/usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy
WARNING: The action org.gnome.clockapplet.mechanism.configurehwclock
does not
belong in a policy file named
gnome-clock-applet-mechanism.policy.
A future version of PolicyKit will ignore this action.

WARNING: The action org.gnome.clockapplet.mechanism.settime does not
belong in a policy file named
gnome-clock-applet-mechanism.policy.
A future version of PolicyKit will ignore this action.

WARNING: The action org.gnome.clockapplet.mechanism.settimezone
does not
belong in a policy file named
gnome-clock-applet-mechanism.policy.
A future version of PolicyKit will ignore this action.

ERROR:
/usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy
did not validate

We currently don't enforce this but will in a future version. The
rationale is that we can avoid loading all .policy files at startup
which would be a performance win.

doc/spec/polkit-spec-configuration.xml | 15 +++++-
tools/polkit-policy-file-validate.c | 86
+++++++++++++++++++++++++++-----
2 files changed, 88 insertions(+), 13 deletions(-)

commit b3930e8b942ba7f14a7c29a9411fc846d2d8449b
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Feb 26 16:45:49 2008 -0500

fix doc in bugs for PolKitContextAddIOWatch

pointed out by Dan Winship.

src/polkit/polkit-context.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

commit 0b59d3e7d4b282da308b362dc440b007b9ecedbf
Author: Holger Macht <hmacht@suse.de>
Date: Tue Feb 26 16:05:23 2008 -0500

avoid reliance on DT_REG so we work on reiserfs as well

(with minor fixes from davidz for avoiding memory leaks)

Recently I wondered why PolicyKit (especially polkit-auth) does
not work
on my system. While debugging, I noticed that the corresponding
code works
in my home directory, but not in the root filesystem.

readdir() and its d_type are the culprits. Quoting the readdir
manpage:

[...]
Other than Linux, the d_type field is available mainly only on BSD
systems. This field makes it possible to avoid the expense of calling
stat() if further actions depend on the type of the file.
[...]

Filesystems may fill DT_UNKNOWN into this field, which reiserfs
does, so
call stat instead, which always does the right thing.

Signed-off-by: Holger Macht <hmacht@suse.de>

src/polkit-dbus/polkit-read-auth-helper.c | 20 +++++++++++++-------
src/polkit/polkit-policy-cache.c | 25
++++++++++++++++++-------
2 files changed, 31 insertions(+), 14 deletions(-)

commit fd51264a459d4e0ac0fecfabcc42c0ecca425050
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Feb 26 15:48:39 2008 -0500

avoid use normal timeout when showing auth dialog; use INT_MAX instead

Reported by Dan P. Berrange.

src/polkit-dbus/polkit-simple.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

commit 4cfb96627a5afbe34c0bc583bdcf4caf306bf1a5
Author: David Zeuthen <davidz@redhat.com>
Date: Tue Dec 18 13:50:38 2007 -0500

actually check for bash in polkit-bash-completion.sh

Some zsh users complained about this

https://bugzilla.redhat.com/show_bug.cgi?id=418471

tools/polkit-bash-completion.sh | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

commit 0d7167147f85f1bc046f8b6024667eec8d2c3dde
Author: Carlos Corbacho <carlos@strangeworlds.co.uk>
Date: Mon Dec 17 12:14:04 2007 -0500

also add the new C file for the shadow helper

src/polkit-grant/polkit-grant-helper-shadow.c | 151
+++++++++++++++++++++++++
1 files changed, 151 insertions(+), 0 deletions(-)

commit ba2003a9492a7ef1fabcb6ae7997cfc8e5f15adf
Author: Carlos Corbacho <carlos@strangeworlds.co.uk>
Date: Sun Dec 16 22:59:30 2007 -0500

add Shadow authentication framework

Add Piter PUNK's polkit-grant-helper-shadow, and link against the
appropriate libraries.

For now, the Shadow framework must be explictily called - in future,
this could also be added as a fallback if PAM is not available.

configure.in | 9 ++++++++-
src/polkit-grant/Makefile.am | 19 +++++++++++++++++++
src/polkit-grant/polkit-grant-helper.c | 7 +++++++
3 files changed, 34 insertions(+), 1 deletions(-)

commit 59081d0a25f6f3227ccba960fa486fd7111baeef
Author: David Zeuthen <davidz@redhat.com>
Date: Sun Dec 16 22:40:10 2007 -0500

make polkit-grant-helper-pam world readable

This is to avoid breaking various backup and IDS software - proposed
by Michael Biebl <mbiebl@gmail.com>.

configure.in | 2 +-
src/polkit-grant/Makefile.am | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)

commit b5e019d783af8651db8e962c47b39942677ca6fd
Author: Carlos Corbacho <carlos@strangeworlds.co.uk>
Date: Sun Dec 16 21:21:16 2007 -0500

split out authentication framework from authorisation database

As per discussions with David Zeuthen, alter the build system so
that we
can have different authentication frameworks for the authorisation
databases.

For now, the dummy database will only accept 'none' for the
authentication
framework (this will be autoselected if not specified, and configure
will
throw an error if any other framework than 'none' is specified
is passed
in).

For the default database, the only available framework for now is
'pam'
(as with 'none' and dummy, 'pam' will be autoselected if specified
as the
framework. If 'none' is passed as a framework, configure will
reject this
and fail).

PAM specific code is now also marked with POLKIT_AUTHFW_PAM, so
that it
can be easily compiled out if other frameworks are added in future.

configure.in | 51
++++++++++++++++++++++++++++++-
data/Makefile.am | 2 +-
src/polkit-grant/Makefile.am | 18 ++++++++++-
src/polkit-grant/polkit-grant-helper.c | 6 ++++
4 files changed, 72 insertions(+), 5 deletions(-)

commit 28dc31692a1f5e53b38f1218b86c38541997c639
Author: Carlos Corbacho <carlos@strangeworlds.co.uk>
Date: Sun Dec 16 21:11:31 2007 -0500

remove unncessary PAM header inclusions

Many files are needlessly including PAM headers, when the code
in question
has no PAM dependency - remove the PAM includes from these.

src/polkit-dbus/polkit-read-auth-helper.c | 1 -
src/polkit-dbus/polkit-set-default-helper.c | 1 -
src/polkit-grant/polkit-explicit-grant-helper.c | 1 -
src/polkit-grant/polkit-revoke-helper.c | 1 -
4 files changed, 0 insertions(+), 4 deletions(-)

commit cd836a754c86e7a154f1533b3400c5a5ecd18edd
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 13:37:19 2007 -0500

make the docs show an index of new symbols in 0.8

doc/polkit-docs.xml | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

commit 2c331fe6948a5a420eaaea6ca3e6765cfaa49a37
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 13:35:36 2007 -0500

fix typo in docs

src/polkit/polkit-authorization-constraint.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

commit 1d464bda6099828cde4dc9277506767c65d7b6d3
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 13:25:17 2007 -0500

add docs and bash completion bits for new exe and selinux_context
constraints

doc/man/polkit-auth.xml | 152
++++++++++++++++++++++++--
src/polkit/polkit-authorization-constraint.c | 4 +-
tools/polkit-bash-completion.sh | 4 +-
3 files changed, 146 insertions(+), 14 deletions(-)

commit 46005c49dbcdf0655e986fdf45fd869c81498d10
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 12:00:36 2007 -0500

add additional checks when using strtoul

Pointed out by Martin Pitt <martin.pitt@ubuntu.com>.

src/polkit-dbus/polkit-read-auth-helper.c | 2 +-
src/polkit-dbus/polkit-resolve-exe-helper.c | 2 +-
src/polkit/polkit-authorization.c | 10 +++++-----
3 files changed, 7 insertions(+), 7 deletions(-)

commit 5f42b40de391b2615996e1d5d6bbd0a3518a0b9e
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 01:37:37 2007 -0500

add note about new polkit-resolve-exe-helper

configure.in | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)

commit a8e46ceb39137582b0fbacb69fdfda72ae7139f8
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 01:35:30 2007 -0500

add constraints for exe and SELinux context when granting an
authorization

The way it works is that added constraints now look like this

scope=always:action-id=org.pulseaudio.acquire-high-priority:when=1197004781:auth-as=0:constraint=local:constraint=active:constraint=exe%3A%2Fusr%2Fbin%2Fpulseaudio:constraint=selinux_context%3Asystem_u%3Asystem_r%3Aunconfined_t

or if not using SELinux like this

scope=always:action-id=org.freedesktop.hal.storage.mount-fixed:when=1197008218:auth-as=0:constraint=local:constraint=active:constraint=exe%3A%2Fusr%2Fbin%2Fgnome-mount

This is a bit icky to implement for mechanisms, like HAL, running as
an unprivileged user. The problem is that we can't resolve the symlink
/proc/pid/exe. On the other hands such mechanisms has the
authorization org.freedesktop.policykit.read already. So use that.

Note that this is what some people call snake-oil. The reason is
in the
docs for polkit_sysdeps_get_pid_for_exe(); copying it here so I
can point
people to this commit in the future

Get the name of the binary a given process was started from.

Note that this is not necessary reliable information and as such
shouldn't be relied on 100% to make a security decision. In fact,
this information is only trustworthy in situations where the given
binary is securely locked down meaning that 1) it can't be
ptrace(2)'d; 2) libc secure mode kicks in (e.g LD_PRELOAD won't
work); 3) there are no other attack vectors (e.g. GTK_MODULES, X11,
CORBA, D-Bus) to patch running code into the process.

In other words: the risk of relying on constraining an authorization
to the output of this function is high. Suppose that the program
/usr/bin/gullible obtains an authorization via authentication for
the action org.example.foo. We add a constraint to say that the
gained authorization only applies to processes for whom
/proc/pid/exe points to /usr/bin/gullible. Now enter
/usr/bin/evil. It knows that the program /usr/bin/gullible is not
"securely locked down" (per the definition in the above
paragraph). So /usr/bin/evil simply sets LD_PRELOAD and execs
/usr/bin/gullible and it can now run code in a process where
/proc/pid/exe points to /usr/bin/gullible. Thus, the recently gained
authorization for org.example.foo applies. Also, /usr/bin/evil could
use a host of other attack vectors to run it's own code under the
disguise of pretending to be /usr/bin/gullible.

Specifically for interpreted languages like Python and Mono it is
the case that /proc/pid/exe always points to /usr/bin/python
resp. /usr/bin/mono. Thus, it's not very useful to rely on that the
result for this function if you want to constrain an authorization
to e.g. /usr/bin/tomboy or /usr/bin/banshee.

However. Once we have a framework for running secure desktop apps this
will start to make sense. Such a framework includes securing X (using
e.g. XACE with SELinux) and making the UI toolkit secure as well. It's
a lot of work.

Until then these constraints at least makes it harder to for malicious
apps to abuse PolicyKit authorizations gained by other users.

doc/TODO | 4 +
src/polkit-dbus/Makefile.am | 16 +-
src/polkit-dbus/polkit-resolve-exe-helper.c | 161 ++++++++++
src/polkit-grant/polkit-authorization-db-write.c | 7 +-
src/polkit/polkit-authorization-constraint.c | 370
++++++++++++++++++++--
src/polkit/polkit-authorization-constraint.h | 20 +-
src/polkit/polkit-private.h | 2 -
src/polkit/polkit-sysdeps.c | 135 ++++++++-
src/polkit/polkit-sysdeps.h | 2 +
tools/polkit-auth.c | 8 +
10 files changed, 687 insertions(+), 38 deletions(-)

commit 0bb7eeac757f770dfe26f05d4f303033aeedf077
Author: David Zeuthen <davidz@redhat.com>
Date: Fri Dec 7 01:29:45 2007 -0500

add bogus Returns: to make gtk-doc happy

src/kit/kit.h | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

commit 5ea38976e02f7b5992e23f3c02c2f131d6fa296b
Author: David Zeuthen <davidz@redhat.com>
Date: Thu Dec 6 19:52:07 2007 -0500

use strlen to avoid writing garbage at the end of the test auth file

While this seems like a grave bug it is not. First, this only affects
the test cases and the file is guaranteed to be zero terminated before
the garbage anyway.

src/polkit/polkit-authorization-db.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

commit c11ea1f0b031947a7f1a929c4a1d2acd31d888e1
Author: David Zeuthen <davidz@redhat.com>
Date: Thu Dec 6 19:01:54 2007 -0500

post release version bump to 0.8

configure.in | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

commit 905c4b31d7e8ace11592c8ae47d8c1f8203f85bb
Author: David Zeuthen <davidz@redhat.com>
Date: Thu Dec 6 18:59:12 2007 -0500

be more precise about permissions in the blurb at the end of configure

Suggested by Michael Biebl <mbiebl@gmail.com>.

configure.in | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

commit 54ad0da18ba42dadcea9349ca4c93cb8f3fb2f50
Author: David Zeuthen <davidz@redhat.com>
Date: Thu Dec 6 00:07:57 2007 -0500
@@ -260,58 +991,58 @@ Date: Wed Nov 28 16:50:50 2007 -0500
polkitd/polkit-daemon.h | 28 +-
src/kit/kit-file.c | 30 +-
src/kit/kit-file.h | 30 +-
src/kit/kit-hash.c | 30 +-
src/kit/kit-hash.c | 34 +-
src/kit/kit-hash.h | 34 +-
src/kit/kit-list.c | 30 +-
src/kit/kit-list.h | 30 +-
src/kit/kit-memory.c | 30 +-
src/kit/kit-memory.h | 30 +-
src/kit/kit-message.c | 30 +-
src/kit/kit-message.c | 34 +-
src/kit/kit-message.h | 30 +-
src/kit/kit-spawn.c | 30 +-
src/kit/kit-spawn.h | 30 +-
src/kit/kit-string.c | 34 +-
src/kit/kit-string.c | 30 +-
src/kit/kit-string.h | 30 +-
src/kit/kit-test-main.c | 30 +-
src/kit/kit-test.c | 30 +-
src/kit/kit-test.c | 34 +-
src/kit/kit-test.h | 30 +-
src/kit/kit.h | 30 +-
src/kit/kit.h | 34 +-
src/polkit-dbus/polkit-dbus-test.c | 34 +-
src/polkit-dbus/polkit-dbus-test.h | 30 +-
src/polkit-dbus/polkit-dbus.c | 30 +-
src/polkit-dbus/polkit-dbus.c | 34 +-
src/polkit-dbus/polkit-dbus.h | 30 +-
src/polkit-dbus/polkit-read-auth-helper.c | 28 +-
src/polkit-dbus/polkit-set-default-helper.c | 28 +-
src/polkit-dbus/polkit-simple.c | 30 +-
src/polkit-dbus/polkit-simple.c | 34 +-
src/polkit-dbus/polkit-simple.h | 30 +-
.../polkit-authorization-db-dummy-write.c | 30 +-
src/polkit-grant/polkit-authorization-db-write.c | 34 +-
src/polkit-grant/polkit-authorization-db-write.c | 30 +-
src/polkit-grant/polkit-explicit-grant-helper.c | 28 +-
src/polkit-grant/polkit-grant-helper-pam.c | 28 +-
src/polkit-grant/polkit-grant-helper.c | 28 +-
src/polkit-grant/polkit-grant-helper.c | 32 +-
src/polkit-grant/polkit-grant-test.c | 34 +-
src/polkit-grant/polkit-grant-test.h | 30 +-
src/polkit-grant/polkit-grant.c | 30 +-
src/polkit-grant/polkit-grant.c | 34 +-
src/polkit-grant/polkit-grant.h | 34 +-
src/polkit-grant/polkit-revoke-helper.c | 28 +-
src/polkit/polkit-action.c | 30 +-
src/polkit/polkit-action.c | 34 +-
src/polkit/polkit-action.h | 32 +-
src/polkit/polkit-authorization-constraint.c | 34 +-
src/polkit/polkit-authorization-constraint.c | 30 +-
src/polkit/polkit-authorization-constraint.h | 30 +-
src/polkit/polkit-authorization-db-dummy.c | 30 +-
src/polkit/polkit-authorization-db.c | 30 +-
src/polkit/polkit-authorization-db.h | 30 +-
src/polkit/polkit-authorization.c | 34 +-
src/polkit/polkit-authorization.c | 30 +-
src/polkit/polkit-authorization.h | 30 +-
src/polkit/polkit-caller.c | 30 +-
src/polkit/polkit-caller.c | 34 +-
src/polkit/polkit-caller.h | 30 +-
src/polkit/polkit-config.c | 30 +-
src/polkit/polkit-config.h | 30 +-
src/polkit/polkit-context.c | 34 +-
src/polkit/polkit-context.h | 34 +-
src/polkit/polkit-debug.c | 30 +-
src/polkit/polkit-context.h | 30 +-
src/polkit/polkit-debug.c | 34 +-
src/polkit/polkit-debug.h | 30 +-
src/polkit/polkit-error.c | 30 +-
src/polkit/polkit-error.c | 34 +-
src/polkit/polkit-error.h | 30 +-
src/polkit/polkit-policy-cache.c | 30 +-
src/polkit/polkit-policy-cache.h | 30 +-
@@ -320,27 +1051,27 @@ Date: Wed Nov 28 16:50:50 2007 -0500
src/polkit/polkit-policy-file-entry.c | 30 +-
src/polkit/polkit-policy-file-entry.h | 30 +-
src/polkit/polkit-policy-file.c | 30 +-
src/polkit/polkit-policy-file.h | 30 +-
src/polkit/polkit-private.h | 30 +-
src/polkit/polkit-result.c | 30 +-
src/polkit/polkit-policy-file.h | 34 +-
src/polkit/polkit-private.h | 34 +-
src/polkit/polkit-result.c | 34 +-
src/polkit/polkit-result.h | 30 +-
src/polkit/polkit-seat.c | 30 +-
src/polkit/polkit-seat.h | 30 +-
src/polkit/polkit-session.c | 30 +-
src/polkit/polkit-session.h | 30 +-
src/polkit/polkit-sysdeps.c | 30 +-
src/polkit/polkit-sysdeps.c | 34 +-
src/polkit/polkit-sysdeps.h | 30 +-
src/polkit/polkit-test.c | 30 +-
src/polkit/polkit-test.c | 34 +-
src/polkit/polkit-test.h | 30 +-
src/polkit/polkit-types.h | 30 +-
src/polkit/polkit-utils.c | 30 +-
src/polkit/polkit-types.h | 34 +-
src/polkit/polkit-utils.c | 34 +-
src/polkit/polkit-utils.h | 30 +-
src/polkit/polkit.h | 30 +-
tools/polkit-action.c | 28 +-
tools/polkit-auth.c | 28 +-
tools/polkit-config-file-validate.c | 28 +-
tools/polkit-policy-file-validate.c | 28 +-
87 files changed, 1498 insertions(+), 1674 deletions(-)
87 files changed, 1526 insertions(+), 1702 deletions(-)

commit cef2e2079532b966b0ff88403eb1a86b337685b7
Author: David Zeuthen <davidz@redhat.com>
@@ -666,8 +1397,8 @@ Date: Sun Nov 18 19:16:23 2007 -0500
+++++++++++++++++++++++
src/polkit-dbus/polkit-simple.h | 42 ++++
src/polkit-grant/polkit-explicit-grant-helper.c | 90 +--------
src/polkit-grant/polkit-revoke-helper.c | 103 +---------
9 files changed, 328 insertions(+), 379 deletions(-)
src/polkit-grant/polkit-revoke-helper.c | 101 +---------
9 files changed, 327 insertions(+), 378 deletions(-)

commit 4d0994f45ee4cb1b31475932a17ea8ac5288a289
Author: David Zeuthen <davidz@redhat.com>


+ 4
- 1
INSTALL View File

@@ -2,7 +2,7 @@ Installation Instructions
*************************

Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006 Free Software Foundation, Inc.
2006, 2007 Free Software Foundation, Inc.

This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
@@ -67,6 +67,9 @@ The simplest way to compile this package is:
all sorts of other programs in order to regenerate files that came
with the distribution.

6. Often, you can also type `make uninstall' to remove the installed
files again.

Compilers and Options
=====================



+ 28
- 21
Makefile.in View File

@@ -1,8 +1,8 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# @configure_input@

# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -162,6 +162,7 @@ MKDIR_P = @MKDIR_P@
MKINSTALLDIRS = @MKINSTALLDIRS@
MSGFMT = @MSGFMT@
MSGFMT_OPTS = @MSGFMT_OPTS@
MSGMERGE = @MSGMERGE@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -179,6 +180,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
POFILES = @POFILES@
POLKIT_AUTHDB = @POLKIT_AUTHDB@
POLKIT_AUTHFW = @POLKIT_AUTHFW@
POLKIT_GROUP = @POLKIT_GROUP@
POLKIT_USER = @POLKIT_USER@
POSUB = @POSUB@
@@ -402,8 +404,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS

@@ -428,8 +430,8 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
@@ -439,13 +441,12 @@ ctags: CTAGS
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
@@ -516,6 +517,10 @@ dist-bzip2: distdir
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
$(am__remove_distdir)

dist-lzma: distdir
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
$(am__remove_distdir)

dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__remove_distdir)
@@ -542,6 +547,8 @@ distcheck: dist
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
@@ -694,18 +701,18 @@ uninstall-am:
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
all all-am am--refresh check check-am clean clean-generic \
clean-libtool clean-local ctags ctags-recursive dist dist-all \
dist-bzip2 dist-gzip dist-shar dist-tarZ dist-zip distcheck \
distclean distclean-generic distclean-hdr distclean-libtool \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-recursive uninstall uninstall-am
dist-bzip2 dist-gzip dist-lzma dist-shar dist-tarZ dist-zip \
distcheck distclean distclean-generic distclean-hdr \
distclean-libtool distclean-tags distcleancheck distdir \
distuninstallcheck dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
installdirs-am maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-recursive uninstall uninstall-am


# Creating ChangeLog from git log (taken from cairo/Makefile.am):


+ 69
- 0
NEWS View File

@@ -1,3 +1,72 @@
==========
PolicyKit 0.8 "The Ties That Bind"
==========

Released on April 16 2008.

This release should be ABI compatible with PolicyKit 0.6 and later.

NOTE NOTE NOTE: The permissions and modes of certain files has changed
since PolicyKit 0.7. Make sure to update your spec files
to reflect this. See the output of configure for details.

Carlos Corbacho (4):
remove unncessary PAM header inclusions
split out authentication framework from authorisation database
add Shadow authentication framework
also add the new C file for the shadow helper

David Zeuthen (33):
be more precise about permissions in the blurb at the end of configure
post release version bump to 0.8
use strlen to avoid writing garbage at the end of the test auth file
add bogus Returns: to make gtk-doc happy
add constraints for exe and SELinux context when granting an authorization
add note about new polkit-resolve-exe-helper
add additional checks when using strtoul
add docs and bash completion bits for new exe and selinux_context constraints
fix typo in docs
make the docs show an index of new symbols in 0.8
make polkit-grant-helper-pam world readable
actually check for bash in polkit-bash-completion.sh
avoid use normal timeout when showing auth dialog; use INT_MAX instead
fix doc in bugs for PolKitContextAddIOWatch
make polkit-policy-file-validate require that actions are properly packaged
add convenience API to consistently report authorization failures over D-Bus
also add polkit_dbus_error_parse_from_strings() function
fix typo in docs for polkit_dbus_error_parse_from_strings()
don't check key/values in KitHash; they are not neccesarily pointers
clarify docs for POLKIT_AUTHORIZATION_CONSTRAINT_TYPE_REQUIRE_EXE
invalidate memory cache after revoking one shot authorization
remove debug spew
remove more debug spew
print stack traces for where leaks were allocated
clear the right block when growing a string
don't leak the copied authorizations list on OOM
fix build when tests are disabled
don't include libkit api docs
fix issue where users allowed to change defaults can delete override files
print warning to stderr if a policy file is malformed and we're ignoring it
ensure object is first in the list/hash iterator callback functions
be careful about what symbols we export
update NEWS for release

Holger Macht (1):
avoid reliance on DT_REG so we work on reiserfs as well

Jim Li (1):
add support for Solaris platform

Jim Meyering (5):
handle kit_strdup_printf failure.
remove unnecessary strdup.
(do_auth): rename local: s/buf/password/
avoid unnecessary/leaky use of strdup.
handle kit_strdup failure.

Kees Cook (1):
fix for CVE-2008-1658: format string vulnerability in password input

==========
PolicyKit 0.7 "Common sense ain't common"
==========


+ 47
- 30
aclocal.m4 View File

@@ -1,7 +1,7 @@
# generated automatically by aclocal 1.10 -*- Autoconf -*-
# generated automatically by aclocal 1.10.1 -*- Autoconf -*-

# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006 Free Software Foundation, Inc.
# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -11,10 +11,13 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.

m4_if(m4_PACKAGE_VERSION, [2.61],,
[m4_fatal([this file was generated for autoconf 2.61.
You have another version of autoconf. If you want to use that,
you should regenerate the build system entirely.], [63])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(AC_AUTOCONF_VERSION, [2.61],,
[m4_warning([this file was generated for autoconf 2.61.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically `autoreconf'.])])

# Copyright (C) 1995-2002 Free Software Foundation, Inc.
# Copyright (C) 2001-2003,2004 Red Hat, Inc.
@@ -119,8 +122,7 @@ AC_SUBST($1)dnl
#-----------------
glib_DEFUN([GLIB_WITH_NLS],
dnl NLS is obligatory
[AC_REQUIRE([AC_CANONICAL_HOST])dnl
USE_NLS=yes
[USE_NLS=yes
AC_SUBST(USE_NLS)

gt_cv_have_gettext=no
@@ -516,6 +518,20 @@ AC_SUBST(INTLTOOL_THEME_RULE)
AC_SUBST(INTLTOOL_SERVICE_RULE)
AC_SUBST(INTLTOOL_POLICY_RULE)

# Check the gettext tools to make sure they are GNU
AC_PATH_PROG(XGETTEXT, xgettext)
AC_PATH_PROG(MSGMERGE, msgmerge)
AC_PATH_PROG(MSGFMT, msgfmt)
if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then
AC_MSG_ERROR([GNU gettext tools not found; required for intltool])
fi
xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`"
mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`"
mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`"
if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then
AC_MSG_ERROR([GNU gettext tools not found; required for intltool])
fi

# Use the tools built into the package, not the ones that are installed.
AC_SUBST(INTLTOOL_EXTRACT, '$(top_builddir)/intltool-extract')
AC_SUBST(INTLTOOL_MERGE, '$(top_builddir)/intltool-merge')
@@ -7284,16 +7300,14 @@ fi])
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
# ---------------------------------------------
m4_define([_PKG_CONFIG],
[if test -n "$PKG_CONFIG"; then
if test -n "$$1"; then
pkg_cv_[]$1="$$1"
else
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
[pkg_failed=yes])
fi
else
pkg_failed=untried
[if test -n "$$1"; then
pkg_cv_[]$1="$$1"
elif test -n "$PKG_CONFIG"; then
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
[pkg_failed=yes])
else
pkg_failed=untried
fi[]dnl
])# _PKG_CONFIG

@@ -7337,9 +7351,9 @@ See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"`
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1`
else
$1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
@@ -7374,7 +7388,7 @@ else
fi[]dnl
])# PKG_CHECK_MODULES

# Copyright (C) 2002, 2003, 2005, 2006 Free Software Foundation, Inc.
# Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -7389,7 +7403,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.10'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.10], [],
m4_if([$1], [1.10.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])

@@ -7405,8 +7419,10 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.10])dnl
_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)])
[AM_AUTOMAKE_VERSION([1.10.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(AC_AUTOCONF_VERSION)])

# AM_AUX_DIR_EXPAND -*- Autoconf -*-

@@ -7701,7 +7717,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# each Makefile.in and add a new line on top of each file to say so.
# Grep'ing the whole file is not good either: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
if sed 10q "$mf" | grep '^#.*generated by automake' > /dev/null 2>&1; then
if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
dirpart=`AS_DIRNAME("$mf")`
else
continue
@@ -7761,13 +7777,13 @@ AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
# Do all the work for Automake. -*- Autoconf -*-

# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006 Free Software Foundation, Inc.
# 2005, 2006, 2008 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.

# serial 12
# serial 13

# This macro actually does too much. Some checks are only needed if
# your package does certain things. But this isn't really a big deal.
@@ -7872,16 +7888,17 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJC],
# our stamp files there.
AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
[# Compute $1's index in $config_headers.
_am_arg=$1
_am_stamp_count=1
for _am_header in $config_headers :; do
case $_am_header in
$1 | $1:* )
$_am_arg | $_am_arg:* )
break ;;
* )
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
esac
done
echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])

# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
#
@@ -8216,7 +8233,7 @@ AC_SUBST([INSTALL_STRIP_PROGRAM])])

# _AM_SUBST_NOTMAKE(VARIABLE)
# ---------------------------
# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in.
# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
# This macro is traced by Automake.
AC_DEFUN([_AM_SUBST_NOTMAKE])



+ 15
- 0
config.h.in View File

@@ -54,6 +54,9 @@
/* SELinux support */
#undef HAVE_SELINUX

/* Is this a Solaris system? */
#undef HAVE_SOLARIS

/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H

@@ -126,6 +129,18 @@
/* If using the dummy authorization database */
#undef POLKIT_AUTHDB_DUMMY

/* Authentication Framework to use */
#undef POLKIT_AUTHFW

/* If using no authentication framework */
#undef POLKIT_AUTHFW_NONE

/* If using the PAM authentication framework */
#undef POLKIT_AUTHFW_PAM

/* If using the Shadow authentication framework */
#undef POLKIT_AUTHFW_SHADOW

/* Build test code */
#undef POLKIT_BUILD_TESTS



+ 431
- 118
configure
File diff suppressed because it is too large
View File


+ 99
- 10
configure.in View File

@@ -1,8 +1,8 @@
dnl Process this file with autoconf to produce a configure script.

AC_PREREQ(2.59c)
AC_INIT(PolicyKit, 0.7, david@fubar.dk)
AM_INIT_AUTOMAKE(PolicyKit, 0.7)
AC_INIT(PolicyKit, 0.8, david@fubar.dk)
AM_INIT_AUTOMAKE(PolicyKit, 0.8)
AM_CONFIG_HEADER(config.h)
AM_MAINTAINER_MODE

@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
*) CFLAGS="$CFLAGS -Wsign-compare" ;;
esac

case " $CFLAGS " in
*[\ \ ]-Wformat[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wformat" ;;
esac

case " $CFLAGS " in
*[\ \ ]-Wformat-security[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wformat-security" ;;
esac

if test "x$enable_ansi" = "xyes"; then
case " $CFLAGS " in
*[\ \ ]-ansi[\ \ ]*) ;;
@@ -269,12 +279,10 @@ AC_DEFINE_UNQUOTED(POLKIT_AUTHDB,"$POLKIT_AUTHDB", [Authorization Database to us

case $POLKIT_AUTHDB in
dummy)
need_pam=no
AC_DEFINE(POLKIT_AUTHDB_DUMMY, 1, [If using the dummy authorization database])
;;

default)
need_pam=yes
AC_DEFINE(POLKIT_AUTHDB_DEFAULT, 1, [If using the default authorization database])
;;

@@ -286,6 +294,61 @@ esac
AM_CONDITIONAL(POLKIT_AUTHDB_DUMMY, [test x$POLKIT_AUTHDB = xdummy], [Using dummy authdb])
AM_CONDITIONAL(POLKIT_AUTHDB_DEFAULT, [test x$POLKIT_AUTHDB = xdefault], [Using default authdb])

dnl ---------------------------------------------------------------------------
dnl - Select which authentication framework to use
dnl ---------------------------------------------------------------------------

AC_ARG_WITH([authfw],
AS_HELP_STRING([--with-authfw=<name>],
[Authentication framework (none/pam/shadow)]))
if ! test -z "$with_authfw" ; then
if test x$with_authdb = xdummy ; then
if ! test x$with_authfw = xnone ; then
AC_MSG_ERROR([Only 'none' is a valid authentication framework for the dummy authorization database])
fi
else
if test x$with_authfw = xnone ; then
AC_MSG_ERROR(['none' is only a valid authentication framework for the dummy authorization database])
fi
fi
POLKIT_AUTHFW=$with_authfw
else
if test x$with_authdb = xdummy ; then
POLKIT_AUTHFW=none
else
POLKIT_AUTHFW=pam
fi
fi

AC_SUBST(POLKIT_AUTHFW)
AC_DEFINE_UNQUOTED(POLKIT_AUTHFW,"$POLKIT_AUTHFW", [Authentication Framework to use])

case $POLKIT_AUTHFW in
none)
need_pam=no
AC_DEFINE(POLKIT_AUTHFW_NONE, 1, [If using no authentication framework])
;;

pam)
need_pam=yes
AC_DEFINE(POLKIT_AUTHFW_PAM, 1, [If using the PAM authentication framework])
;;

shadow)
need_pam=no
AUTH_LIBS="${AUTH_LIBS} -lcrypt"
AC_DEFINE(POLKIT_AUTHFW_SHADOW, 1, [If using the Shadow authentication framework])
;;

*)
AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW])
;;
esac

AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_SHADOW, [test x$POLKIT_AUTHFW = xshadow], [Using Shadow authfw])


dnl ---------------------------------------------------------------------------
dnl - Check for PAM
@@ -370,7 +433,7 @@ fi

AC_SUBST(PAM_MODULE_DIR)

AC_ARG_WITH(os-type, [ --with-os-type=<os> distribution or OS (redhat/suse/gentoo/pardus)])
AC_ARG_WITH(os-type, [ --with-os-type=<os> distribution or OS (redhat/suse/gentoo/pardus/solaris)])

#### Check our operating system (distro-tweaks required)
if test "z$with_os_type" = "z"; then
@@ -395,6 +458,8 @@ if test x$with_os_type = x; then
with_os_type=gentoo
elif test x$operating_system = xpardus ; then
with_os_type=pardus
elif test x$operating_system = xsolaris ; then
with_os_type=solaris
else
with_os_type=unknown
fi
@@ -406,6 +471,7 @@ AM_CONDITIONAL(OS_TYPE_RED_HAT, test x$with_os_type = xredhat, [Running on Red H
AM_CONDITIONAL(OS_TYPE_SUSE, test x$with_os_type = xsuse, [Running on SUSE OS'es])
AM_CONDITIONAL(OS_TYPE_GENTOO, test x$with_os_type = xgentoo, [Running on Gentoo OS'es])
AM_CONDITIONAL(OS_TYPE_PARDUS, test x$with_os_type = xpardus, [Running on Pardus OS'es])
AM_CONDITIONAL(OS_TYPE_SALARIS, test x$with_os_type = xsolaris, [Running os Solaris OS'es])

AC_ARG_WITH(pam-include, [ --with-pam-include=<file> pam file to include])

@@ -420,7 +486,7 @@ elif test x$with_os_type = xredhat -o x$with_os_type = xgentoo -o x$with_os_type
PAM_FILE_INCLUDE_ACCOUNT=system-auth
PAM_FILE_INCLUDE_PASSWORD=system-auth
PAM_FILE_INCLUDE_SESSION=system-auth
elif test x$with_os_type = xsuse ; then
elif test x$with_os_type = xsuse -o x$with_os_type = xsolaris ; then
PAM_FILE_INCLUDE_AUTH=common-auth
PAM_FILE_INCLUDE_ACCOUNT=common-account
PAM_FILE_INCLUDE_PASSWORD=common-password
@@ -441,6 +507,17 @@ AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_ACCOUNT, "$PAM_FILE_INCLUDE_ACCOUNT", [pam f
AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_PASSWORD, "$PAM_FILE_INCLUDE_PASSWORD", [pam file password])
AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_SESSION, "$PAM_FILE_INCLUDE_SESSION", [pam file session])

dnl ---------------------------------------------------------------------------
dnl - check OS
dnl ---------------------------------------------------------------------------
case "$host_os" in
*linux*)
;;
*solaris*)
AC_DEFINE([HAVE_SOLARIS], 1, [Is this a Solaris system?])
;;
esac

# ********************
# Internationalisation
# ********************
@@ -498,6 +575,7 @@ echo "
group for PolicyKit: ${POLKIT_GROUP}

authorization database: ${POLKIT_AUTHDB}
authentication framework: ${POLKIT_AUTHFW}

Distribution/OS: ${with_os_type}
SELinux support: ${have_selinux}
@@ -539,7 +617,13 @@ if test "${POLKIT_AUTHDB}" = default ; then
echo " owned by group ${POLKIT_GROUP} and will be mode 770."
echo
echo "NOTE: The directory ${localstatedir}/run/PolicyKit-public will be"
echo " owned by group ${POLKIT_GROUP} and will be mode 775."
echo " owned by user ${POLKIT_USER} and will be mode 755."
echo
echo "NOTE: The file ${localstatedir}/lib/misc/PolicyKit.reload will be"
echo " owned by user ${POLKIT_USER} and group ${POLKIT_GROUP} and will be mode 775."
echo
echo "NOTE: ${libexecdir}/polkit-set-default-helper will be owned by"
echo " user ${POLKIT_USER} and installed with mode 4755 (setuid binary)."
echo
echo "NOTE: ${libexecdir}/polkit-read-auth-helper will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
@@ -553,8 +637,13 @@ if test "${POLKIT_AUTHDB}" = default ; then
echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
echo
echo "NOTE: ${libexecdir}/polkit-grant-helper-pam will be setuid root."
echo
echo "NOTE: For packaging, remember to retain the modes and ownership."
echo "NOTE: ${libexecdir}/polkit-grant-helper-pam will be owned by group"
echo " ${POLKIT_GROUP} and installed with mode 4754 (setuid root binary)."
echo
fi

echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper will be installed with"
echo " mode 4755 (setuid root binary)."
echo
echo "NOTE: For packaging, remember to retain the modes and ownership."
echo

+ 1
- 1
data/Makefile.am View File

@@ -2,7 +2,7 @@

# See polkit-grant/Makefile.am for discussion
#
if POLKIT_AUTHDB_DEFAULT
if POLKIT_AUTHFW_PAM
pamdir = $(sysconfdir)/pam.d
pam_DATA = polkit
endif


+ 6
- 4
data/Makefile.in View File

@@ -1,8 +1,8 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# @configure_input@

# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -153,6 +153,7 @@ MKDIR_P = @MKDIR_P@
MKINSTALLDIRS = @MKINSTALLDIRS@
MSGFMT = @MSGFMT@
MSGFMT_OPTS = @MSGFMT_OPTS@
MSGMERGE = @MSGMERGE@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -170,6 +171,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
POFILES = @POFILES@
POLKIT_AUTHDB = @POLKIT_AUTHDB@
POLKIT_AUTHFW = @POLKIT_AUTHFW@
POLKIT_GROUP = @POLKIT_GROUP@
POLKIT_USER = @POLKIT_USER@
POSUB = @POSUB@
@@ -240,8 +242,8 @@ top_srcdir = @top_srcdir@

# See polkit-grant/Makefile.am for discussion
#
@POLKIT_AUTHDB_DEFAULT_TRUE@pamdir = $(sysconfdir)/pam.d
@POLKIT_AUTHDB_DEFAULT_TRUE@pam_DATA = polkit
@POLKIT_AUTHFW_PAM_TRUE@pamdir = $(sysconfdir)/pam.d
@POLKIT_AUTHFW_PAM_TRUE@pam_DATA = polkit
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = polkit.pc polkit-dbus.pc polkit-grant.pc
confdir = $(sysconfdir)/PolicyKit


+ 19
- 14
depcomp View File

@@ -1,9 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects

scriptversion=2006-10-15.18
scriptversion=2007-03-29.01

# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006 Free Software
# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software
# Foundation, Inc.

# This program is free software; you can redistribute it and/or modify
@@ -215,34 +215,39 @@ aix)
# current directory. Also, the AIX compiler puts `$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
tmpdepfile="$stripped.u"
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.u
tmpdepfile2=$base.u
tmpdepfile3=$dir.libs/$base.u
"$@" -Wc,-M
else
tmpdepfile1=$dir$base.u
tmpdepfile2=$dir$base.u
tmpdepfile3=$dir$base.u
"$@" -M
fi
stat=$?

if test -f "$tmpdepfile"; then :
else
stripped=`echo "$stripped" | sed 's,^.*/,,'`
tmpdepfile="$stripped.u"
fi

if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi

for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
outname="$stripped.o"
# Each line is of the form `foo.o: dependent.h'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
# That's a tab and a space in the [].
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile


+ 10
- 9
doc/Makefile.in View File

@@ -1,8 +1,8 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# Makefile.in generated by automake 1.10.1 from Makefile.am.
# @configure_input@

# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -153,6 +153,7 @@ MKDIR_P = @MKDIR_P@
MKINSTALLDIRS = @MKINSTALLDIRS@
MSGFMT = @MSGFMT@
MSGFMT_OPTS = @MSGFMT_OPTS@
MSGMERGE = @MSGMERGE@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -170,6 +171,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
POFILES = @POFILES@
POLKIT_AUTHDB = @POLKIT_AUTHDB@
POLKIT_AUTHFW = @POLKIT_AUTHFW@
POLKIT_GROUP = @POLKIT_GROUP@
POLKIT_USER = @POLKIT_USER@
POSUB = @POSUB@
@@ -466,8 +468,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS

@@ -492,8 +494,8 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
@@ -503,13 +505,12 @@ ctags: CTAGS
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique


+ 4
- 0
doc/TODO View File

@@ -54,3 +54,7 @@

- Include the patch from Piter PUNK to optionally avoid the PAM
dependency (manually checks against /etc/shadow instead)

- To avoid work we should maintain a cache in the get_exe_for_pid()
functions. The key into the cache should be (pid, pid_start_time)
and the values should be the exe-paths

+ 6
- 6
doc/html/PolicyKit.8.html View File

@@ -14,12 +14,12 @@
<link rel="chapter" href="introduction.html" title="Introduction">
<link rel="chapter" href="model.html" title="PolicyKit Model">
<link rel="chapter" href="polkit-conf.html" title="PolicyKit configuration">
<link rel="reference" href="ref-internal.html" title="Internal API Reference">
<link rel="reference" href="ref-core.html" title="Core API Reference">
<link rel="reference" href="tools-fileformats.html" title="Tools and file formats">
<link rel="index" href="ix01.html" title="Index of deprecated symbols">
<link rel="index" href="ix02.html" title="Index of new symbols in 0.7">
<link rel="index" href="ix03.html" title="Index">
<link rel="index" href="ix03.html" title="Index of new symbols in 0.8">
<link rel="index" href="ix04.html" title="Index">
<link rel="appendix" href="license.html" title="Appendix&#160;A.&#160;License">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -40,7 +40,7 @@
<td valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1" lang="en">
<a name="id2759897"></a><h2>DESCRIPTION</h2>
<a name="id2743789"></a><h2>DESCRIPTION</h2>
<p>
For more information about the big picture refer to the
PolicyKit specification which can be normally be found
@@ -53,14 +53,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2759885"></a><h2>AUTHOR</h2>
<a name="id2743771"></a><h2>AUTHOR</h2>
<p>
Written by David Zeuthen <code class="email">&lt;<a class="email" href="mailto:david@fubar.dk">david@fubar.dk</a>&gt;</code> with
a lot of help from many others.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2759866"></a><h2>BUGS</h2>
<a name="id2743726"></a><h2>BUGS</h2>
<p>
Please send bug reports to either the distribution or the
hal mailing list,
@@ -69,7 +69,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2759843"></a><h2>SEE ALSO</h2>
<a name="id2743737"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">PolicyKit.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">polkit-action</span>(1)</span>,


+ 15
- 15
doc/html/PolicyKit.conf.5.html View File

@@ -14,12 +14,12 @@
<link rel="chapter" href="introduction.html" title="Introduction">
<link rel="chapter" href="model.html" title="PolicyKit Model">
<link rel="chapter" href="polkit-conf.html" title="PolicyKit configuration">
<link rel="reference" href="ref-internal.html" title="Internal API Reference">
<link rel="reference" href="ref-core.html" title="Core API Reference">
<link rel="reference" href="tools-fileformats.html" title="Tools and file formats">
<link rel="index" href="ix01.html" title="Index of deprecated symbols">
<link rel="index" href="ix02.html" title="Index of new symbols in 0.7">
<link rel="index" href="ix03.html" title="Index">
<link rel="index" href="ix03.html" title="Index of new symbols in 0.8">
<link rel="index" href="ix04.html" title="Index">
<link rel="appendix" href="license.html" title="Appendix&#160;A.&#160;License">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -40,7 +40,7 @@
<td valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1" lang="en">
<a name="id2704160"></a><h2>DESCRIPTION</h2>
<a name="id2684495"></a><h2>DESCRIPTION</h2>
<p>
The <code class="filename">/etc/PolicyKit/PolicyKit.conf</code>
configuration file provides a way for system administrators to
@@ -62,7 +62,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675643"></a><h2>FILE FORMAT</h2>
<a name="id2693840"></a><h2>FILE FORMAT</h2>
<p>
The configuration file is an XML document. It must have the
following doctype declaration:
@@ -78,7 +78,7 @@
The following elements may be present in the configuration file:
</p>
<div class="refsect2" lang="en">
<a name="id2711600"></a><h3>config</h3>
<a name="id2669124"></a><h3>config</h3>
<p>
This is the root element. A single
attribute <span class="emphasis"><em>version</em></span> must be present and
@@ -88,7 +88,7 @@
</div>
<hr>
<div class="refsect2" lang="en">
<a name="id2683819"></a><h3>match</h3>
<a name="id2667836"></a><h3>match</h3>
<p>
This element is for matching information related to the
decision making process and includes values describing both
@@ -127,7 +127,7 @@
</div>
<hr>
<div class="refsect2" lang="en">
<a name="id2712573"></a><h3>return</h3>
<a name="id2677298"></a><h3>return</h3>
<p>
This element is for used to specify what result the PolicyKit
library will return. It can only be embedded in
@@ -206,7 +206,7 @@
</div>
<hr>
<div class="refsect2" lang="en">
<a name="id2733401"></a><h3>define_admin_auth</h3>
<a name="id2704472"></a><h3>define_admin_auth</h3>
<p>
This element is used to specify the meaning of
<span class="emphasis"><em>"authenticate as administrator"</em></span>. It
@@ -258,7 +258,7 @@
</div>
</div>
<div class="refsect1" lang="en">
<a name="id2714954"></a><h2>EXAMPLES</h2>
<a name="id2664888"></a><h2>EXAMPLES</h2>
<p>
For brevity, the standard XML and DOCTYPE headers as well as
the top-level <span class="emphasis"><em>config</em></span> are omitted in the
@@ -268,7 +268,7 @@
to learn about the actions available on your system.
</p>
<div class="refsect2" lang="en">
<a name="id2694422"></a><h3>ALLOW EVERYTHING</h3>
<a name="id2690554"></a><h3>ALLOW EVERYTHING</h3>
<p>
The users "davidz" and "bateman" are allowed to do any
action:
@@ -283,7 +283,7 @@
</div>
<hr>
<div class="refsect2" lang="en">
<a name="id2699998"></a><h3>MOUNTING FIXED DRIVES</h3>
<a name="id2701205"></a><h3>MOUNTING FIXED DRIVES</h3>
<p>
Suppose the
action <span class="emphasis"><em>org.freedesktop.hal.storage.mount-fixed</em></span>
@@ -313,7 +313,7 @@
</div>
<hr>
<div class="refsect2" lang="en">
<a name="id2717886"></a><h3>AVOIDING THE ROOT PASSWORD</h3>
<a name="id2687045"></a><h3>AVOIDING THE ROOT PASSWORD</h3>
<p>
Suppose the group <span class="emphasis"><em>wheel</em></span> contains the
users on a system who are allowed to carry out administrative
@@ -333,14 +333,14 @@
</div>
</div>
<div class="refsect1" lang="en">
<a name="id2759569"></a><h2>AUTHOR</h2>
<a name="id2666827"></a><h2>AUTHOR</h2>
<p>
Written by David Zeuthen <code class="email">&lt;<a class="email" href="mailto:david@fubar.dk">david@fubar.dk</a>&gt;</code> with
a lot of help from many others.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2708726"></a><h2>BUGS</h2>
<a name="id2664547"></a><h2>BUGS</h2>
<p>
Please send bug reports to either the distribution or the
hal mailing list,
@@ -349,7 +349,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2689959"></a><h2>SEE ALSO</h2>
<a name="id2681381"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">PolicyKit</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">polkit-config-file-validate</span>(1)</span>,


+ 4
- 4
doc/html/beyond-defaults.html View File

@@ -7,19 +7,19 @@
<link rel="start" href="index.html" title="PolicyKit Library Reference Manual">
<link rel="up" href="polkit-conf.html" title="PolicyKit configuration">
<link rel="prev" href="polkit-conf.html" title="PolicyKit configuration">
<link rel="next" href="ref-internal.html" title="Internal API Reference">
<link rel="next" href="ref-core.html" title="Core API Reference">
<meta name="generator" content="GTK-Doc V1.9 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
<link rel="reference" href="ref-design.html" title="Design Overview">
<link rel="chapter" href="introduction.html" title="Introduction">
<link rel="chapter" href="model.html" title="PolicyKit Model">
<link rel="chapter" href="polkit-conf.html" title="PolicyKit configuration">
<link rel="reference" href="ref-internal.html" title="Internal API Reference">
<link rel="reference" href="ref-core.html" title="Core API Reference">
<link rel="reference" href="tools-fileformats.html" title="Tools and file formats">
<link rel="index" href="ix01.html" title="Index of deprecated symbols">
<link rel="index" href="ix02.html" title="Index of new symbols in 0.7">
<link rel="index" href="ix03.html" title="Index">
<link rel="index" href="ix03.html" title="Index of new symbols in 0.8">
<link rel="index" href="ix04.html" title="Index">
<link rel="appendix" href="license.html" title="Appendix&#160;A.&#160;License">
</head>