Commit 1376bdae authored by David Zeuthen's avatar David Zeuthen
Browse files

Rip out stuff no longer needed for PolicyKit 1.0

parent 534ea1aa
PolicyKit-gnome provides
- An Authentication Agent for PolicyKit that integrates well with the
GNOME desktop environment
- A shared library to easily integrate usage of PolicyKit into GTK+
applications
- A proof-of-concept applet (that is subject to change) for managing
authorizations
PolicyKit-gnome provides an Authentication Agent for PolicyKit that
integrates well with the GNOME desktop environment
See http://www.freedesktop.org/wiki/Software/PolicyKit for lots of
documentation, mailing lists, etc. about PolicyKit.
......
......@@ -108,22 +108,15 @@ fi
# *****
GNOME_COMMON_INIT
GNOME_DOC_INIT
GNOME_DEBUG_CHECK
GNOME_COMPILE_WARNINGS([maximum])
GNOME_MAINTAINER_MODE_DEFINES
AC_ARG_ENABLE(gtk-doc, AC_HELP_STRING([--enable-gtk-doc],
[use gtk-doc to build documentation [default=yes]]),,
enable_gtk_doc=yes)
GTK_DOC_CHECK([1.3])
# ***************************
# Check for required packages
# ***************************
GTK_REQUIRED=2.13.6
GCONF_REQUIRED=2.8
POLKIT_AGENT_REQUIRED=0.90
POLKIT_GOBJECT_REQUIRED=0.90
......@@ -131,10 +124,6 @@ PKG_CHECK_MODULES(GTK, gtk+-2.0 >= $GTK_REQUIRED)
AC_SUBST(GTK_CFLAGS)
AC_SUBST(GTK_LIBS)
PKG_CHECK_MODULES(GCONF, gconf-2.0 >= $GCONF_REQUIRED)
AC_SUBST(GCONF_CFLAGS)
AC_SUBST(GCONF_LIBS)
PKG_CHECK_MODULES(POLKIT_AGENT, polkit-agent-1 >= $POLKIT_AGENT_REQUIRED)
AC_SUBST(POLKIT_AGENT_CFLAGS)
AC_SUBST(POLKIT_AGENT_LIBS)
......@@ -149,26 +138,6 @@ AC_ARG_ENABLE([examples],
AM_CONDITIONAL(BUILD_EXAMPLES, test "x$enable_examples" = "xyes")
#if test "x$enable_examples" = "xyes"; then
# AC_CHECK_PROG([POLKIT_POLICY_FILE_VALIDATE],
# [polkit-policy-file-validate], [polkit-policy-file-validate])
# if test -z "$POLKIT_POLICY_FILE_VALIDATE"; then
# AC_MSG_ERROR([polkit-policy-file-validate not found])
# fi
#fi
dnl ==============================================
dnl Special GConf section
dnl ==============================================
AC_PATH_PROG(GCONFTOOL, gconftool-2, no)
if test x"$GCONFTOOL" = xno; then
AC_MSG_ERROR([gconftool-2 executable not found in your path - should be installed with GConf])
fi
AM_GCONF_SOURCE_2
# ********************
# Internationalisation
# ********************
......@@ -188,14 +157,6 @@ AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_CXXFLAGS])
AC_SUBST([AM_LDFLAGS])
#data/Makefile
#data/polkit-gnome.pc
#examples/Makefile
#polkit-gnome/Makefile
#tools/Makefile
#doc/Makefile
#doc/version.xml
AC_CONFIG_FILES([
Makefile
src/Makefile
......@@ -222,5 +183,4 @@ echo "
cppflags: ${CPPFLAGS}
Maintainer mode: ${USE_MAINTAINER_MODE}
Building api docs: ${enable_gtk_doc}
"
schema_in_files = polkit-gnome.schemas.in
schemadir = $(GCONF_SCHEMA_FILE_DIR)
schema_DATA = $(schema_in_files:.schemas.in=.schemas)
@INTLTOOL_SCHEMAS_RULE@
# don't do this if we are building in eg. rpm
if GCONF_SCHEMAS_INSTALL
install-data-local:
if test -z "$(DESTDIR)" ; then \
for p in $(schema_DATA) ; do \
GCONF_CONFIG_SOURCE=$(GCONF_SCHEMA_CONFIG_SOURCE) $(GCONFTOOL) --makefile-install-rule $$p; \
done \
fi
endif
@INTLTOOL_DESKTOP_RULE@
desktopdir = $(datadir)/applications
desktop_in_files = polkit-gnome-authorization.desktop.in
desktop_DATA = $(desktop_in_files:.desktop.in=.desktop)
servicedir = $(datadir)/dbus-1/services
service_in_files = org.gnome.PolicyKit.service.in \
org.gnome.PolicyKit.AuthorizationManager.service.in \
gnome-org.freedesktop.PolicyKit.AuthenticationAgent.service.in
service_DATA = $(service_in_files:.service.in=.service)
org.gnome.PolicyKit.service : org.gnome.PolicyKit.service.in Makefile
@sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
gnome-org.freedesktop.PolicyKit.AuthenticationAgent.service : gnome-org.freedesktop.PolicyKit.AuthenticationAgent.service.in Makefile
@sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
org.gnome.PolicyKit.AuthorizationManager.service : org.gnome.PolicyKit.AuthorizationManager.service.in Makefile
@sed -e "s|\@bindir\@|$(bindir)|" $< > $@
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = polkit-gnome.pc
DISTCLEANFILES = $(service_DATA) $(desktop_DATA) $(pkgconfig_DATA)
EXTRA_DIST = \
$(service_in_files) \
$(desktop_in_files) \
$(schema_in_files) \
polkit-gnome.pc.in
clean-local :
rm -f *~ $(service_DATA) $(pkgconfig_DATA) $(schema_DATA)
[D-BUS Service]
Name=org.freedesktop.PolicyKit.AuthenticationAgent
Exec=@libexecdir@/polkit-gnome-manager
[D-BUS Service]
Name=org.gnome.PolicyKit.AuthorizationManager
Exec=@bindir@/polkit-gnome-authorization
[D-BUS Service]
Name=org.gnome.PolicyKit
Exec=@libexecdir@/polkit-gnome-manager
[Desktop Entry]
Encoding=UTF-8
_Name=Authorizations
_Comment=Configure authorizations
Icon=gtk-dialog-authentication
Exec=polkit-gnome-authorization
Terminal=false
Type=Application
Categories=Settings;X-GNOME-SystemSettings;
OnlyShowIn=GNOME;
StartupNotify=true
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: polkit-gnome
Description: PolicyKit add-on library for GNOME
Version: @VERSION@
Requires: polkit polkit-dbus polkit-grant gtk+-2.0
Libs: -L${libdir} -lpolkit-gnome
Cflags: -I${includedir}/PolicyKit
<gconfschemafile>
<schemalist>
<schema>
<key>/schemas/desktop/gnome/policykit/auth_dialog_grab_keyboard</key>
<applyto>/desktop/gnome/policykit/auth_dialog_grab_keyboard</applyto>
<owner>policykit-gnome</owner>
<type>bool</type>
<default>true</default>
<locale name="C">
<short>Whether the authentication dialog should grab the keyboard</short>
<long>
If set to true, the authentication dialog from PolicyKit-gnome will grab the keyboard,
so that you will not be able to type in other programs while the dialog is active.
Use this if your window manager does not focus the authentication dialog automatically,
and you want to avoid accidentally typing passwords in other programs.
</long>
</locale>
</schema>
<schema>
<key>/schemas/desktop/gnome/policykit/auth_dialog_retain_authorization</key>
<applyto>/desktop/gnome/policykit/auth_dialog_retain_authorization</applyto>
<owner>policykit-gnome</owner>
<type>bool</type>
<default>true</default>
<locale name="C">
<short>Whether the retain authorization check box is checked by default</short>
<long>
If set to true, then "retain authorization" check box (if present) is
checked by default in the authentication dialog unless the action
is mentioned in the
"/desktop/gnome/policykit/auth_dialog_retain_authorization_blacklist"
key.
</long>
</locale>
</schema>
<schema>
<key>/schemas/desktop/gnome/policykit/auth_dialog_retain_authorization_blacklist</key>
<applyto>/desktop/gnome/policykit/auth_dialog_retain_authorization_blacklist</applyto>
<owner>policykit-gnome</owner>
<type>list</type>
<list_type>string</list_type>
<default>[]</default>
<locale name="C">
<short>A list of actions where the "retain authorization" checkbox isn't checked by default</short>
<long>
A list of PolicyKit action where the "retain authorization"
checkbox isn't checked by default; this list is maintained
by the authentication dialog code itself. For example, if a
user unchecks the "retain authorization" check box for an
action and successfully obtains an authorization for the
action, the action will be added to this list.
</long>
</locale>
</schema>
</schemalist>
</gconfschemafile>
## Process this file with automake to create Makefile.in.
NULL =
AUTOMAKE_OPTIONS = 1.7
# The name of the module.
DOC_MODULE=polkit-gnome
# The top-level SGML file.
DOC_MAIN_SGML_FILE=polkit-gnome-docs.xml
# Extra options to supply to gtkdoc-scan
SCAN_OPTIONS=--ignore-headers=config.h
# The directory containing the source code. Relative to $(srcdir)
DOC_SOURCE_DIR=../polkit-gnome
# Used for dependencies
HFILE_GLOB=$(top_srcdir)/polkit-gnome/*.h
CFILE_GLOB=$(top_srcdir)/polkit-gnome/*.c
# Headers to ignore
IGNORE_HFILES= \
$(NULL)
# CFLAGS and LDFLAGS for compiling scan program. Only needed
# if $(DOC_MODULE).types is non-empty.
INCLUDES = \
$(GTK_CFLAGS) \
$(DBUS_GLIB_CFLAGS) \
$(POLKIT_DBUS_CFLAGS) \
$(POLKIT_GRANT_CFLAGS) \
-I$(top_srcdir) \
-I$(top_builddir) \
$(NULL)
GTKDOC_LIBS = \
$(GTK_LIBS) \
$(DBUS_GLIB_LIBS) \
$(POLKIT_DBUS_LIBS) \
$(POLKIT_GRANT_LIBS) \
$(top_builddir)/polkit-gnome/libpolkit-gnome.la \
$(NULL)
# Extra options to supply to gtkdoc-mkdb
MKDB_OPTIONS=--sgml-mode --output-format=xml
# Extra options to supply to gtkdoc-mktmpl
MKTMPL_OPTIONS=
# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
content_files = \
version.xml \
$(NULL)
# Images to copy into HTML directory
HTML_IMAGES = \
polkit-gnome-example-screenshot.png \
polkit-gnome-example-screenshot-authorized.png \
polkit-gnome-example-auth-dialog-twiddle.png \
auth-details.png \
auth-retain-always.png \
auth-retain-session.png \
auth-root.png \
auth-self.png \
auth-wheel-group-1.png \
auth-wheel-group-2.png
# Extra options to supply to gtkdoc-fixref
FIXXREF_OPTIONS=
MAINTAINERCLEANFILES = \
*~ \
Makefile.in \
polkit-gnome.types \
polkit-gnome-*.txt \
$(NULL)
include $(top_srcdir)/gtk-doc.make
# Version information for marking the documentation
EXTRA_DIST += version.xml.in
<?xml version="1.0"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
<!ENTITY version SYSTEM "version.xml">
]>
<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
<bookinfo>
<title>PolicyKit-gnome Library Reference Manual</title>
<releaseinfo>Version &version;</releaseinfo>
<authorgroup>
<author>
<firstname>David</firstname>
<surname>Zeuthen</surname>
<affiliation>
<address>
<email>david@fubar.dk</email>
</address>
</affiliation>
</author>
</authorgroup>
<copyright>
<year>2007</year>
<holder>The PolicyKit-gnome Authors</holder>
</copyright>
<legalnotice>
<para>
Permission is granted to copy, distribute and/or modify this
document under the terms of the <citetitle>GNU Free
Documentation License</citetitle>, Version 1.1 or any later
version published by the Free Software Foundation with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. You may obtain a copy of the <citetitle>GNU Free
Documentation License</citetitle> from the Free Software
Foundation by visiting <ulink type="http"
url="http://www.fsf.org">their Web site</ulink> or by writing
to:
<address>
The Free Software Foundation, Inc.,
<street>59 Temple Place</street> - Suite 330,
<city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
<country>USA</country>
</address>
</para>
<para>
Many of the names used by companies to distinguish their
products and services are claimed as trademarks. Where those
names appear in any GNOME documentation, and those trademarks
are made aware to the members of the GNOME Documentation
Project, the names have been printed in caps or initial caps.
</para>
</legalnotice>
</bookinfo>
<reference id="ref-core">
<title>API Reference</title>
<partintro>
<para>
This part presents the class and function reference for the
PolicyKit-gnome library, <literal>libpolkit-gnome</literal>.
</para>
</partintro>
<xi:include href="xml/polkit-gnome-context.xml"/>
<xi:include href="xml/polkit-gnome-action.xml"/>
<xi:include href="xml/polkit-gnome-toggle-action.xml"/>
<xi:include href="xml/polkit-gnome-auth.xml"/>
</reference>
<reference id="ref-auth-daemon">
<title>Authentication Agent</title>
<partintro>
<para>
This part discusses the GNOME/GTK+ specific Authentication
Agent.
</para>
</partintro>
<refsect1 id="ref-auth-daemon-overview">
<title>Overview</title>
<para>
The PolicyKit model provides letting an user authenticate in
order to gain the privilege to let a Mechanism carry work out
related to a specific Action on the users behalf. In the
PolicyKit libraries, this functionality is programmatically
exposed in the PolKitGrant class. As it's tedious to use this
low-level functionality from a GTK+ or GNOME application, the
high-level functionality is wrapped in a D-Bus service
available on the session message bus. The way it works is that
when an application needs privileges, it can call into this
D-Bus service and an authentication dialog will appear. When
the user is done with the authentication dialog, the
application recieves a reply from the D-Bus containing a
boolean indicating whether the user gained the privilege or
not.
</para>
</refsect1>
<refsect1 id="ref-auth-daemon-overview-dbus">
<title>D-Bus interface</title>
<para>
The D-Bus service is available on the session message bus with
the
name <literal>org.freedesktop.PolicyKit.AuthenticationAgent</literal>
and exports a single object <literal>/</literal> that
implements the
interface <literal>org.freedesktop.PolicyKit.AuthenticationAgent</literal>. The
D-Bus introspection XML looks like this
</para>
<programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../src/polkit-gnome-manager.xml" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
<para>
The <literal>ObtainAuthorization()</literal> method may throw
an exception if another client is currently using the service
to show an authentication dialog. In practice this should
never happen because the authentication daemon grabs the X11
keyboard and pointer thus preventing the user from activating
widgets in other applications that would lead to calling into
the <literal>ObtainAuthorization</literal> method.
</para>
</refsect1>
<refsect1 id="ref-auth-daemon-operation">
<title>Operation</title>
<para>
The authentication daemon uses
<literal>libpolkit-grant</literal> which in turn uses PAM for
authentication services (however, other authentication
back-ends can be plugged in as required). As such, a wide
range of authentication mechanisms are available.
</para>
<para>
The authentication daemon is using D-Bus activation and exits
after 30 seconds of inactivity. Thus the code implementing
this dialog only runs when necessary.
</para>
</refsect1>
<refsect1 id="ref-auth-daemon-ui-elements">
<title>UI elements</title>
<para>
The appearance of the authentication dialog depends on the
result from PolicyKit and also whether administrator
authentication is defined as "authenticate as the root user"
or "authenticate as one of the users from UNIX group wheel" or
however the PolicyKit library is configured (see
the <literal>PolicyKit.conf(5)</literal> manual page for
details). Note that some of the screenshots below were made on
a system set up to use
the <ulink url="http://thinkfinger.sourceforge.net/"><citetitle>ThinkFinger</citetitle></ulink>
PAM module.
</para>
<para>
The text shown in the authentication dialogs stems from the
PolicyKit <literal>.policy</literal> XML files residing
in <literal>/usr/share/PolicyKit/policy</literal> and is read
by the authentication daemon when an applications uses
the <literal>ShowDialog()</literal> method. Thus, what the
user sees is not under application control (e.g. it's not
passed from the application) which rules out a class of
attacks where applications are trying to fool the user into
gaining a privilege.
</para>
<para>
Authentication dialog where the user is asked to authenticate
as herself:
</para>
<para>
<inlinegraphic fileref="auth-self.png" format="PNG"/>
</para>
<para>
Authentication dialog where the user is asked to authenticate
as an administrative user and PolicyKit is configured to use
the root password for this:
</para>
<para>
<inlinegraphic fileref="auth-root.png" format="PNG"/>
</para>
<para>
Authentication dialog where the user is asked to authenticate
as an administrative user and PolicyKit is configured to use
the UNIX wheel group for this:
</para>
<para>
<inlinegraphic fileref="auth-wheel-group-1.png" format="PNG"/>
</para>
<para>
Same authentication dialog, showing drop down box where the
user can be selected:
</para>
<para>
<inlinegraphic fileref="auth-wheel-group-2.png" format="PNG"/>
</para>
<para>
Authentication dialog showing an Action where the privilege
can be retained indefinitely:
</para>
<para>
<inlinegraphic fileref="auth-retain-always.png" format="PNG"/>
</para>
<para>
Authentication dialog showing an Action where the privilege
can be retained only for the remainer of the desktop session:
</para>
<para>
<inlinegraphic fileref="auth-retain-session.png" format="PNG"/>
</para>
<para>
The details view detailing what Action is being asked for as
well as what application is requesting the authentication:
</para>
<para>
<inlinegraphic fileref="auth-details.png" format="PNG"/>
</para>
</refsect1>
</reference>
<!-- License -->
<appendix id="license">
<title>License</title>
<para>
The polkit-gnome library (polkit-gnome/*) is licensed to you
under the GNU Lesser General Public License version 2 or
later.
</para>
<para>
The PolicyKit GNOME authentication D-Bus service (src/*) is
licensed to you under the GNU General Public License version 2
or later.
</para>
<para>
Both licenses are included here. Some individual source code
files and/or binaries may be under the GPL only.
</para>
<para>
Each source code file is marked with the proper copyright
information.
</para>
</appendix>
</book>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment