PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Sun Dec 16 18:27:52 PST 2007
configure.in | 51 +++++++++++++++++++++++-
data/Makefile.am | 2
src/polkit-dbus/polkit-read-auth-helper.c | 1
src/polkit-dbus/polkit-set-default-helper.c | 1
src/polkit-grant/Makefile.am | 18 +++++++-
src/polkit-grant/polkit-explicit-grant-helper.c | 1
src/polkit-grant/polkit-grant-helper.c | 6 ++
src/polkit-grant/polkit-revoke-helper.c | 1
8 files changed, 72 insertions(+), 9 deletions(-)
New commits:
commit b5e019d783af8651db8e962c47b39942677ca6fd
Author: Carlos Corbacho <carlos at strangeworlds.co.uk>
Date: Sun Dec 16 21:21:16 2007 -0500
split out authentication framework from authorisation database
As per discussions with David Zeuthen, alter the build system so that we
can have different authentication frameworks for the authorisation
databases.
For now, the dummy database will only accept 'none' for the authentication
framework (this will be autoselected if not specified, and configure will
throw an error if any other framework than 'none' is specified is passed
in).
For the default database, the only available framework for now is 'pam'
(as with 'none' and dummy, 'pam' will be autoselected if specified as the
framework. If 'none' is passed as a framework, configure will reject this
and fail).
PAM specific code is now also marked with POLKIT_AUTHFW_PAM, so that it
can be easily compiled out if other frameworks are added in future.
diff --git a/configure.in b/configure.in
index 5e1f8e1..e415c12 100644
--- a/configure.in
+++ b/configure.in
@@ -269,12 +269,10 @@ AC_DEFINE_UNQUOTED(POLKIT_AUTHDB,"$POLKIT_AUTHDB", [Authorization Database to us
case $POLKIT_AUTHDB in
dummy)
- need_pam=no
AC_DEFINE(POLKIT_AUTHDB_DUMMY, 1, [If using the dummy authorization database])
;;
default)
- need_pam=yes
AC_DEFINE(POLKIT_AUTHDB_DEFAULT, 1, [If using the default authorization database])
;;
@@ -286,6 +284,54 @@ esac
AM_CONDITIONAL(POLKIT_AUTHDB_DUMMY, [test x$POLKIT_AUTHDB = xdummy], [Using dummy authdb])
AM_CONDITIONAL(POLKIT_AUTHDB_DEFAULT, [test x$POLKIT_AUTHDB = xdefault], [Using default authdb])
+dnl ---------------------------------------------------------------------------
+dnl - Select which authentication framework to use
+dnl ---------------------------------------------------------------------------
+
+AC_ARG_WITH([authfw],
+ AS_HELP_STRING([--with-authfw=<name>],
+ [Authentication framework (none/pam)]))
+if ! test -z "$with_authfw" ; then
+ if test x$with_authdb = xdummy ; then
+ if ! test x$with_authfw = xnone ; then
+ AC_MSG_ERROR([Only 'none' is a valid authentication framework for the dummy authorization database])
+ fi
+ else
+ if test x$with_authfw = xnone ; then
+ AC_MSG_ERROR(['none' is only a valid authentication framework for the dummy authorization database])
+ fi
+ fi
+ POLKIT_AUTHFW=$with_authfw
+else
+ if test x$with_authdb = xdummy ; then
+ POLKIT_AUTHFW=none
+ else
+ POLKIT_AUTHFW=pam
+ fi
+fi
+
+AC_SUBST(POLKIT_AUTHFW)
+AC_DEFINE_UNQUOTED(POLKIT_AUTHFW,"$POLKIT_AUTHFW", [Authentication Framework to use])
+
+case $POLKIT_AUTHFW in
+ none)
+ need_pam=no
+ AC_DEFINE(POLKIT_AUTHFW_NONE, 1, [If using no authentication framework])
+ ;;
+
+ pam)
+ need_pam=yes
+ AC_DEFINE(POLKIT_AUTHFW_PAM, 1, [If using the PAM authentication framework])
+ ;;
+
+ *)
+ AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW])
+ ;;
+esac
+
+AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw])
+AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw])
+
dnl ---------------------------------------------------------------------------
dnl - Check for PAM
@@ -498,6 +544,7 @@ echo "
group for PolicyKit: ${POLKIT_GROUP}
authorization database: ${POLKIT_AUTHDB}
+ authentication framework: ${POLKIT_AUTHFW}
Distribution/OS: ${with_os_type}
SELinux support: ${have_selinux}
diff --git a/data/Makefile.am b/data/Makefile.am
index 36bd7c0..8b91bc3 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -2,7 +2,7 @@
# See polkit-grant/Makefile.am for discussion
#
-if POLKIT_AUTHDB_DEFAULT
+if POLKIT_AUTHFW_PAM
pamdir = $(sysconfdir)/pam.d
pam_DATA = polkit
endif
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index 0ac986c..261f01f 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -41,13 +41,21 @@ libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE
# adjust the PAM stuff in data/Makefile.am
#
if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
+libexec_PROGRAMS = polkit-grant-helper
+
+if POLKIT_AUTHFW_PAM
+libexec_PROGRAMS += polkit-grant-helper-pam
+endif
+
+libexec_PROGRAMS += polkit-explicit-grant-helper polkit-revoke-helper
polkit_grant_helper_SOURCES = polkit-grant-helper.c
polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la
+if POLKIT_AUTHFW_PAM
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
+endif
polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
@@ -60,7 +68,7 @@ polkit_revoke_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_build
# polkit-grant-helper needs to be setgid polkituser to be able to
# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
#
-# polkit-grant-helper-pam need to be setuid root because it's used to
+# polkit-grant-helper-* need to be setuid root because it's used to
# authenticate not only the invoking user, but possibly also root
# and/or other users. As only polkit-grant-helper will invoke it
# we make it owned by the polkitiuser group and non-readable /
@@ -77,8 +85,10 @@ polkit_revoke_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_build
install-exec-hook:
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
+if POLKIT_AUTHFW_PAM
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
-chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
+endif
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper
@@ -111,7 +121,9 @@ covered-files.txt :
if POLKIT_AUTHDB_DEFAULT
echo src/polkit-grant/polkit-explicit-grant-helper.c >> covered-files.txt
echo src/polkit-grant/polkit-grant-helper.c >> covered-files.txt
+if POLKIT_AUTHFW_PAM
echo src/polkit-grant/polkit-grant-helper-pam.c >> covered-files.txt
+endif
echo src/polkit-grant/polkit-revoke-helper.c >> covered-files.txt
endif
@@ -120,7 +132,9 @@ coverage-report.txt : covered-files.txt clean-gcov all check
if POLKIT_AUTHDB_DEFAULT
gcov polkit-explicit-grant-helper.c -o .libs/ > /dev/null
gcov polkit-grant-helper.c -o .libs/ > /dev/null
+if POLKIT_AUTHFW_PAM
gcov polkit-grant-helper-pam.c -o .libs/ > /dev/null
+endif
gcov polkit-revoke-helper.c -o .libs/ > /dev/null
endif
$(top_srcdir)/test/create-coverage-report.sh "module polkit-grant" `cat covered-files.txt` > coverage-report.txt
diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c
index a3edefc..84462a9 100644
--- a/src/polkit-grant/polkit-grant-helper.c
+++ b/src/polkit-grant/polkit-grant-helper.c
@@ -39,7 +39,11 @@
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
+
+#ifdef POLKIT_AUTHFW_PAM
#include <security/pam_appl.h>
+#endif
+
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
@@ -163,7 +167,9 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation)
int helper_stdin;
int helper_stdout;
GError *g_error;
+#ifdef POLKIT_AUTHFW_PAM
char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL};
+#endif
char buf[256];
FILE *child_stdin;
FILE *child_stdout;
commit 28dc31692a1f5e53b38f1218b86c38541997c639
Author: Carlos Corbacho <carlos at strangeworlds.co.uk>
Date: Sun Dec 16 21:11:31 2007 -0500
remove unncessary PAM header inclusions
Many files are needlessly including PAM headers, when the code in question
has no PAM dependency - remove the PAM includes from these.
diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit-dbus/polkit-read-auth-helper.c
index f2cfea2..9948d1d 100644
--- a/src/polkit-dbus/polkit-read-auth-helper.c
+++ b/src/polkit-dbus/polkit-read-auth-helper.c
@@ -40,7 +40,6 @@
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <security/pam_appl.h>
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
diff --git a/src/polkit-dbus/polkit-set-default-helper.c b/src/polkit-dbus/polkit-set-default-helper.c
index 54380d2..e62529e 100644
--- a/src/polkit-dbus/polkit-set-default-helper.c
+++ b/src/polkit-dbus/polkit-set-default-helper.c
@@ -41,7 +41,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
-#include <security/pam_appl.h>
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
diff --git a/src/polkit-grant/polkit-explicit-grant-helper.c b/src/polkit-grant/polkit-explicit-grant-helper.c
index 75b8d2e..3cb468a 100644
--- a/src/polkit-grant/polkit-explicit-grant-helper.c
+++ b/src/polkit-grant/polkit-explicit-grant-helper.c
@@ -41,7 +41,6 @@
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <security/pam_appl.h>
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c
index 31da7c7..3231a9a 100644
--- a/src/polkit-grant/polkit-revoke-helper.c
+++ b/src/polkit-grant/polkit-revoke-helper.c
@@ -40,7 +40,6 @@
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <security/pam_appl.h>
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
More information about the hal-commit
mailing list