Import polkit-0.97.

PolicyKit is an application-level toolkit for defining and handling the
policy that allows unprivileged processes to speak to privileged
processes. It is a framework for centralizing the decision making
process with respect to granting access to privileged operations for
unprivileged applications. PolicyKit is specifically targeting
applications in rich desktop environments on multi-user UNIX-like
operating systems. It does not imply or rely on any exotic kernel
features.


bsd_auth(3) support is based on the Slackware Linux shadow
authentication port.
Several patches from FreeBSD and NetBSD.

*While basic functionnality works, this is NOT hooked up yet as more
things are coming*

sysutils/polkit/Makefile

@@ -0,0 +1,76 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+
+COMMENT=	framework for granting privileged operations to users
+
+DISTNAME=	polkit-0.97
+
+SHARED_LIBS +=  polkit-gobject-1	0.0 # .0.0
+SHARED_LIBS +=  polkit-backend-1	0.0 # .0.0
+SHARED_LIBS +=  polkit-agent-1		0.0 # .0.0
+
+CATEGORIES=	sysutils
+
+HOMEPAGE=	http://www.freedesktop.org/wiki/Software/PolicyKit
+
+MAINTAINER=	Antoine Jacoutot <ajacoutot@openbsd.org>
+
+# GPLv2+
+PERMIT_DISTFILES_CDROM=	Yes
+PERMIT_DISTFILES_FTP=	Yes
+PERMIT_PACKAGE_CDROM=	Yes
+PERMIT_PACKAGE_FTP=	Yes
+
+WANTLIB += c dbus-1 dbus-glib-1 expat gio-2.0 glib-2.0 gmodule-2.0
+WANTLIB += gobject-2.0 gthread-2.0 pcre pthread z
+
+#MASTER_SITES=	http://hal.freedesktop.org/releases/
+MASTER_SITES=	http://www.bsdfrog.org/OpenBSD/distfiles/
+
+MODULES=	textproc/intltool \
+		devel/gettext
+
+BUILD_DEPENDS=	::textproc/libxslt \
+		::textproc/docbook-xsl \
+		${MODGNU_AUTOMAKE_DEPENDS} \
+		${MODGNU_AUTOCONF_DEPENDS}
+
+LIB_DEPENDS=	eggdbus-1::devel/eggdbus
+
+AUTOCONF_VERSION= 2.62
+AUTOMAKE_VERSION=1.9
+
+CONFIGURE_STYLE= gnu
+CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include" \
+		LDFLAGS="-L${LOCALBASE}/lib" \
+		CC=${CC} CFLAGS="${CFLAGS}"
+CONFIGURE_ARGS=	${CONFIGURE_SHARED} \
+		--localstatedir=/var \
+		--mandir=${PREFIX}/man \
+		--enable-man-pages \
+		--enable-verbose-mode \
+		--enable-examples \
+		--disable-gtk-doc \
+		--disable-introspection \
+		--with-os-type=openbsd \
+		--with-authfw=bsdauth
+
+USE_GMAKE=	Yes
+USE_LIBTOOL=	Yes
+
+FAKE_FLAGS=	sysconfdir=${PREFIX}/share/examples/polkit
+
+pre-configure:
+	${SUBST_CMD} ${WRKSRC}/docs/man/pkexec.xml \
+		${WRKSRC}/actions/org.freedesktop.policykit.policy.in \
+		${WRKSRC}/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
+
+do-configure:
+	cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
+		AUTOMAKE_VERSION=${AUTOMAKE_VERSION} \
+		${CONFIGURE_ENV} ./autogen.sh ${CONFIGURE_ARGS}
+
+post-install:
+	${INSTALL_DATA} ${FILESDIR}/60-desktop-policy.conf \
+		${PREFIX}/share/examples/polkit/polkit-1/localauthority.conf.d/
+
+.include <bsd.port.mk>

sysutils/polkit/distinfo

@@ -0,0 +1,5 @@
+MD5 (polkit-0.97.tar.gz) = 3Bdpry1AnUcAqPwvm6eunw==
+RMD160 (polkit-0.97.tar.gz) = PojZiPZOvTBCQl9paViDgI4sn/o=
+SHA1 (polkit-0.97.tar.gz) = QJji7cEdA5ceUiqIp0dsq9OCTvg=
+SHA256 (polkit-0.97.tar.gz) = thjuv0wWOYRUB8rzAkgY3+BGA/BtqGX1bAEAIUfQpKk=
+SIZE (polkit-0.97.tar.gz) = 340363

sysutils/polkit/files/60-desktop-policy.conf

@@ -0,0 +1,2 @@
+[Configuration]
+AdminIdentities=unix-group:wheel

sysutils/polkit/patches/patch-actions_org_freedesktop_policykit_policy_in

@@ -0,0 +1,11 @@
+$OpenBSD: patch-actions_org_freedesktop_policykit_policy_in,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- actions/org.freedesktop.policykit.policy.in.orig	Sun Jun 27 20:11:45 2010
++++ actions/org.freedesktop.policykit.policy.in	Sun Jun 27 20:12:00 2010
+@@ -27,6 +27,6 @@
+       <allow_inactive>no</allow_inactive>
+       <allow_active>auth_admin</allow_active>
+     </defaults>
+-    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pklalockdown</annotate>
++    <annotate key="org.freedesktop.policykit.exec.path">${PREFIX}/bin/pklalockdown</annotate>
+   </action>
+ </policyconfig>

sysutils/polkit/patches/patch-configure_ac

@@ -0,0 +1,41 @@
+$OpenBSD: patch-configure_ac,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- configure.ac.orig	Wed Mar 10 18:46:19 2010
++++ configure.ac	Sun Jun 27 19:31:08 2010
+@@ -145,7 +145,7 @@ AC_SUBST(EXPAT_LIBS)
+ AC_CHECK_FUNCS(clearenv)
+ 
+ if test "x$GCC" = "xyes"; then
+-  LDFLAGS="-Wl,--as-needed $LDFLAGS"
++  LDFLAGS="$LDFLAGS"
+ fi
+ 
+ dnl ---------------------------------------------------------------------------
+@@ -194,6 +194,11 @@ case $POLKIT_AUTHFW in
+     AC_DEFINE(POLKIT_AUTHFW_SHADOW, 1, [If using the Shadow authentication framework])
+     ;;
+ 
++  bsdauth)
++    need_pam=no
++    AC_DEFINE(POLKIT_AUTHFW_BSDAUTH, 1, [If using the bsd_auth(3) authentication framework])
++    ;;
++
+   *)
+     AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW])
+     ;;
+@@ -202,6 +207,7 @@ esac
+ AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw])
+ AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw])
+ AM_CONDITIONAL(POLKIT_AUTHFW_SHADOW, [test x$POLKIT_AUTHFW = xshadow], [Using Shadow authfw])
++AM_CONDITIONAL(POLKIT_AUTHFW_BSDAUTH, [test x$POLKIT_AUTHFW = xbsdauth], [Using bsd_auth(3) authfw])
+ 
+ 
+ dnl ---------------------------------------------------------------------------
+@@ -488,7 +494,7 @@ echo "NOTE: The directory ${sysconfdir}/polkit-1/local
+ echo "      by root and have mode 700"
+ echo
+ 
+-echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned"
++echo "NOTE: The directory ${localstatedir}/db/polkit-1 must be owned"
+ echo "      by root and have mode 700"
+ echo
+ 

sysutils/polkit/patches/patch-docs_man_pkexec_xml

@@ -0,0 +1,38 @@
+$OpenBSD: patch-docs_man_pkexec_xml,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- docs/man/pkexec.xml.orig	Sun Jun 27 19:09:16 2010
++++ docs/man/pkexec.xml	Sun Jun 27 19:12:38 2010
+@@ -131,14 +131,14 @@
+   <refsect1 id="pkexec-example"><title>EXAMPLE</title>
+     <para>
+       To specify what kind of authorization is needed to execute the
+-      program <filename>/usr/bin/pk-example-frobnicate</filename> as
++      program <filename>${PREFIX}/bin/pk-example-frobnicate</filename> as
+       another user, simply write an action definition file like this
+     </para>
+     <programlisting>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" parse="text" href="../../src/examples/org.freedesktop.policykit.examples.pkexec.policy"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+     <para>
+       and drop it in
+-      the <filename>/usr/share/polkit-1/actions</filename> directory
++      the <filename>${PREFIX}/share/polkit-1/actions</filename> directory
+       under a suitable name (e.g. matching the namespace of the
+       action).  Note that in addition to specifying the program, the
+       authentication message, description, icon and defaults can be
+@@ -165,7 +165,7 @@
+ |          Password: [__________________________________]  |
+ |                                                          |
+ | [V] Details:                                             |
+-|  Command: /usr/bin/pk-example-frobnicate                 |
++|  Command: ${PREFIX}/bin/pk-example-frobnicate                 |
+ |  Run As:  Super User (root)                              |
+ |  Action:  org.fd.pk.example.pkexec.run-frobnicate        |
+ |  Vendor:  Examples for the PolicyKit Project             |
+@@ -199,7 +199,7 @@
+ |                                                          |
+ | [V] Detaljer:                                            |
+ |  Bruger:   Super User (root)                             |
+-|  Program:  /usr/bin/pk-example-frobnicate                |
++|  Program:  ${PREFIX}/bin/pk-example-frobnicate                |
+ |  Handling: org.fd.pk.example.pkexec.run-frobnicate       |
+ |  Vendor:   Examples for the PolicyKit Project            |
+ |                                                          |

sysutils/polkit/patches/patch-docs_man_pklocalauthority_xml

@@ -0,0 +1,48 @@
+$OpenBSD: patch-docs_man_pklocalauthority_xml,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- docs/man/pklocalauthority.xml.orig	Sun Jun 27 18:25:36 2010
++++ docs/man/pklocalauthority.xml	Sun Jun 27 18:25:58 2010
+@@ -93,7 +93,7 @@
+       The Local Authority reads files with <filename>.pkla</filename>
+       extension from all directories located inside the
+       <filename>/etc/polkit-1/localauthority</filename>
+-      and <filename>/var/lib/polkit-1/localauthority</filename>
++      and <filename>/var/db/polkit-1/localauthority</filename>
+       directories. By default, the following sub-directories are installed.
+     </para>
+     <programlisting>
+@@ -109,7 +109,7 @@
+       and
+     </para>
+     <programlisting>
+-/var/lib/polkit-1/
++/var/db/polkit-1/
+ `-- localauthority
+     |-- 10-vendor.d
+     |-- 20-org.d
+@@ -120,7 +120,7 @@
+     <para>
+       The <filename>/etc/polkit-1/localauthority</filename> hierarchy
+       is inteded for local configuration and
+-      the <filename>/var/lib/polkit-1/localauthority</filename> is
++      the <filename>/var/db/polkit-1/localauthority</filename> is
+       intended for 3rd party packages.
+     </para>
+     <para>
+@@ -290,7 +290,7 @@
+       the following rules. First all the basename of all
+       sub-directories (e.g. <emphasis>30-site.d</emphasis>) from both
+       the <filename>/etc/polkit-1/localauthority</filename>
+-      and <filename>/var/lib/polkit-1/localauthority</filename>
++      and <filename>/var/db/polkit-1/localauthority</filename>
+       directories are enumerated and sorted (using the C locale). If a
+       name exists in both <filename>/etc</filename>
+       and <filename>/var</filename>, the one
+@@ -304,7 +304,7 @@
+       For example, given the following files
+     </para>
+     <programlisting>
+-/var/lib/polkit-1
++/var/db/polkit-1
+ └── localauthority
+     ├── 10-vendor.d
+     │   └── 10-desktop-policy.pkla

sysutils/polkit/patches/patch-src_examples_org_freedesktop_policykit_examples_pkexec_policy_in

@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_examples_org_freedesktop_policykit_examples_pkexec_policy_in,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.orig	Sun Jun 27 20:12:32 2010
++++ src/examples/org.freedesktop.policykit.examples.pkexec.policy.in	Sun Jun 27 20:12:40 2010
+@@ -16,7 +16,7 @@
+       <allow_inactive>no</allow_inactive>
+       <allow_active>auth_self_keep</allow_active>
+     </defaults>
+-    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
++    <annotate key="org.freedesktop.policykit.exec.path">${PREFIX}/bin/pk-example-frobnicate</annotate>
+   </action>
+ 
+ </policyconfig>

sysutils/polkit/patches/patch-src_polkit_polkitunixprocess_c

@@ -0,0 +1,127 @@
+$OpenBSD: patch-src_polkit_polkitunixprocess_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkit/polkitunixprocess.c.orig	Wed Mar 10 18:46:19 2010
++++ src/polkit/polkitunixprocess.c	Thu Jul  1 09:19:56 2010
+@@ -24,8 +24,13 @@
+ #endif
+ 
+ #include <sys/types.h>
+-#ifndef HAVE_FREEBSD
++#if !defined(HAVE_FREEBSD) && !defined(__OpenBSD__)
+ #include <sys/stat.h>
++#elif defined(__OpenBSD__)
++#include <kvm.h>
++#include <stdio.h>
++#include <sys/param.h>
++#include <sys/sysctl.h>
+ #else
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+@@ -86,6 +91,10 @@ static guint64 get_start_time_for_pid (gint    pid,
+ static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p);
+ #endif
+ 
++#ifdef __OpenBSD__
++static gboolean get_kinfo_proc (pid_t pid, struct kinfo_proc2 *p);
++#endif
++
+ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT,
+                          G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init)
+                          );
+@@ -214,8 +223,10 @@ polkit_unix_process_get_owner (PolkitUnixProcess  *pro
+                                GError            **error)
+ {
+   gint result;
+-#ifdef HAVE_FREEBSD
++#if defined(HAVE_FREEBSD)
+   struct kinfo_proc p;
++#elif defined(__OpenBSD__)
++  struct kinfo_proc2 p;
+ #else
+   struct stat statbuf;
+   char procbuf[32];
+@@ -223,7 +234,7 @@ polkit_unix_process_get_owner (PolkitUnixProcess  *pro
+ 
+   result = 0;
+ 
+-#ifdef HAVE_FREEBSD
++#if defined(HAVE_FREEBSD) || defined(__OpenBSD__)
+   if (get_kinfo_proc (process->pid, &p) == 0)
+     {
+       g_set_error (error,
+@@ -235,8 +246,12 @@ polkit_unix_process_get_owner (PolkitUnixProcess  *pro
+       goto out;
+     }
+ 
++#if defined(HAVE_FREEBSD)
+   result = p.ki_uid;
+ #else
++  result = p.p_uid;
++#endif
++#else
+   g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid);
+   if (stat (procbuf, &statbuf) != 0)
+     {
+@@ -476,12 +491,38 @@ get_kinfo_proc (pid_t pid, struct kinfo_proc *p)
+ }
+ #endif
+ 
++#ifdef __OpenBSD__
++get_kinfo_proc (pid_t pid,
++		struct kinfo_proc2 *p)
++{
++	int name[6];
++	u_int namelen;
++	size_t sz;
++
++	sz = sizeof(*p);
++	namelen = 0;
++	name[namelen++] = CTL_KERN;
++	name[namelen++] = KERN_PROC2;
++	name[namelen++] = KERN_PROC_PID;
++	name[namelen++] = pid;
++	name[namelen++] = sz;
++	name[namelen++] = 1;
++
++	if (sysctl (name, namelen, p, &sz, NULL, 0) == -1) {
++		perror("sysctl kern.proc2.pid");
++		return FALSE;
++	}
++
++	return TRUE;
++}
++#endif
++
+ static guint64
+ get_start_time_for_pid (pid_t    pid,
+                         GError **error)
+ {
+   guint64 start_time;
+-#ifndef HAVE_FREEBSD
++#if !defined(HAVE_FREEBSD) && !defined(__OpenBSD__)
+   gchar *filename;
+   gchar *contents;
+   size_t length;
+@@ -554,7 +595,11 @@ get_start_time_for_pid (pid_t    pid,
+   g_free (filename);
+   g_free (contents);
+ #else
++#if defined(HAVE_FREEBSD)
+   struct kinfo_proc p;
++#else
++  struct kinfo_proc2 p;
++#endif
+ 
+   start_time = 0;
+ 
+@@ -569,7 +614,11 @@ get_start_time_for_pid (pid_t    pid,
+       goto out;
+     }
+ 
++#ifdef HAVE_FREEBSD
+   start_time = (guint64) p.ki_start.tv_sec;
++#else
++  start_time = (guint64) p.p_ustart_sec;
++#endif
+ 
+ out:
+ #endif

sysutils/polkit/patches/patch-src_polkitagent_Makefile_am

@@ -0,0 +1,24 @@
+$OpenBSD: patch-src_polkitagent_Makefile_am,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitagent/Makefile.am.orig	Wed Mar 10 18:46:19 2010
++++ src/polkitagent/Makefile.am	Sun Jun 27 17:49:46 2010
+@@ -68,8 +68,18 @@ libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '
+ libexec_PROGRAMS = polkit-agent-helper-1
+ 
+ polkit_agent_helper_1_SOURCES = 					\
+-	polkitagenthelper.c						\
+-	$(NULL)
++	polkitagenthelperprivate.c polkitagenthelperprivate.h		
++
++if POLKIT_AUTHFW_PAM
++polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c
++endif
++if POLKIT_AUTHFW_SHADOW
++polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
++endif
++if POLKIT_AUTHFW_BSDAUTH
++polkit_agent_helper_1_SOURCES += polkitagenthelper-bsdauth.c
++endif
++polkit_agent_helper_1_SOURCES += $(NULL)
+ 
+ polkit_agent_helper_1_CFLAGS  = 					\
+         -D_POLKIT_COMPILATION                                  		\

sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelper-bsdauth_c

@@ -0,0 +1,212 @@
+$OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitagent/polkitagenthelper-bsdauth.c.orig	Sun Jun 27 17:49:56 2010
++++ src/polkitagent/polkitagenthelper-bsdauth.c	Sun Jun 27 18:03:34 2010
+@@ -0,0 +1,208 @@
++/*
++ * Copyright (C) 2008 Red Hat, Inc.
++ * Copyright (C) 2009-2010 Andrew Psaltis <ampsaltis@gmail.com>
++ * Copyright (C) 2010 Antoine Jacoutot <ajacoutot@openbsd.org>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General
++ * Public License along with this library; if not, write to the
++ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
++ * Boston, MA 02111-1307, USA.
++ *
++ * Authors: Andrew Psaltis <ampsaltis@gmail.com>, based on
++ *            polkitagenthelper.c which was written by
++ *          David Zeuthen <davidz@redhat.com>
++ */
++
++#include "config.h"
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <syslog.h>
++#include <pwd.h>
++#include <time.h>
++#include <login_cap.h>
++#include <bsd_auth.h>
++
++#include <polkit/polkit.h>
++#include "polkitagenthelperprivate.h"
++
++
++static int bsdauth_authenticate(const char *user_to_auth);
++
++int clearenv(void);
++
++int
++clearenv(void)
++{
++  extern char **environ;
++
++  environ[0] = NULL;
++  return 0;
++}
++
++int
++main (int argc, char *argv[])
++{
++  const char *user_to_auth;
++  const char *cookie;
++//  time_t tm;
++
++  /* clear the entire environment to avoid attacks with
++     libraries honoring environment variables */
++  if (clearenv () != 0)
++    goto error;
++
++  /* set a minimal environment */
++//  setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
++  setenv ("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1);
++
++  /* check that we are setuid root */
++  if (geteuid () != 0)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
++      goto error;
++    }
++
++  openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
++
++  /* check for correct invocation */
++  if (argc != 3)
++    {
++      syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
++      fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
++      goto error;
++    }
++
++  if (getuid () != 0)
++    {
++    /* check we're running with a non-tty stdin */
++    if (isatty (STDIN_FILENO) != 0)
++      {
++        syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
++        fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
++        goto error;
++      }
++    }
++
++  user_to_auth = argv[1];
++  cookie = argv[2];
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
++#endif /* PAH_DEBUG */
++
++  /* Ask shadow about the user requesting authentication */
++/*
++  if ((shadow = getspnam (user_to_auth)) == NULL)
++    {
++      syslog (LOG_NOTICE, "shadow file data information request for user %s [uid=%d] failed", user_to_auth, getuid());
++      fprintf(stderr, "polkit-agent-helper-1: could not get shadow information for%.100s", user_to_auth);
++      goto error;
++    }
++*/
++  
++  /* Check the user's identity */
++  if(!bsdauth_authenticate (user_to_auth))
++    {
++      syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth);
++      fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n");
++      goto error;
++    }
++
++  /* Check whether the user's password has expired */
++/*
++  time(&tm);
++  if( shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= tm)
++    {
++      syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () );
++      fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
++      goto error;
++    }
++*/
++
++  /* Check whether the user's password has aged (and account expired along
++   * with it)
++   */
++/*
++  if( shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24           <= tm) 
++    {
++      syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () );
++      fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
++      goto error;
++    }
++*/
++
++  /* Check whether the user's account has expired */
++/*
++  if(shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= tm) 
++    {
++      syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () );
++      fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
++      goto error;
++    }
++*/
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
++#endif /* PAH_DEBUG */
++
++  /* now send a D-Bus message to the PolicyKit daemon that
++   * includes a) the cookie; and b) the user we authenticated
++   */
++  if (!send_dbus_message (cookie, user_to_auth))
++    {
++#ifdef PAH_DEBUG
++      fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
++#endif /* PAH_DEBUG */
++      goto error;
++    }
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
++#endif /* PAH_DEBUG */
++
++  fprintf (stdout, "SUCCESS\n");
++  flush_and_wait();
++  return 0;
++
++error:
++  fprintf (stdout, "FAILURE\n");
++  flush_and_wait();
++  return 1;
++}
++
++static int
++bsdauth_authenticate(const char *user_to_auth)
++{
++  /* Speak PAM to the daemon, thanks to David Zeuthen for the idea. */
++  char passwd[512];
++  fprintf(stdout, "PAM_PROMPT_ECHO_OFF password:\n");
++  fflush(stdout);
++  usleep (10 * 1000); /* since fflush(3) seems buggy */
++
++  if (fgets (passwd, sizeof (passwd), stdin) == NULL)
++    goto error;
++
++  if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n')
++    passwd[strlen (passwd) - 1] = '\0';
++  
++//  if (strcmp (shadow->sp_pwdp, crypt (passwd, shadow->sp_pwdp)) != 0)
++    if (auth_userokay(user_to_auth, NULL, "polkit", passwd) != 0)
++    goto error;
++  return 1;
++error:
++  return 0;
++}

sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelper-pam_c

@@ -0,0 +1,268 @@
+$OpenBSD: patch-src_polkitagent_polkitagenthelper-pam_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitagent/polkitagenthelper-pam.c.orig	Sun Jun 27 17:34:45 2010
++++ src/polkitagent/polkitagenthelper-pam.c	Sun Jun 27 17:34:45 2010
+@@ -0,0 +1,264 @@
++/*
++ * Copyright (C) 2008, 2010 Red Hat, Inc.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General
++ * Public License along with this library; if not, write to the
++ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
++ * Boston, MA 02111-1307, USA.
++ *
++ * Author: David Zeuthen <davidz@redhat.com>
++ */
++
++#include "config.h"
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <syslog.h>
++#include <security/pam_appl.h>
++
++#include <polkit/polkit.h>
++#include "polkitagenthelperprivate.h"
++
++static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
++
++int
++main (int argc, char *argv[])
++{
++  int rc;
++  const char *user_to_auth;
++  const char *cookie;
++  struct pam_conv pam_conversation;
++  pam_handle_t *pam_h;
++  const void *authed_user;
++
++  rc = 0;
++  pam_h = NULL;
++
++  /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
++  if (clearenv () != 0)
++    goto error;
++
++  /* set a minimal environment */
++  setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
++
++  /* check that we are setuid root */
++  if (geteuid () != 0)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
++      goto error;
++    }
++
++  openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
++
++  /* check for correct invocation */
++  if (argc != 3)
++    {
++      syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
++      fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
++      goto error;
++    }
++
++  user_to_auth = argv[1];
++  cookie = argv[2];
++
++  if (getuid () != 0)
++    {
++      /* check we're running with a non-tty stdin */
++      if (isatty (STDIN_FILENO) != 0)
++        {
++          syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
++          fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
++          goto error;
++        }
++    }
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
++#endif /* PAH_DEBUG */
++
++  pam_conversation.conv        = conversation_function;
++  pam_conversation.appdata_ptr = NULL;
++
++  /* start the pam stack */
++  rc = pam_start ("polkit-1",
++                  user_to_auth,
++                  &pam_conversation,
++                  &pam_h);
++  if (rc != PAM_SUCCESS)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
++      goto error;
++    }
++
++  /* set the requesting user */
++  rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
++  if (rc != PAM_SUCCESS)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
++      goto error;
++    }
++
++  /* is user really user? */
++  rc = pam_authenticate (pam_h, 0);
++  if (rc != PAM_SUCCESS)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
++      goto error;
++    }
++
++  /* permitted access? */
++  rc = pam_acct_mgmt (pam_h, 0);
++  if (rc != PAM_SUCCESS)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
++      goto error;
++    }
++
++  /* did we auth the right user? */
++  rc = pam_get_item (pam_h, PAM_USER, &authed_user);
++  if (rc != PAM_SUCCESS)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
++      goto error;
++    }
++
++  if (strcmp (authed_user, user_to_auth) != 0)
++    {
++      fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
++               user_to_auth, (const char *) authed_user);
++      goto error;
++    }
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
++#endif /* PAH_DEBUG */
++
++  pam_end (pam_h, rc);
++  pam_h = NULL;
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
++#endif /* PAH_DEBUG */
++
++  /* now send a D-Bus message to the PolicyKit daemon that
++   * includes a) the cookie; and b) the user we authenticated
++   */
++  if (!send_dbus_message (cookie, user_to_auth))
++    {
++#ifdef PAH_DEBUG
++      fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
++#endif /* PAH_DEBUG */
++      goto error;
++    }
++
++#ifdef PAH_DEBUG
++  fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
++#endif /* PAH_DEBUG */
++
++  fprintf (stdout, "SUCCESS\n");
++  flush_and_wait();
++  return 0;
++
++error:
++  if (pam_h != NULL)
++    pam_end (pam_h, rc);
++
++  fprintf (stdout, "FAILURE\n");
++  flush_and_wait();
++  return 1;
++}
++
++static int
++conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
++{
++  struct pam_response *aresp;
++  char buf[PAM_MAX_RESP_SIZE];
++  int i;
++
++  data = data;
++  if (n <= 0 || n > PAM_MAX_NUM_MSG)
++    return PAM_CONV_ERR;
++
++  if ((aresp = calloc(n, sizeof *aresp)) == NULL)
++    return PAM_BUF_ERR;
++
++  for (i = 0; i < n; ++i)
++    {
++      aresp[i].resp_retcode = 0;
++      aresp[i].resp = NULL;
++      switch (msg[i]->msg_style)
++        {
++
++        case PAM_PROMPT_ECHO_OFF:
++          fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
++          goto conv1;
++
++        case PAM_PROMPT_ECHO_ON:
++          fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
++        conv1:
++          fputs (msg[i]->msg, stdout);
++          if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
++            fputc ('\n', stdout);
++          fflush (stdout);
++
++          if (fgets (buf, sizeof buf, stdin) == NULL)
++            goto error;
++
++          if (strlen (buf) > 0 &&
++              buf[strlen (buf) - 1] == '\n')
++            buf[strlen (buf) - 1] = '\0';
++
++          aresp[i].resp = strdup (buf);
++          if (aresp[i].resp == NULL)
++            goto error;
++          break;
++
++        case PAM_ERROR_MSG:
++          fprintf (stdout, "PAM_ERROR_MSG ");
++          goto conv2;
++
++        case PAM_TEXT_INFO:
++          fprintf (stdout, "PAM_TEXT_INFO ");
++        conv2:
++          fputs (msg[i]->msg, stdout);
++          if (strlen (msg[i]->msg) > 0 &&
++              msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
++            fputc ('\n', stdout);
++          fflush (stdout);
++          break;
++
++        default:
++          goto error;
++        }
++    }
++
++  *resp = aresp;
++  return PAM_SUCCESS;
++
++error:
++
++  for (i = 0; i < n; ++i)
++    {
++      if (aresp[i].resp != NULL) {
++        memset (aresp[i].resp, 0, strlen(aresp[i].resp));
++        free (aresp[i].resp);
++      }
++    }
++  memset (aresp, 0, n * sizeof *aresp);
++  *resp = NULL;
++  return PAM_CONV_ERR;
++}
++

sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelperprivate_c

@@ -0,0 +1,101 @@
+$OpenBSD: patch-src_polkitagent_polkitagenthelperprivate_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitagent/polkitagenthelperprivate.c.orig	Sun Jun 27 17:34:45 2010
++++ src/polkitagent/polkitagenthelperprivate.c	Sun Jun 27 17:34:45 2010
+@@ -0,0 +1,97 @@
++/*
++ * Copyright (C) 2009-2010 Red Hat, Inc.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General
++ * Public License along with this library; if not, write to the
++ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
++ * Boston, MA 02110-1301, USA.
++ *
++ * Authors: David Zeuthen <davidz@redhat.com>,
++ *          Andrew Psaltis <ampsaltis@gmail.com>
++ */
++
++#include "polkitagenthelperprivate.h"
++#include <stdio.h>
++
++#ifndef HAVE_CLEARENV
++extern char **environ;
++
++static int
++clearenv (void)
++{
++	if (environ != NULL)
++		environ[0] = NULL;
++	return 0;
++}
++#endif
++
++
++gboolean
++send_dbus_message (const char *cookie, const char *user)
++{
++  PolkitAuthority *authority;
++  PolkitIdentity *identity;
++  GError *error;
++  gboolean ret;
++
++  ret = FALSE;
++
++  error = NULL;
++
++  g_type_init ();
++
++  authority = polkit_authority_get ();
++
++  identity = polkit_unix_user_new_for_name (user, &error);
++  if (identity == NULL)
++    {
++      g_printerr ("Error constructing identity: %s\n", error->message);
++      g_error_free (error);
++      goto out;
++    }
++
++  if (!polkit_authority_authentication_agent_response_sync (authority,
++                                                            cookie,
++                                                            identity,
++                                                            NULL,
++                                                            &error))
++    {
++      g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
++      g_error_free (error);
++      goto out;
++    }
++
++  ret = TRUE;
++
++ out:
++
++  if (identity != NULL)
++    g_object_unref (identity);
++
++  if (authority != NULL)
++    g_object_unref (authority);
++
++  return ret;
++}
++
++/* fflush(3) stdin and stdout and wait a little bit.
++ * This replaces the three-line commands at the bottom of
++ * polkit-agent-helper-1's main() function.
++ */
++void
++flush_and_wait ()
++{
++  fflush (stdout);
++  fflush (stderr);
++  usleep (10 * 1000); /* since fflush(3) seems buggy */
++}

sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelperprivate_h

@@ -0,0 +1,46 @@
+$OpenBSD: patch-src_polkitagent_polkitagenthelperprivate_h,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitagent/polkitagenthelperprivate.h.orig	Sun Jun 27 17:34:45 2010
++++ src/polkitagent/polkitagenthelperprivate.h	Sun Jun 27 17:34:45 2010
+@@ -0,0 +1,42 @@
++/*
++ * Copyright (C) 2009-2010 Red Hat, Inc.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General
++ * Public License along with this library; if not, write to the
++ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
++ * Boston, MA 02110-1301, USA.
++ *
++ * Authors: David Zeuthen <davidz@redhat.com>,
++ *          Andrew Psaltis <ampsalits@gmail.com>
++ */
++#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H
++#define __POLKIT_AGENT_HELPER_PRIVATE_H
++
++#include <polkit/polkit.h>
++ 
++/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
++ * enable this in production builds; it may leak passwords and other
++ * sensitive information.
++ */
++#undef PAH_DEBUG
++// #define PAH_DEBUG
++
++#ifdef HAVE_SOLARIS
++#  define LOG_AUTHPRIV    (10<<3)
++#endif
++
++gboolean send_dbus_message (const char *cookie, const char *user);
++
++void flush_and_wait ();
++
++#endif /* __POLKIT_AGENT_HELPER_PRIVATE_H */

sysutils/polkit/patches/patch-src_polkitbackend_Makefile_am

@@ -0,0 +1,14 @@
+$OpenBSD: patch-src_polkitbackend_Makefile_am,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitbackend/Makefile.am.orig	Sun Jun 27 18:26:49 2010
++++ src/polkitbackend/Makefile.am	Sun Jun 27 18:27:49 2010
+@@ -100,10 +100,4 @@ clean-local :
+ 	rm -f *~ $(ck_built_sources) $(BUILT_SOURCES)
+ 
+ install-exec-hook:
+-	mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1
+-	mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d}
+-	-chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1
+-	mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1
+-	mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d}
+-	-chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/localauthority
+ 	mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions

sysutils/polkit/patches/patch-src_polkitbackend_polkitbackendlocalauthority_c

@@ -0,0 +1,30 @@
+$OpenBSD: patch-src_polkitbackend_polkitbackendlocalauthority_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/polkitbackend/polkitbackendlocalauthority.c.orig	Sun Jun 27 18:27:56 2010
++++ src/polkitbackend/polkitbackendlocalauthority.c	Sun Jun 27 18:28:13 2010
+@@ -211,7 +211,7 @@ add_all_authorization_stores (PolkitBackendLocalAuthor
+       error = NULL;
+ 
+       if (n == 0)
+-        toplevel_path = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority";
++        toplevel_path = PACKAGE_LOCALSTATE_DIR "/db/polkit-1/localauthority";
+       else
+         toplevel_path = PACKAGE_SYSCONF_DIR "/polkit-1/localauthority";
+ 
+@@ -321,7 +321,7 @@ polkit_backend_local_authority_init (PolkitBackendLoca
+       GError *error;
+ 
+       if (n == 0)
+-        toplevel_path = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority";
++        toplevel_path = PACKAGE_LOCALSTATE_DIR "/db/polkit-1/localauthority";
+       else
+         toplevel_path = PACKAGE_SYSCONF_DIR "/polkit-1/localauthority";
+ 
+@@ -698,7 +698,7 @@ static gchar *
+ lockdown_get_filename (const gchar *action_id)
+ {
+   return g_strdup_printf (PACKAGE_LOCALSTATE_DIR
+-                          "/lib/polkit-1/localauthority/90-mandatory.d/"
++                          "/db/polkit-1/localauthority/90-mandatory.d/"
+                           "org.freedesktop.policykit.localauthority.lockdown.action-%s.pkla",
+                           action_id);
+ }

sysutils/polkit/patches/patch-src_programs_pkexec_c

@@ -0,0 +1,55 @@
+$OpenBSD: patch-src_programs_pkexec_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+--- src/programs/pkexec.c.orig	Wed Mar 10 18:46:19 2010
++++ src/programs/pkexec.c	Thu Jul  1 07:31:27 2010
+@@ -34,7 +34,11 @@
+ #include <grp.h>
+ #include <pwd.h>
+ #include <errno.h>
++
++#ifdef POLKIT_AUTHFW_PAM
+ #include <security/pam_appl.h>
++#endif /* POLKIT_AUTHFW_PAM */
++
+ #include <syslog.h>
+ #include <stdarg.h>
+ 
+@@ -115,6 +119,7 @@ log_message (gint     level,
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
++#ifdef POLKIT_AUTHFW_PAM
+ static int
+ pam_conversation_function (int n,
+                            const struct pam_message **msg,
+@@ -167,6 +172,7 @@ out:
+     pam_end (pam_h, rc);
+   return ret;
+ }
++#endif /* POLKIT_AUTHFW_PAM */
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+@@ -437,7 +443,7 @@ main (int argc, char *argv[])
+       goto out;
+     }
+ 
+-  original_cwd = g_strdup (get_current_dir_name ());
++  original_cwd = g_strdup (getcwd (NULL, 0));
+   if (original_cwd == NULL)
+     {
+       g_printerr ("Error getting cwd.\n");
+@@ -741,11 +747,13 @@ main (int argc, char *argv[])
+    * TODO: The question here is whether we should clear the limits before applying them?
+    * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
+    */
++#ifdef POLKIT_AUTHW_PAM
+   if (!open_session (pw->pw_name))
+     {
+       goto out;
+     }
+-
++#endif /* POLKIT_AUTHFW_PAM */
++  
+   /* become the user */
+   if (setgroups (0, NULL) != 0)
+     {

sysutils/polkit/pkg/DESCR

@@ -0,0 +1,8 @@
+PolicyKit is an application-level toolkit for defining and handling the
+policy that allows unprivileged processes to speak to privileged
+processes. It is a framework for centralizing the decision making
+process with respect to granting access to privileged operations for
+unprivileged applications. PolicyKit is specifically targeting
+applications in rich desktop environments on multi-user UNIX-like
+operating systems. It does not imply or rely on any exotic kernel
+features.

sysutils/polkit/pkg/PFRAG.shared

@@ -0,0 +1,6 @@
+@comment $OpenBSD: PFRAG.shared,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+@lib lib/libpolkit-agent-1.so.${LIBpolkit-agent-1_VERSION}
+@lib lib/libpolkit-backend-1.so.${LIBpolkit-backend-1_VERSION}
+@lib lib/libpolkit-gobject-1.so.${LIBpolkit-gobject-1_VERSION}
+lib/polkit-1/extensions/libnullbackend.so
+lib/polkit-1/extensions/libpkexec-action-lookup.so

sysutils/polkit/pkg/PLIST

@@ -0,0 +1,113 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
+%%SHARED%%
+@bin bin/pk-example-frobnicate
+@bin bin/pkaction
+@bin bin/pkcheck
+@mode 4755
+@bin bin/pkexec
+@mode
+include/polkit-1/
+include/polkit-1/polkit/
+include/polkit-1/polkit/polkit.h
+include/polkit-1/polkit/polkitactiondescription.h
+include/polkit-1/polkit/polkitauthority.h
+include/polkit-1/polkit/polkitauthorityfeatures.h
+include/polkit-1/polkit/polkitauthorizationresult.h
+include/polkit-1/polkit/polkitcheckauthorizationflags.h
+include/polkit-1/polkit/polkitdetails.h
+include/polkit-1/polkit/polkitenumtypes.h
+include/polkit-1/polkit/polkiterror.h
+include/polkit-1/polkit/polkitidentity.h
+include/polkit-1/polkit/polkitimplicitauthorization.h
+include/polkit-1/polkit/polkitprivate.h
+include/polkit-1/polkit/polkitsubject.h
+include/polkit-1/polkit/polkitsystembusname.h
+include/polkit-1/polkit/polkittemporaryauthorization.h
+include/polkit-1/polkit/polkittypes.h
+include/polkit-1/polkit/polkitunixgroup.h
+include/polkit-1/polkit/polkitunixprocess.h
+include/polkit-1/polkit/polkitunixsession.h
+include/polkit-1/polkit/polkitunixuser.h
+include/polkit-1/polkitagent/
+include/polkit-1/polkitagent/polkitagent.h
+include/polkit-1/polkitagent/polkitagentlistener.h
+include/polkit-1/polkitagent/polkitagentsession.h
+include/polkit-1/polkitagent/polkitagenttypes.h
+include/polkit-1/polkitbackend/
+include/polkit-1/polkitbackend/polkitbackend.h
+include/polkit-1/polkitbackend/polkitbackendactionlookup.h
+include/polkit-1/polkitbackend/polkitbackendactionpool.h
+include/polkit-1/polkitbackend/polkitbackendauthority.h
+include/polkit-1/polkitbackend/polkitbackendconfigsource.h
+include/polkit-1/polkitbackend/polkitbackendinteractiveauthority.h
+include/polkit-1/polkitbackend/polkitbackendlocalauthority.h
+include/polkit-1/polkitbackend/polkitbackendlocalauthorizationstore.h
+include/polkit-1/polkitbackend/polkitbackendsessionmonitor.h
+include/polkit-1/polkitbackend/polkitbackendtypes.h
+lib/libpolkit-agent-1.a
+lib/libpolkit-agent-1.la
+lib/libpolkit-backend-1.a
+lib/libpolkit-backend-1.la
+lib/libpolkit-gobject-1.a
+lib/libpolkit-gobject-1.la
+lib/pkgconfig/
+lib/pkgconfig/polkit-agent-1.pc
+lib/pkgconfig/polkit-backend-1.pc
+lib/pkgconfig/polkit-gobject-1.pc
+lib/polkit-1/
+lib/polkit-1/extensions/
+@comment lib/polkit-1/extensions/libnullbackend.a
+@comment lib/polkit-1/extensions/libnullbackend.la
+@comment lib/polkit-1/extensions/libpkexec-action-lookup.a
+@comment lib/polkit-1/extensions/libpkexec-action-lookup.la
+@mode 4755
+@bin libexec/polkit-agent-helper-1
+@mode
+@bin libexec/polkitd
+@man man/man1/pkaction.1
+@man man/man1/pkcheck.1
+@man man/man1/pkexec.1
+@man man/man8/pklocalauthority.8
+@man man/man8/polkit.8
+@man man/man8/polkitd.8
+share/dbus-1/
+share/dbus-1/system-services/
+share/dbus-1/system-services/org.freedesktop.PolicyKit1.service
+share/examples/polkit/
+share/examples/polkit/dbus-1/
+share/examples/polkit/dbus-1/system.d/
+share/examples/polkit/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
+@sample ${SYSCONFDIR}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
+share/examples/polkit/polkit-1/
+@mode 0700
+@sample ${SYSCONFDIR}/polkit-1/
+@sample /var/db/polkit-1/
+@mode
+share/examples/polkit/polkit-1/localauthority.conf.d/
+@sample ${SYSCONFDIR}/polkit-1/localauthority.conf.d/
+share/examples/polkit/polkit-1/localauthority.conf.d/50-localauthority.conf
+@sample ${SYSCONFDIR}/polkit-1/localauthority.conf.d/50-localauthority.conf
+share/examples/polkit/polkit-1/localauthority.conf.d/60-desktop-policy.conf
+@sample ${SYSCONFDIR}/polkit-1/localauthority.conf.d/60-desktop-policy.conf
+share/examples/polkit/polkit-1/nullbackend.conf.d/
+@sample ${SYSCONFDIR}/polkit-1/nullbackend.conf.d/
+share/examples/polkit/polkit-1/nullbackend.conf.d/50-nullbackend.conf
+@sample ${SYSCONFDIR}/polkit-1/nullbackend.conf.d/50-nullbackend.conf
+share/locale/da/LC_MESSAGES/polkit-1.mo
+share/polkit-1/
+share/polkit-1/actions/
+share/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy
+share/polkit-1/actions/org.freedesktop.policykit.policy
+@mode 0700
+@sample /var/db/polkit-1/localauthority
+@mode
+@sample ${SYSCONFDIR}/polkit-1/10-vendor.d/
+@sample /var/db/polkit-1/10-vendor.d/
+@sample ${SYSCONFDIR}/polkit-1/20-org.d/
+@sample /var/db/polkit-1/20-org.d/
+@sample ${SYSCONFDIR}/polkit-1/30-site.d/
+@sample /var/db/polkit-1/30-site.d/
+@sample ${SYSCONFDIR}/polkit-1/50-local.d/
+@sample /var/db/polkit-1/50-local.d/
+@sample ${SYSCONFDIR}/polkit-1/90-mandatory.d/
+@sample /var/db/polkit-1/90-mandatory.d/