Hey, As mentioned earlier I've been working on a rewrite of PolicyKit here
http://cgit.freedesktop.org/~david/polkit/tree/ To recap, the main motivation for this rewrite is to make it easier to write backends that reads authorizations from a networked resource (such as a LDAP server). In addition, I (and others) have identified a couple shortcomings in the current PolicyKit that we can fix at the same time. The new version 0.90 series of PolicyKit (0.90 because it's leading up to 1.0) is parallel-installable with the current PolicyKit 0.9.x series. Here's a brief list of differences - Everything now goes through a central system daemon as opposed to a library with a bunch of setuid/setgid helpers. The daemon is accessible via D-Bus, see http://cgit.freedesktop.org/~david/polkit/tree/data/org.freedesktop.PolicyKit1.Authority.xml for the D-Bus interface. - GLib is used throughout so the porting issues (for BSD and Solaris) with libkit etc. should be a thing of the past - The authorization backend to use can be chosen at run-time (not yet implemented but easy) using the GIO extension point system - There's a GObject based library to access the PolicyKit daemon, see http://people.freedesktop.org/~david/polkit-0.90/docs/ with both synchronous and asynchronous functions. Desktop environments etc. that doesn't use GObject are encouraged to write their own client libraries that fit better into their object framework. - Authentications agents now have to register with the PolicyKit daemon and requests to obtain an authorization through authentication is now passed through the main system daemon (as opposed to a session bus service). - When checking authorizations, applications can pass a flag to allow user interaction. This should make it much simpler to use PolicyKit; instead of the having to go through this painful model here http://hal.freedesktop.org/docs/PolicyKit/model-theory-of-operation.html where a lot of work is put on the user of the application to poke the authentication agent, everything can now happen out of band. - The "retain authorizations" check boxes have been removed. A lot of people didn't like them and I admit they didn't add much value. - It's now possible to grant authorizations to Unix groups Now, a few words about this (pre-)release. Don't put it in any stable distros! In particular the code hasn't seen any security audit at all, there's still a lot of TODO's left in the code and I'm pretty sure that it isn't secure. Also there's very little documentation nor is there any guide for how to port applications from PolicyKit 0.9 to the new codebase. I'm doing this release today mostly because I've gotten to a point where most operations work with the limited examples I've tried.. and I think the high-level architecture is more or less in place. There's no TODO list yet. I'll be posting that tomorrow along with a roadmap for getting to PolicyKit 1.0. Tarballs can be found here http://people.freedesktop.org/~david/polkit-0.90/ http://people.freedesktop.org/~david/polkit-0.90/docs/ Thanks, David _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel