On Thu, 2009-03-12 at 13:01 +0100, Dario Freddi wrote: > After some months of work, we introduced complete feature parity with GNOME, > both for users and developers. Though, yesterday I saw that polkit-dbus & - > grant have been discontinued, and we used them a lot in our code.
Yes, for reasons mentioned earlier, this have now moved completely to using D-Bus instead of setuid helpers. All you need to do is to provide a desktop environment specific authentication agent that calls RegisterAuthenticationAgent() http://cgit.freedesktop.org/PolicyKit/tree/data/org.freedesktop.PolicyKit1.Authority.xml#n247 on the Authority when your desktop session starts. Then all requests are channeled from the polkit daemon to this process using this D-Bus interface org.freedesktop.PolicyKit1.AuthenticationAgent http://cgit.freedesktop.org/PolicyKit/tree/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml and your authentication agent is supposed to call AuthenticationAgentResponse() http://cgit.freedesktop.org/PolicyKit/tree/data/org.freedesktop.PolicyKit1.Authority.xml#n275 as uid 0 when the user is authorized. The docs should mostly be clear about this, otherwise please let me know. There's some GObject-based classes and interfaces in libpolkit-agent-1.so (source is in src/polkit-agent) that makes all this very easy (including abstracting all the PAM bits) but you can also just use the D-Bus interfaces if you want to avoid that dependency. > What came to my mind is that we should integrate more the work between you, > the PolicyKit team, and us. I'm not asking you to code for us, but more a > closer co-operation. > > A small example: Polkit-qt (the library that lets developers access PolicyKit > API) is now in kdesupport. Though, I'd favor to put it into the > freedesktop.org trees and release it side-by-side with Policykit, just as it > happens now with polkit-gnome. I think you really want the KDE specific bits to live in the KDE repos; I certainly want the GNOME specific bits to live in the GNOME repos so I can get updated translations and so forth. Once PolicyKit 1.0 is out the API won't change so you shouldn't need to change authentication agents at all. Also note that one change in PolicyKit 1.0 is that e.g. desktop apps (such as a file manager) will not need to know that the mechanism (such as DeviceKit-disks) they are using are using PolicyKit at all. This is because mechanisms now use calls on the PolicyKit daemon that makes the authentication dialogs pop up and disappear as appropriate. So that makes the whole desktop integration story _a lot_ easier since apps (such as a file manager) don't need this additional logic. It does make the mechanisms (such as DeviceKit-disks) slightly more complex but this is fine as the mechanisms are shared by all desktops. So all in all, things will be much simpler. Hope this clarifies. And apologies for not replying earlier; need more of them 96 hour days. David _______________________________________________ polkit-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/polkit-devel
