[PolicyKit] Authorizations of Interpreted Languages

David Zeuthen david at fubar.dk
Sun May 18 07:45:01 PDT 2008 

Hi,

On Wed, 2008-05-14 at 17:56 +0200, Harald Hoyer wrote:
> S.Çağlar Onur wrote:
> > Hi Harald;
> > 
> > 14 May 2008 Çar tarihinde, Harald Hoyer şunları yazmıştı: 
> >> On a side note, you may also use/test my yet to released and tested python-policykit bindings:
> >>
> >> http://harald.fedorapeople.org/downloads/python-policykit/
> >> $ git clone http://harald.fedorapeople.org/git/python-policykit.git/
> > 
> > Heh, we also have python bindings [1] for PolicyKit :), i'm sure Bahadır (CC added) will interested with yours :)
> > 
> > [1] http://svn.pardus.org.tr/uludag/trunk/python-modules/python-polkit/
> > 
> > Cheers
> 
> Nice :) different ones and without swig :) maybe I should just add mine to yours and you should 
> publish/announce/release yours.

I would definitely like if we could ship Python bindings in the
PolicyKit tarball. Lots of people have been asking for it. I talked a
bit to Harald on IRC about it; I think initially it's good enough to
just bind these functions

http://hal.freedesktop.org/docs/PolicyKit/polkit-polkit-simple.html

So if you guys can work together on this I'd appreciate it. Thanks!

I also want to get 1.0 out within the next few months. doc/TODO is a bit
out of date; basically the two main features we lack for 1.0 are

1. object support; e.g. so you can do things like this

    a = polkit_action_new ()
    polkit_action_set_action_id (a, "org.example.dial-number");
    polkit_action_set_object (a, "phone-number", "555-1234-5678");
    result = polkit_context_is_caller_authorized (context, a,
                                                  caller, TRUE, NULL);

   and

   # polkit-auth --user davidz --grant org.example-dial-number \
                 --object-type phone-number --object-path 555-1234-5678

   and ditto when obtaining the authorization through authentication
   we want to constrain it to an object path.

2. support for groups/roles; not sure how to best implement it, what
   we want is something like this   

   # polkit-auth --role road_warriors_r \
                 --grant org.example-dial-number \
                 --object-type phone-number --object-path 555-1234-5678

   so entities in the "role" road_warriors_r are authorized for that
   action. Probably UNIX groups is not good enough; you typically want
   roles to include each other etc. Need to do more research on other
   RBAC systems.

I'm going to be working on this over the next few months.

      David

More information about the hal mailing list