diff options
author | David Zeuthen <davidz@redhat.com> | 2009-07-20 19:43:29 -0400 |
---|---|---|
committer | David Zeuthen <davidz@redhat.com> | 2009-07-20 19:43:29 -0400 |
commit | 2fbf5d06e090cd5a7a78d2a98c91fa77068b8952 (patch) | |
tree | d64304bc0f3f1125542fe1ebcda967c3eea6a6e4 | |
parent | 34cfb518c9ff1f502e3e0f81997430596856a8da (diff) | |
download | polkit-2fbf5d06e090cd5a7a78d2a98c91fa77068b8952.tar.gz |
Update TODO
-rw-r--r-- | docs/TODO | 82 |
1 files changed, 19 insertions, 63 deletions
@@ -1,76 +1,32 @@ -Core TODO items ---------------- - - maybe rename .policy to .action for policy XML files +Needed for 1.0 +-------------- - - provide a polkit-validate-action-file-1 tool to check/validate - .policy/.action XML files - - - write a couple of introductory sections detailing the system architecture for - - a developer-audience; and - - a system administrator audience - - - write a PolicyKit 0.9.x -> polkit 1.0 porting guide - - - guard off backend API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC - - - provide a way to tweak the defaults for actions (or maybe not) - - - do we need negative authorizations? If so, implement code for it, otherwise - remove it from the PolkitAuthorization class - - - make sure simple operations work when no system bus is present - - e.g. %post RPM scripts adding/removing authorizations to identities - - - maybe use file monitors on /var/lib/polkit-1 directories and - emit the Changed() signal - - - PolkitAuthority probably needs locking around its singleton for - multithreaded backends. + - check that all public but unstable API is properly guard off with + I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC - rethink actions shipped with PolicyKit; we probably just want something - simple like - - org.freedesktop.policykit1.read - - org.freedesktop.policykit1.localauthority.manage + very simple that only applies to the local authority backend + - some mechanisms don't run as root - how should they convey that + they are authorized to check authorizations? - - restrict symbol visibility in shared libraries + - man page review / section review -Backend TODO items ------------------- + - review/restrict symbol visibility in shared libraries - check / validate all incoming arguments - - and other security/paranoia stuff - - - local files authority backend - - split out AuthorizationStore into separate class - - split out AuthenticationAgent and AuthenticationSession to separate classes - - check if callers are authorized to enumerate, add or remove authorizations - - use random cookies - - speed up lookups using a hash on the cookie - - cache Unix group information - - handle root/wheel for implicit authorizations + - includes all D-Bus interfaces and public library API + - validate D-Bus object paths everywhere + - ...and other security/paranoia stuff - - validate object paths when registering authentication agents - - - allow backends to extend the syntax for subjects and identities, e.g. - have something like ipa-user:... + - make sure library API is reasonably MT-safe - avoid watching all name owner changes in PolkitBackendAuthority and - PolkitBackendServer - - - cache user information for dbus connections - -polkit-gnome TODO items ------------------------ - - - show a notification icon when the session/user has temporary authorizations - - along with an option to give these up - - - maybe make the AuthenticationAgent process (which runs for the lifetime of - the session) spawn a process to display the authentication dialog - - to make it lighter on resource usage - - to work around Metacity focus stealing prevention bugs + PolkitBackendServer; remove the name-owner-changed vfunc - - port libpolkit-gnome to new API +GNOME Authentication Agent +-------------------------- - - port polkit-gnome-authorization to new API + - maybe expand on the notification icon so it is more detailed + what temporary authorizations the session has - and maybe a way + to only drop some of them |