Should the session check a negative authorisation?
David Zeuthen
david at fubar.dk
Mon Aug 10 06:35:05 PDT 2009
Hey Richard,
On Mon, 2009-08-10 at 11:41 +0100, Richard Hughes wrote:
> In https://bugzilla.redhat.com/show_bug.cgi?id=515769 a user has set
> the PolicyKit action for shutting down the system policy as "no".
Actually, what the user in the bug report has done won't work since the
mechanism used here (ConsoleKit) now uses the new PolicyKit... The user
instead would have to do other things involving reading the
pklocalauthority man page...
(or when we get a proper User Account Editor, the user can tick a "[x]
User has limited access" checkbox or something)
Anyway, this confusion will go away soon when the old PolicyKit packages
in Fedora are obsoleted by the new ones...
> This
> means that any request to shutdown the computer will be denied.
> Logically, I shouldn't even offer the shutdown button for
> gnome-packagekit in ths case, and just add a note to the user.
>
> So, should I do:
>
> polkit_authority_check_authorization
> polkit_authorization_result_get_is_authorized
>
> to get the negative authorisation? Or is there an easier way?
Yes, this is how you should determine whether a subject is authorized.
In this case you wouldn't want to pass the ALLOW_USER_INTERACTION flag
since that would (possibly) trigger an authentication dialog.
Now, it used to be that only sufficiently privileged processes could
check authorizations. But we recently relaxed that requirement, see
http://cgit.freedesktop.org/PolicyKit/commit/?id=de0985aaeb9a44090f3cb37e4ea6308c0152797a
http://git.gnome.org/cgit/PolicyKit-gnome/commit/?id=6d3bdb0ac349d29202d23e6969e2ac2f1d154372
to make it possible to write this widget
http://hal.freedesktop.org/docs/polkit-gtk/polkit-gtk-1-polkitlockbutton.html
which may be helpful in a couple of ways.
Thus, you should be able to just do this check in the user session using
libpolkit-gobject-1 .. that is, if you don't care about leaking the
action name "org.freedesktop.consolkit.system.restart" which is more or
less an implementation detail....
> Help welcome. Thanks,
Hope this helps.
David
More information about the polkit-devel
mailing list