polkit_authority_check_authorization oddity

[Richard Hughes]

2009/7/16 David Zeuthen <david at fubar.dk>:
> Just checked, you only get org.freedesktop.PolicyKit1.Error.Cancelled if
> you cancel the check yourself. If the user dismisses the dialog OR if
> fails to authenticate (the gnome authentication agent only allows three
> tries) you are just told the user is not authorized. I remember changing
> the behavior to this some time ago.

Right, I was sort-of expecting the user clicking cancel to make the
GCancallable cancel, if you see what I mean, but I understood why
you've done it this way.

>> I'm getting a few bugs where the polkit-gnome-authentication-agent-1
>> process isn't running, and we can't show anything helpful to the user
>> in this case.
>
> I'm not sure exactly what you think should be different in how polkit
> works. Any concrete suggestions?

No, not really, sorry.

> FWIW, I don't think the mechanism should care about whether an
> authentication agent is available, whether the user dismissed the dialog
> or just failed to authenticate or other _implementation_ details. In
> fact, the system may be using an Authority Implementation that doesn't
> even allow obtaining authorization through authentication. The point is
> really that you can't make a lot of assumptions about how the Authority
> implementation works.

Right, makes sense.

>> Maybe polkit-gnome-authentication-agent-1 should
>> register a well known name on the session bus, and gnome-packagekit
>> client tools should check for this service. I'm not sure. Ideas
>> welcome.
>
> Don't think this is a good idea - it would also break things like
> fast-user switching. I just don't see why the PackageKit mechanism or
> the GNOME PackageKit client tools need to care about whether an
> authentication agent exists at all...

Sure, I've not done this, I just wanted to sound out the idea. I think
I'll leave things well alone for now.

Thanks,

Richard.