Question on Policy Kit's Grant (authentication)

Tue Apr 1 12:50:59 PDT 2008

Hi,

On Mon, 2008-03-31 at 16:09 -0700, Allyn, Mark A wrote:
> Folks:
>  
> I don't know if this is the correct forum to ask this; perhaps someone
> can point me to the correct place to ask. 

No, this is the right place.

> I am having some trouble trying to get the policy kit grant
> (authentication) facility to work.
>  
> I tried googling and have not been able to find out much about
> libpolkit-grant; especially I could not find any source code that
> actually uses libpolkit-grant.
>  
> Do any of you know if libpolkit-grant is used by anything? I have HAL
> on my system and none of the .policy files have any authenticate
> results in them.
>  
> Do any of you know of any sample code that I can look at? 

It's not totally spelled out in the docs (yet)

 http://hal.freedesktop.org/docs/PolicyKit/
 http://hal.freedesktop.org/docs/PolicyKit-gnome/
 (btw, question to the list: weren't someone working on Qt/KDE
  integration too?)

however one should never need to use libpolkit-grant directly; it's
almost always wrong if you try to. The sole reason for having that
library is for the desktop environments to implement a native looking
graphical Authentication Agent. For example, PolicyKit-gnome does that.

If what you want is to to ask the user to authenticate in order to gain
an authorization all you need to do is use polkit_auth_obtain()

http://hal.freedesktop.org/docs/PolicyKit/polkit-polkit-simple.html#polkit-auth-obtain

This work both in X11 and text mode.

If you need a non-blocking version you can use this D-Bus interface
directly

http://hal.freedesktop.org/docs/PolicyKit/model-authentication-agent.html

If you use GTK+ you're strongly suggested to use PolicyKit-gnome and
PolKitGnomeAction as that will hide all the details of PolicyKit, e.g.
it's as simple as

  pk_action = polkit_action_new ();
  polkit_action_set_action_id (pk_action, "com.company.product.action");
  action = polkit_gnome_action_new_default ("the-action",
                                            pk_action,
                                           _("_Name Of Action"),
                                           _("Tooltip for Action"));
  g_signal_connect (action, "activate", G_CALLBACK (action_activated_callback), NULL);
  button = polkit_gnome_action_create_button (action);
  gtk_container_add (GTK_CONTAINER (button_box), button);

and that's it! Your action_activated_callback() function won't be called
until the user has obtained the authorization. So if the authorization
can be obtained with auth pressing the button brings up the
authentication agent. If the authorization can't be obtained, then the
button is insensitive (in the GTK+ sense of that word). If the user
already has an authorization your callback is called immediately.

Anyway, it would be easier to help if you explained a bit more what you
want to achieve. Thanks!

      David