semantics of POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION

[Nikos Mavrogiannopoulos]

On Tue, 2013-12-17 at 16:39 -0500, Miloslav Trmač wrote:

> > What are the implications of setting the flag when a >
> non-interactive application is accessing the server? If the
> authorization result is a "challenge"
> (polkit_authorization_result_get_is_challenge), polkitd without the
> flag just returns the "challenge" result.
> 
> With the flag, polkitd tries to search for a registered authentication
> agent, and asks that agent to authorize the operation.  If no agent is
> registered (e.g. a system daemon running outside of an user session
> with its own UID), polkitd will again just return the "challenge"
> result.

I see. And I suppose that the agent is global, rather than per process
so it doesn't make sense to always use the flag and expect the
non-interactive applications to be silent.

> In the case of smart cards (which I assume is the concern), it might be
> reasonable to disable user interaction, and by default authorize access
> to an active user session (in the same logic as an owner of an active
> user session is automatically "authorized" to use the keyboard and
> mouse); this would let the sysadmin authorize e.g. httpd to access the
> card but allow it by default.  This suggestion, however, glosses over
> whether anything needs to be done when the active user session changes
> due to fast user switching. 

In all I find this flag a bit peculiar. I don't think that the
server communicating with hardware should be expected to have the
knowledge of whether the user is in an interactive session or not.

regards,
Nikos