On Fri, 2009-07-24 at 17:40 +1000, Robert Ancell wrote: > Hi, > > I'm trying to learn how to use PolicyKit for configuration of a > server. Find attached a demo program (which I plan to post as a a > tutorial) which does the following: > - Has a server providing a method "Reflect" which reverses a string > - Has a client with a text entry that uses that uses the server to > reflect entered text > - The client has an "unlock" button that should authorize with the PolKit once > > Note I've tried to make the simplest example not the most efficient.
The code doesn't really compile without mirror.h... > I've been stumbling along for a while and am in need of some help: > - I've used POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION in > polkit_authority_check_authorization_sync to prompt the user for > authentication but sometimes it just blocks for ages instead of > popping up the dialog. When should I use this flag and when let the > client do the authorization? > - I haven't been able to get the client to manually authorize or have > persistent authorization, how do I do this? > - Any pointers? > > The documentation I have been working from: > http://dbus.freedesktop.org/doc/dbus-specification.html > http://hal.freedesktop.org/docs/PolicyKit/ > http://people.freedesktop.org/~david/polkit-0.92-newdocs/ > http://cgit.freedesktop.org/PolicyKit/tree/docs/PORTING-GUIDE First you appear to be mixing the new PolicyKit version with the old one (the server links against polkit-gobject-1, the client against polkit-dbus). In the new PolicyKit, with version > 0.90) the client is not supposed to know anything about PolicyKit at all - it simply invokes methods on the server and the server simply does authorization checks using polkit. If the server passes ALLOW_USER_INTERACTION to polkit it means that Authentication Dialogs may appear - but the client would never need to know anything about this. In fact, the client itself _cannot_ even speak to PolicyKit - it is not allowed. It is not clear to me what exactly you are trying to achieve - are you trying to do stuff that works like the OS X lock? For example http://lh4.ggpht.com/dr.k.anil/SE5J8JltXOI/AAAAAAAACe4/b9a-eq03RV8/accounts.jpg If so, you need to add support for this in the Server itself, e.g. something like interface com.example.Mirror { /// Returns %TRUE if the configuration interface is locked for the /// caller - e.g. Conf*() methods will require authentication GetIsLocked (OUT boolean is_locked); /// Returns %TRUE iff the configuration can be unlocked GetCanUnlock (OUT boolean can_be_unlocked); /// Returns %TRUE iff the configuration can be locked GetCanLock (OUT boolean can_be_locked); /// Unlock the interface for the caller so the caller can call /// Conf*() methods without authenticating Unlock(); /// Lock the configuration interface - caller can no longer call /// Conf*() methods without authenticating. Lock(); /// Emitted when the lock status changes - all callers should /// check with GetIsLocked() signal LockChanged(); /// --- Actual methods ConfMethod1(...); ConfMethod2(...); ... }; Note that GetIsLocked() depends on the actual caller (the configuration interface may be locked for one caller and unlocked for another one) - so it cannot be a property. For the same reasons the LockChanged() signal doesn't include the state. So, anyway, with a design like this, then on the server side - You would use CheckAuthorization() without ALLOW_USER_INTERACTION for when implementing GetIsLocked() and GetCanUnlock() - For Unlock() you would use ALLOW_USER_INTERACTION - For Lock() you will need some API not yet added (CheckAuthorization() needs to return the tmp authz identifier - and we need a way to revoke a tmp authz by id). On the client side - Use GetCanUnlock(), GetCanLock() and GetIsLocked() to render the lock icon and decide if it is sensitive or not. You'd use Unlock() and Lock() when the user clicks the lock. Hmm, it might be nice to have library API for doing all this since it is rather complicated. Like, we'd have some code in polkit-gobject-1 to do the server side bits and maybe a polkit-gtk-1 library for the client side bits. Unfortunately we don't have a nice D-Bus library for GLib just yet so it is not yet feasible to do the server side bits just yet... Hope this helps. David _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel