-
Currently we always use the flag POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if a subject is authorized for an action, meaning that we cause polkit to create an interactive dialog box. However since GLib 2.46, there has been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which indicates if the caller is prepared to have the user authenticate (e.g. it's a user-facing program not a daemon). So, check for this flag in daemon_local_check_auth(). The impetus for this patch is that in the Endles fork of gnome-control-center we use the library malcontent, and call mct_manager_get_app_filter() even when we don't have permission to actually read the user's app filter, since it shouldn't cause a dialog without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However because accountsservice doesn't respect G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to create an auth dialog anyway (and hits an error but that's a separate gnome-shell bug). In libaccountsservice, we use code generated by gdbus-codegen to call D-Bus methods implemented by the daemon, and that generated code unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users of libaccountsservice can't use interactive auth. The solution is to bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and pass --glib-min-required 2.64 to gdbus-codegen, which causes the generated code to have two more arguments for each method call: one for GDBusCallFlags and one for a timeout value. For now we always use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION in libaccountsservice, to maintain compatibility. It might make sense to add API in the future so that users of the library can specify if they want to allow interactive auth. This commit also makes us use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION for method calls implemented by ConsoleKit, even though presumably no problems are caused by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory ConsoleKit could check for G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION one day (although in practice I think it's deprecated and inactive), and I think the whole of libaccountsservice should assume interactive auth is allowed until we have API to distinguish the no-interactive-auth case.
d5847d8d