Currently we always use the flag POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if a subject is authorized for an action, meaning that we cause polkit to create an interactive dialog box. However since GLib 2.46, there has been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which indicates if the caller is prepared to have the user authenticate (e.g. it's a user-facing program not a daemon). So, check for this flag in daemon_local_check_auth().

The impetus for this patch is that in the Endles fork of gnome-control-center we use the library malcontent, and call mct_manager_get_app_filter() even when we don't have permission to actually read the user's app filter, since it shouldn't cause a dialog without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However because accountsservice doesn't respect G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to create an auth dialog anyway (and hits an error but that's a separate gnome-shell bug).

I think this patch can't be merged yet, because libaccountsservice uses code generated by gdbus-codegen to interact with this daemon, and that code does not set G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION (which is translated by GLib into G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION). So as things stand all users of the library are treated as not allowing interactive auth, which is the opposite of what we want for backwards compatibility.

Edited by Phaedrus Leeds

Merge request reports