Commit Graph

3 Commits

Author SHA1 Message Date
David Zeuthen
adb04eb010 polkit: don't show authentication dialog until needed
See https://bugs.freedesktop.org/show_bug.cgi?id=27788#c1 for details
about the problem this patch is solving

In particular, we should never bring up the dialog if there is no
password on the account. While this sounds like a weird corner case,
it's not.. the Live CD, for example, does not have a root password.

This also avoids the initial dialog resize.. before the patch the
authentication dialog appears and a split-second later an StEntry
widget is added.

Also print out more diagnostic information if showing the modal dialog
fails. Also add a comment about how to easily make this happen.

Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-02-23 14:49:09 -05:00
David Zeuthen
697139043f polkit: return error when authentication dialog is dismissed
This allows PolicyKit applications to disambiguate between when the
authentication dialog is dismissed versus when authentication fails
(e.g. the wrong password has been entered).

See https://bugs.freedesktop.org/show_bug.cgi?id=30653 for more
information.

Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-02-23 11:02:46 -05:00
David Zeuthen
86b925a294 Add a PolicyKit authentication agent
A PolicyKit Authentication Agent is a construct used to authenticate
one or more identities. See the PolicyKit documentation for more
details on authentication agents and how PolicyKit works:

    http://hal.freedesktop.org/docs/polkit/

Since gjs does not support subclassing a GObject class from Javascript
code, we bring in a native class to bridge the VFuncs to GObject
signals. Additionally, this native class also queues up authentication
requests so the user of the native class only has to deal with a
single outstanding request at any one time.

The file js/ui/polkitAuthenticationAgent.js introduces a singleton
that listens for authentication requests via the native class. This
singleton uses the PolkitAgent machinery to do the actual heavy-weight
lifting required for authentication (essentially a PAM conversation).

We currently don't allow the user to pick the identity to be
authenticated.

https://bugzilla.gnome.org/show_bug.cgi?id=642886

Signed-off-by: David Zeuthen <davidz@redhat.com>
2011-02-22 15:13:56 -05:00