Top |
org.freedesktop.PolicyKit1.Authority Interfaceorg.freedesktop.PolicyKit1.Authority Interface — Authority Interface |
Flags CheckAuthorizationFlags Enumeration ImplicitAuthorization ErrorDomain org.freedesktop.PolicyKit1.Error.* Flags AuthorityFeatures Structure Subject Structure Identity Structure ActionDescription Structure AuthorizationResult Structure TemporaryAuthorization EnumerateActions (IN String locale, OUT Array<ActionDescription> action_descriptions) CheckAuthorization (IN Subject subject, IN String action_id, IN Dict<String,String> details, IN CheckAuthorizationFlags flags, IN String cancellation_id, OUT AuthorizationResult result) CancelCheckAuthorization (IN String cancellation_id) RegisterAuthenticationAgent (IN Subject subject, IN String locale, IN String object_path) RegisterAuthenticationAgentWithOptions (IN Subject subject, IN String locale, IN String object_path, IN Dict<String,Variant> options) UnregisterAuthenticationAgent (IN Subject subject, IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) RevokeTemporaryAuthorizationById (IN String id)
BackendName readable String BackendVersion readable String BackendFeatures readable AuthorityFeatures
This D-Bus interface is implemented by the /org/freedesktop/PolicyKit1/Authority
object on the well-known name org.freedesktop.PolicyKit1
on the system message bus.
{ None = 0x00000000, AllowUserInteraction = 0x00000001 }
Flags used in the CheckAuthorization() method.
No flags set. |
|
If the Subject can obtain the authorization through authentication, and an authentication agent is available, then attempt to do so. Note, this means that the CheckAuthorization() method will block while the user is being asked to authenticate. |
{ NotAuthorized = 0, AuthenticationRequired = 1, AdministratorAuthenticationRequired = 2, AuthenticationRequiredRetained = 3, AdministratorAuthenticationRequiredRetained = 4, Authorized = 5 }
An enumeration for granting implicit authorizations.
The Subject is not authorized. |
|
Authentication is required. |
|
Authentication as an administrator is required. |
|
Authentication is required. If the authorization is obtained, it is retained. |
|
Authentication as an administrator is required. If the authorization is obtained, it is retained. |
|
The subject is authorized. |
{ org.freedesktop.PolicyKit1.Error.Failed, org.freedesktop.PolicyKit1.Error.Cancelled, org.freedesktop.PolicyKit1.Error.NotSupported, org.freedesktop.PolicyKit1.Error.NotAuthorized, org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique }
Errors that can be returned by various method calls.
The operation failed. |
|
The operation was cancelled. |
|
The operation is not supported. |
|
You are not authorized to perform the requested operation. |
|
The passed |
{ String subject_kind, Dict<String,Variant> subject_details }
This struct describes subjects such as UNIX processes. It is typically used to check if a given process is authorized for an action.
The following kinds of subjects are known:
Unix Process. subject_kind
should be set to unix-process
with keys pid
(of type uint32
) and start-time
(of type uint64
).
Unix Session. subject_kind
should be set to unix-session
with the key session-id
(of type string
).
System Bus Name. subject_kind
should be set to system-bus-name
with the key name
(of type string
).
|
The type of the subject. |
|
Details about the subject. Depending of the value of |
{ String identity_kind, Dict<String,Variant> identity_details }
This struct describes identities such as UNIX users and UNIX groups. It is typically used to check if a given process is authorized for an action.
The following kinds of identities are known:
Unix User. identity_kind
should be set to unix-user
with key uid
(of type uint32
).
Unix Group. identity_kind
should be set to unix-group
with key gid
(of type uint32
).
|
Type of identity. |
|
Details about the identity. Depending of the value of |
{ String action_id, String description, String message, String vendor_name, String vendor_url, String icon_name, ImplicitAuthorization implicit_any, ImplicitAuthorization implicit_inactive, ImplicitAuthorization implicit_active, Dict<String,String> annotations }
This struct describes actions registered with the PolicyKit daemon.
|
Action Identifier. |
|
Localized description of the action. |
|
Localized message to be displayed when making the user authenticate for an action. |
|
Name of the provider of the action or the empty string. |
|
A URL pointing to a place with more information about the action or the empty string. |
|
The themed icon describing the action or the empty string if no icon is set. |
|
A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply to any Subject. |
|
A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an inactive user session on the local console. |
|
A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an active user session on the local console. |
|
Annotations for the action. |
{ Boolean is_authorized, Boolean is_challenge, Dict<String,String> details }
Describes the result of calling CheckAuthorization().
|
TRUE if the given Subject is authorized for the given action. |
|
TRUE if the given Subject could be authorized if more information was provided, and CheckAuthorizationFlags.AllowUserInteraction wasn't passed or no suitable authentication agent was available. |
|
Details for the result. Known key/value-pairs include |
{ String id, String action_id, Subject subject, UInt64 time_obtained, UInt64 time_expires }
This struct describes a temporary authorization.
|
An opaque identifier for the temporary authorization. |
|
The action the temporary authorization is for. |
|
The subject the temporary authorization is for. |
|
When the temporary authorization was obtained, in seconds since the Epoch Jan 1, 1970 0:00 UTC. Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes. |
|
When the temporary authorization is set to expire, in seconds since the Epoch Jan 1, 1970 0:00 UTC. Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes. |
EnumerateActions (IN String locale, OUT Array<ActionDescription> action_descriptions)
Enumerates all registered PolicyKit actions.
|
The locale to get descriptions in or the blank string to use the system locale. |
|
An array of ActionDescription structs. |
CheckAuthorization (IN Subject subject, IN String action_id, IN Dict<String,String> details, IN CheckAuthorizationFlags flags, IN String cancellation_id, OUT AuthorizationResult result)
Checks if subject
is authorized to
perform the action with identifier
action_id
If cancellation_id
is non-empty and
already in use for the caller, the org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique
error is returned.
Note that CheckAuthorizationFlags.AllowUserInteraction SHOULD be passed ONLY if the event that triggered the authorization check is stemming from an user action, e.g. the user pressing a button or attaching a device.
|
A Subject struct. |
|
Identifier for the action that |
|
Details describing the action. Keys starting with
Known keys include
The (translated version of)
The key If non-empty, then the request will fail with org.freedesktop.PolicyKit1.Error.Failed unless the process doing the check itsef is sufficiently authorized (e.g. running as uid 0). |
|
A set of CheckAuthorizationFlags. |
|
A unique id used to cancel the the authentication check via CancelCheckAuthorization() or the empty string if cancellation is not needed. |
|
An AuthorizationResult structure. |
CancelCheckAuthorization (IN String cancellation_id)
Cancels an authorization check.
|
The |
RegisterAuthenticationAgent (IN Subject subject, IN String locale, IN String object_path)
Register an authentication agent.
Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2().
|
The subject to register the authentication agent for, typically a session subject. |
|
The locale of the authentication agent. |
|
The object path of authentication agent object on the unique name of the caller. |
RegisterAuthenticationAgentWithOptions (IN Subject subject, IN String locale, IN String object_path, IN Dict<String,Variant> options)
Like RegisterAuthenticationAgent but takes additional options. If the option fallback
(of type Boolean
) is TRUE, then the authentcation agent will only be used as a fallback, e.g. if another agent (without the fallback
option set TRUE) is available, it will be used instead.
UnregisterAuthenticationAgent (IN Subject subject, IN String object_path)
Unregister an authentication agent.
|
The |
|
The |
AuthenticationAgentResponse (IN String cookie, IN Identity identity)
Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of AuthenticationAgentResponse2().
AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity)
Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process internal to polkit. This method will fail unless a sufficiently privileged caller invokes it. Note this method was introduced in 0.114 and should be preferred over AuthenticationAgentResponse() as it fixes a security issue.
|
The user id of the agent; normally this is the owner of the parent pid of the process that invoked the internal setuid helper. |
|
The cookie identifying the authentication request that was passed to the authentication agent. |
|
A Identity struct describing what identity was authenticated. |
EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations)
Retrieves all temporary authorizations that applies to subject
.
|
The subject to get temporary authorizations for. |
|
An array of TemporaryAuthorization structs. |
RevokeTemporaryAuthorizations (IN Subject subject)
Revokes all temporary authorizations that applies to subject
.
|
The subject to revoke temporary authorizations from. |
BackendName readable String
The name of the currently used Authority backend.
BackendVersion readable String
The version of the currently used Authority backend.
BackendFeatures readable AuthorityFeatures
The features supported by the currently used Authority backend.