PolicyKit Reference Manual | ||||
---|---|---|---|---|
Top | Description | Properties | Signals |
org.freedesktop.PolicyKit1.Authority Interfaceorg.freedesktop.PolicyKit1.Authority Interface — Authority Interface |
Methods
Flags CheckAuthorizationFlags Enumeration ImplicitAuthorization ErrorDomain org.freedesktop.PolicyKit1.Error.* Flags AuthorityFeatures Structure Subject Structure Identity Structure ActionDescription Structure AuthorizationResult Structure TemporaryAuthorization EnumerateActions (IN String locale, OUT Array<ActionDescription> action_descriptions) CheckAuthorization (IN Subject subject, IN String action_id, IN Dict<String,String> details, IN CheckAuthorizationFlags flags, IN String cancellation_id, OUT AuthorizationResult result) CancelCheckAuthorization (IN String cancellation_id) RegisterAuthenticationAgent (IN Subject subject, IN String locale, IN String object_path) UnregisterAuthenticationAgent (IN Subject subject, IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) RevokeTemporaryAuthorizationById (IN String id) AddLockdownForAction (IN String action_id) RemoveLockdownForAction (IN String action_id)
Properties
BackendName readable String BackendVersion readable String BackendFeatures readable AuthorityFeatures
Description
This D-Bus interface is implemented by the /org/freedesktop/PoliycKit1/Authority
object on the well-known name org.freedesktop.PolicyKit1
on the system message bus.
Enumerations
The CheckAuthorizationFlags Flags
{ None = 0x00000000, AllowUserInteraction = 0x00000001 }
Flags used in the CheckAuthorization() method.
No flags set. |
|
If the Subject can obtain the authorization through authentication, and an authentication agent is available, then attempt to do so. Note, this means that the CheckAuthorization() method will block while the user is being asked to authenticate. |
The ImplicitAuthorization Enumeration
{ NotAuthorized = 0, AuthenticationRequired = 1, AdministratorAuthenticationRequired = 2, AuthenticationRequiredRetained = 3, AdministratorAuthenticationRequiredRetained = 4, Authorized = 5 }
An enumeration for granting implicit authorizations.
The Subject is not authorized. |
|
Authentication is required. |
|
Authentication as an administrator is required. |
|
Authentication is required. If the authorization is obtained, it is retained. |
|
Authentication as an administrator is required. If the authorization is obtained, it is retained. |
|
The subject is authorized. |
The org.freedesktop.PolicyKit1.Error.* Error Domain
{ org.freedesktop.PolicyKit1.Error.Failed, org.freedesktop.PolicyKit1.Error.Cancelled, org.freedesktop.PolicyKit1.Error.NotSupported, org.freedesktop.PolicyKit1.Error.NotAuthorized, org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique }
Errors that can be returned by various method calls.
The operation failed. |
|
The operation was cancelled. |
|
The operation is not supported. |
|
You are not authorized to perform the requested operation. |
|
The passed |
The AuthorityFeatures Flags
{ None = 0x00000000, TemporaryAuthorization = 0x00000001, Lockdown = 0x00000002 }
Flags describing features supported by the Authority implementation.
No flags set. |
|
The authority supports temporary authorizations that can be obtained through authentication. |
|
The authority supports the AddLockdownForAction() and RemoveLockdownForAction() methods. |
Structures
The Subject Structure
{ String subject_kind, Dict<String,Variant> subject_details }
This struct describes subjects such as UNIX processes. It is typically used to check if a given process is authorized for an action.
The following kinds of subjects are known:
Unix Process. subject_kind
should be set to unix-process
with keys pid
(of type uint32
) and start-time
(of type uint64
).
Unix Session. subject_kind
should be set to unix-session
with the key session-id
(of type string
).
System Bus Name. subject_kind
should be set to system-bus-name
with the key name
(of type string
).
|
The type of the subject. |
|
Details about the subject. Depending of the value of |
The Identity Structure
{ String identity_kind, Dict<String,Variant> identity_details }
This struct describes identities such as UNIX users and UNIX groups. It is typically used to check if a given process is authorized for an action.
The following kinds of identities are known:
Unix User. identity_kind
should be set to unix-user
with key uid
(of type uint32
).
Unix Group. identity_kind
should be set to unix-group
with key gid
(of type uint32
).
|
Type of identity. |
|
Details about the identity. Depending of the value of |
The ActionDescription Structure
{ String action_id, String description, String message, String vendor_name, String vendor_url, String icon_name, ImplicitAuthorization implicit_any, ImplicitAuthorization implicit_inactive, ImplicitAuthorization implicit_active, Dict<String,String> annotations }
This struct describes actions registered with the PolicyKit daemon.
|
Action Identifier. |
|
Localized description of the action. |
|
Localized message to be displayed when making the user authenticate for an action. |
|
Name of the provider of the action or the empty string. |
|
A URL pointing to a place with more information about the action or the empty string. |
|
The themed icon describing the action or the empty string if no icon is set. |
|
A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply to any Subject. |
|
A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an inactive user session on the local console. |
|
A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an active user session on the local console. |
|
Annotations for the action. |
The AuthorizationResult Structure
{ Boolean is_authorized, Boolean is_challenge, Dict<String,String> details }
Describes the result of calling CheckAuthorization().
|
TRUE if the given Subject is authorized for the given action. |
|
TRUE if the given Subject could be authorized if more information was provided, and CheckAuthorizationFlags.AllowUserInteraction wasn't passed or no suitable authentication agent was available. |
|
Details for the result or empty if not authorized. Known key/value-pairs include |
The TemporaryAuthorization Structure
{ String id, String action_id, Subject subject, UInt64 time_obtained, UInt64 time_expires }
This struct describes a temporary authorization.
|
An opaque identifier for the temporary authorization. |
|
The action the temporary authorization is for. |
|
The subject the temporary authorization is for. |
|
When the temporary authorization was obtained, in seconds since the Epoch Jan 1, 1970 0:00 UTC. |
|
When the temporary authorization is set to expire, in seconds since the Epoch Jan 1, 1970 0:00 UTC. |
Method Details
EnumerateActions ()
EnumerateActions (IN String locale, OUT Array<ActionDescription> action_descriptions)
Enumerates all registered PolicyKit actions.
|
The locale to get descriptions in or the blank string to use the system locale. |
|
An array of ActionDescription structs. |
CheckAuthorization ()
CheckAuthorization (IN Subject subject, IN String action_id, IN Dict<String,String> details, IN CheckAuthorizationFlags flags, IN String cancellation_id, OUT AuthorizationResult result)
Checks if subject
is authorized to perform the action with identifier action_id
.
If cancellation_id
is non-empty and already in use for the caller, the org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique error is returned.
Note that CheckAuthorizationFlags.AllowUserInteraction SHOULD be passed ONLY if the event that triggered the authorization check is stemming from an user action, e.g. the user pressing a button or attaching a device.
|
A Subject struct. |
|
Identifier for the action that |
|
Details describing the action. Keys starting with |
|
A set of CheckAuthorizationFlags. |
|
A unique id used to cancel the the authentication check via CancelCheckAuthorization() or the empty string if cancellation is not needed. |
|
An AuthorizationResult structure. |
CancelCheckAuthorization ()
CancelCheckAuthorization (IN String cancellation_id)
Cancels an authorization check.
|
The |
RegisterAuthenticationAgent ()
RegisterAuthenticationAgent (IN Subject subject, IN String locale, IN String object_path)
Register an authentication agent.
Note that current versions of PolicyKit will only work if session_id
is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged.
|
The subject to register the authentication agent for, typically a session subject. |
|
The locale of the authentication agent. |
|
The object path of authentication agent object on the unique name of the caller. |
UnregisterAuthenticationAgent ()
UnregisterAuthenticationAgent (IN Subject subject, IN String object_path)
Unregister an authentication agent.
|
The |
|
The |
AuthenticationAgentResponse ()
AuthenticationAgentResponse (IN String cookie, IN Identity identity)
Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it.
EnumerateTemporaryAuthorizations ()
EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations)
Retrieves all temporary authorizations that applies to subject
.
|
The subject to get temporary authorizations for. |
|
An array of TemporaryAuthorization structs. |
RevokeTemporaryAuthorizations ()
RevokeTemporaryAuthorizations (IN Subject subject)
Revokes all temporary authorizations that applies to subject
.
|
The subject to revoke temporary authorizations from. |
RevokeTemporaryAuthorizationById ()
RevokeTemporaryAuthorizationById (IN String id)
Revokes all temporary authorizations that applies to subject
.
|
The opaque identifier of the temporary authorization. |
AddLockdownForAction ()
AddLockdownForAction (IN String action_id)
Locks down an action so administrator authentication is always needed to obtain a temporary authorization for the action.
|
Identifier for the action. |
RemoveLockdownForAction ()
RemoveLockdownForAction (IN String action_id)
Removes the effect of a previous AddLockdownForAction() call.
|
Identifier for the action. |
Property Details
The "BackendName" property
BackendName readable String
The name of the currently used Authority backend.
The "BackendVersion" property
BackendVersion readable String
The version of the currently used Authority backend.
The "BackendFeatures" property
BackendFeatures readable AuthorityFeatures
The features supported by the currently used Authority backend.