From: Michael Albinus via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: Steven Allen <steven@stebalien.com>
Cc: Eli Zaretskii <eliz@gnu.org>, 71969@debbugs.gnu.org
Subject: bug#71969: [PATCH] Support interactive D-Bus authentication
Date: Mon, 08 Jul 2024 14:29:55 +0200 [thread overview]
Message-ID: <87le2coym4.fsf@gmx.de> (raw)
In-Reply-To: <87sewk2q4t.fsf@stebalien.com> (Steven Allen's message of "Mon, 08 Jul 2024 11:24:02 +0200")
Steven Allen <steven@stebalien.com> writes:
Hi Steven,
>>> Remaining questions:
>>>
>>> 1. I'm not sure if :authorize is quite correct either. Really, the key
>>> part is that it allows /interactive/ authorization. I wonder if
>>> :interactive-authorization or :interactive might be better (although
>>> they're kind of long).
>>
>> I believe :authorize is OK. In the docstrings as well as in the D-Bus
>> manual, interactive authorization is mentioned, so a user shall know
>> what's about.
>
> Hm, it's still bugging me. We're _not_ authorizing the request, we're
> telling D-Bus that it's ok to ask the user if they want to authorize it.
> I'm hoping the example below will make this clearer.
What about :authorizable? I don't like the alternative
:interactive-authorize; it's too long to type, and it's also not obvious
w/o knowing the context.
>> Furthermore, you haven't given an example. I really would like to see
>> how it works in practice.
>
> Sorry about that. To restart the bluetooth service, execute:
>
> (dbus-call-method
> :system
> "org.freedesktop.systemd1" "/org/freedesktop/systemd1"
> "org.freedesktop.systemd1.Manager" "RestartUnit"
> :authorize t
> "bluetooth.service" "replace")
>
> Assuming you have a polkit agent running (most DEs will run one by
> default, but agents like mate-polkit work pretty well standalone),
> you'll be prompted to authorize the operation and the bluetooth service
> will be restarted.
Nice. I get an authorization prompt.
However, on my Fedora 40 / Gnome 46 / systemd 255 system, it doesn't
matter, whether I use ':authorize t', ':authorize nil', or none of
them. Is interactive authorization enabled by default, and we don't need
to care about?
>>> +If the parameter @code{:authorize} is given and the following
>>> +@var{auth} is non-nil, the invoked method may interactively prompt the
>>
>> non-@code{nil}
> Done and done (the info manuals are pretty inconsistent in this regard...).
If you see it somewhere else in the manuals, it is an error. The rule is
to use @code{nil}, non-@code{nil}, and @code{t}. Feel free to correct this.
>>> + /* Ignore this keyword if unsupported. */
>>> + #ifdef HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION
>>> + dbus_message_set_allow_interactive_authorization
>>> + (dmessage, NILP (args[count+1]) ? FALSE : TRUE);
>>> + #endif
>>
>> #ifdef end #endif shall start in column 1. Futhermore, we need an #else
>> clause. There shall be an error or a warning, that :authorize is not supported.
>
> I'm going to disagree on this last point. The flag is specifying whether
> or not the D-Bus is _allowed_ to ask the user to ask the user to
> authorize requests which can fail for multiple reasons anyways (e.g., if
> no polkit agent is running, the user rejects the interactive
> authorization, etc.).
>
> If authorization is required and wasn't possible for some reason,
> D-Bus will return an error to the user anyways. So the user will get
> their warning either way _if_ something actually goes wrong.
Good point. However, we shall support developers if they run into this
case. What about a debug message like
--8<---------------cut here---------------start------------->8---
#ifdef HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION
dbus_message_set_allow_interactive_authorization
(dmessage, NILP (args[count+1]) ? FALSE : TRUE);
#else
XD_DEBUG_MESSAGE (":authorize not supported");
#endif
--8<---------------cut here---------------end--------------->8---
Best regards, Michael.
next prev parent reply other threads:[~2024-07-08 12:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-06 7:53 bug#71969: [PATCH] Support interactive D-Bus authentication Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-06 11:54 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-06 14:53 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-06 14:57 ` Eli Zaretskii
2024-07-06 15:24 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 11:53 ` Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 14:50 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-08 9:24 ` Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-08 12:29 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2024-07-08 12:50 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-08 13:21 ` Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 7:52 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 9:09 ` Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 12:10 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 15:45 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 19:28 ` Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 19:34 ` Michael Albinus via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 19:54 ` Steven Allen via Bug reports for GNU Emacs, the Swiss army knife of text editors
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87le2coym4.fsf@gmx.de \
--to=bug-gnu-emacs@gnu.org \
--cc=71969@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=michael.albinus@gmx.de \
--cc=steven@stebalien.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.