Tuesday, February 22, 2011

PolicyKit textual authentication

Related to yesterday's bling post, I wanted to mention that PolicyKit also has a textual authentication agent (video):

This is useful in PolicyKit applications running in a non-graphical environment. It's simple to use: simply use PolkitAgentTextListener if the response from PolicyKit indicates that authorization can be obtained if more information is provided. Here are the changes that was needed for pkexec(1) command. An obvious candidate for this would be the pkcon(1) command.

Monday, February 21, 2011

GNOME 3 Authorization

The past couple of days I've been working on implementing the GNOME 3 Authorization Dialog. The implementation uses PolicyKit to achieve this and is conceptually very simple: the Shell process itself just implements the org.freedesktop.PolicyKit1.AuthenticationAgent interface to handle authentication requests from the system-wide authority (video).

For authentication, the Shell is using the existing code that in turn uses PAM. This means that the Authorization Dialog will work out-of-the-box with e.g. fingerprint readers, provided, of course, that the PAM stack has been set up correctly (video).

Additionally, the code has been tested with pam_rps - a PAM module whereby you authenticate by proving that you are smart enough to win in Rock-paper-scissors. The idea is that if your application works with pam_rps, then there's a good chance that it will work with any PAM module (video).

One major difference - and something I've been wanting to do for a while - is that the dialogs are now system-modal. In addition to fixing a lot of focus problems, this also makes the dialogs look more trustworthy since they are part of the actual shell. They're also way prettier.

(Bonus chatter: Of course, there's an emphasis on look in the above paragraph because any random app can still go full-screen to fool the user to give them their password. To do this in a more secure way, we need to use the Secure Attention Key and run the dialog in another security context etc. It's an open question whether it's even worth it to do this. But I digress.)

You can find the current code drop in this bug.