Polkit.Authority

Subclasses:

None

Methods

Inherited:

GObject.Object (37), Gio.AsyncInitable (4), Gio.Initable (2)

Structs:

GObject.ObjectClass (5)

class	get ()
class	get_async (cancellable, callback, *user_data)
class	get_finish (res)
class	get_sync (cancellable)
	authentication_agent_response (cookie, identity, cancellable, callback, *user_data)
	authentication_agent_response_finish (res)
	authentication_agent_response_sync (cookie, identity, cancellable)
	check_authorization (subject, action_id, details, flags, cancellable, callback, *user_data)
	check_authorization_finish (res)
	check_authorization_sync (subject, action_id, details, flags, cancellable)
	enumerate_actions (cancellable, callback, *user_data)
	enumerate_actions_finish (res)
	enumerate_actions_sync (cancellable)
	enumerate_temporary_authorizations (subject, cancellable, callback, *user_data)
	enumerate_temporary_authorizations_finish (res)
	enumerate_temporary_authorizations_sync (subject, cancellable)
	get_backend_features ()
	get_backend_name ()
	get_backend_version ()
	get_owner ()
	register_authentication_agent (subject, locale, object_path, cancellable, callback, *user_data)
	register_authentication_agent_finish (res)
	register_authentication_agent_sync (subject, locale, object_path, cancellable)
	register_authentication_agent_with_options (subject, locale, object_path, options, cancellable, callback, *user_data)
	register_authentication_agent_with_options_finish (res)
	register_authentication_agent_with_options_sync (subject, locale, object_path, options, cancellable)
	revoke_temporary_authorization_by_id (id, cancellable, callback, *user_data)
	revoke_temporary_authorization_by_id_finish (res)
	revoke_temporary_authorization_by_id_sync (id, cancellable)
	revoke_temporary_authorizations (subject, cancellable, callback, *user_data)
	revoke_temporary_authorizations_finish (res)
	revoke_temporary_authorizations_sync (subject, cancellable)
	unregister_authentication_agent (subject, object_path, cancellable, callback, *user_data)
	unregister_authentication_agent_finish (res)
	unregister_authentication_agent_sync (subject, object_path, cancellable)

Virtual Methods

Inherited:

GObject.Object (7), Gio.AsyncInitable (2), Gio.Initable (1)

Properties

Name	Type	Flags	Short Description
backend-features	Polkit.AuthorityFeatures	r	The features of the currently used Authority backend.
backend-name	str	r	The name of the currently used Authority backend.
backend-version	str	r	The version of the currently used Authority backend.
owner	str	r	Owner.

Signals

Inherited:

GObject.Object (1)

Name	Short Description
changed	Emitted when actions and/or authorizations change
sessions-changed	Emitted when sessions change

Fields

Inherited:

GObject.Object (1)

Class Details

class Polkit.Authority(**kwargs)

Bases:

GObject.Object, Gio.AsyncInitable, Gio.Initable

Abstract:

No

Structure:

Polkit.AuthorityClass

Polkit.Authority is used for checking whether a given subject is authorized to perform a given action. Typically privileged system daemons or suid helpers will use this when handling requests from untrusted clients.

User sessions can register an authentication agent with the authority. This is used for requests from untrusted clients where system policy requires that the user needs to acknowledge (through proving he is the user or the administrator) a given action. See #PolkitAgentListener and #PolkitAgentSession for details.

classmethod get()

Returns:

value

Return type:

Polkit.Authority

(deprecated)

classmethod get_async(cancellable, callback, *user_data)

Parameters:

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously gets a reference to the authority.

This is an asynchronous failable function. When the result is ready, callback will be invoked in the thread-default main loop of the thread you are calling this method from and you can use Polkit.Authority.get_finish() to get the result. See Polkit.Authority.get_sync() for the synchronous version.

classmethod get_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the Gio.AsyncReadyCallback passed to Polkit.Authority.get_async().

Raises:

GLib.Error

Returns:

A Polkit.Authority. Free it with GObject.Object.unref() when done with it.

Return type:

Polkit.Authority

Finishes an operation started with Polkit.Authority.get_async().

classmethod get_sync(cancellable)

Parameters:

cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

A Polkit.Authority. Free it with GObject.Object.unref() when done with it.

Return type:

Polkit.Authority

Synchronously gets a reference to the authority.

This is a synchronous failable function - the calling thread is blocked until a reply is received. See Polkit.Authority.get_async() for the asynchronous version.

authentication_agent_response(cookie, identity, cancellable, callback, *user_data)

Parameters:

• cookie (str) – The cookie passed to the authentication agent from the authority.

• identity (Polkit.Identity) – The identity that was authenticated.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously provide response that identity successfully authenticated for the authentication request identified by cookie.

This function is only used by the privileged bits of an authentication agent. It will fail if the caller is not sufficiently privileged (typically uid 0).

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.authentication_agent_response_finish() to get the result of the operation.

authentication_agent_response_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if self acknowledged the call, False if error is set.

Return type:

bool

Finishes providing response from an authentication agent.

authentication_agent_response_sync(cookie, identity, cancellable)

Parameters:

• cookie (str) – The cookie passed to the authentication agent from the authority.

• identity (Polkit.Identity) – The identity that was authenticated.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

True if self acknowledged the call, False if error is set.

Return type:

bool

Provide response that identity successfully authenticated for the authentication request identified by cookie. See Polkit.Authority.authentication_agent_response() for limitations on who is allowed is to call this method.

The calling thread is blocked until a reply is received. See Polkit.Authority.authentication_agent_response() for the asynchronous version.

check_authorization(subject, action_id, details, flags, cancellable, callback, *user_data)

Parameters:

• subject (Polkit.Subject) – A Polkit.Subject.

• action_id (str) – The action to check for.

• details (Polkit.Details or None) – Details about the action or None.

• flags (Polkit.CheckAuthorizationFlags) – A set of Polkit.CheckAuthorizationFlags.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously checks if subject is authorized to perform the action represented by action_id.

Note that Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION SHOULD be passed ONLY if the event that triggered the authorization check is stemming from an user action, e.g. the user pressing a button or attaching a device.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.check_authorization_finish() to get the result of the operation.

Known keys in details include polkit.message and polkit.gettext_domain that can be used to override the message shown to the user. See the documentation for the ‘D-Bus method [eggdbus-method-org.freedesktop.PolicyKit1.Authority.CheckAuthorization]’ for more details.

If details is non-empty then the request will fail with Polkit.Error.FAILED unless the process doing the check itsef is sufficiently authorized (e.g. running as uid 0).

check_authorization_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

A Polkit.AuthorizationResult or None if error is set. Free with GObject.Object.unref().

Return type:

Polkit.AuthorizationResult

Finishes checking if a subject is authorized for an action.

check_authorization_sync(subject, action_id, details, flags, cancellable)

Parameters:

• subject (Polkit.Subject) – A Polkit.Subject.

• action_id (str) – The action to check for.

• details (Polkit.Details or None) – Details about the action or None.

• flags (Polkit.CheckAuthorizationFlags) – A set of Polkit.CheckAuthorizationFlags.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

A Polkit.AuthorizationResult or None if error is set. Free with GObject.Object.unref().

Return type:

Polkit.AuthorizationResult

Checks if subject is authorized to perform the action represented by action_id.

Note that Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION SHOULD be passed ONLY if the event that triggered the authorization check is stemming from an user action, e.g. the user pressing a button or attaching a device.

Note the calling thread is blocked until a reply is received. You should therefore NEVER do this from a GUI thread or a daemon service thread when using the Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION flag. This is because it may potentially take minutes (or even hours) for the operation to complete because it involves waiting for the user to authenticate.

Known keys in details include polkit.message and polkit.gettext_domain that can be used to override the message shown to the user. See the documentation for the ‘D-Bus method [eggdbus-method-org.freedesktop.PolicyKit1.Authority.CheckAuthorization]’ for more details.

enumerate_actions(cancellable, callback, *user_data)

Parameters:

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously retrieves all registered actions.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.enumerate_actions_finish() to get the result of the operation.

enumerate_actions_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

A list of Polkit.ActionDescription objects or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.ActionDescription]

Finishes retrieving all registered actions.

enumerate_actions_sync(cancellable)

Parameters:

cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

A list of Polkit.ActionDescription or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.ActionDescription]

Synchronously retrieves all registered actions - the calling thread is blocked until a reply is received. See Polkit.Authority.enumerate_actions() for the asynchronous version.

enumerate_temporary_authorizations(subject, cancellable, callback, *user_data)

Parameters:

• subject (Polkit.Subject) – A Polkit.Subject, typically a Polkit.UnixSession.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously gets all temporary authorizations for subject.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.enumerate_temporary_authorizations_finish() to get the result of the operation.

enumerate_temporary_authorizations_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

A list of Polkit.TemporaryAuthorization objects or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.TemporaryAuthorization]

Finishes retrieving all registered actions.

enumerate_temporary_authorizations_sync(subject, cancellable)

Parameters:

• subject (Polkit.Subject) – A Polkit.Subject, typically a Polkit.UnixSession.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

A list of Polkit.TemporaryAuthorization objects or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.TemporaryAuthorization]

Synchronousky gets all temporary authorizations for subject.

The calling thread is blocked until a reply is received. See Polkit.Authority.enumerate_temporary_authorizations() for the asynchronous version.

get_backend_features()

Returns:

Flags from Polkit.AuthorityFeatures.

Return type:

Polkit.AuthorityFeatures

Gets the features supported by the authority backend.

get_backend_name()

Returns:

The name of the backend.

Return type:

str

Gets the name of the authority backend.

get_backend_version()

Returns:

The version string for the backend.

Return type:

str

Gets the version of the authority backend.

get_owner()

Returns:

None or a string that should be freed with GLib.free().

Return type:

str or None

The unique name on the system message bus of the owner of the name org.freedesktop.PolicyKit1 or None if no-one currently owns the name. You may connect to the GObject.Object ::notify signal to track changes to the Polkit.Authority :owner property.

register_authentication_agent(subject, locale, object_path, cancellable, callback, *user_data)

Parameters:

• subject (Polkit.Subject) – The subject the authentication agent is for, typically a Polkit.UnixSession object.

• locale (str) – The locale of the authentication agent.

• object_path (str) – The object path for the authentication agent.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.register_authentication_agent_finish() to get the result of the operation.

register_authentication_agent_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Finishes registering an authentication agent.

register_authentication_agent_sync(subject, locale, object_path, cancellable)

Parameters:

• subject (Polkit.Subject) – The subject the authentication agent is for, typically a Polkit.UnixSession object.

• locale (str) – The locale of the authentication agent.

• object_path (str) – The object path for the authentication agent.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

The calling thread is blocked until a reply is received. See Polkit.Authority.register_authentication_agent() for the asynchronous version.

register_authentication_agent_with_options(subject, locale, object_path, options, cancellable, callback, *user_data)

Parameters:

• subject (Polkit.Subject) – The subject the authentication agent is for, typically a Polkit.UnixSession object.

• locale (str) – The locale of the authentication agent.

• object_path (str) – The object path for the authentication agent.

• options (GLib.Variant or None) – A GLib.Variant with options or None.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.register_authentication_agent_with_options_finish() to get the result of the operation.

register_authentication_agent_with_options_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Finishes registering an authentication agent.

register_authentication_agent_with_options_sync(subject, locale, object_path, options, cancellable)

Parameters:

• subject (Polkit.Subject) – The subject the authentication agent is for, typically a Polkit.UnixSession object.

• locale (str) – The locale of the authentication agent.

• object_path (str) – The object path for the authentication agent.

• options (GLib.Variant or None) – A GLib.Variant with options or None.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

The calling thread is blocked until a reply is received. See Polkit.Authority.register_authentication_agent_with_options() for the asynchronous version.

revoke_temporary_authorization_by_id(id, cancellable, callback, *user_data)

Parameters:

• id (str) – The opaque identifier for the temporary authorization.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously revoke a temporary authorization.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.revoke_temporary_authorization_by_id_finish() to get the result of the operation.

revoke_temporary_authorization_by_id_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the temporary authorization was revoked, False if error is set.

Return type:

bool

Finishes revoking a temporary authorization by id.

revoke_temporary_authorization_by_id_sync(id, cancellable)

Parameters:

• id (str) – The opaque identifier for the temporary authorization.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

True if the temporary authorization was revoked, False if error is set.

Return type:

bool

Synchronously revokes a temporary authorization.

The calling thread is blocked until a reply is received. See Polkit.Authority.revoke_temporary_authorization_by_id() for the asynchronous version.

revoke_temporary_authorizations(subject, cancellable, callback, *user_data)

Parameters:

• subject (Polkit.Subject) – The subject to revoke authorizations from, typically a Polkit.UnixSession.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously revokes all temporary authorizations for subject.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.revoke_temporary_authorizations_finish() to get the result of the operation.

revoke_temporary_authorizations_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if all the temporary authorizations was revoked, False if error is set.

Return type:

bool

Finishes revoking temporary authorizations.

revoke_temporary_authorizations_sync(subject, cancellable)

Parameters:

• subject (Polkit.Subject) – The subject to revoke authorizations from, typically a Polkit.UnixSession.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

True if the temporary authorization was revoked, False if error is set.

Return type:

bool

Synchronously revokes all temporary authorization from subject.

The calling thread is blocked until a reply is received. See Polkit.Authority.revoke_temporary_authorizations() for the asynchronous version.

unregister_authentication_agent(subject, object_path, cancellable, callback, *user_data)

Parameters:

• subject (Polkit.Subject) – The subject the authentication agent is for, typically a Polkit.UnixSession object.

• object_path (str) – The object path for the authentication agent.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

• callback (Gio.AsyncReadyCallback or None) – A Gio.AsyncReadyCallback to call when the request is satisfied.

• user_data (object or None) – The data to pass to callback.

Asynchronously unregisters an authentication agent.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.unregister_authentication_agent_finish() to get the result of the operation.

unregister_authentication_agent_finish(res)

Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully unregistered, False if error is set.

Return type:

bool

Finishes unregistering an authentication agent.

unregister_authentication_agent_sync(subject, object_path, cancellable)

Parameters:

• subject (Polkit.Subject) – The subject the authentication agent is for, typically a Polkit.UnixSession object.

• object_path (str) – The object path for the authentication agent.

• cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully unregistered, False if error is set.

Return type:

bool

Unregisters an authentication agent. The calling thread is blocked until a reply is received. See Polkit.Authority.unregister_authentication_agent() for the asynchronous version.

Signal Details

Polkit.Authority.signals.changed(authority)

Signal Name:

changed

Flags:

RUN_LAST

Parameters:

authority (Polkit.Authority) – The object which received the signal

Emitted when actions and/or authorizations change

Polkit.Authority.signals.sessions_changed(authority)

Signal Name:

sessions-changed

Flags:

RUN_LAST

Parameters:

authority (Polkit.Authority) – The object which received the signal

Emitted when sessions change

Property Details

Polkit.Authority.props.backend_features

Name:

backend-features

Type:

Polkit.AuthorityFeatures

Default Value:

Polkit.AuthorityFeatures.NONE

Flags:

READABLE

The features of the currently used Authority backend.

Polkit.Authority.props.backend_name

Name:

backend-name

Type:

str

Default Value:

None

Flags:

READABLE

The name of the currently used Authority backend.

Polkit.Authority.props.backend_version

Name:

backend-version

Type:

str

Default Value:

None

Flags:

READABLE

The version of the currently used Authority backend.

Polkit.Authority.props.owner

Name:

owner

Type:

str

Default Value:

None

Flags:

READABLE

The unique name of the owner of the org.freedesktop.PolicyKit1 D-Bus service or None if there is no owner. Connect to the GObject.Object ::notify signal to track changes to this property.