Return-Path: <dbus-bounces@lists.freedesktop.org>
Delivered-To: <smcv@bhuna.collabora.co.uk>
Received: from bhuna.collabora.co.uk
	by bhuna.collabora.co.uk (Dovecot) with LMTP id hPX8N6yhCFRvMQAAdi/TOA
	for <smcv@bhuna.collabora.co.uk>; Thu, 04 Sep 2014 18:31:04 +0100
Received: from fox.clues.ltd.uk (fox.clues.ltd.uk [217.151.102.250])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by bhuna.collabora.co.uk (Postfix) with ESMTPS id 62353603B91;
	Thu,  4 Sep 2014 18:30:30 +0100 (BST)
Received: from gabe.freedesktop.org ([131.252.210.177])
	by fox.clues.ltd.uk with esmtp (Exim 4.72)
	(envelope-from <dbus-bounces@lists.freedesktop.org>)
	id 1XPara-0004pH-Qo; Thu, 04 Sep 2014 18:30:30 +0100
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id 5520D6E7AD;
	Thu,  4 Sep 2014 10:30:25 -0700 (PDT)
X-Original-To: dbus@freedesktop.org
Delivered-To: dbus@freedesktop.org
Received: from gardel.0pointer.net (gardel.0pointer.net [85.214.157.71])
 by gabe.freedesktop.org (Postfix) with ESMTP id B60846E7AD
 for <dbus@freedesktop.org>; Thu,  4 Sep 2014 10:30:23 -0700 (PDT)
Received: from gardel-login.0pointer.net (gardel.0pointer.net [85.214.157.71])
 by gardel.0pointer.net (Postfix) with ESMTP id F1B9FE81518
 for <dbus@freedesktop.org>; Thu,  4 Sep 2014 19:30:22 +0200 (CEST)
Received: by gardel-login.0pointer.net (Postfix, from userid 1000)
 id 859E01615F0; Thu,  4 Sep 2014 19:30:22 +0200 (CEST)
Date: Thu, 4 Sep 2014 19:30:22 +0200
From: Lennart Poettering <mzqohf@0pointer.de>
To: DBus ML <dbus@freedesktop.org>
Subject: [PATCH v2] dbus-spec: introduce new ALLOW_INTERACTIVE_AUTHENTICATION
 flag
Message-ID: <20140904173022.GA5498@gardel-login>
MIME-Version: 1.0
Content-Disposition: inline
X-BeenThere: dbus@lists.freedesktop.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dbus.lists.freedesktop.org>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dbus>,
 <mailto:dbus-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dbus>
List-Post: <mailto:dbus@lists.freedesktop.org>
List-Help: <mailto:dbus-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dbus>,
 <mailto:dbus-request@lists.freedesktop.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: dbus-bounces@lists.freedesktop.org
Sender: "dbus" <dbus-bounces@lists.freedesktop.org>

As discussed earlier on the dbus mailing list, let's add a new flag to
the message header, that allows clients to indicate whether they are OK
with possiably time-intensive interactive authentication.

This is useful for authentication frameworks such as polkit, but this
flag is supposed to be generic, and not be bound to any implementation
of such a framework.

The dbus specification already clarifies that unknown flags must be
ignored, the reference implementation and the other implementations i
checked indeed ignore any new flags, hence we should be fine with
compatibility here.

This patch simply updates the spec, it does not add new APIs for this to
the reference implementation.

This is version 2:
- rename from PERMIT to ALLOW (as suggested by Marcel)
- define a standardized error to return if interactive authentication is
  required (as suggested by Ted)
---
 doc/dbus-specification.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index 1b740fe..506fe78 100644
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -1351,6 +1351,36 @@
                   for the destination name in response to this message.
                 </entry>
               </row>
+              <row>
+                <entry><literal>ALLOW_INTERACTIVE_AUTHENTICATION</literal></entry>
+                <entry>0x4</entry>
+                <entry>This is a hint that may be set on a method call
+                message that informs the receiving side that the
+                caller is OK if possibly time-intensive interactive
+                user authentication may take place before the method
+                call will complete. A client may set this flag if it
+                is prepared to wait for a longer time before the
+                method call returns, and if its UI may be interrupted
+                by interactively querying the user for passwords or
+                confirmation. This flag is only useful when
+                unprivileged code calls a more priviliged method call,
+                and an authentication framework is deployed that
+                allows possibly interactive authentication. If no such
+                framework is deployed it has no effect. This flag
+                should not be set by default by client
+                implementations. If it is set the caller also should
+                set a suitably long timeout on the method call to make
+                sure the user interaction may complete. This flag is
+                only valid for method call messages, and shall be
+                ignored otherwise. If a this flag is not set on a
+                method call, and a service determines that the
+                requested operation is not allowed without interactive
+                authentication, but could be after successful
+                interactive authentication it should return the
+                <literal>org.freedesktop.DBus.Error.InteractiveAuthenticationRequired</literal>
+                error.
+                </entry>
+              </row>
             </tbody>
           </tgroup>
         </informaltable>
--
1.9.3



Lennart

--
Lennart Poettering, Red Hat
_______________________________________________
dbus mailing list
dbus@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dbus