Search code examples
pythondbusdbus-python

Only trusted callers (e.g. uid 0 or an action owner) can use CheckAuthorization() and pass details


The program didnt give an error until the key polkit.message was added to to self.details. is there a way to pass the message without getting the error?

code:

class LinuxLocalAuth:
    def __init__(self) -> None:
        import dbus

        self.dbus = dbus

        bus = dbus.SystemBus()
        proxy = bus.get_object(
            "org.freedesktop.PolicyKit1", "/org/freedesktop/PolicyKit1/Authority"
        )
        self.authority = dbus.Interface(
            proxy, dbus_interface="org.freedesktop.PolicyKit1.Authority"
        )

        system_bus_name = bus.get_unique_name()

        self.subject = ("system-bus-name", {"name": system_bus_name})
        self.action_id = "org.freedesktop.policykit.exec"
        self.details = {"polkit.message": "test"}
        self.flags = 1  # AllowUserInteraction flag
        self.cancellation_id = ""  # No cancellation id

    def authenticate_linux(self):
        result = self.authority.CheckAuthorization(
            self.subject, self.action_id, self.details, self.flags, self.cancellation_id
        )

        return result[0]


LinuxLocalAuth().authenticate_linux()

Solution

  • is there a way to pass the message without getting the error?

    No, not unless your process is the owner of the action (in this case, only code in pkexec can do that), or is running as UID 0.

    This is to prevent untrusted programs from trying to mislead the user by providing false messages to trick them into allowing a harmful action.