polkit fails to authenticate on dbus
Simon McVittie
simon.mcvittie at collabora.co.uk
Wed Jan 21 04:50:55 PST 2015
On 20/01/15 20:48, karu.pruun wrote:
> I am having troubles with dbus starting polkitd on my system
> (DragonFlyBSD): polkitd fails to start since dbus rejects the three
> attempts to authenticate via three different mechanisms available on
> dbus (EXTERNAL, DBUS_COOKIE_SHA1, ANONYMOUS).
In general the support status of D-Bus on *BSD is: if it doesn't work,
I'm happy to review patches from someone (maybe you) to make it work,
but none of the D-Bus maintainers are going to actively pursue it.
(The closest we have to a formal policy is
<http://lists.freedesktop.org/archives/dbus/2013-October/015825.html>.)
Credentials-passing-based EXTERNAL authentication on FreeBSD was
confirmed to work somewhat recently in both libdbus (as used by
dbus-daemon) and GDBus (part of GLib, as used by polkit), and I believe
they interoperate correctly.
Credentials-passing-based EXTERNAL authentication on DragonFlyBSD is not
specifically supported in either libdbus or GDBus, and is not tested by
libdbus' regression tests. Depending how similar DragonFlyBSD and
FreeBSD are, the FreeBSD code paths might work as-is, or they might
require changing an #ifdef __FreeBSD__ to #if defined(__FreeBSD__) ||
defined(__DragonFlyBSD__) or something, or they might not work at all
and need new code. Because dbus-daemon uses libdbus and polkitd uses
GDBus, making them interoperate might require changes to libdbus (dbus),
or to GDBus (glib), or both.
In principle I'm happy to upgrade DragonFlyBSD to the same status in
libdbus as FreeBSD - i.e. add comments indicating how it does
credentials-passing in practice, and enable the credentials-passing test
so that failure to behave as expected is a test failure - but I would
need a DragonFlyBSD user to tell me how it should work, and confirm that
the tests do in fact pass. Search the source tree for FreeBSD, NetBSD,
OpenBSD to get an idea of what this would involve.
>From a quick web search, it looks as though DragonFly has a getpeereid()
implementation, so in principle that should work in libdbus; but I don't
think GDBus has a getpeereid() code path, and GDBus detects
credentials-passing support via __FreeBSD__ etc. rather than
feature-detection, on the basis that it seems to be rare for any two
Unix OSs to use the same spelling for their credentials structures in
practice.
S
More information about the dbus
mailing list