polkit fails to authenticate on dbus
karu.pruun
karu.pruun at gmail.com
Wed Jan 21 06:17:20 PST 2015
On Wed, Jan 21, 2015 at 12:50 PM, Simon McVittie wrote:
> On 20/01/15 20:48, karu.pruun wrote:
>> I am having troubles with dbus starting polkitd on my system
>> (DragonFlyBSD): polkitd fails to start since dbus rejects the three
>> attempts to authenticate via three different mechanisms available on
>> dbus (EXTERNAL, DBUS_COOKIE_SHA1, ANONYMOUS).
>
> In general the support status of D-Bus on *BSD is: if it doesn't work,
> I'm happy to review patches from someone (maybe you) to make it work,
> but none of the D-Bus maintainers are going to actively pursue it.
> (The closest we have to a formal policy is
> <http://lists.freedesktop.org/archives/dbus/2013-October/015825.html>.)
>
> Credentials-passing-based EXTERNAL authentication on FreeBSD was
> confirmed to work somewhat recently in both libdbus (as used by
> dbus-daemon) and GDBus (part of GLib, as used by polkit), and I believe
> they interoperate correctly.
>
> Credentials-passing-based EXTERNAL authentication on DragonFlyBSD is not
> specifically supported in either libdbus or GDBus, and is not tested by
> libdbus' regression tests. Depending how similar DragonFlyBSD and
> FreeBSD are, the FreeBSD code paths might work as-is, or they might
> require changing an #ifdef __FreeBSD__ to #if defined(__FreeBSD__) ||
> defined(__DragonFlyBSD__) or something, or they might not work at all
> and need new code. Because dbus-daemon uses libdbus and polkitd uses
> GDBus, making them interoperate might require changes to libdbus (dbus),
> or to GDBus (glib), or both.
>
> In principle I'm happy to upgrade DragonFlyBSD to the same status in
> libdbus as FreeBSD - i.e. add comments indicating how it does
> credentials-passing in practice, and enable the credentials-passing test
> so that failure to behave as expected is a test failure - but I would
> need a DragonFlyBSD user to tell me how it should work, and confirm that
> the tests do in fact pass. Search the source tree for FreeBSD, NetBSD,
> OpenBSD to get an idea of what this would involve.
>
> From a quick web search, it looks as though DragonFly has a getpeereid()
> implementation, so in principle that should work in libdbus; but I don't
> think GDBus has a getpeereid() code path, and GDBus detects
> credentials-passing support via __FreeBSD__ etc. rather than
> feature-detection, on the basis that it seems to be rare for any two
> Unix OSs to use the same spelling for their credentials structures in
> practice.
Thanks for this! I am interested in getting it working but it will
probably take me some time getting through the code.
By the way, I found out that the UID string that polkitd on DragonFly
uses in 'AUTH EXTERNAL . . .' is independent from what polkitd gets
from getuid(). This is in contrast to correct operation e.g. on
FreeBSD where that string is the hex encoded UID.
I will dig further. Thanks again.
Peeter
--
More information about the dbus
mailing list