On Mon, Sep 30, 2013 at 8:40 PM, Miloslav Trmač <m...@redhat.com> wrote:
> Hello, > ----- Original Message ----- > > What I'm trying to do is register a polkit authentication agent in a > python > > script, through the dbus api. I have attached, a rather simplistic, first > > start of this. From what I can read out of the logs it seems to register > > alright but nothing is relayed to it for authentication. > > > First question is that it seems like RegisterAuthenticationAgent takes a > few > > different subject kinds . unix-process and unix-session. What is the > > difference between these and what should I be using? > > You can register more than one agent; each agent is only called for those > subject they register for. unix-process is obviously limited to that > single process. So if you want to register for all processes running > within the session / within the appliance UI, unix-session is more > appropriate. > Does this mean that if xbmc runs within another session, say gnome, and we use packagekit for installing our addons, if we'd register a unix-process that one will take precedence over the one in gnome? Or perhaps that only holds true for a polkit action which isn't registered in the session agent? > > When registering I submit my object path, which is '/org/xbmc/polkit' but > > what is the destination for this object? I'm using 'org.xbmc.polkit' for > my > > service, but how does polkit knows this? > > An agent can only register itself; polkit uses the identity of the caller > of the RegisterAuthenticationAgent operation (technically using the :number > unique identifier). I don't think it's necessary to register a > well-known-name. > So polkit is able to deduct the destination from the object path and the bus used for the call? I'm not a dbus expert so wasn't aware that this was possible? So if I understand you correctly I just need to make sure I use the same bus for the service as the registration? > > > Could this be why its not called to > > authenticate even if register went through alright? > > These two lines seem rather suspect: > > 'session-id': getSessionID(), > > 'session_id': "" > > Other than that, if there are no error messages returned through the D-Bus > API, I can suggest only running polkitd without --no-debug and capturing > the output, and attaching a debugger to polkitd. > Yeah I'm very uncertain on those, from the RegisterAuthenticationAgent documentation I found this line "Note that current versions of PolicyKit will only work if *session_id* is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged." I thought that referred to be on the subject but it strikes me know that I might have misunderstood this. If so I'm not sure at all where I should set "session_id" :) I tried to start polkitd with --no-debug (if I did it correctly) and checked auth.log, it gave some interesting results (which I'm not entirely sure how to interpret) (at line3 is when I closed polkitd with a killall -9 polkitd) topfs@tobias-desktop:/var/log$ tail -f auth.log Sep 30 20:59:44 tobias-desktop sudo: pam_unix(sudo:session): session opened for user root by topfs(uid=0) Sep 30 20:59:44 tobias-desktop sudo: pam_unix(sudo:session): session closed for user root Sep 30 20:59:57 tobias-desktop sudo: topfs : TTY=pts/1 ; PWD=/home/topfs ; USER=root ; COMMAND=/usr/bin/killall polkitd Sep 30 20:59:57 tobias-desktop sudo: pam_unix(sudo:session): session opened for user root by topfs(uid=0) Sep 30 20:59:57 tobias-desktop sudo: pam_unix(sudo:session): session closed for user root Sep 30 21:00:25 tobias-desktop gnome-keyring-daemon[4236]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files Sep 30 21:00:25 tobias-desktop gnome-keyring-daemon[4236]: keyring alias directory: /home/topfs/.local/share/keyrings Sep 30 21:01:10 tobias-desktop sudo: topfs : TTY=pts/1 ; PWD=/home/topfs ; USER=root ; COMMAND=/usr/lib/policykit-1/polkitd --no-debug Sep 30 21:01:10 tobias-desktop sudo: pam_unix(sudo:session): session opened for user root by topfs(uid=0) Sep 30 21:01:16 tobias-desktop polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session10 (system bus name :1.119 [python simple-unix-session-agent.py], object path /org/xbmc/polkit, locale sv_SE) Sep 30 21:05:07 tobias-desktop polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session10 FAILED to authenticate to gain authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.126 [/usr/bin/python3 /usr/bin/software-properties-gtk -n -t 0] (owned by unix-user:topfs) So from what I can see it seems like it registers alright but it never calls my python scripts method (begin authentication et al). I've registered it under locale sv_SE, perhaps thats wrong or not what fluxbox (which is my testing session) is using by default? Can I register my agent on any locale? > Mirek > Thanks so much for the help! Cheers, Tobias
_______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
