> On Mon, Sep 30, 2013 at 8:40 PM, Miloslav Trmač < m...@redhat.com > wrote:
> > Hello, > > > ----- Original Message ----- > > > > What I'm trying to do is register a polkit authentication agent in a > > > python > > > > script, through the dbus api. I have attached, a rather simplistic, first > > > > start of this. From what I can read out of the logs it seems to register > > > > alright but nothing is relayed to it for authentication. > > > > First question is that it seems like RegisterAuthenticationAgent takes a > > > few > > > > different subject kinds . unix-process and unix-session. What is the > > > > difference between these and what should I be using? > > > You can register more than one agent; each agent is only called for those > > subject they register for. unix-process is obviously limited to that single > > process. So if you want to register for all processes running within the > > session / within the appliance UI, unix-session is more appropriate. > > Does this mean that if xbmc runs within another session, say gnome, and we > use packagekit for installing our addons, if we'd register a unix-process > that one will take precedence over the one in gnome? Yes. (You can also register a "fallback agent" for a unix-process, but you wouldn't to in this case.) > Or perhaps that only holds true for a polkit action which isn't registered in > the session agent? No, agents register for subjects, not for actions. > > > When registering I submit my object path, which is '/org/xbmc/polkit' but > > > > what is the destination for this object? I'm using 'org.xbmc.polkit' for > > > my > > > > service, but how does polkit knows this? > > > An agent can only register itself; polkit uses the identity of the caller > > of > > the RegisterAuthenticationAgent operation (technically using the :number > > unique identifier). I don't think it's necessary to register a > > well-known-name. > > So polkit is able to deduct the destination from the object path and the bus > used for the call? I'm not a dbus expert so wasn't aware that this was > possible? Yes; this is fundamental to being able to send a reply to a request at all. > So if I understand you correctly I just need to make sure I use the same bus > for the service as the registration? That should be basically it. But I'm not a D-Bus expert either I'm afraid, and especially not an expert in the various interface libraries. > > > Could this be why its not called to > > > > authenticate even if register went through alright? > > > These two lines seem rather suspect: > > > > 'session-id': getSessionID(), > > > > 'session_id': "" > > > Other than that, if there are no error messages returned through the D-Bus > > API, I can suggest only running polkitd without --no-debug and capturing > > the > > output, and attaching a debugger to polkitd. > > Yeah I'm very uncertain on those, from the RegisterAuthenticationAgent > documentation I found this line > " Note that current versions of PolicyKit will only work if session_id is set > to the empty string. In the future it might work for non-empty strings if > the caller is sufficiently privileged." > I thought that referred to be on the subject but it strikes me know that I > might have misunderstood this. If so I'm not sure at all where I should set > "session_id" :) (For others looking, it is data/org.freedesktop.PolicyKit1.Authority.xml . I'm afraid this is a bug in the documentation; for now filed as https://bugs.freedesktop.org/show_bug.cgi?id=69980 ). > I tried to start polkitd with --no-debug (if I did it correctly) Note that, at least on Fedora, --no-debug is default, so it is necessary to _remove_ it (and then capture stderr). > and checked auth.log, it gave some interesting results (which I'm not > entirely sure how to interpret) > (at line3 is when I closed polkitd with a killall -9 polkitd) > topfs@tobias-desktop:/var/log$ tail -f auth.log > Sep 30 21:01:16 tobias-desktop polkitd(authority=local): Registered > Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session10 > (system bus name :1.119 [python simple-unix-session-agent.py], object path > /org/xbmc/polkit, locale sv_SE) > Sep 30 21:05:07 tobias-desktop polkitd(authority=local): Operator of > unix-session:/org/freedesktop/ConsoleKit/Session10 FAILED to authenticate to > gain authorization for action com.ubuntu.softwareproperties.applychanges for > system-bus-name::1.126 [/usr/bin/python3 /usr/bin/software-properties-gtk -n > -t 0] (owned by unix-user:topfs) > So from what I can see it seems like it registers alright but it never calls > my python scripts method (begin authentication et al). I'm afraid it's time for gdb then; there is no logging inside the code of get_authentication_agent_for_subject AFAICS. > I've registered it under locale sv_SE, perhaps thats wrong or not what > fluxbox (which is my testing session) is using by default? > Can I register my agent on any locale? The locale is not involved in choosing which agent to run, only what messages to give to it. Mirek
_______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
