Ubuntu
policykit-1 package

Policykit authentication fails with 'Error.Failed: Only uid 0 may invoke this method.'

Bug #439552 reported by Andreas Sandberg
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
policykit-1 (Ubuntu)
Fix Committed
Undecided
Unassigned

Bug Description

Binary package hint: policykit

Authenticating in an administrative tool, e.g. gdmsetup, does not work. The policy kit authentication dialog is displayed and prompts the user for a password, clicking authenticate causes the password field to disappear, but does not close the dialog. Clicking cancel does not close the authentication dialog either.

The following text is displayed on the terminal that polkit-gnome-authentication-agent-1 is connected to:

(polkit-gnome-authentication-agent-1:9842): GLib-GObject-WARNING **: cannot register existing type `_PolkitError'

(polkit-gnome-authentication-agent-1:9842): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
polkit-agent-helper-1: error response to PolicyKit daemon: Remote Exception invoking org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() on /org/freedesktop/PolicyKit1/Authority at name org.freedesktop.PolicyKit1: org.freedesktop.PolicyKit1.Error.Failed: Only uid 0 may invoke this method. This incident has been logged.

ProblemType: Bug
Architecture: amd64
Date: Wed Sep 30 20:49:52 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: fglrx
Package: policykit 0.9-4ubuntu1
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-11.36-generic
SourcePackage: policykit
Uname: Linux 2.6.31-11-generic x86_64

Revision history for this message
Andreas Sandberg (andysan) wrote :
Revision history for this message
James Westby (james-w) wrote :

Shifting package as the source package name changed with the rewrite.

Thanks for the report.

James

affects: policykit (Ubuntu) → policykit-1 (Ubuntu)
Revision history for this message
Andreas Sandberg (andysan) wrote :

Also, this is shown in the syslog:
Sep 30 21:19:44 minotaur kernel: [ 2316.603175] polkit-agent-he[9839]: segfault at 14 ip 00007ff919d9e573 sp 00007fff221c7fb0 error 4 in libpam.so.0.82.1[7ff919d9c000+c000]

Revision history for this message
James Westby (james-w) wrote : Re: [Bug 439552] Re: Policykit authentication dialog not responsive to clicks on the 'Authenticate' button

On Wed Sep 30 19:21:52 UTC 2009 Andreas Sandberg wrote:
> Also, this is shown in the syslog:
> Sep 30 21:19:44 minotaur kernel: [ 2316.603175] polkit-agent-he[9839]: segfault
> at 14 ip 00007ff919d9e573 sp 00007fff221c7fb0 error 4 in
> libpam.so.0.82.1[7ff919d9c000+c000]

Ah, I can imaging plenty has to do with this. Not a great reaction
from the rest of the stack though.

Do you have apport enabled? It would be great to get a backtrace for this.

Thanks,

James

Revision history for this message
Andreas Sandberg (andysan) wrote : Re: Policykit authentication dialog not responsive to clicks on the 'Authenticate' button

Seems like the pam error is related to bug #439655 (and fixed by the patch attached to that bug). The "Only uid 0 may invoke this method." error still remains though.

Revision history for this message
Andreas Sandberg (andysan) wrote :

Forgot to mention this: After applying the patch in bug #439655, the authentication dialog behaves better and shows an authentication failure error message. However, authentication still doesn't work.

Revision history for this message
Andreas Sandberg (andysan) wrote :

I played around a bit with policykit and it seems like the polkit backend uses org.freedesktop.DBus.GetConnectionUnixUser to get the UID (not the EUID!) of the caller. I don't know what the cleanest solution would be, but adding setuid(0) to works for me (see patch).

Revision history for this message
Andreas Sandberg (andysan) wrote :

Seems like I can only reproduce this bug on my upgraded (Jaunty->Karmic) system. Policykit works fine on a fresh install. Still, unless I patch policykit-agent-helper, policykit is essentially useless on my upgraded system.

summary: - Policykit authentication dialog not responsive to clicks on the
- 'Authenticate' button
+ Policykit authentication fails with 'Error.Failed: Only uid 0 may invoke
+ this method.'
Revision history for this message
Harald Hannelius (harald-arcada) wrote :

I'm experiencing the exact same problem. My account resides in an external LDAP-directory.

polkit-agent-helper-1: error response to PolicyKit daemon: Remote Exception invoking org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() on /org/freedesktop/PolicyKit1/Authority at name org.freedesktop.PolicyKit1: org.freedesktop.PolicyKit1.Error.Failed: Only uid 0 may invoke this method. This incident has been logged.

I too, have just upgraded from 9.04 to 9.10 today.

Revision history for this message
Lars Erik Kolden (lars-erik-kolden) wrote :

I've got the same problem on computers that have got a fresh install, but that have had their LDAP configuration updated from a puppetmaster server. The problem appeared after I set up LDAP/PAM authentication on the computers. The error message from /var/log/messages:

Dec 8 11:29:48 vust1-3 kernel: [91665.959930] polkit-agent-he[17495]: segfault at 4 ip 002dbb90 sp bfe664e0 error 4 in libpam.so.0.82.1[2d8000+b000]

Please tell if you need more info.

Revision history for this message
Andreas Sandberg (andysan) wrote :

I seem to forgotten to mention I in fact use LDAP for PAM and NSS on the machine I have issues with. The fresh install didn't use LDAP.

Lars: The segfault is probably due to bug #439655, which has been fixed upstream. If you see 'Only uid 0 may invoke this method. This incident has been logged.' in you log, it is related to this bug.

Revision history for this message
Lars Erik Kolden (lars-erik-kolden) wrote :

Actually, I haven't seen the "only uid 0..." message anywhere. Would it be in syslog?

Revision history for this message
Andreas Sandberg (andysan) wrote :

I'm not sure, I think there was a TODO comment in the code about actually logging the event. You could start polkit-gnome-authentication-agent-1 in a terminal an monitor the output from that application. In that case you probably have to kill to old instance of polkit-gnome-authentication-agent-1 and start it afterwards. Remember that polkit doesn't work when the authentication agent isn't running, but I guess not much of an issue for you since it doesn't work anyway.

Revision history for this message
Lars Erik Kolden (lars-erik-kolden) wrote :

Thanks, that did it. Now I got that error message too ;-) I'll have to try to apply that patch somehow, then. If there's no pending update around the corner.

Revision history for this message
Lars Erik Kolden (lars-erik-kolden) wrote :

Thank you, Andreas, the setuid patch did the trick for me.

tavo (perez-octavio)
Changed in policykit-1 (Ubuntu):
status: New → Confirmed
status: Confirmed → Fix Committed
Revision history for this message
Charlie_Parker (yardbird) wrote :

following this thread I tried running:
polkit-gnome-authentication-agent-1
in a terminal and the result was:
polkit-gnome-authentication-agent-1: command not found
(same result when I tried running it with sudo)

This authentication bug is affecting me in trying to manage users and groups through the gui (users-admin).

I don't know how to use the "setuid patch".

Karmic 9.10, amd64,

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.