pressing CANCEL in policykit super user "mount dialog" shows silly error message

Bug #543042 reported by Martin Olsson on 2010-03-20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
nautilus (Ubuntu)

Bug Description

Binary package hint: policykit-1-gnome

I just installed a clean lucid beta. I have one NTFS partition which appears automatically in "Places" menu. When I select it, it asks for my sudo password. If I click CANCEL in this password dialog, then I get a message box that says "Authentication failure". If I try to enter a password and get it wrong, then some sort of messagebox or similar is of course needed, but if I press CANCEL the password dialog should just go away and no further errors should be displayed.

There is a related but different papercut bug which discusses changing the text of the error, however note that this bug talks about not showing any error at all for the special case when the user clicks CANCEL. For details on the other bug, see:

ProblemType: Bug
Architecture: amd64
Date: Sat Mar 20 23:29:58 2010
DistroRelease: Ubuntu 10.04
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100318)
Package: policykit-1-gnome 0.96-2ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-16.25-generic
SourcePackage: policykit-1-gnome
Uname: Linux 2.6.32-16-generic x86_64

Martin Olsson (mnemo) wrote :
Martin Olsson (mnemo) wrote :

Very good catch, I've been meaning to report this for a while. I do suspect that it is not a paper cut as it may not be trivial to fix.

On Mon, 22 Mar 2010 09:41:31 -0000, David Siegel <email address hidden> wrote:
> Very good catch, I've been meaning to report this for a while. I do
> suspect that it is not a paper cut as it may not be trivial to fix.

Indeed. The caller can't distinguish between cancel and an error.

I don't know if this is a concious decision for some sort of security
consideration, so I would be reluctant to change it without some
discussion with upstream. It is however more than a few minutes work,
and not really appropriate for this point in a release cycle anyway.



Milan Bouchet-Valat (nalimilan) wrote :

Moving to nautilus, as PolicyKit itself provides a way to know whether authentication was canceled or whether it failed. See POLKIT_ERROR_CANCELLED, which is the GError returned by polkit_authority_check_authorization_finish(),

So the problem may be with Nautilus not checking that value, or with the backend that Nautilus calls not returning that value as a special case. In the first case, that's a paper cut, in the latter, it's more complex.

affects: policykit-1-gnome (Ubuntu) → nautilus (Ubuntu)
Changed in nautilus (Ubuntu):
importance: Undecided → Low
Martin Olsson (mnemo) wrote :

I found some more clues concerning this bug.

@Milan, first I suppose the communication here happens "nautilus <--> GVFS <--> policykit". I can see that the "nautilus" package depends on the "gvfs" package which in turn depends on the "policykit-1-gnome" package. When I grep in the "policykit-1-gnome" package source I find one reference to the string "OLKIT_ERROR". Also, from grepping in the nautilus code, I believe that the silly message dialog originates from this place: nautilus-

The nautilus code says "show error for all error codes except G_IO_ERROR_FAILED_HANDLED", but that means it does show an error message for the error code "G_IO_ERROR_CANCELLED". I don't know which error code is actually being handed to nautilus here, I'm just speculating based on the GIO docs:

It would be interesting to put some debug statements into this source location or maybe some breakpoints. However, in that case I must be able to repro this bug which I can't right now. Because policykit has now cached my password so I'm not prompted for it anymore when I open Places::DiskDrive.

How can I make policykit forget this cached password so I get the password prompt again?

Milan Bouchet-Valat (nalimilan) wrote :

Martin: I guess you can simply run 'sudo killall polkitd', and it will forget your authentication.

One would have to check whether gvfs actually redirects POLKIT_ERROR_CANCELLED to G_IO_ERROR_CANCELLED, and if so, then add it to the ignore case in Nautilus. Or simply add that condition in Nautilus, and see if it works! If it's not the case, it would be worth considering canceled authentication as G_IO_ERROR_FAILED_HANDLED, which seems to be intended for this case.

Martin Olsson (mnemo) wrote :

I tried "sudo killall polkitd" and that wasn't enough to repro it, it stills opens the drive mounted using some cached password. I also tried using the guest session but then the external drive doesn't show up under Places at all.

Vish (vish) wrote :

Marking papercut task invalid as per comment #5.

Changed in hundredpapercuts:
status: New → Invalid
Pedro Villavicencio (pedro) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. A new version of Nautilus is available on Maverick and we are wondering if this bug is still an issue for you with that version? Could you please test and comment back? Thanks in advance.

Changed in hundredpapercuts:
status: Invalid → Incomplete
Changed in nautilus (Ubuntu):
status: New → Incomplete
Changed in hundredpapercuts:
status: Incomplete → Invalid
Launchpad Janitor (janitor) wrote :

[Expired for nautilus (Ubuntu) because there has been no activity for 60 days.]

Changed in nautilus (Ubuntu):
status: Incomplete → Expired
Jack Leigh (leighman) wrote :

The dialog is still shown when pressing cancel in Maverick although the phrasing has been changed as per the linked bug.

Changed in nautilus (Ubuntu):
status: Expired → Confirmed
Changed in nautilus (Ubuntu):
status: Confirmed → Triaged
Changed in nautilus:
importance: Unknown → Medium
status: Unknown → New
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.