polkit-gnome-authentication-agent-1 not started at first login

Bug #760452 reported by spidernik84 on 2011-04-14
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
policykit-1-gnome (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: policykit-1-gnome

Hi,
I would like to (re)open a bug. The behavior is exactly the same as these, but the triggering conditions are different:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/568748
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/568748.

We're using many Ubuntu 10.04 LTS clients, kerberized to authenticate against a Kerberos Realm. We had to switch to a new kerberos Realm and LDAP directory, thus we overwrote the settings on the clients (ldap.conf, krb5.conf, pam.d files) and rebooted the machines.
After the reboot the machines authenticated correctly against the new realm and LDAP directory and everything seemed right.
We later discovered it was not possible, for graphical programs requesting root privileges, to prompt for password. The password dialog didn't appear. One of the affected program is ubuntu software center, just to name one. Sudoing via console or gnome-terminal worked fine.

We tackled down the problem to the polkit-agent: after we changed the kerberos, ldap and pam settings, it doesn't start anymore at first login, even if the /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop file is present and correct.
The strange behavior is this: the polkit-agent doesn't start at first login but, If the user logs out and in again, the polkit-agent starts just fine. The problem can be easily reproduced: after a reboot, the user must log in, log out, and log in again for the agent to start properly (or start it manually, of course).

UPDATE (copied from my own comment):
the problem is triggered by the modification of ldap.conf file. Changing other files (namely krb5.conf and pam.d files) does not trigger the problem.
The phenomenon disappears when reverting back to the original files, but all of them (changing back the ldap.conf file is not enough to fix the problem).

UPDATE 2 (copied from my own comment):
Another update:
It seems that polkit-agent has some problems related to DBus. I placed an autostart script in gnome, designed to fire up polkit-agent manually about 70 seconds after login. The agent starts just fine.

The first startup shows these errors in xsession-error:

** (polkit-gnome-authentication-agent-1:2167): WARNING **: Error connecting to bus: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

process 2167: arguments to dbus_connection_get_data() were incorrect, assertion "connection != NULL" failed in file dbus-connection.c line 5797.
This is normally a bug in some application using the D-Bus library.
process 2167: arguments to dbus_connection_set_data() were incorrect, assertion "connection != NULL" failed in file dbus-connection.c line 5761.
This is normally a bug in some application using the D-Bus library.

** ERROR **: Not enough memory to set up DBusConnection for use with GLib
aborting...

The second startup goes well, so no errors.

These are the packages we installed during the change of Kerberos Realm:

The following extra packages will be installed:
  libasn1-8-heimdal libgssapi2-heimdal libheimntlm0-heimdal libhx509-4-heimdal
  libkrb5-25-heimdal libroken18-heimdal libwind0-heimdal
The following packages will be REMOVED:
  sudo
The following NEW packages will be installed:
  libasn1-8-heimdal libgssapi2-heimdal libheimntlm0-heimdal libhx509-4-heimdal
  libkrb5-25-heimdal libroken18-heimdal libsasl2-modules-gssapi-heimdal
  libwind0-heimdal sudo-ldap

Further details about OS release and package version:

lsb_release -rd
Description: Ubuntu 10.04.2 LTS
Release: 10.04

apt-cache policy policykit-1-gnome
policykit-1-gnome:
  Installed: 0.96-2ubuntu2
  Candidate: 0.96-2ubuntu2
  Version table:
 *** 0.96-2ubuntu2 0
        500 http://ownrepo/se.archive.ubuntu.com/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

Thank you!

spidernik84 (alexander-rilik) wrote :
spidernik84 (alexander-rilik) wrote :
spidernik84 (alexander-rilik) wrote :

Some new details:
the problem is triggered by the modification of ldap.conf file. Changing other files (namely krb5.conf and pam.d files) does not trigger the problem.
The phenomenon disappears when reverting back to the original files, but all of them (changing back the ldap.conf file is not enough to fix the problem).

This is driving me insane!

description: updated
description: updated
spidernik84 (alexander-rilik) wrote :

Another update:
It seems that polkit-agent has some problems related to DBus. I placed an autostart script in gnome, designed to fire up polkit-agent manually about 70 seconds after login. The agent starts just fine.

The first startup shows these errors in xsession-error:

** (polkit-gnome-authentication-agent-1:2167): WARNING **: Error connecting to bus: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

process 2167: arguments to dbus_connection_get_data() were incorrect, assertion "connection != NULL" failed in file dbus-connection.c line 5797.
This is normally a bug in some application using the D-Bus library.
process 2167: arguments to dbus_connection_set_data() were incorrect, assertion "connection != NULL" failed in file dbus-connection.c line 5761.
This is normally a bug in some application using the D-Bus library.

** ERROR **: Not enough memory to set up DBusConnection for use with GLib
aborting...

description: updated
spidernik84 (alexander-rilik) wrote :

New update:

The problem was more complex and the agent was just a "victim" of something bigger.
Basically, DBUS was not starting properly.
Dbus starts at boot and queries LDAP. Since NSCD is not started yet, dbus has problems.
Ubuntu 10.04 is using upstart for many services, including DBUS. Nscd is still relying on symlinks, so the startup order can't be modified easily.

The problem has been solved with a modification of the dbus upstart script and creating a custom Nscd upstart script, to make dbus depend on nscd. Briefly, something of this kind:

upstart dbus.conf:

"start on started nscd"

upstart nscd.conf

"description "name service cache daemon"

start on local-filesystems
stop on runlevel [06]

#expect fork
pre-start script
    mkdir -p /var/run/nscd
end script

exec /usr/sbin/nscd -f /etc/nscd.conf"

You can close this bug, then, because it's definitely not a polkit-agent issue :)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers