Bug 12017 - draknetcenter asks for a password
Summary: draknetcenter asks for a password
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Colin Guthrie
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-16 15:18 CET by David Walser
Modified: 2013-12-26 21:10 CET (History)
2 users (show)

See Also:
Source RPM: drakx-net-2.4-1.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-12-16 15:18:06 CET 
The net_applet icon in the system tray allows you to click on it to launch draknetcenter.  This does not work correctly in Cauldron.

In IceWM, nothing happens.  I believe this is related to Bug 12015, as well as the next issue...
In KDE, it asks for a password, which it should not do.

Reproducible: 

Steps to Reproduce:
David Walser 2013-12-16 15:18:17 CET

CC: (none) => mageia, thierry.vignaud

Comment 1 Thierry Vignaud 2013-12-16 16:40:18 CET 
It works in GNOME.

Assignee: mageia => mageia

Comment 2 Colin Guthrie 2013-12-16 16:53:23 CET 
Does your IceWM session run a polkit agent?

Usually "ps aux | grep polk" will return both polkitd and your agent, although e.g. GNOME and Cinnamon run agents internally in their shells so they don't show up externally.

I believe it's only partially related to bug 12015. It could be simply that IceWM is not running an agent or it could be both that IceWM is not running and agent *and* it's panel does a double fork.

The former I've just explained how to test for - to check if that's the problem, install mate-polkit and run: /usr/libexec/polkit-mate-authentication-agent-1 (as your normal user) If it gives you an error that the "name is already taken" then you are running an agent already. If not, does this make everything work?

If some bits now work but panel is still broken, then run also "journalctl --all -f" (as your user) from a terminal and reproduce the problem. If you get a message about pkexec refusing to render service to dead parents, it's the double forking problem which needs to be patched in the launcher code of whatever is launching it.

HTHs narrow down where the problem lies.
Comment 3 David Walser 2013-12-16 20:40:10 CET 
OK, running the polkit agent fixed the problem of it not doing anything in IceWM.  Now the only issue is it asking for a password, which draknetcenter shouldn't be doing.

Summary: Clicking net_applet icon to launch draknetcenter does not work correctly => draknetcenter asks for a password

Comment 4 Colin Guthrie 2013-12-17 10:16:50 CET 
Hmm, I thought I'd replicated the policy directly but I see that must have missed draknetcenter.

I'll fix it up, but IMO we should actually change all our shipped packages to NOT allow implicit authorisation. It's almost always wrong to do that. We should instead allow it only if e.g. the user is in the wheel group or similar. Some way to control things a little less bluntly. I know we have draksec but this is still IMO a security hole.

That said I won't fight it for the time being as I have plenty other stuff to do and less resistance is better for me!!
Comment 5 Mageia Robot 2013-12-17 10:18:53 CET 
commit 3288aa6689d1404dc4a3bcf1ca87d02546901d7c
Author: Colin Guthrie <colin@...>
Date:   Tue Dec 17 09:18:47 2013 +0000

    Do not request password for draknetcenter mga#12017
---
 Commit Link:
   http://gitweb.mageia.org/software/drakx-net/commit/?id=3288aa6689d1404dc4a3bcf1ca87d02546901d7c
Comment 6 Mageia Robot 2013-12-17 20:45:11 CET 
commit 3288aa6689d1404dc4a3bcf1ca87d02546901d7c
Author: Colin Guthrie <colin@...>
Date:   Tue Dec 17 09:18:47 2013 +0000

    Do not request password for draknetcenter mga#12017
---
 Commit Link:
   http://gitweb.mageia.org/software/drakx-net/commit/?id=3288aa6689d1404dc4a3bcf1ca87d02546901d7c
Comment 7 David Walser 2013-12-26 21:10:59 CET 
This is fixed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.