PolicyKit rules, and, when error handling bites you

PolicyKit, as I said before, is the authentication/authorization framework that will finally replace the gksu hack with a real solution. I am playing with some test code to be able to perhaps contribute with that goal. Everything was going forward pretty nicely in my tests when I hit a blocker. I spent like two hours trying to figure out the problem. Here’s the code:


sender = dbus_message_get_sender(message);
pk_caller = polkit_tracker_get_caller_from_dbus_name(pk_tracker,
sender,
&dbus_error);
if(dbus_error_is_set(&dbus_error))
{
g_error("Failed to get caller from dbus: %s: %s\n",
dbus_error.name, dbus_error.message);
return NULL;
}

When my mechanism goes to check if the caller is allowed to run the action, I first need to get the caller, of course. That code was always failing with this error message:


** ERROR **: Failed to get caller from dbus: org.freedesktop.DBus.GLib.UnmappedError.CkManagerError.Code0: Unable to lookup session information for process '25594'

It took me a long time, and a lot of code reading on PackageKit to realize the real simple problem with my code: I was assuming that the DBUS error would only be set if polkit_tracker_get_caller_from_dbus_name failed, which is just not the case. The DBUS error was set, but the function actually worked, most probably getting the information it needed from some other thing than ConsoleKit. So that brings us to something like this:


sender = dbus_message_get_sender(message);
pk_caller = polkit_tracker_get_caller_from_dbus_name(pk_tracker,
sender,
&dbus_error);
if(pk_caller == NULL)
{
if(dbus_error_is_set(&dbus_error))
{
g_error("Failed to get caller from dbus: %s: %s\n",
dbus_error.name, dbus_error.message);
return NULL;
}
}

And, voi lá!

Leave a Reply

Your email address will not be published. Required fields are marked *