[Pkg-utopia-maintainers] Bug#1023393: policykit-1: Not prompted to authenticate with my own identity any more

Sam Morris sam at robots.org.uk
Thu Nov 3 11:51:52 GMT 2022 

Package: polkitd
Version: 122-1
Severity: important
X-Debbugs-Cc: sam at robots.org.uk

Since updating to 122, polkit authentication prompts ask me to
authenticate as "Administrator" (root?) rather than my own user.

Here's my configuration:

    # cat /etc/polkit-1/localauthority.conf.d/60-sam.conf 
    [Configuration]
    AdminIdentities=unix-user:sam.morris at domain.example.com

    # pkla-admin-identities 
    unix-user:sam.morris at domain.example.com

So it looks like polkitd-pkla still recognizes me as an administrator.

pkla-check-authorization however indicates that maybe my user is allowed
to connect/disconnect pre-existing network connections but is _not_
allowed to edit network connections. So maybe the problem is with
polkitd-pkla after all?

    # pkla-check-authorization sam.morris at domain.example.com true true org.freedesktop.NetworkManager.network-control
    yes

    # pkla-check-authorization sam.morris at domain.example.com true true org.freedesktop.NetworkManager.settings.modify.system; echo $?
    0

For the end to end test I'm running this command, which prompts me for
root's password rather than my own.

    $ pkcheck -a org.freedesktop.NetworkManager.settings.modify.system -u -p $$
    polkit\56dismissed=true
    polkit\56retains_authorization_after_challenge=true
    Authentication request was dismissed.

So based on that it's not clear to me whether the problem lies in
polkitd or polkitd-pkla...

Not sure whether the problem is with polkit itself or polkitd-pkla.
-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (570, 'stable-updates'), (570, 'stable-security'), (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.19.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default

Versions of packages policykit-1 depends on:
ii  pkexec   122-1
ii  polkitd  122-1

Versions of packages policykit-1 recommends:
ii  polkitd-pkla  122-1

policykit-1 suggests no packages.

Versions of packages polkitd depends on:
ii  adduser                         3.118
ii  dbus [default-dbus-system-bus]  1.12.24-0+deb11u1
ii  libc6                           2.35-4
ii  libduktape207                   2.7.0-1+b1
ii  libexpat1                       2.2.10-2+deb11u5
ii  libglib2.0-0                    2.74.1-1
ii  libpam-systemd [logind]         251.6-1
ii  libpam0g                        1.4.0-9+deb11u1
ii  libpolkit-agent-1-0             122-1
ii  libpolkit-gobject-1-0           122-1
ii  libsystemd0                     251.6-1
ii  systemd [systemd-sysusers]      251.6-1
ii  xml-core                        0.18+nmu1

Versions of packages polkitd suggests:
ii  polkitd-pkla  122-1

-- no debconf information

More information about the Pkg-utopia-maintainers mailing list