[Pcsclite-muscle] [PATCH] pcsc-lite & polkit: allow auth_admin
Stanislav Brabec
sbrabec at suse.cz
Wed Dec 3 21:49:39 UTC 2014
Current implementation of polkit support disallows auth by
challenge/response, effectively turning "auth_admin" present in the
default policy to "no".
Attached patch makes possible to use polkit challenge/response agent to
be authorized.
It makes possible to use pcscd in a remote session (providing admin
password to the agent).
Possible problem: If the authorization agent is present and active,
polkit_authority_check_authorization_sync() could take a long time (the
time of users' response). If the next request comes in the same time, it
is postponed until the previous one is handled. (Actions done by root
are not postponed.)
Index: pcsc-lite-1.8.13/src/auth.c
===================================================================
--- pcsc-lite-1.8.13.orig/src/auth.c
+++ pcsc-lite-1.8.13/src/auth.c
@@ -108,7 +108,7 @@ unsigned IsClientAuthorized(int socket,
result = polkit_authority_check_authorization_sync(authority, subject,
action_name, details,
- POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
NULL,
&error);
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec at suse.cz
Lihovarská 1060/12 tel: +49 911 7405384547
190 00 Praha 9 fax: +420 284 084 001
Czech Republic http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
More information about the Pcsclite-muscle
mailing list