Current implementation of polkit support disallows auth by challenge/response, effectively turning "auth_admin" present in the default policy to "no".

Attached patch makes possible to use polkit challenge/response agent to be authorized.

It makes possible to use pcscd in a remote session (providing admin password to the agent).

Possible problem: If the authorization agent is present and active, polkit_authority_check_authorization_sync() could take a long time (the time of users' response). If the next request comes in the same time, it is postponed until the previous one is handled. (Actions done by root are not postponed.)

Index: pcsc-lite-1.8.13/src/auth.c
===================================================================
--- pcsc-lite-1.8.13.orig/src/auth.c
+++ pcsc-lite-1.8.13/src/auth.c
@@ -108,7 +108,7 @@ unsigned IsClientAuthorized(int socket,

        result = polkit_authority_check_authorization_sync(authority, subject,
                action_name, details,
-               POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+               POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
                NULL,
                &error);


--
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                          e-mail: [email protected]
Lihovarská 1060/12                            tel: +49 911 7405384547
190 00 Praha 9                                 fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

_______________________________________________
Pcsclite-muscle mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle

Reply via email to