2014-12-04 14:59 GMT+01:00 Nikos Mavrogiannopoulos <[email protected]>: > On Thu, 2014-12-04 at 11:19 +0100, Ludovic Rousseau wrote: >> 2014-12-04 9:36 GMT+01:00 Nikos Mavrogiannopoulos <[email protected]>: >> > ----- Original Message ----- >> > >> >> Possible problem: If the authorization agent is present and active, >> >> polkit_authority_check_authorization_sync() could take a long time (the >> >> time of users' response). If the next request comes in the same time, it >> >> is postponed until the previous one is handled. (Actions done by root >> >> are not postponed.) >> > >> > Indeed, and that is the reason it is disabled. I found that unacceptable >> > for >> > a server that can serve multiple requests. A client can always authenticate >> > as admin using su, and then use pcscd. >> >> Should I revert the patch? > > The drawback of that approach is that each accept()ed session will be blocked > until the password is entered and sent by the user. If the user goes for lunch > without entering a password that session will be blocked from processing any > other requests. I cannot predict how that would affect typical pcscd usage. > I think that it would be better for that change to be combined with using > polkit > asynchronously.
IsClientAuthorized() is called only from ContextThread(). This code is running in a thread dedicated to the PC/SC client (in fact dedicated to a SCardEstablishContext context). So blocking this thread should not affect the other pcscd tasks. Do you think the change proposed by Stanislav is still a problem? Bye -- Dr. Ludovic Rousseau _______________________________________________ Pcsclite-muscle mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
