[Pcsclite-muscle] [PATCH] pcsc-lite & polkit: allow auth_admin
Ludovic Rousseau
ludovic.rousseau
Fri Dec 5 00:19:42 PST 2014
Nikos,
Any comment on that?
What would you prefer?
As the original author of the auth.c source code file you may have the
last word.
I do not want to be in the middle of a RedHat vs. SUSE battle for
Policy Kit issues :-)
Bye
2014-12-04 21:07 GMT+01:00 Stanislav Brabec <sbrabec at suse.cz>:
> On Dec 4, 2014 at 16:07 Ludovic Rousseau wrote:
>
>> IsClientAuthorized() is called only from ContextThread(). This code is
>> running in a thread dedicated to the PC/SC client (in fact dedicated
>> to a SCardEstablishContext context). So blocking this thread should
>> not affect the other pcscd tasks.
>>
>> Do you think the change proposed by Stanislav is still a problem?
>>
> Well, We can keep the patch and change defaults. Then the default
> configuration can never cause delays, but users of ssh remote sessions
> and so will still be able to authorize after admin's conscious changes
> of configuration.
>
> This configuration will behave exactly equally as the previous one
> without previous patch.
>
> Index: pcsc-lite-1.8.13/doc/org.debian.pcsc-lite.policy
> ===================================================================
> --- pcsc-lite-1.8.13.orig/doc/org.debian.pcsc-lite.policy
> +++ pcsc-lite-1.8.13/doc/org.debian.pcsc-lite.policy
> @@ -9,20 +9,20 @@
>
> <action id="org.debian.pcsc-lite.access_pcsc">
> <description>Access to the PC/SC daemon</description>
> - <message>Authentication is required to access the PC/SC daemon</message>
> + <message>Authentication is required to access the PC/SC daemon. Warning: Use of "auth_admin" can cause processing delays!</message>
> <defaults>
> - <allow_any>auth_admin</allow_any>
> - <allow_inactive>auth_admin</allow_inactive>
> + <allow_any>no</allow_any>
> + <allow_inactive>no</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> <action id="org.debian.pcsc-lite.access_card">
> <description>Access to the smart card</description>
> - <message>Authentication is required to access the smart card</message>
> + <message>Authentication is required to access the PC/SC daemon. Warning: Use of "auth_admin" can cause processing delays!</message>
> <defaults>
> - <allow_any>auth_admin</allow_any>
> - <allow_inactive>auth_admin</allow_inactive>
> + <allow_any>no</allow_any>
> + <allow_inactive>no</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> --
> Best Regards / S pozdravem,
>
> Stanislav Brabec
> software developer
> ---------------------------------------------------------------------
> SUSE LINUX, s. r. o. e-mail: sbrabec at suse.cz
> Lihovarsk? 1060/12 tel: +49 911 7405384547
> 190 00 Praha 9 fax: +420 284 084 001
> Czech Republic http://www.suse.cz/
> PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
>
> _______________________________________________
> Pcsclite-muscle mailing list
> Pcsclite-muscle at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
--
Dr. Ludovic Rousseau
More information about the pcsclite-muscle
mailing list