[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] PATCH: Don't request polkit auth if client is root



On Thu, Apr 03, 2008 at 09:31:05PM +0100, Daniel P. Berrange wrote:
> This patch makes two adjustments to the way policy kit authentication is
> done. 
> 
>  - Currently the server unconditionally ask the client to do policykit
>    authentication. This is unnecessary if the remote client is running
>    as root, which we can check via UNIX socket credentials. Unconditionally
>    asking plays havoc with SSH tunneling, so this patch makes it check the
>    socket credentials &not ask for auth if the client is UID==0
> 
>  - The virsh client will unconditionally call polkit-auth to request
>    credentials. This is also unneccessary if the client is running as
>    root, so this patch makes it skip that step as root.
> 
> The patch is bigger than it seems because removing an if() conditional
> made a huge chunk be re-indented.

[...]

> Index: qemud/internal.h
> +#if HAVE_POLKIT
> +int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid);
> +#endif

  okay, that routine is made public internally and moved from remote.c to
qemud.c , not new code.

>  static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {

  I must admit I have a hard time to follow the code semantic change, the
reindenting doesn't help, it's true.

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]