Re: [Libvir] PATCH: Don't request polkit auth if client is root
On Thu, Apr 03, 2008 at 09:31:05PM +0100, Daniel P. Berrange wrote:
This patch makes two adjustments to the way policy kit authentication
is
done.
- Currently the server unconditionally ask the client to do policykit
authentication. This is unnecessary if the remote client is running
as root, which we can check via UNIX socket credentials. Unconditionally
asking plays havoc with SSH tunneling, so this patch makes it check the
socket credentials ¬ ask for auth if the client is UID==0
- The virsh client will unconditionally call polkit-auth to request
credentials. This is also unneccessary if the client is running as
root, so this patch makes it skip that step as root.
The patch is bigger than it seems because removing an if() conditional
made a huge chunk be re-indented.
[...]
Index: qemud/internal.h
+#if HAVE_POLKIT
+int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid);
+#endif
okay, that routine is made public internally and moved from remote.c to
qemud.c , not new code.
static int qemudDispatchServer(struct qemud_server *server, struct
qemud_socket *sock) {
I must admit I have a hard time to follow the code semantic change, the
reindenting doesn't help, it's true.
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/