Bug 544534

Summary: Parallel authorization calls fail as not authorized + challenge
Product: [Fedora] Fedora Reporter: Dan Williams <dcbw>
Component: polkitAssignee: David Zeuthen <davidz>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: davidz, mclasen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-07 07:20:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Williams 2009-12-05 09:15:23 UTC 
Steps to reproduce the issue:

pkcheck --action-id org.freedesktop.network-manager-settings.system.modify --process 1863 --allow-user-interaction

(use some pid of your process there instead of 1863) and instead of typing in the password, run that command again in another terminal.

Actual result: second pkcheck command fails with "not authorized"

Expected result: second pkcheck command blocks until the authorization from the first pkcheck command completes, then returns the same result as the first command


Basically, if there's an authorization request already in progress for a specific privilege, it's pretty inconvenient for subsequent requests for that same privilege to actually return before the authorization is done and before the first auth request completes.  That means the client application has to serialize all authorization calls for the same privilege internally.  Which is icky; I guess I had expected polkit to do that for me...

Is having polkit internally serialize the auth requests an acceptable proposal for polkit behavior?  Makes it a lot easier on the app writers.
Comment 1 Dan Williams 2009-12-07 07:20:13 UTC 

*** This bug has been marked as a duplicate of bug 526053 ***