Commit fb84bb8b authored by David Zeuthen's avatar David Zeuthen
Browse files

downgrade to session scope when granting authorizations for blank passwords

See for details
parent 7f4df53f
......@@ -58,7 +58,6 @@
#undef PGH_DEBUG
/* #define PGH_DEBUG */
#define PGH_DEBUG
/* synopsis: polkit-grant-helper <pid> <action-name>
......@@ -528,6 +527,7 @@ main (int argc, char *argv[])
const char *invoking_user_name;
const char *action_name;
PolKitResult result;
PolKitResult orig_result;
const char *user_to_auth;
uid_t uid_of_user_to_auth;
char *session_objpath;
......@@ -773,13 +773,36 @@ main (int argc, char *argv[])
polkit_result_to_string_representation (result));
fflush (stdout);
orig_result = result;
if (!get_and_validate_override_details (&result)) {
/* if this fails it means bogus input from user */
ret = 2;
goto out;
if (empty_conversation && orig_result == result) {
/* If the conversation was empty it means the user probably never
* saw the an auth dialog.. specifically it means he never was able
* to change the scope of the from e.g. 'always' to 'session' or
* 'process'. In fact, it means he was never aware any authorization
* was granted.
* So to avoid surprises for people who do reckless things like play
* around with disabling passwords on their system, make an executive
* decision to downgrade the scope...
* See RH #401811 for details of one user that was caught by this.
#ifdef PGH_DEBUG
fprintf (stderr, "polkit-grant-helper: adding grant: action_id=%s session_id=%s pid=%d result='%s'\n",
action_name, session_objpath, caller_pid, polkit_result_to_string_representation (result));
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment