PolicyKit: Branch 'master'

[David Zeuthen]

 polkit-grant/polkit-grant-helper-pam.c |    2 ++
 1 files changed, 2 insertions(+)

New commits:
diff-tree 1ac3268b7a787d2a9ae641355b80b7f3131bea71 (from 368397f96a472bfedd596c8890586cc4fd9a0428)
Author: David Zeuthen <davidz at redhat.com>
Date:   Mon Jul 30 19:08:58 2007 -0400

    remove the isatty() call so it's easier to audit the helper
    
    The isatty() check is just to catch users poking around; it provides little or no real security. With this change, you can do stuff like
    
    $ /usr/libexec/polkit-grant-helper-pam
    davidz
    PAM_PROMPT_ECHO_OFF Password:
    <enter real password here>
    SUCCESS
    
    $ /usr/libexec/polkit-grant-helper-pam
    davidz
    PAM_PROMPT_ECHO_OFF Password:
    not_my_password
    polkit-grant-helper-pam: pam_authenticated failed: Authentication failure
    FAILURE
    
    which is useful for auditing.

diff --git a/polkit-grant/polkit-grant-helper-pam.c b/polkit-grant/polkit-grant-helper-pam.c
index 184960f..16d53cb 100644
--- a/polkit-grant/polkit-grant-helper-pam.c
+++ b/polkit-grant/polkit-grant-helper-pam.c
@@ -71,12 +71,14 @@ main (int argc, char *argv[])
                 goto error;
         }
 
+#if 0
         /* check we're running with a non-tty stdin */
         if (isatty (STDIN_FILENO) != 0) {
                 syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
                 fprintf (stderr, "polkit-grant-helper-pam: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
                 goto error;
         }
+#endif
 
         /* get user to auth */
         if (fgets (user_to_auth, sizeof user_to_auth, stdin) == NULL)