From 0b86d0436d428d7bf3f5365047adff33eacee35b Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Mon, 19 Nov 2007 00:27:56 -0500
Subject: [PATCH] require org.fd.pk.revoke to revoke auths for self if granted
 by someone else

---
 src/polkit-grant/polkit-revoke-helper.c | 44 +++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c
index e4853ee..6453f81 100644
--- a/src/polkit-grant/polkit-revoke-helper.c
+++ b/src/polkit-grant/polkit-revoke-helper.c
@@ -44,6 +44,7 @@
 #include <fcntl.h>
 
 #include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit-private.h>
 
 static int
 _write_to_fd (int fd, const char *str, ssize_t str_len)
@@ -81,9 +82,6 @@ main (int argc, char *argv[])
         struct group *group;
         uid_t invoking_uid;
         char *entry_to_remove;
-        int n;
-        int len;
-        char *p;
         char *scope;
         uid_t uid_to_revoke;
         char *endp;
@@ -97,6 +95,9 @@ main (int argc, char *argv[])
         char *target_value;
         struct passwd *pw;
         polkit_bool_t is_one_shot;
+        polkit_bool_t not_granted_by_self;
+        char **tokens;
+        size_t num_tokens;
 
         ret = 1;
 
@@ -150,21 +151,15 @@ main (int argc, char *argv[])
          * as we only need to parse the first two entries... we do it
          * right here
          */
-        p = entry_to_remove;
-        len = strlen (entry_to_remove);
-        for (n = 0; n < len; n++) {
-                if (p[n] == ':')
-                        goto found;
-        }
-        fprintf (stderr, "polkit-revoke-helper: entry_to_remove malformed\n");
-        goto out;
-found:
-        scope = strndup (entry_to_remove, n);
-        if (scope == NULL) {
-                fprintf (stderr, "polkit-revoke-helper: OOM\n");
+
+        tokens = kit_strsplit (entry_to_remove, ':', &num_tokens);
+        if (tokens == NULL || num_tokens < 2) {
+                fprintf (stderr, "polkit-revoke-helper: entry_to_remove malformed\n");
                 goto out;
         }
 
+        scope = tokens[0];
+
         if (strcmp (target_type, "uid") == 0) {
                 uid_to_revoke = strtol (target_value, &endp, 10);
                 if  (*endp != '\0') {
@@ -178,6 +173,8 @@ found:
 
         /* OK, we're done parsing ... */
 
+        not_granted_by_self = FALSE;
+
         is_one_shot = FALSE;
         if (strcmp (scope, "process") == 0) {
                 root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
@@ -189,7 +186,22 @@ found:
         } else if (strcmp (scope, "always") == 0) {
                 root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
         } else if (strcmp (scope, "grant") == 0) {
+                uid_t granted_by;
+
                 root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
+
+                if (num_tokens < 5)
+                        goto out;
+
+                granted_by = strtol (tokens[3], &endp, 10);
+                if  (*endp != '\0') {
+                        fprintf (stderr, "polkit-revoke-helper: cannot parse granted-by uid\n");
+                        goto out;
+                }
+
+                if (granted_by != invoking_uid)
+                        not_granted_by_self = TRUE;
+                
         } else {
                 fprintf (stderr, "polkit-revoke-helper: unknown scope '%s'\n", scope);
                 goto out;
@@ -197,7 +209,7 @@ found:
 
         if (invoking_uid != 0) {
                 /* Check that the caller is privileged to do this... */
-                if (invoking_uid != uid_to_revoke) {
+                if (not_granted_by_self || (invoking_uid != uid_to_revoke)) {
                         pid_t ppid;
                         
                         ppid = getppid ();
-- 
2.7.4