Bug 15124 - Password is required for mga-update, but no indication on which user
Summary: Password is required for mga-update, but no indication on which user
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2015-01-24 08:35 CET by papoteur
Modified: 2020-09-02 10:02 CEST (History)
6 users (show)

See Also:
Source RPM: polkit-kde-agent-1-5.15.4-1.mga7.src.rpm
Status comment:

Add indication of user as password owner for polkit agent (889 bytes, patch)
2015-10-05 10:08 CEST, papoteur
Details | Diff
Patch AuthDialog.cpp for Kde Polkit agent (1.02 KB, patch)
2020-07-19 17:00 CEST, Nicolas Nicolas
Details | Diff

Description papoteur 2015-01-24 08:35:20 CET
Description of problem:

A window ask for a password to apply updates, but there is no indication that it should be the user password, not the root's one.

How reproducible:
Click on the red icon with "!".

Mageia 4, 64 bits, KDE


Steps to Reproduce:
Comment 1 Angelo Naselli 2015-01-24 14:37:41 CET
I seem to recall something different is written when root password is asked.
Anyway this is an upstream implementation of KDE polkit agent.

CC: (none) => anaselli

Comment 2 papoteur 2015-01-24 15:51:41 CET
Yes, when the password should the root's one, the question is explicit.
But in this case, the password to provide is the user's one.
Perhaps a translation issue? 
I refer to the French language.
Comment 3 Olivier Delaune 2015-02-04 22:42:25 CET
The "problem" is in polkit; it is not a translation problem. The original string is "An application is attempting to perform an action that requires privileges. 
Authentication is required to perform this action."

A French translator propose to use workaround to make clearer the French translation but the "issue" should be the same in all languages.
So, the request should be done upstream on https://bugs.kde.org
Papoteur, if you want to open a bug report there, please do it :D

CC: (none) => olivier.delaune

Comment 4 papoteur 2015-02-07 18:50:17 CET
The bug is already reported since 2011 :(
I have no KDE account. Someone to reactivate it ?
Comment 5 Angelo Naselli 2015-02-07 20:01:08 CET
Comment 6 Samuel Verschelde 2015-09-21 13:19:27 CEST
Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan to 
fix it in a currently maintained version, simply change the 'version' to a later 
Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't 
able to fix it before Mageia 4's end of life. If you are able to reproduce it 
against a later version of Mageia, you are encouraged to click on "Version" and 
change it against that version of Mageia. If it's valid in several versions, 
select the highest and add MGAxTOO in whiteboard for each other valid release.
Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO.

Although we aim to fix as many bugs as possible during every release's lifetime, 
sometimes those efforts are overtaken by events. Often a more recent Mageia 
release includes newer upstream software that fixes bugs or makes them obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/
Comment 7 papoteur 2015-09-21 23:00:55 CEST
Nothing new in KDE report.

Whiteboard: (none) => MGA5TOO

Comment 8 Florian Hubold 2015-10-04 17:37:45 CEST
IMHO this is not really a Mageia issue, but an upstream issue as the presentation will be different for each polkit agent that we package currently. But I totally agree, those authorisation dialogs are horrible, and most times they don't even explain if they want the user or root password, might might be a security issue to others (think phishing for root password).

Would be a good idea if someone could provide some GOOD examples of polkit dialogs asking for authorisation (making clear, which program is asking which permission to runs as what user, and hence which password should be provided) and then we can discuss how to fix this. Maybe we need to drop some polkit agents or prefer some that do a better job at this then others. 

Also the details section on those dialogs should not hide essential information, like which user is affected and what program asks for authorisation.

Some good examples:

Some not-so-good examples IMHO:

Most can be found at https://commons.wikimedia.org/wiki/Category:Polkit

FWIW, e.g. if you run "drakconf" the KDE polkit agent dialog that will be displayed shows up all that information, that Mageia Control Center will be run, and that it needs the root password for that.

Whiteboard: MGA5TOO => (none)
Version: 4 => 5
CC: (none) => doktor5000

Comment 9 papoteur 2015-10-05 10:07:13 CEST
I don't think that problem is upstream.
For mgaupdate, the message comes from our repository, for what I understand:
Thus, we have just to change the sentence here:
    <_description>Run Mageia Updater</_description>
    <_message>Authentication is required to run Mageia Updater</_message>
    <_description>Run Mageia Updater</_description>
    <_message>Authentication as user is required to run Mageia Updater</_message>

I will commit this change on git.
There is a need to update translations too.
Comment 10 papoteur 2015-10-05 10:08:56 CEST
Created attachment 7091 [details]
Add indication of user as password owner for polkit agent
Rémi Verschelde 2015-10-05 10:43:10 CEST

Whiteboard: (none) => MGA5TOO
Source RPM: (none) => mgaonline
Version: 5 => Cauldron

Comment 11 Samuel Verschelde 2015-10-05 12:39:38 CEST
What if it's configured to require root user? Will the message be different?
Comment 12 papoteur 2015-10-05 13:22:14 CEST
(In reply to Samuel VERSCHELDE from comment #11)
> What if it's configured to require root user? Will the message be different?

Where can it be configured to ask for root's password?
I found anything in msec.
Comment 13 Florian Hubold 2015-10-05 13:25:49 CEST
(In reply to papoteur from comment #12)
> Where can it be configured to ask for root's password?
> I found anything in msec.

In draksec: http://doc.mageia.org/mcc/5/en/content/draksec.html
Comment 14 papoteur 2015-10-05 13:45:19 CEST
Thanks Florian,
The window will be the same for each case :/
But I think it is better that the message is related to the default behaviour.
Furthermore, when the password is false, we get a new window which ask:
- for the root password in case of root privileges needed, explicitly,
- for the password in case of user privileges, with any other information.
Marja Van Waes 2016-10-15 23:46:29 CEST

CC: (none) => marja11
Assignee: bugsquad => mageiatools

Comment 15 Nicolas Nicolas 2020-07-19 16:58:55 CEST

Maybe the following patch might display the requested username from the kde polkit agent.

source used for the creating the AuthDialog.cpp patch 

CC: (none) => joe_c_moi

Comment 16 Nicolas Nicolas 2020-07-19 17:00:54 CEST
Created attachment 11752 [details]
Patch AuthDialog.cpp for Kde Polkit agent
Nicolas Nicolas 2020-07-19 17:02:49 CEST

CC: joe_c_moi => (none)

papoteur 2020-08-18 13:28:01 CEST

Whiteboard: MGA5TOO => MGA7TOO

Comment 17 David GEIGER 2020-09-01 10:38:56 CEST
Should be fixed with upcoming polkit-kde-agent-1-5.19.4-2.mga8 for Cauldron and upcoming polkit-kde-agent-1-5.15.4-1.1.mga7 for mga7 in Core/Updates_testing repo!

Please test both if possible, thanks in advance.

CC: (none) => geiger.david68210

Comment 18 David Walser 2020-09-01 15:49:27 CEST
SRPM: polkit-kde-agent-1-5.15.4-1.1.mga7


The polkit-kde-agent packaged has been patched to have it show which user's
password (the logged in user, or root) that it is asking for when PolicyKit
is being used to allow the user to perform a privileged action.

Assignee: mageiatools => qa-bugs
Source RPM: mgaonline => polkit-kde-agent-1-5.15.4-1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 19 David Walser 2020-09-01 21:24:55 CEST
Ran MageiaUpdate, polkit dialog popped up asking for a password but didn't say whose.  Installed this update candidate, logged out and back in (to restart polkit agent), ran MageiaUpdate, and now it asked for "Password for david:" which is the intended result.  Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK

Aurelien Oudelet 2020-09-01 21:52:05 CEST

Keywords: (none) => advisory

Comment 20 David GEIGER 2020-09-01 22:20:38 CEST
List of packages:

Packages in 7/core/updates_testing:

Source RPM: 
Comment 21 Mageia Robot 2020-09-02 10:02:32 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.