PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Fri Aug 20 07:51:52 PDT 2010
docs/man/pkexec.xml | 12 ++++++++++++
src/programs/pkexec.c | 11 +++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
New commits:
commit f071d4561dfe8dd9cfd4e29fddec7bc82fd658aa
Author: David Zeuthen <davidz at redhat.com>
Date: Fri Aug 20 10:50:34 2010 -0400
pkexec: add --disable-internal-agent option
Signed-off-by: David Zeuthen <davidz at redhat.com>
diff --git a/docs/man/pkexec.xml b/docs/man/pkexec.xml
index 0847c2e..10f3d78 100644
--- a/docs/man/pkexec.xml
+++ b/docs/man/pkexec.xml
@@ -25,6 +25,7 @@
<cmdsynopsis>
<command>pkexec</command>
<arg><option>--version</option></arg>
+ <arg><option>--disable-internal-agent</option></arg>
<arg><option>--help</option></arg>
</cmdsynopsis>
@@ -64,6 +65,17 @@
</para>
</refsect1>
+ <refsect1 id="pkexec-auth-agent"><title>AUTHENTICATION AGENT</title>
+ <para>
+ <command>pkexec</command>, like any other PolicyKit application,
+ will use the authentication agent registered for the calling
+ process. However, if no authentication agent is available, then
+ <command>pkexec</command> will register its own textual
+ authentication agent. This behavior can be turned off by passing
+ the <option>--disable-internal-agent</option> is passed.
+ </para>
+ </refsect1>
+
<refsect1 id="pkexec-security-notes"><title>SECURITY NOTES</title>
<para>
Executing a program as another user is a privileged
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index f4480ff..fbd700d 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -68,6 +68,7 @@ usage (int argc, char *argv[])
{
g_printerr ("pkexec --version |\n"
" --help |\n"
+ " --disable-internal-agent |\n"
" [--user username] PROGRAM [ARGUMENTS...]\n"
"\n"
"See the pkexec manual page for more details.\n");
@@ -374,6 +375,7 @@ main (int argc, char *argv[])
gint rc;
gboolean opt_show_help;
gboolean opt_show_version;
+ gboolean opt_disable_internal_agent;
PolkitAuthority *authority;
PolkitAuthorizationResult *result;
PolkitSubject *subject;
@@ -460,6 +462,7 @@ main (int argc, char *argv[])
*/
opt_show_help = FALSE;
opt_show_version = FALSE;
+ opt_disable_internal_agent = FALSE;
for (n = 1; n < (guint) argc; n++)
{
if (strcmp (argv[n], "--help") == 0)
@@ -481,6 +484,10 @@ main (int argc, char *argv[])
opt_user = g_strdup (argv[n]);
}
+ else if (strcmp (argv[n], "--disable-internal-agent") == 0)
+ {
+ opt_disable_internal_agent = TRUE;
+ }
else
{
break;
@@ -670,7 +677,7 @@ main (int argc, char *argv[])
}
else if (polkit_authorization_result_get_is_challenge (result))
{
- if (local_agent_handle == NULL)
+ if (local_agent_handle == NULL && !opt_disable_internal_agent)
{
PolkitAgentListener *listener;
error = NULL;
@@ -701,7 +708,7 @@ main (int argc, char *argv[])
}
else
{
- g_printerr ("Error executing command as another user.\n");
+ g_printerr ("Error executing command as another user: No authentication agent found.\n");
goto out;
}
}
More information about the hal-commit
mailing list