PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Fri Aug 20 07:51:52 PDT 2010 

 docs/man/pkexec.xml   |   12 ++++++++++++
 src/programs/pkexec.c |   11 +++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

New commits:
commit f071d4561dfe8dd9cfd4e29fddec7bc82fd658aa
Author: David Zeuthen <davidz at redhat.com>
Date:   Fri Aug 20 10:50:34 2010 -0400

    pkexec: add --disable-internal-agent option
    
    Signed-off-by: David Zeuthen <davidz at redhat.com>

diff --git a/docs/man/pkexec.xml b/docs/man/pkexec.xml
index 0847c2e..10f3d78 100644
--- a/docs/man/pkexec.xml
+++ b/docs/man/pkexec.xml
@@ -25,6 +25,7 @@
     <cmdsynopsis>
       <command>pkexec</command>
       <arg><option>--version</option></arg>
+      <arg><option>--disable-internal-agent</option></arg>
       <arg><option>--help</option></arg>
     </cmdsynopsis>
 
@@ -64,6 +65,17 @@
     </para>
   </refsect1>
 
+  <refsect1 id="pkexec-auth-agent"><title>AUTHENTICATION AGENT</title>
+    <para>
+      <command>pkexec</command>, like any other PolicyKit application,
+      will use the authentication agent registered for the calling
+      process. However, if no authentication agent is available, then
+      <command>pkexec</command> will register its own textual
+      authentication agent. This behavior can be turned off by passing
+      the <option>--disable-internal-agent</option> is passed.
+    </para>
+  </refsect1>
+
   <refsect1 id="pkexec-security-notes"><title>SECURITY NOTES</title>
     <para>
       Executing a program as another user is a privileged
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index f4480ff..fbd700d 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -68,6 +68,7 @@ usage (int argc, char *argv[])
 {
   g_printerr ("pkexec --version |\n"
               "       --help |\n"
+              "       --disable-internal-agent |\n"
               "       [--user username] PROGRAM [ARGUMENTS...]\n"
               "\n"
               "See the pkexec manual page for more details.\n");
@@ -374,6 +375,7 @@ main (int argc, char *argv[])
   gint rc;
   gboolean opt_show_help;
   gboolean opt_show_version;
+  gboolean opt_disable_internal_agent;
   PolkitAuthority *authority;
   PolkitAuthorizationResult *result;
   PolkitSubject *subject;
@@ -460,6 +462,7 @@ main (int argc, char *argv[])
    */
   opt_show_help = FALSE;
   opt_show_version = FALSE;
+  opt_disable_internal_agent = FALSE;
   for (n = 1; n < (guint) argc; n++)
     {
       if (strcmp (argv[n], "--help") == 0)
@@ -481,6 +484,10 @@ main (int argc, char *argv[])
 
           opt_user = g_strdup (argv[n]);
         }
+      else if (strcmp (argv[n], "--disable-internal-agent") == 0)
+        {
+          opt_disable_internal_agent = TRUE;
+        }
       else
         {
           break;
@@ -670,7 +677,7 @@ main (int argc, char *argv[])
     }
   else if (polkit_authorization_result_get_is_challenge (result))
     {
-      if (local_agent_handle == NULL)
+      if (local_agent_handle == NULL && !opt_disable_internal_agent)
         {
           PolkitAgentListener *listener;
           error = NULL;
@@ -701,7 +708,7 @@ main (int argc, char *argv[])
         }
       else
         {
-          g_printerr ("Error executing command as another user.\n");
+          g_printerr ("Error executing command as another user: No authentication agent found.\n");
           goto out;
         }
     }

More information about the hal-commit mailing list