PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Wed Jul 11 10:10:20 PDT 2012
docs/man/pkexec.xml | 41 ++++++++++++++++++++++++++++++++++++++++-
src/programs/pkexec.c | 16 +++++++++++++++-
2 files changed, 55 insertions(+), 2 deletions(-)
New commits:
commit 963692acad3cd4e6e431162d203c61f369b14620
Author: David Zeuthen <zeuthen at gmail.com>
Date: Wed Jul 11 12:58:06 2012 -0400
pkexec: add support for argv1 annotation and mention shebang-wrappers
Signed-off-by: David Zeuthen <zeuthen at gmail.com>
diff --git a/docs/man/pkexec.xml b/docs/man/pkexec.xml
index a8868b2..fffcea4 100644
--- a/docs/man/pkexec.xml
+++ b/docs/man/pkexec.xml
@@ -134,7 +134,9 @@
annotation on an action with the value set to the full path of
the program. In addition to specifying the program, the
authentication message, description, icon and defaults can be
- specified.
+ specified. If the <emphasis>org.freedesktop.policykit.exec.argv1</emphasis>
+ annotation is present, the action will only be picked if the
+ first argument to the program matches the value of the annotation.
</para>
<para>
Note that authentication messages may reference variables (see
@@ -144,6 +146,43 @@
</para>
</refsect1>
+ <refsect1 id="pkexec-wrapper"><title>WRAPPER USAGE</title>
+ <para>
+ To avoid modifying existing software to prefix their
+ command-line invocations with <command>pkexec</command>,
+ it's possible to use <command>pkexec</command> in a
+ <ulink url="http://en.wikipedia.org/wiki/Shebang_(Unix)">she-bang wrapper</ulink>
+ like this:
+ </para>
+ <programlisting><![CDATA[
+#!/usr/bin/pkexec /usr/bin/python
+
+import os
+import sys
+
+print "Hello, I'm running as uid %d"%(os.getuid())
+
+for n in range(len(sys.argv)):
+ print "arg[%d]=`%s'"%(n, sys.argv[n])
+]]></programlisting>
+ <para>
+ If this script is installed into <filename>/usr/bin/my-pk-test</filename>,
+ then the following annotations
+ </para>
+ <programlisting><![CDATA[
+ [...]
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/python</annotate>
+ <annotate key="org.freedesktop.policykit.exec.argv1">/usr/bin/my-pk-test</annotate>
+ [...]
+]]></programlisting>
+ <para>
+ can be used to select the appropriate polkit action. Be careful
+ to get the latter annotation right, otherwise it will match any
+ <command>pkexec</command> invocation of
+ <filename>/usr/bin/python</filename> scripts.
+ </para>
+ </refsect1>
+
<refsect1 id="pkexec-variables"><title>VARIABLES</title>
<para>
The following variables are set by
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index d87825c..840eb3c 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -230,6 +230,7 @@ fdwalk (FdCallback callback,
static gchar *
find_action_for_path (PolkitAuthority *authority,
const gchar *path,
+ const gchar *argv1,
gboolean *allow_gui)
{
GList *l;
@@ -255,6 +256,7 @@ find_action_for_path (PolkitAuthority *authority,
for (l = actions; l != NULL; l = l->next)
{
PolkitActionDescription *action_desc = POLKIT_ACTION_DESCRIPTION (l->data);
+ const gchar *argv1_for_action;
const gchar *path_for_action;
const gchar *allow_gui_annotation;
@@ -262,8 +264,17 @@ find_action_for_path (PolkitAuthority *authority,
if (path_for_action == NULL)
continue;
+ argv1_for_action = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.exec.argv1");
+
if (g_strcmp0 (path_for_action, path) == 0)
{
+ /* check against org.freedesktop.policykit.exec.argv1 but only if set */
+ if (argv1_for_action != NULL)
+ {
+ if (g_strcmp0 (argv1, argv1_for_action) != 0)
+ continue;
+ }
+
action_id = g_strdup (polkit_action_description_get_action_id (action_desc));
allow_gui_annotation = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.exec.allow_gui");
@@ -664,7 +675,10 @@ main (int argc, char *argv[])
goto out;
}
- action_id = find_action_for_path (authority, path, &allow_gui);
+ action_id = find_action_for_path (authority,
+ path,
+ exec_argv[1],
+ &allow_gui);
g_assert (action_id != NULL);
details = polkit_details_new ();
More information about the hal-commit
mailing list