From 963692acad3cd4e6e431162d203c61f369b14620 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 11 Jul 2012 12:58:06 -0400 Subject: [PATCH] pkexec: add support for argv1 annotation and mention shebang-wrappers Signed-off-by: David Zeuthen --- docs/man/pkexec.xml | 41 ++++++++++++++++++++++++++++++++++++++++- src/programs/pkexec.c | 16 +++++++++++++++- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/docs/man/pkexec.xml b/docs/man/pkexec.xml index a8868b2..fffcea4 100644 --- a/docs/man/pkexec.xml +++ b/docs/man/pkexec.xml @@ -134,7 +134,9 @@ annotation on an action with the value set to the full path of the program. In addition to specifying the program, the authentication message, description, icon and defaults can be - specified. + specified. If the org.freedesktop.policykit.exec.argv1 + annotation is present, the action will only be picked if the + first argument to the program matches the value of the annotation. Note that authentication messages may reference variables (see @@ -144,6 +146,43 @@ + WRAPPER USAGE + + To avoid modifying existing software to prefix their + command-line invocations with pkexec, + it's possible to use pkexec in a + she-bang wrapper + like this: + + + + If this script is installed into /usr/bin/my-pk-test, + then the following annotations + + /usr/bin/python + /usr/bin/my-pk-test + [...] +]]> + + can be used to select the appropriate polkit action. Be careful + to get the latter annotation right, otherwise it will match any + pkexec invocation of + /usr/bin/python scripts. + + + VARIABLES The following variables are set by diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index d87825c..840eb3c 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -230,6 +230,7 @@ fdwalk (FdCallback callback, static gchar * find_action_for_path (PolkitAuthority *authority, const gchar *path, + const gchar *argv1, gboolean *allow_gui) { GList *l; @@ -255,6 +256,7 @@ find_action_for_path (PolkitAuthority *authority, for (l = actions; l != NULL; l = l->next) { PolkitActionDescription *action_desc = POLKIT_ACTION_DESCRIPTION (l->data); + const gchar *argv1_for_action; const gchar *path_for_action; const gchar *allow_gui_annotation; @@ -262,8 +264,17 @@ find_action_for_path (PolkitAuthority *authority, if (path_for_action == NULL) continue; + argv1_for_action = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.exec.argv1"); + if (g_strcmp0 (path_for_action, path) == 0) { + /* check against org.freedesktop.policykit.exec.argv1 but only if set */ + if (argv1_for_action != NULL) + { + if (g_strcmp0 (argv1, argv1_for_action) != 0) + continue; + } + action_id = g_strdup (polkit_action_description_get_action_id (action_desc)); allow_gui_annotation = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.exec.allow_gui"); @@ -664,7 +675,10 @@ main (int argc, char *argv[]) goto out; } - action_id = find_action_for_path (authority, path, &allow_gui); + action_id = find_action_for_path (authority, + path, + exec_argv[1], + &allow_gui); g_assert (action_id != NULL); details = polkit_details_new (); -- 2.34.1