:: Re: [DNG] polkit - which one?
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
To: dng
Subject: Re: [DNG] polkit - which one?
Le 28/06/2016 12:24, emninger@??? a écrit :
> Am Mon, 27 Jun 2016 12:00:02 +0000
> schrieb dng-request@???:
>>       Thanks for pointing me to udevil (I've already read about it on
>> this list, but never looked at it before). Looks pretty simple. I'm
>> considering writing a script which would invoke udevil for
>> mount/umount and do the same as sudox for other cases. The idea is to
>> put that script in /usr/bin/local and a link to it in /usr/bin, named
>> pkexec. I hope to be able to remove policykit with that.
> Let me (let us) know your solution!!! I'd be highly willed to applicate
> it. May, when & if you finish it, you could do a little how-to?


     I've already written a little C program which has the same calling 
syntax as pkexec and will invoke udevil if the command is mount or 
umount, and sudo -A otherwise. I have added this -A because, in general, 
one needs some dialog window for sudo to read the password. Not tested 
yet. Still developping on Debian-wheezy, which hasn't udevil or spacefm 

     It should be enough to put it in /user/local/bin/pkexec to bypass 
the 'official' pkexec before removing it completely :-) By chance many 
authors rather invoke pkexec than link to polkit library.

     I'll eventually try to understand what the sudox script is doing 
and reproduce it in my C program - I'm a very bad scripter.


/* This program has the same calling syntax as pkexec, Policykit's command-line
   interface, but it doesn't resort to Policykit to obtain priviledges.
   If the invoked command is mount or umount, udevil is invoked to obtain
   the permission and --user option is ignored , otherwise sudo is used.
   Beware, sudo is invoked with option -A, to  make it possible to call a
   helper program to enter the password. This requires that the helper program
   is defined, either through the variable SUDO_ASKPASS, or through a line in
   /etc/sudoers.                                                             */

#include <stdio.h>
#include <libgen.h>

#ifdef DRYTEST
static int execvp(const char *cmd, char * const *arg)
  int i;
  printf("cmd=%s\nArguments: %s\n", cmd, arg[0]);
  for(i=1; arg[i]; i++) printf("           %s\n", arg[i]);
  return 0;
# include <unistd.h>

int main(int argc, char **argv)
int argoff; /* argoff = 3 if option --user is given, else argoff = 1 */
int rc;
FILE *pfout;

  /*------------------ decode arguments ------------------*/
  if( argc<2 ) goto error;
  if( !strcmp("--version", argv[1]) )
      printf("%s version 0.105\n", basename(argv[0]));
      return 0;
  else if( !strcmp("--help", argv[1]) ) goto help;

  else if( !strcmp("--user", argv[1]) )
      if(argc<4) goto error;
  else argoff=1;

if( *argv[argoff] == '-' ) goto error;

  /*---------------- Invoke udevil for mount/umount ---------------*/
  /* ignore the --user option */
  if( !strcmp("mount", argv[argoff]) || !strcmp("umount", argv[argoff]) )
      char * myargv[argc-argoff+2];
      int i, j;

      myargv[0] = "udevil";
      for( i=1, j=argoff; j<argc; i++, j++) myargv[i] = argv[j];
      myargv[argc-argoff+1] = NULL;

      execvp(myargv[0], myargv);
      fprintf(stderr, "Error in %s: ", basename(argv[0]));
  /*-------------- else invoke sudo -A -- why not sudox? -------------*/
  /* substitute "sudo -A" to "pkexec" and "-u" to "--user" */
      char *myargv[argc+2];
      int i;

      myargv[0] = "sudo";
      myargv[1] = "-A";
    if(argoff == 3)
      myargv[2] = "-u";
      myargv[3] = argv[2];
    for(i=argoff; i<argc; i++) myargv[i+1] = argv[i];
      myargv[argc+1] = NULL;

      execvp(myargv[0], myargv);
      fprintf(stderr, "Error in %s: ", basename(argv[0]));

/*--------------------------- Done. --------------------------------*/
/* we can only arrive here by error of execvp() */
return 1;

/*------------------------- exceptions -----------------------------*/
rc = 0;
pfout = stdout;
goto syntax;

rc =1;
pfout = stderr;
goto syntax;

  fprintf(pfout, "%s --version\n", basename(argv[0]));
  fputs("       --help\n", pfout);
  fputs("       [--user username] PROGRAM [ARGUMENTS...]\n", pfout);
  fputs("This program fakes Policykit's command pkexec. It completely\n"
    "bypasses Policykit and invokes udevil for mount/umount and sudo\n"
    "for other commands. sudo is invoked with the -A option, which\n"
    "implies an authentication dialog is specified either through the\n"
    "variable SUDO_ASKPASS, or by a line in /etc/sudoers.\n", pfout);
  return rc;