:: Re: [DNG] polkit - which one?
Góra strony
Delete this message
Reply to this message
Autor: Didier Kryn
Data:  
Dla: dng
Temat: Re: [DNG] polkit - which one?
Le 28/06/2016 12:24, emninger@??? a écrit :
> Am Mon, 27 Jun 2016 12:00:02 +0000
> schrieb dng-request@???:
>
>>       Thanks for pointing me to udevil (I've already read about it on
>> this list, but never looked at it before). Looks pretty simple. I'm
>> considering writing a script which would invoke udevil for
>> mount/umount and do the same as sudox for other cases. The idea is to
>> put that script in /usr/bin/local and a link to it in /usr/bin, named
>> pkexec. I hope to be able to remove policykit with that.
> Let me (let us) know your solution!!! I'd be highly willed to applicate
> it. May, when & if you finish it, you could do a little how-to?

>


     I've already written a little C program which has the same calling 
syntax as pkexec and will invoke udevil if the command is mount or 
umount, and sudo -A otherwise. I have added this -A because, in general, 
one needs some dialog window for sudo to read the password. Not tested 
yet. Still developping on Debian-wheezy, which hasn't udevil or spacefm 
packages.


     It should be enough to put it in /user/local/bin/pkexec to bypass 
the 'official' pkexec before removing it completely :-) By chance many 
authors rather invoke pkexec than link to polkit library.


     I'll eventually try to understand what the sudox script is doing 
and reproduce it in my C program - I'm a very bad scripter.


     Didier


/* This program has the same calling syntax as pkexec, Policykit's command-line
   interface, but it doesn't resort to Policykit to obtain priviledges.
   If the invoked command is mount or umount, udevil is invoked to obtain
   the permission and --user option is ignored , otherwise sudo is used.
   Beware, sudo is invoked with option -A, to  make it possible to call a
   helper program to enter the password. This requires that the helper program
   is defined, either through the variable SUDO_ASKPASS, or through a line in
   /etc/sudoers.                                                             */


#include <stdio.h>
#include <libgen.h>

#ifdef DRYTEST
static int execvp(const char *cmd, char * const *arg)
{
  int i;
  printf("cmd=%s\nArguments: %s\n", cmd, arg[0]);
  for(i=1; arg[i]; i++) printf("           %s\n", arg[i]);
  return 0;
}
#else
# include <unistd.h>
#endif


int main(int argc, char **argv)
{
int argoff; /* argoff = 3 if option --user is given, else argoff = 1 */
int rc;
FILE *pfout;

  /*------------------ decode arguments ------------------*/
  if( argc<2 ) goto error;
  if( !strcmp("--version", argv[1]) )
    {
      printf("%s version 0.105\n", basename(argv[0]));
      return 0;
    }
  else if( !strcmp("--help", argv[1]) ) goto help;


  else if( !strcmp("--user", argv[1]) )
    {
      if(argc<4) goto error;
      argoff=3;
    }
  else argoff=1;


if( *argv[argoff] == '-' ) goto error;

  /*---------------- Invoke udevil for mount/umount ---------------*/
  /* ignore the --user option */
  if( !strcmp("mount", argv[argoff]) || !strcmp("umount", argv[argoff]) )
    {
      char * myargv[argc-argoff+2];
      int i, j;


      myargv[0] = "udevil";
      for( i=1, j=argoff; j<argc; i++, j++) myargv[i] = argv[j];
      myargv[argc-argoff+1] = NULL;


      execvp(myargv[0], myargv);
      fprintf(stderr, "Error in %s: ", basename(argv[0]));
      perror(myargv[0]);
    }
  /*-------------- else invoke sudo -A -- why not sudox? -------------*/
  /* substitute "sudo -A" to "pkexec" and "-u" to "--user" */
  else
    {
      char *myargv[argc+2];
      int i;


      myargv[0] = "sudo";
      myargv[1] = "-A";
    if(argoff == 3)
    {
      myargv[2] = "-u";
      myargv[3] = argv[2];
    }
    for(i=argoff; i<argc; i++) myargv[i+1] = argv[i];
      myargv[argc+1] = NULL;


      execvp(myargv[0], myargv);
      fprintf(stderr, "Error in %s: ", basename(argv[0]));
      perror(myargv[0]);
    }


/*--------------------------- Done. --------------------------------*/
/* we can only arrive here by error of execvp() */
return 1;

/*------------------------- exceptions -----------------------------*/
help:
rc = 0;
pfout = stdout;
goto syntax;

error:
rc =1;
pfout = stderr;
goto syntax;

 syntax:
  fprintf(pfout, "%s --version\n", basename(argv[0]));
  fputs("       --help\n", pfout);
  fputs("       [--user username] PROGRAM [ARGUMENTS...]\n", pfout);
  fputs("This program fakes Policykit's command pkexec. It completely\n"
    "bypasses Policykit and invokes udevil for mount/umount and sudo\n"
    "for other commands. sudo is invoked with the -A option, which\n"
    "implies an authentication dialog is specified either through the\n"
    "variable SUDO_ASKPASS, or by a line in /etc/sudoers.\n", pfout);
  return rc;
}