We are currently experiencing downtime impacting viewing & cloning the Mesa repo, and some GitLab pages returning 503. Please see #freedesktop on IRC for more updates.

Commit c8c3d835 authored by David Zeuthen's avatar David Zeuthen

Add a pkexec(1) command

parent ccf8f979
......@@ -48,4 +48,14 @@
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.policykit.exec">
<_description>Run programs as another user</_description>
<_message>Authentication is required to run a program as another user</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
</action>
</policyconfig>
......@@ -108,7 +108,7 @@
<!-- ---------------------------------------------------------------------------------------------------- -->
<!-- An enumeration for results when checking for an authorization -->
<!-- An structure containing the results of an authorization check -->
<annotation name="org.gtk.EggDBus.DeclareStruct" value="AuthorizationResult">
<annotation name="org.gtk.EggDBus.DocString.Summary" value="Authorization Results"/>
<annotation name="org.gtk.EggDBus.DocString" value="Describes the result of calling org.freedesktop.PolicyKit1.Authority.CheckAuthorization()."/>
......
......@@ -6,16 +6,21 @@ if MAN_PAGES_ENABLED
man_MANS = \
PolicyKit-1.8 \
polkit-1.1 \
pkexec.1 \
$(NULL)
%-1.8 %-1.1 : %.xml
$(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
$(XSLTPROC) -nonet --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
pkexec.1 : pkexec.xml
$(XSLTPROC) -nonet --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
endif # MAN_PAGES_ENABLED
EXTRA_DIST = \
PolicyKit.xml \
polkit.xml \
pkexec.xml \
$(NULL)
clean-local:
......
<?xml version="1.0"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
<!ENTITY version SYSTEM "../version.xml">
]>
<refentry id="pkexec.1" xmlns:xi="http://www.w3.org/2003/XInclude">
<refentryinfo>
<title>pkexec</title>
<date>May 2009</date>
<productname>PolicyKit-1</productname>
</refentryinfo>
<refmeta>
<refentrytitle>pkexec</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version"></refmiscinfo>
</refmeta>
<refnamediv>
<refname>pkexec</refname>
<refpurpose>Execute a command as another user</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>pkexec</command>
<arg><option>--version</option></arg>
<arg><option>--help</option></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>pkexec</command>
<group>
<arg choice="plain">
<option>--user</option>
<replaceable>username</replaceable>
</arg>
</group>
<arg choice="plain"><replaceable>PROGRAM</replaceable></arg>
<group rep="repeat">
<arg choice="plain"><replaceable>ARGUMENTS</replaceable></arg>
</group>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1><title>DESCRIPTION</title>
<para>
<command>pkexec</command> allows an authorized user to
execute <replaceable>PROGRAM</replaceable> as another
user. If <replaceable>username</replaceable> is not specified,
then the program will be executed as the administrative super
user, <emphasis>root</emphasis>.
</para>
</refsect1>
<refsect1><title>RETURN VALUE</title>
<para>
Upon successful completion, the return value is the return value
of <replaceable>PROGRAM</replaceable>. If the calling process is
not authorized or an authorization could not be obtained through
authentication or an error occured, <command>pkexec</command>
exits with a return value of 127.
</para>
</refsect1>
<refsect1><title>SECURITY NOTES</title>
<para>
Executing a program as another user is a privileged
operation. By default the required authorization (See
<xref linkend="pkexec-required-authz"/>) requires administrator
authentication. In addition, the authentication dialog presented
to the user will display the full path to the program to be
executed so the user is aware of what will happen.
</para>
<para>
The environment that <replaceable>PROGRAM</replaceable> will run
it, will be set to a minimal known and safe environment in order
to avoid injecting code
through <literal>LD_LIBRARY_PATH</literal> or similar
mechanisms. In addition the <literal>PKEXEC_UID</literal>
environment variable is set to the user id of the process
invoking <command>pkexec</command>. As a
result, <command>pkexec</command> will not allow you to run X11
applications as another user.
</para>
</refsect1>
<refsect1 id="pkexec-required-authz"><title>REQUIRED AUTHORIZATIONS</title>
<para>
By default,
the <emphasis>org.freedesktop.policykit.exec</emphasis>
authorization is required unless an action definition file is
present for the program in question. To require another
authorization, it can be specified using the <emphasis>org.freedesktop.policykit.exec.path</emphasis> annotation on an action (See <xref linkend="pkexec-example"/> for details).
</para>
</refsect1>
<refsect1 id="pkexec-example"><title>EXAMPLE</title>
<para>
To specify what kind of authorization is needed to execute the
program <filename>/usr/bin/pk-example-frobnicate</filename> as
another user, simply write an action definition file like this
</para>
<programlisting>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" parse="text" href="../../src/examples/org.freedesktop.policykit.examples.pkexec.policy"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
<para>
and drop it in
the <filename>/usr/share/polkit-1/actions</filename> directory
under a suitable name (e.g. matching the namespace of the
action). Note that in addition to specifying the program, the
authentication message, description, icon and defaults can be
specified.
</para>
<para>
Note that <command>pkexec</command> does no validation of
the <replaceable>ARGUMENTS</replaceable> passed
to <replaceable>PROGRAM</replaceable>. In the normal case (where
administrator authentication is required every
time <command>pkexec</command> is used), this is not a
problem. However, if an action is used for which the user can
retain authorization (or if the user is implicitly authorized),
this could be a security hole. Therefore, as a rule of thumb,
programs for which the default required authorization is
changed, should never implicitly trust user input (e.g. like any
other <emphasis>suid</emphasis> program).
</para>
</refsect1>
<refsect1><title>AUTHOR</title>
<para>
Written by David Zeuthen <email>davidz@redhat.com</email> with
a lot of help from many others.
</para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>
Please send bug reports to either the distribution or the
polkit-devel mailing list,
see the link <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/>
on how to subscribe.
</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>PolicyKit-1</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
......@@ -54,6 +54,7 @@ content_files = \
../../src/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml \
../man/PolicyKit.xml \
../man/polkit.xml \
../man/pkexec.xml \
$(NULL)
# Images to copy into HTML directory
......
......@@ -105,6 +105,7 @@
<title>Manual Pages</title>
<xi:include href="../man/PolicyKit.xml"/>
<xi:include href="../man/polkit.xml"/>
<xi:include href="../man/pkexec.xml"/>
</reference>
<index>
......
......@@ -2,3 +2,5 @@
# Please keep this file sorted alphabetically.
[encoding: UTF-8]
actions/org.freedesktop.policykit.policy.in
src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
src/programs/pkexec-action-lookup.c
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
# Danish translations for PolicyKit.
# Copyright (C) 2009 Red Hat, Inc.
# This file is distributed under the same license as the PolicyKit package.
# David Zeuthen <davidz@redhat.com>, 2009.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Project-Id-Version: DeviceKit-disks\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2008-12-07 16:14-0500\n"
"PO-Revision-Date: 2008-12-07 16:17-0500\n"
"POT-Creation-Date: 2009-05-15 13:45-0400\n"
"PO-Revision-Date: 2009-05-12 17:01-0400\n"
"Last-Translator: David Zeuthen <davidz@redhat.com>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#: ../actions/org.freedesktop.policykit.policy.in.h:1
msgid "Authentication is required to grant authorizations to other users"
msgstr "Autentificering er påkrævet for at autorisere andre brugere"
msgstr "Autorisering er påkrævet for at autorisere andre brugere"
#: ../actions/org.freedesktop.policykit.policy.in.h:2
msgid ""
"Authentication is required to modify the defaults for implicit authorizations"
msgstr "Autentificering er påkrævet for ændre implicit autorisering"
msgstr "Autorisering er påkrævet for ændre implicit autorisering"
#: ../actions/org.freedesktop.policykit.policy.in.h:3
msgid "Authentication is required to read authorizations of other users"
msgstr "Autentificering er påkrævet for at læse andre brugers autoriseringer"
msgstr "Autorisering er påkrævet for at læse andre brugers autoriseringer"
#: ../actions/org.freedesktop.policykit.policy.in.h:4
msgid "Authentication is required to revoke authorizations other users"
msgstr "Autentificering er påkrævet for at fjerne en autosering fra en anden bruger"
msgstr ""
"Autorisering er påkrævet for at fjerne en autosering fra en anden bruger"
#: ../actions/org.freedesktop.policykit.policy.in.h:5
msgid "Authentication is required to run a program as another user"
msgstr "Autorisering er påkrævet for at afvikle et program som en anden bruger"
#: ../actions/org.freedesktop.policykit.policy.in.h:6
msgid "Grant authorizations to other users"
msgstr "Autoriser en anden bruger"
#: ../actions/org.freedesktop.policykit.policy.in.h:6
#: ../actions/org.freedesktop.policykit.policy.in.h:7
msgid "Modify defaults for implicit authorizations"
msgstr "Konfigurer implicit autorisering"
#: ../actions/org.freedesktop.policykit.policy.in.h:7
#: ../actions/org.freedesktop.policykit.policy.in.h:8
msgid "Read authorizations of other users"
msgstr "Læs andre brugers autoriseringer"
#: ../actions/org.freedesktop.policykit.policy.in.h:8
#: ../actions/org.freedesktop.policykit.policy.in.h:9
msgid "Revoke authorizations from other users"
msgstr "Fjern autorisering fra en anden bruger"
#: ../actions/org.freedesktop.policykit.policy.in.h:10
msgid "Run programs as another user"
msgstr "Kør et program som en anden bruger"
#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:1
msgid ""
"Authentication is required to run the PolicyKit example program Frobnicate"
msgstr "Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate"
#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:2
msgid "Run the PolicyKit example program Frobnicate"
msgstr "Kør PolicyKit eksemplet Frobnicate"
#. Translator: %s is a fully qualified path to the executable
#: ../src/programs/pkexec-action-lookup.c:110
#, c-format
msgid "Authentication is needed to run `%s' as the super user"
msgstr "Autorisering er påkrævet for at afvikle `%s' som super bruger"
#. Translator: %s is a fully qualified path to the executable
#: ../src/programs/pkexec-action-lookup.c:115
#, c-format
msgid "Authentication is needed to run `%s' as another user"
msgstr "Autorisering er påkrævet for at afvikle `%s' som en anden bruger"
#: ../src/programs/pkexec-action-lookup.c:159
msgid "Command"
msgstr "Program"
#: ../src/programs/pkexec-action-lookup.c:168
msgid "Super User (root)"
msgstr "Super Bruger (root)"
#: ../src/programs/pkexec-action-lookup.c:170
msgid "Run As"
msgstr "Bruger"
......@@ -15,7 +15,12 @@ INCLUDES = \
-D_REENTRANT \
$(NULL)
noinst_PROGRAMS = cancel
bin_PROGRAMS =
noinst_PROGRAMS =
# ----------------------------------------------------------------------------------------------------
noinst_PROGRAMS += cancel
cancel_SOURCES = cancel.c
......@@ -24,9 +29,39 @@ cancel_CFLAGS = \
$(NULL)
cancel_LDADD = \
$(GLIB_LDADD) \
$(GLIB_LIBS) \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(NULL)
# ----------------------------------------------------------------------------------------------------
bin_PROGRAMS += pk-example-frobnicate
pk_example_frobnicate_SOURCES = frobnicate.c
pk_example_frobnicate_CFLAGS = \
$(GLIB_CFLAGS) \
$(NULL)
pk_example_frobnicate_LDADD = \
$(GLIB_LIBS) \
$(NULL)
polkit_actiondir = $(datadir)/polkit-1/actions
dist_polkit_action_DATA = org.freedesktop.policykit.examples.pkexec.policy
@INTLTOOL_POLICY_RULE@
#check:
# $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA)
DISTCLEANFILES = org.freedesktop.policykit.examples.pkexec.policy
EXTRA_DIST = org.freedesktop.policykit.examples.pkexec.policy.in
# ----------------------------------------------------------------------------------------------------
clean-local :
rm -f *~
/*
* Copyright (C) 2009 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
* Author: David Zeuthen <davidz@redhat.com>
*/
#include <glib.h>
#include <unistd.h>
#include <sys/types.h>
int
main (int argc, char *argv[])
{
gchar *args;
gchar **env;
guint n;
int ret;
gchar cwd[PATH_MAX];
ret = 1;
args = NULL;
env = NULL;
if (getcwd (cwd, sizeof cwd) == NULL)
{
g_printerr ("Error getting cwd: %m");
goto out;
}
args = g_strjoinv (" ", argv);
g_print ("In pk-example-frobnicate\n");
g_print ("uid: %d\n", getuid ());
g_print ("euid: %d\n", geteuid ());
g_print ("args: `%s'\n", args);
g_print ("cwd: %s\n", cwd);
g_print ("environment:\n");
env = g_listenv ();
for (n = 0; env[n] != NULL; n++)
{
g_print (" %s=%s\n", env[n], g_getenv (env[n]));
}
ret = 0;
out:
g_free (args);
g_strfreev (env);
return ret;
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<vendor>Examples for the PolicyKit Project</vendor>
<vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
<action id="org.freedesktop.policykit.example.pkexec.run-frobnicate">
<_description>Run the PolicyKit example program Frobnicate</_description>
<_message>Authentication is required to run the PolicyKit example program Frobnicate</_message>
<icon_name>audio-x-generic</icon_name> <!-- just an example -->
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
</action>
</policyconfig>
......@@ -467,6 +467,7 @@ polkit_authority_check_authorization_finish (PolkitAuthority *authority
g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_authority_check_authorization_async);
result = NULL;
real_result = NULL;
local_error = NULL;
_polkit_authority_check_authorization_finish (authority->real,
......
......@@ -1457,6 +1457,8 @@ get_admin_auth_identities (PolkitBackendLocalAuthority *authority)
priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority);
ret = NULL;
error = NULL;
admin_identities = polkit_backend_config_source_get_string_list (priv->config_source,
"Configuration",
......
......@@ -15,18 +15,62 @@ INCLUDES = \
-D_REENTRANT \
$(NULL)
bin_PROGRAMS = polkit-1
# ----------------------------------------------------------------------------------------------------
bin_PROGRAMS = polkit-1 pkexec
# ----------------------------------------------------------------------------------------------------
polkit_1_SOURCES = polkit.c
polkit_1_CFLAGS = \
$(GLIB_CFLAGS) \
polkit_1_CFLAGS = \
$(GLIB_CFLAGS) \
$(NULL)
polkit_1_LDADD = \
$(GLIB_LDADD) \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(NULL)
# ----------------------------------------------------------------------------------------------------
pkexec_SOURCES = pkexec.c
pkexec_CFLAGS = \
$(GLIB_CFLAGS) \
$(NULL)
polkit_1_LDADD = \
$(GLIB_LDADD) \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
pkexec_LDADD = \
$(GLIB_LDADD) \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(NULL)
polkitmodulesdir = $(libdir)/polkit-1/backends
polkitmodules_LTLIBRARIES = libpolkit-pkexec-action-lookup.la
libpolkit_pkexec_action_lookup_la_SOURCES = \
pkexec-action-lookup.c \
$(NULL)
libpolkit_pkexec_action_lookup_la_CFLAGS = \
-DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
-DG_LOG_DOMAIN=\"pkexec-action-lookup\" \
$(GLIB_CFLAGS) \
$(NULL)
libpolkit_pkexec_action_lookup_la_LDFLAGS = \
-export_dynamic -avoid-version -module -no-undefined \
-export-symbols-regex '^g_io_module_(load|unload)' \
$(NULL)
libpolkit_pkexec_action_lookup_la_LIBADD = \
$(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \
$(NULL)
# ----------------------------------------------------------------------------------------------------
clean-local :
rm -f *~
install-exec-hook :
-chmod 4755 $(DESTDIR)$(bindir)/pkexec
/*
* Copyright (C) 2009 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
* Author: David Zeuthen <davidz@redhat.com>
*/
#include "config.h"
#include <polkitbackend/polkitbackend.h>
#include <glib/gi18n-lib.h>
#define POLKIT_EXEC_TYPE_ACTION_LOOKUP (polkit_exec_action_lookup_get_type())
#define POLKIT_EXEC_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_EXEC_TYPE_ACTION_LOOKUP, PolkitExecActionLookup))
#define POLKIT_EXEC_ACTION_LOOKUP_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_EXEC_TYPE_ACTION_LOOKUP, PolkitExecActionLookupClass))
#define POLKIT_EXEC_ACTION_LOOKUP_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_EXEC_TYPE_ACTION_LOOKUP, PolkitExecActionLookupClass))
#define POLKIT_EXEC_IS_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_EXEC_TYPE_ACTION_LOOKUP))
#define POLKIT_EXEC_IS_ACTION_LOOKUP_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_EXEC_TYPE_ACTION_LOOKUP))
typedef struct _PolkitExecActionLookup PolkitExecActionLookup;
typedef struct _PolkitExecActionLookupClass PolkitExecActionLookupClass;
struct _PolkitExecActionLookup
{
GObject parent;
};
struct _PolkitExecActionLookupClass
{
GObjectClass parent_class;
};
GType polkit_exec_action_lookup_get_type (void) G_GNUC_CONST;
static void polkit_backend_action_lookup_iface_init (PolkitBackendActionLookupIface *iface);
#define _G_IMPLEMENT_INTERFACE_DYNAMIC(TYPE_IFACE, iface_init) \
{ \
const GInterfaceInfo g_implement_interface_info = { \
(GInterfaceInitFunc) iface_init, NULL, NULL \
}; \
g_type_module_add_interface (type_module, g_define_type_id, TYPE_IFACE, &g_implement_interface_info); \
}
G_DEFINE_DYNAMIC_TYPE_EXTENDED (PolkitExecActionLookup,
polkit_exec_action_lookup,
G_TYPE_OBJECT,
0,
_G_IMPLEMENT_INTERFACE_DYNAMIC (POLKIT_BACKEND_TYPE_ACTION_LOOKUP,
polkit_backend_action_lookup_iface_init))
static void
polkit_exec_action_lookup_init (PolkitExecActionLookup *lookup)
{
}
static void
polkit_exec_action_lookup_class_finalize (PolkitExecActionLookupClass *klass)
{
}
static void
polkit_exec_action_lookup_class_init (PolkitExecActionLookupClass *klass)
{
}
/* ---------------------------------------------------------------------------------------------------- */
static gchar *
polkit_exec_action_lookup_get_message (PolkitBackendActionLookup *lookup,
const gchar *action_id,
GHashTable *details,
PolkitActionDescription *action_description)
{
gchar *ret;
const gchar *s;
const gchar *s2;