diff options
author | David Zeuthen <davidz@redhat.com> | 2010-08-20 10:50:34 -0400 |
---|---|---|
committer | David Zeuthen <davidz@redhat.com> | 2010-08-20 10:50:34 -0400 |
commit | f071d4561dfe8dd9cfd4e29fddec7bc82fd658aa (patch) | |
tree | df61da656878c67408750fc4ed6ae5a331a7ca93 | |
parent | 22363658629553e04277259ccac8dbf4e33839ea (diff) |
pkexec: add --disable-internal-agent option
Signed-off-by: David Zeuthen <davidz@redhat.com>
-rw-r--r-- | docs/man/pkexec.xml | 12 | ||||
-rw-r--r-- | src/programs/pkexec.c | 11 |
2 files changed, 21 insertions, 2 deletions
diff --git a/docs/man/pkexec.xml b/docs/man/pkexec.xml index 0847c2e..10f3d78 100644 --- a/docs/man/pkexec.xml +++ b/docs/man/pkexec.xml @@ -25,6 +25,7 @@ <cmdsynopsis> <command>pkexec</command> <arg><option>--version</option></arg> + <arg><option>--disable-internal-agent</option></arg> <arg><option>--help</option></arg> </cmdsynopsis> @@ -64,6 +65,17 @@ </para> </refsect1> + <refsect1 id="pkexec-auth-agent"><title>AUTHENTICATION AGENT</title> + <para> + <command>pkexec</command>, like any other PolicyKit application, + will use the authentication agent registered for the calling + process. However, if no authentication agent is available, then + <command>pkexec</command> will register its own textual + authentication agent. This behavior can be turned off by passing + the <option>--disable-internal-agent</option> is passed. + </para> + </refsect1> + <refsect1 id="pkexec-security-notes"><title>SECURITY NOTES</title> <para> Executing a program as another user is a privileged diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index f4480ff..fbd700d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -68,6 +68,7 @@ usage (int argc, char *argv[]) { g_printerr ("pkexec --version |\n" " --help |\n" + " --disable-internal-agent |\n" " [--user username] PROGRAM [ARGUMENTS...]\n" "\n" "See the pkexec manual page for more details.\n"); @@ -374,6 +375,7 @@ main (int argc, char *argv[]) gint rc; gboolean opt_show_help; gboolean opt_show_version; + gboolean opt_disable_internal_agent; PolkitAuthority *authority; PolkitAuthorizationResult *result; PolkitSubject *subject; @@ -460,6 +462,7 @@ main (int argc, char *argv[]) */ opt_show_help = FALSE; opt_show_version = FALSE; + opt_disable_internal_agent = FALSE; for (n = 1; n < (guint) argc; n++) { if (strcmp (argv[n], "--help") == 0) @@ -481,6 +484,10 @@ main (int argc, char *argv[]) opt_user = g_strdup (argv[n]); } + else if (strcmp (argv[n], "--disable-internal-agent") == 0) + { + opt_disable_internal_agent = TRUE; + } else { break; @@ -670,7 +677,7 @@ main (int argc, char *argv[]) } else if (polkit_authorization_result_get_is_challenge (result)) { - if (local_agent_handle == NULL) + if (local_agent_handle == NULL && !opt_disable_internal_agent) { PolkitAgentListener *listener; error = NULL; @@ -701,7 +708,7 @@ main (int argc, char *argv[]) } else { - g_printerr ("Error executing command as another user.\n"); + g_printerr ("Error executing command as another user: No authentication agent found.\n"); goto out; } } |