From ed81e790565663f1ddbdf0777efbd01b8b0e00ad Mon Sep 17 00:00:00 2001 From: monsta Date: Tue, 25 Oct 2016 14:33:23 +0300 Subject: [PATCH] add pkexec support closes https://github.com/mate-desktop/mate-system-monitor/issues/85 try pkexec before trying gksu for killing other users' processes or renicing a process. actual kill and renice commands are launched via helper tool (see discussion at https://bugzilla.gnome.org/491462). code is ported from gnome-system-monitor with some changes (e.g. helper tool code is in tools/ dir instead of scripts/ - it's not a script). for reference - relevant upstream commits: https://git.gnome.org/browse/gnome-system-monitor/commit/?id=ccbff2a4293e43d6ea24fbf13477b10f58cd5212 https://git.gnome.org/browse/gnome-system-monitor/commit/?id=2b4308d9fc2b2e367030629e79b531c4f9ae3d0a https://git.gnome.org/browse/gnome-system-monitor/commit/?id=971b3c704dea49b22c1038f200933c5b3b35ece1 https://git.gnome.org/browse/gnome-system-monitor/commit/?id=c234b2a75dac454b818f1f40d302cf12f1a33aa2 https://git.gnome.org/browse/gnome-system-monitor/commit/?id=4cda3529e418098b35f7444d79ba421eb5403afc https://git.gnome.org/browse/gnome-system-monitor/commit/?id=ab7bd8aef7300eeb3835fdef9a2a1eefe7281631 https://git.gnome.org/browse/gnome-system-monitor/commit/?id=79eccf0cecbca237f4f911681438c33932da63e2 https://git.gnome.org/browse/gnome-system-monitor/commit/?id=a3bf3a7f56cf02c6a127aa168c570230e9fad356 --- Makefile.am | 15 +++++++++-- configure.ac | 3 +++ org.mate.mate-system-monitor.policy.in.in | 32 ++++++++++++++++++++++ po/POTFILES.in | 1 + po/POTFILES.skip | 1 + src/Makefile.am | 2 ++ src/procdialogs.cpp | 5 +++- src/procman_pkexec.cpp | 33 +++++++++++++++++++++++ src/procman_pkexec.h | 12 +++++++++ tools/Makefile.am | 12 +++++++++ tools/msm_execute_helper.c | 17 ++++++++++++ 11 files changed, 130 insertions(+), 3 deletions(-) create mode 100644 org.mate.mate-system-monitor.policy.in.in create mode 100644 src/procman_pkexec.cpp create mode 100644 src/procman_pkexec.h create mode 100644 tools/Makefile.am create mode 100644 tools/msm_execute_helper.c diff --git a/Makefile.am b/Makefile.am index 38912bf8..9cced9e1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS} -SUBDIRS = pixmaps po src help +SUBDIRS = pixmaps po src tools help man_MANS = mate-system-monitor.1 @@ -11,10 +11,14 @@ appdatadir = $(datadir)/appdata appdata_in_files = mate-system-monitor.appdata.xml.in appdata_DATA = $(appdata_in_files:.xml.in=.xml) +org.mate.mate-system-monitor.policy.in: org.mate.mate-system-monitor.policy.in.in Makefile + $(AM_V_GEN) sed -e "s|\@pkglibexecdir\@|$(pkglibexecdir)|" $< > $@ + EXTRA_DIST = \ autogen.sh \ $(man_MANS) \ $(appdata_in_files) \ + org.mate.mate-system-monitor.policy.in.in \ mate-system-monitor.desktop.in \ intltool-extract.in \ intltool-merge.in \ @@ -22,6 +26,11 @@ EXTRA_DIST = \ omf.make \ xmldocs.make +@INTLTOOL_POLICY_RULE@ +polkit_policydir = $(datadir)/polkit-1/actions +polkit_policy_in_files = org.mate.mate-system-monitor.policy.in +polkit_policy_DATA = $(polkit_policy_in_files:.policy.in=.policy) + Applicationsdir = $(datadir)/applications Applications_in_files = mate-system-monitor.desktop.in Applications_DATA = $(Applications_in_files:.desktop.in=.desktop) @@ -35,7 +44,9 @@ DISTCLEANFILES = \ intltool-extract \ intltool-merge \ intltool-update \ - mate-system-monitor.desktop + mate-system-monitor.desktop \ + org.mate.mate-system-monitor.policy \ + org.mate.mate-system-monitor.policy.in # Build ChangeLog from GIT history ChangeLog: diff --git a/configure.ac b/configure.ac index a25bae56..53ed05eb 100644 --- a/configure.ac +++ b/configure.ac @@ -46,6 +46,8 @@ AC_DEFINE([GLIB_VERSION_MIN_REQUIRED], [GLIB_VERSION_2_36], PKG_CHECK_MODULES(GMODULE,gmodule-2.0,[GMODULE_ADD="gmodule-2.0"],[GMODULE_ADD=""]) PKG_CHECK_MODULES(PROCMAN,$GMODULE_ADD glib-2.0 >= $GLIB_REQUIRED libgtop-2.0 >= $LIBGTOP_REQUIRED libwnck-3.0 >= $LIBWNCK_REQUIRED gtk+-3.0 >= $GTK_REQUIRED gtkmm-3.0 >= $GTKMM_REQUIRED libxml-2.0 >= $LIBXML_REQUIRED librsvg-2.0 >= $RSVG_REQUIRED glibmm-2.4 >= $GLIBMM_REQUIRED giomm-2.4 >= $GIOMM_REQUIRED) +PKG_CHECK_MODULES(TOOLS, glib-2.0 >= $GLIB_REQUIRED) + have_systemd=no AC_ARG_ENABLE(systemd, AS_HELP_STRING([--disable-systemd], [disable systemd support]),,enable_systemd=no) if test "x$enable_systemd" != "xno"; then @@ -107,6 +109,7 @@ src/org.mate.system-monitor.gschema.xml pixmaps/Makefile po/Makefile.in help/Makefile +tools/Makefile mate-system-monitor.desktop.in ]) diff --git a/org.mate.mate-system-monitor.policy.in.in b/org.mate.mate-system-monitor.policy.in.in new file mode 100644 index 00000000..9ae59044 --- /dev/null +++ b/org.mate.mate-system-monitor.policy.in.in @@ -0,0 +1,32 @@ + + + + MATE Desktop + http://www.mate-desktop.org/ + utilities-system-monitor + + + <_description>Kill process + <_message>Privileges are required to control other users' processes + + no + no + auth_admin_keep + + @pkglibexecdir@/msm-kill + + + + <_description>Renice process + <_message>Privileges are required to change the priority of processes + + no + no + auth_admin_keep + + @pkglibexecdir@/msm-renice + + + diff --git a/po/POTFILES.in b/po/POTFILES.in index bd462a02..630290be 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -3,6 +3,7 @@ # Please keep this file sorted alphabetically. mate-system-monitor.appdata.xml.in mate-system-monitor.desktop.in.in +org.mate.mate-system-monitor.policy.in.in src/argv.cpp src/argv.h src/callbacks.cpp diff --git a/po/POTFILES.skip b/po/POTFILES.skip index aa29d16c..4b096cbc 100644 --- a/po/POTFILES.skip +++ b/po/POTFILES.skip @@ -1 +1,2 @@ mate-system-monitor.desktop.in +org.mate.mate-system-monitor.policy.in diff --git a/src/Makefile.am b/src/Makefile.am index 38588e96..21407700 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,6 +4,7 @@ AM_CPPFLAGS = \ -DPROCMAN_DATADIR=\""$(datadir)/procman/"\" \ -DMATELOCALEDIR=\""$(datadir)/locale"\" \ -DDATADIR=\""$(datadir)"\" \ + -DLIBEXEC_DIR=\""$(pkglibexecdir)"\" \ @PROCMAN_CFLAGS@ \ @SYSTEMD_CFLAGS@ @@ -28,6 +29,7 @@ mate_system_monitor_cpp_files = \ selinux.cpp \ cgroups.cpp \ procman_gksu.cpp \ + procman_pkexec.cpp \ sysinfo.cpp \ lsof.cpp \ selection.cpp \ diff --git a/src/procdialogs.cpp b/src/procdialogs.cpp index 96cf39c8..0a4be651 100644 --- a/src/procdialogs.cpp +++ b/src/procdialogs.cpp @@ -34,6 +34,7 @@ #include "load-graph.h" #include "settings-keys.h" #include "procman_gksu.h" +#include "procman_pkexec.h" #include "cgroups.h" @@ -894,7 +895,9 @@ procdialog_create_root_password_dialog(ProcmanActionType type, procman_debug("Trying to run '%s' as root", command); - if (procman_has_gksu()) + if (procman_has_pkexec()) + ret = procman_pkexec_create_root_password_dialog(command); + else if (procman_has_gksu()) ret = procman_gksu_create_root_password_dialog(command); g_free(command); diff --git a/src/procman_pkexec.cpp b/src/procman_pkexec.cpp new file mode 100644 index 00000000..f67be6a7 --- /dev/null +++ b/src/procman_pkexec.cpp @@ -0,0 +1,33 @@ +#include + +#include "procman_pkexec.h" + +gboolean +procman_pkexec_create_root_password_dialog (const char *command) +{ + gchar *command_line; + gboolean success; + GError *error = NULL; + + command_line = g_strdup_printf ("pkexec --disable-internal-agent %s/msm-%s", + LIBEXEC_DIR, command); + success = g_spawn_command_line_sync (command_line, NULL, NULL, NULL, &error); + g_free (command_line); + + if (!success) { + g_critical ("Could not run pkexec (\"%s\") : %s\n", + command, error->message); + g_error_free (error); + return FALSE; + } + + g_debug ("pkexec did fine\n"); + return TRUE; +} + +gboolean +procman_has_pkexec (void) +{ + return g_file_test("/usr/bin/pkexec", G_FILE_TEST_EXISTS); +} + diff --git a/src/procman_pkexec.h b/src/procman_pkexec.h new file mode 100644 index 00000000..d453f699 --- /dev/null +++ b/src/procman_pkexec.h @@ -0,0 +1,12 @@ +#ifndef _PROCMAN_PKEXEC_H_ +#define _PROCMAN_PKEXEC_H_ + +#include + +gboolean +procman_pkexec_create_root_password_dialog(const char *command); + +gboolean +procman_has_pkexec(void) G_GNUC_CONST; + +#endif /* _PROCMAN_PKEXEC_H_ */ diff --git a/tools/Makefile.am b/tools/Makefile.am new file mode 100644 index 00000000..204a42b0 --- /dev/null +++ b/tools/Makefile.am @@ -0,0 +1,12 @@ +pkglibexec_PROGRAMS = msm-renice msm-kill + +AM_CPPFLAGS = $(TOOLS_CFLAGS) + +msm_renice_SOURCES = msm_execute_helper.c +msm_renice_LDADD = $(TOOLS_LIBS) +msm_renice_CFLAGS = -DCOMMAND=\"renice\" + +msm_kill_SOURCES = msm_execute_helper.c +msm_kill_LDADD = $(TOOLS_LIBS) +msm_kill_CFLAGS = -DCOMMAND=\"kill\" + diff --git a/tools/msm_execute_helper.c b/tools/msm_execute_helper.c new file mode 100644 index 00000000..eff687ab --- /dev/null +++ b/tools/msm_execute_helper.c @@ -0,0 +1,17 @@ +#include +#include +#include +#include + +int main(int argc, char* argv[]) +{ + gchar **argv_modified = g_new0 (gchar *, argc + 1); + memcpy (argv_modified, argv, argc * sizeof (char*)); + argv_modified[0] = COMMAND; + + if (execvp (COMMAND, argv_modified) == -1) { + return errno; + } + + return 0; +}