diff --git a/CHANGELOG b/CHANGELOG index 296362f1a3..e4a3650e35 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,8 @@ git-annex (7.20191018) UNRELEASED; urgency=medium * init: Fix a failure when used in a submodule on a crippled filesystem. + * enable-tor: Deal with pkexec changing to root's home directory + when running a command. -- Joey Hess Mon, 21 Oct 2019 11:01:06 -0400 diff --git a/Command/EnableTor.hs b/Command/EnableTor.hs index 1807660dd6..671ed64f4b 100644 --- a/Command/EnableTor.hs +++ b/Command/EnableTor.hs @@ -46,18 +46,19 @@ start os = do #else start _os = do #endif - uuid <- getUUID - when (uuid == NoUUID) $ - giveup "This can only be run in a git-annex repository." #ifndef mingw32_HOST_OS curruserid <- liftIO getEffectiveUserID if curruserid == 0 - then case readish =<< headMaybe os of - Nothing -> giveup "Need user-id parameter." - Just userid -> go uuid userid + then case os of + (uid:[]) -> go uid + (uid:repodir:_) -> do + Annex.changeDirectory repodir + go uid + _ -> giveup "Need user-id parameter." else starting "enable-tor" (ActionItemOther Nothing) $ do gitannex <- liftIO readProgramFile - let ps = [Param (cmdname cmd), Param (show curruserid)] + cwd <- liftIO getCurrentDirectory + let ps = [Param (cmdname cmd), Param (show curruserid), Param cwd] sucommand <- liftIO $ mkSuCommand gitannex ps maybe noop showLongNote (describePasswordPrompt' sucommand) @@ -67,14 +68,19 @@ start _os = do [ "Failed to run as root:" , gitannex ] ++ toCommand ps ) #else - go uuid 0 + go "0" #endif where - go uuid userid = do - (onionaddr, onionport) <- liftIO $ - addHiddenService torAppName userid (fromUUID uuid) - storeP2PAddress $ TorAnnex onionaddr onionport - stop + go suserid = case readish suserid of + Nothing -> giveup "Unable to parse user-id parameter." + Just userid -> do + uuid <- getUUID + when (uuid == NoUUID) $ + giveup "This can only be run in a git-annex repository." + (onionaddr, onionport) <- liftIO $ + addHiddenService torAppName userid (fromUUID uuid) + storeP2PAddress $ TorAnnex onionaddr onionport + stop checkHiddenService :: CommandCleanup checkHiddenService = bracket setup cleanup go diff --git a/Utility/Su.hs b/Utility/Su.hs index d9ec5e8eed..03355991d1 100644 --- a/Utility/Su.hs +++ b/Utility/Su.hs @@ -61,24 +61,33 @@ runSuCommand Nothing = return False -- decide based on the system's configuration whether sudo should be used. mkSuCommand :: String -> [CommandParam] -> IO (Maybe SuCommand) #ifndef mingw32_HOST_OS -mkSuCommand cmd ps = firstM (\(SuCommand _ p _) -> inPath p) =<< selectcmds +mkSuCommand cmd ps = do + pwd <- getCurrentDirectory + firstM (\(SuCommand _ p _) -> inPath p) =<< selectcmds pwd where - selectcmds = ifM (inx <||> (not <$> atconsole)) - ( return (graphicalcmds ++ consolecmds) - , return consolecmds + selectcmds pwd = ifM (inx <||> (not <$> atconsole)) + ( return (graphicalcmds pwd ++ consolecmds pwd) + , return (consolecmds pwd) ) inx = isJust <$> getEnv "DISPLAY" atconsole = queryTerminal stdInput -- These will only work when the user is logged into a desktop. - graphicalcmds = + graphicalcmds pwd = [ SuCommand (MayPromptPassword SomePassword) "gksu" [Param shellcmd] , SuCommand (MayPromptPassword SomePassword) "kdesu" [Param "-c", Param shellcmd] - , SuCommand (MayPromptPassword SomePassword) "pkexec" - ([Param cmd] ++ ps) + -- pkexec does not run the command in the current + -- working directory, but in root's HOME. + , SuCommand (MayPromptPassword SomePassword) "pkexec" $ + [Param "sh", Param "-c", Param $ unwords + [ "cd", shellEscape pwd + , "&&" + , shellcmd + ] + ] -- Available in Debian's menu package; knows about lots of -- ways to gain root. , SuCommand (MayPromptPassword SomePassword) "su-to-root" @@ -89,7 +98,7 @@ mkSuCommand cmd ps = firstM (\(SuCommand _ p _) -> inPath p) =<< selectcmds ] -- These will only work when run in a console. - consolecmds = + consolecmds _pwd = [ SuCommand (WillPromptPassword RootPassword) "su" [Param "-c", Param shellcmd] , SuCommand (MayPromptPassword UserPassword) "sudo"