如何及在基于macOS Python的应用程序上通过本机GUI最佳地检索sudo密码的位置-(同时保持交互式输出流(stdout)) [英] How & where to best retrieve sudo password via a native GUI on a macOS Python-based app - (while maintaining an interactive output stream (stdout))

问题描述

好的，情况是这样的:我正在使用Python和wx(wxphoenix)构建macOS GUI应用程序.用户可以使用GUI(例如:script1)启动文件删除过程(包含在script2中).为了成功运行，script2需要以sudo权限运行.

Ok, so the situation is this: I am building a macOS GUI App using Python and wx (wxphoenix). The user can use the GUI (say: script1) to launch a file-deletion process (contained in script2). In order to run successfully script2 needs to run with sudo rights.

script2将在一长串文件中删除该文件.但是我需要它在每一回合之后与script1中包含的GUI通信，以便script1可以更新进度条.

script2 will itterate over a long list of files and delete them. But I need it to communicate with the GUI contained in script1 after each round so that script1 can update the progressbar.

以绝对最基本的形式，我的当前工作设置如下:

In it's absolute most basic form my current working setup looks like this:

脚本1:

import io
from threading import Thread
import subprocess

import wx

# a whole lot of wx GUI stuff 

def get_password():
    """Retrieve user password via a GUI"""

    # A wx solution using wx.PasswordEntryDialog()
    # Store password in a variable

    return variable

class run_script_with_sudo(Thread):
    """Launch a script with administrator privileges"""

    def __init__(self, path_to_script, wx_pubsub_sendmessage):
        """Set variables to self"""
        self.path = path_to_script
        self.sender = wx_pubsub_sendmessage
        self.password = get_password()
        Thread.__init__(self)
        self.start()

    def run(self):
        """Run thread"""

        prepare_script = subprocess.Popen(["echo", password], stdout=subprocess.PIPE)
        prepare_script.wait()
        launch_script = subprocess.Popen(['sudo', '-S', '/usr/local/bin/python3.6', '-u', self.path], stdin=prepare_script.stdout, stdout=subprocess.PIPE)
        for line in io.TextIOWrapper(launch_script.stdout, encoding="utf-8"):
            print("Received line: ", line.rstrip())
            # Tell progressbar to add another step:
            wx.CallAfter(self.sender, "update", msg="")

脚本2:

import time

# This is a test setup, just a very simple loop that produces an output.

for i in range(25):
    time.sleep(1)
    print(i)

以上设置的工作方式是script1实时接收script2的输出并对其进行操作. (因此，在给定的示例中:每秒script1会在进度栏中添加另一步，直到达到25步为止.)

The above setup works in that script1 receives the output of script2 in real-time and acts on it. (So in the given example: after each second script1 adds another step to the progress bar until it reaches 25 steps).

我要实现的目标 =不将密码存储在变量中，而是使用macOS的本机GUI来检索密码.

What I want to achieve = not storing the password in a variable and using macOS it's native GUI to retrieve the password.

但是，当我更改时:

prepare_script = subprocess.Popen(["echo", password], stdout=subprocess.PIPE)
prepare_script.wait()
launch_script = subprocess.Popen(['sudo', '-S', '/usr/local/bin/python3.6', '-u', self.path], stdin=prepare_script.stdout, stdout=subprocess.PIPE)
for line in io.TextIOWrapper(launch_script.stdout, encoding="utf-8"):
                print("Received line: ", line.rstrip())
                # Tell progressbar to add another step:
                wx.CallAfter(self.sender, "update", msg="")

进入:

command = r"""/usr/bin/osascript -e 'do shell script "/usr/local/bin/python3.6 -u """ + self.path + """ with prompt "Sart Deletion Process " with administrator privileges'"""
command_list = shlex.split(command)

launch_script = subprocess.Popen(command_list, stdout=subprocess.PIPE)
for line in io.TextIOWrapper(launch_script.stdout, encoding="utf-8"):
    print("Received line: ", line.rstrip())
    # Tell progressbar to add another step:
    wx.CallAfter(self.sender, "update", msg="")

它停止工作是因为osascript显然运行在非交互式shell中.这意味着script2在完全完成之前不会发送任何输出，从而导致script1中的进度条停顿.

It stops working because osascript apparently runs in a non-interactive shell. This means script2 doesn't sent any output until it is fully finished, causing the progress bar in script1 to stall.

我的问题因此变成:我如何确保使用macOS本机GUI来要求sudo密码，从而避免将其存储在变量中，同时仍保持捕获密码的可能性.交互式/实时流中特权脚本的标准输出.

My question thus becomes: How can I make sure to use macOS native GUI to ask for the sudo password, thus preventing having to store it in a variable, while still maintaining the possibility to catch the stdout from the privileged script in an interactive / real-time stream.

希望如此.

将不胜感激！

推荐答案

我的问题因此变成了:我如何确保使用macOS本机GUI 要求输入sudo密码，从而避免了将其存储在 变量，同时仍保持捕获标准输出的可能性 从交互式/实时流中的特权脚本中获取.

My question thus becomes: How can I make sure to use macOS native GUI to ask for the sudo password, thus preventing having to store it in a variable, while still maintaining the possibility to catch the stdout from the privileged script in an interactive / real-time stream.

我自己找到了一个解决方案，使用了一个命名管道(os.mkfifo()).

I have found a solution myself, using a named pipe (os.mkfifo()).

这样，您可以让2个python脚本相互通信，而其中的1个通过osascript以特权权限启动(意味着:您将获得一个本机GUI窗口，要求用户提供sudo密码).

That way, you can have 2 python scripts communicate with each other while 1 of them is launched with privileged rights via osascript (meaning: you get a native GUI window that asks for the users sudo password).

工作解决方案:

mainscript.py

import os
from pathlib import Path
import shlex
import subprocess
import sys
from threading import Thread
import time

class LaunchDeletionProcess(Thread):

    def __init__(self):

        Thread.__init__(self)

    def run(self):

        launch_command = r"""/usr/bin/osascript -e 'do shell script "/usr/local/bin/python3.6 -u /path/to/priviliged_script.py" with prompt "Sart Deletion Process " with administrator privileges'"""
        split_command = shlex.split(launch_command)

        print("Thread 1 started")
        testprogram = subprocess.Popen(split_command)
        testprogram.wait()
        print("Thread1 Finished")

class ReadStatus(Thread):

    def __init__(self):

        Thread.__init__(self)

    def run(self):

        while not os.path.exists(os.path.expanduser("~/p1")):
            time.sleep(0.1)

        print("Thread 2 started")

        self.wfPath = os.path.expanduser("~/p1")

        rp = open(self.wfPath, 'r')
        response = rp.read()

        self.try_pipe(response)

    def try_pipe(self, response):
        rp = open(self.wfPath, 'r')
        response = rp.read()
        print("Receiving response: ", response)
        rp.close()
        if response == str(self.nr_of_steps-1):
            print("Got to end")
            os.remove(os.path.expanduser("~/p1"))
        else:
            time.sleep(1)
            self.try_pipe(response)

if __name__ == "__main__":

    thread1 = LaunchDeletionProcess()
    thread2 = ReadStatus()
    thread1.start()
    thread2.start()

priviliged_script.py

import os
import time
import random

wfPath = os.path.expanduser("~/p1")

try:

    os.mkfifo(wfPath)

except OSError:

    print("error")
    pass

result = 10

nr = 0 

while nr < result:

    random_nr = random.random()

    wp = open(wfPath, 'w')
    print("writing new number: ", random_nr)
    wp.write("Number: " + str(random_nr))       
    wp.close()

    time.sleep(1)
    nr += 1

wp = open(wfPath, 'w')
wp.write("end")     
wp.close()

这篇关于如何及在基于macOS Python的应用程序上通过本机GUI最佳地检索sudo密码的位置-(同时保持交互式输出流(stdout))的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！