15661
|
1 |
diff -ru libgksu1.2-1.3.1/libgksu/gksu-context.c libgksu1.2-1.3.1-new/libgksu/gksu-context.c
|
|
2 |
--- libgksu1.2-1.3.1/libgksu/gksu-context.c 2005-06-18 15:16:33.000000000 +0100
|
|
3 |
+++ libgksu1.2-1.3.1-new/libgksu/gksu-context.c 2009-04-21 11:57:20.535637052 +0100
|
8393
|
4 |
@@ -23,7 +23,13 @@
|
|
5 |
#include <unistd.h>
|
|
6 |
#include <string.h>
|
|
7 |
#include <fcntl.h>
|
|
8 |
+#ifndef __sun
|
|
9 |
#include <pty.h>
|
|
10 |
+#else
|
|
11 |
+#include <signal.h>
|
|
12 |
+#include <stropts.h>
|
16206
|
13 |
+#include <strings.h>
|
8393
|
14 |
+#endif
|
7853
|
15 |
#include <pwd.h>
|
|
16 |
#include <sys/types.h>
|
8393
|
17 |
#include <sys/wait.h>
|
|
18 |
@@ -34,6 +40,10 @@
|
|
19 |
#include <glib.h>
|
|
20 |
#include <locale.h>
|
|
21 |
|
|
22 |
+#ifdef __sun
|
|
23 |
+#include "mkdtemp.c"
|
|
24 |
+#endif
|
|
25 |
+
|
|
26 |
#ifdef ENABLE_GNOME_KEYRING
|
|
27 |
#include <gnome-keyring.h>
|
|
28 |
#endif
|
9819
|
29 |
@@ -47,6 +57,8 @@
|
|
30 |
gboolean keyring_used = FALSE;
|
|
31 |
#endif
|
|
32 |
|
|
33 |
+#define MAX_BUFFER_SIZE 1024
|
|
34 |
+
|
|
35 |
/* local function declarations */
|
|
36 |
static void
|
|
37 |
gksu_context_init (GTypeInstance *instance, gpointer g_class);
|
|
38 |
@@ -228,6 +240,7 @@
|
8393
|
39 |
return context->login_shell;
|
|
40 |
}
|
|
41 |
|
|
42 |
+#ifndef __sun
|
|
43 |
/**
|
|
44 |
* gksu_context_set_keep_env:
|
|
45 |
* @context: the #GksuContext you want to modify
|
9819
|
46 |
@@ -258,6 +271,7 @@
|
8393
|
47 |
{
|
|
48 |
return context->keep_env;
|
|
49 |
}
|
|
50 |
+#endif
|
|
51 |
|
|
52 |
/**
|
|
53 |
* gksu_context_set_debug:
|
14430
|
54 |
@@ -363,6 +377,20 @@
|
7853
|
55 |
|
|
56 |
self->debug = FALSE;
|
|
57 |
self->ssh_fwd = FALSE;
|
|
58 |
+
|
|
59 |
+ self->message = NULL;
|
9768
|
60 |
+ self->response = NULL;
|
8393
|
61 |
+ self->privspec = NULL;
|
7853
|
62 |
+ self->msg_type = 0;
|
9768
|
63 |
+ self->msg_num = 0;
|
7853
|
64 |
+ self->pfexec_mode = FALSE;
|
8393
|
65 |
+ self->elevated_privilege = TRUE;
|
|
66 |
+ self->elevated_role = TRUE;
|
7853
|
67 |
+ self->wait_for_child_to_exit = TRUE;
|
14430
|
68 |
+ self->need_pipe = TRUE;
|
7853
|
69 |
+ self->child_pid = 0;
|
|
70 |
+ self->stdin_fd = 0;
|
|
71 |
+ self->stdout_fd = 0;
|
|
72 |
}
|
|
73 |
|
|
74 |
static void
|
14430
|
75 |
@@ -378,6 +406,13 @@
|
8393
|
76 |
g_free (self->command);
|
|
77 |
|
|
78 |
g_free (self->user);
|
9768
|
79 |
+ for ( int i = 0; i<self->msg_num; i++ ) {
|
|
80 |
+ g_free (self->message[i].msg);
|
|
81 |
+ g_free (self->response[i].resp);
|
|
82 |
+ }
|
8393
|
83 |
+ g_free (self->message);
|
9768
|
84 |
+ g_free (self->response);
|
8393
|
85 |
+ g_free (self->privspec);
|
|
86 |
}
|
|
87 |
|
|
88 |
static void
|
14430
|
89 |
@@ -446,7 +481,7 @@
|
8393
|
90 |
g_strfreev (tmpv);
|
|
91 |
|
|
92 |
/* get the authorization token */
|
|
93 |
- tmp = g_strdup_printf ("/usr/X11R6/bin/xauth list %s | "
|
|
94 |
+ tmp = g_strdup_printf ("/usr/bin/xauth list %s | "
|
|
95 |
"head -1 | awk '{ print $3 }'",
|
|
96 |
context->display);
|
|
97 |
if ((xauth_output = popen (tmp, "r")) == NULL)
|
14430
|
98 |
@@ -526,10 +561,7 @@
|
8591
|
99 |
in = open(fn, O_RDONLY);
|
|
100 |
if (in == -1)
|
|
101 |
{
|
|
102 |
- fprintf (stderr,
|
|
103 |
- _("Error copying '%s' to '%s': %s"),
|
|
104 |
- fn, dir, strerror(errno));
|
|
105 |
- return TRUE;
|
|
106 |
+ return FALSE;
|
|
107 |
}
|
|
108 |
|
|
109 |
while ((r = read(in, buf, BUFSIZ)) > 0)
|
15661
|
110 |
@@ -550,14 +582,34 @@
|
8591
|
111 |
fn, dir, strerror(errno));
|
|
112 |
return TRUE;
|
|
113 |
}
|
|
114 |
-
|
|
115 |
+
|
|
116 |
return FALSE;
|
|
117 |
}
|
|
118 |
|
15661
|
119 |
+static gchar *
|
|
120 |
+sudo_get_home_dir (GksuContext *context)
|
|
121 |
+{
|
|
122 |
+ struct passwd *pwentry;
|
|
123 |
+
|
|
124 |
+ pwentry = getpwnam (gksu_context_get_user (context));
|
|
125 |
+ return g_strdup (pwentry->pw_dir);
|
|
126 |
+}
|
|
127 |
+
|
|
128 |
+
|
|
129 |
+static void
|
|
130 |
+sudo_reset_home_dir (gchar *home_env)
|
|
131 |
+{
|
|
132 |
+ /* reset the env var as it was before or clear it */
|
|
133 |
+ if (home_env)
|
|
134 |
+ setenv ("HOME", home_env, TRUE);
|
|
135 |
+ else
|
|
136 |
+ unsetenv("HOME");
|
|
137 |
+}
|
|
138 |
+
|
8393
|
139 |
static gboolean
|
|
140 |
sudo_prepare_xauth (GksuContext *context)
|
|
141 |
{
|
|
142 |
- gchar template[] = "/tmp/" PACKAGE "-XXXXXX";
|
|
143 |
+ gchar template[] = "/tmp/" PACKAGE_NAME "-XXXXXX";
|
|
144 |
gboolean error_copying = FALSE;
|
|
145 |
gchar *xauth = NULL;
|
|
146 |
|
15661
|
147 |
@@ -591,9 +643,9 @@
|
7853
|
148 |
else
|
|
149 |
unsetenv ("XAUTHORITY");
|
|
150 |
|
|
151 |
- if (context->debug)
|
|
152 |
- fprintf (stderr, "xauth: %s\nxauth_env: %s\ndir: %s\n",
|
|
153 |
- xauth, xauth_env, context->dir);
|
|
154 |
+// if (context->debug)
|
|
155 |
+// fprintf (stderr, "xauth: %s\nxauth_env: %s\ndir: %s\n",
|
|
156 |
+// xauth, xauth_env, context->dir);
|
|
157 |
|
|
158 |
unlink (xauth);
|
|
159 |
rmdir (context->dir);
|
15661
|
160 |
@@ -673,6 +725,7 @@
|
8393
|
161 |
}
|
|
162 |
#endif
|
|
163 |
|
|
164 |
+#ifndef __sun
|
|
165 |
gboolean
|
|
166 |
try_su_run (GksuContext *context)
|
|
167 |
{
|
15661
|
168 |
@@ -682,7 +735,94 @@
|
8393
|
169 |
|
|
170 |
gboolean need_pass = TRUE;
|
|
171 |
|
|
172 |
+#ifdef __sun
|
|
173 |
+ int slave;
|
|
174 |
+ char *slave_name;
|
|
175 |
+ void *sig_saved;
|
|
176 |
+ int fd;
|
|
177 |
+
|
|
178 |
+ fdpty = open("/dev/ptmx", O_RDWR|O_NOCTTY); /* open master */
|
|
179 |
+ sig_saved = signal(SIGCHLD, SIG_DFL);
|
|
180 |
+ grantpt(fdpty); /* change permission of slave */
|
|
181 |
+ unlockpt(fdpty); /* unlock slave */
|
|
182 |
+ signal(SIGCHLD,sig_saved);
|
|
183 |
+ slave_name = ptsname(fdpty); /* get name of slave */
|
|
184 |
+ slave = open(slave_name, O_RDWR); /* open slave */
|
|
185 |
+ ioctl(slave, I_PUSH, "ptem"); /* push ptem */
|
|
186 |
+ ioctl(slave, I_PUSH, "ldterm"); /* push ldterm*/
|
|
187 |
+ ioctl(slave, I_PUSH, "ttcompat"); /* push ttcompat*/
|
|
188 |
+ if (fdpty < 0 || slave < 0) {
|
|
189 |
+ pid = -1;
|
|
190 |
+ } else {
|
|
191 |
+ switch (pid = fork()) {
|
|
192 |
+ case -1: break;
|
|
193 |
+ case 0:
|
|
194 |
+ /* First disconnect from the old controlling tty. */
|
|
195 |
+#ifdef TIOCNOTTY
|
|
196 |
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
|
|
197 |
+ if (fd >= 0) {
|
|
198 |
+ (void) ioctl(fd, TIOCNOTTY, NULL);
|
|
199 |
+ close(fd);
|
|
200 |
+ }
|
|
201 |
+#endif /* TIOCNOTTY */
|
|
202 |
+
|
|
203 |
+ if (setsid() < 0) {
|
|
204 |
+ pid = -1;
|
|
205 |
+ break;
|
|
206 |
+ }
|
|
207 |
+
|
|
208 |
+ /*
|
|
209 |
+ * Verify that we are successfully disconnected from the
|
|
210 |
+ * controlling tty.
|
|
211 |
+ */
|
|
212 |
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
|
|
213 |
+ if (fd >= 0) {
|
|
214 |
+ pid = -1;
|
|
215 |
+ close(fd);
|
|
216 |
+ break;
|
|
217 |
+ }
|
|
218 |
+
|
|
219 |
+ /* Make it our controlling tty. */
|
|
220 |
+#ifdef TIOCSCTTY
|
|
221 |
+ if (ioctl(slave, TIOCSCTTY, NULL) < 0) {
|
|
222 |
+ pid = -1;
|
|
223 |
+ break;
|
|
224 |
+ }
|
|
225 |
+#endif /* TIOCSCTTY */
|
|
226 |
+ fd = open(slave_name, O_RDWR);
|
|
227 |
+ if (fd < 0) {
|
|
228 |
+ pid = -1;
|
|
229 |
+ break;
|
|
230 |
+ } else {
|
|
231 |
+ close(fd);
|
|
232 |
+ }
|
|
233 |
+
|
|
234 |
+ /* Verify that we now have a controlling tty. */
|
|
235 |
+ fd = open("/dev/tty", O_WRONLY);
|
|
236 |
+ if (fd < 0) {
|
|
237 |
+ pid = -1;
|
|
238 |
+ break;
|
|
239 |
+ } else {
|
|
240 |
+ close(fd);
|
|
241 |
+ }
|
|
242 |
+ (void) close(fdpty);
|
|
243 |
+ (void) dup2(slave, 0);
|
|
244 |
+ (void) dup2(slave, 1);
|
|
245 |
+ (void) dup2(slave, 2);
|
|
246 |
+ if (slave > 2)
|
|
247 |
+ (void) close(slave);
|
|
248 |
+ pid = 0;
|
|
249 |
+ break;
|
|
250 |
+ default:
|
|
251 |
+ /*
|
|
252 |
+ * parent
|
|
253 |
+ */
|
|
254 |
+ (void) close(slave);
|
|
255 |
+ }
|
|
256 |
+ }
|
|
257 |
+#else
|
|
258 |
pid = forkpty (&fdpty, NULL, NULL, NULL);
|
|
259 |
+#endif
|
|
260 |
if (pid == 0)
|
|
261 |
{
|
|
262 |
gchar **cmd = g_malloc (sizeof(gchar*)*7);
|
15661
|
263 |
@@ -801,12 +941,12 @@
|
8393
|
264 |
int i = 0;
|
|
265 |
gboolean auth_failed = FALSE;
|
|
266 |
|
|
267 |
- gchar auxcommand[] = PREFIX "/lib/" PACKAGE "/gksu-run-helper";
|
|
268 |
+ gchar auxcommand[] = PREFIX "/lib/" PACKAGE_NAME "/gksu-run-helper";
|
|
269 |
|
|
270 |
int fdpty;
|
|
271 |
pid_t pid;
|
|
272 |
|
|
273 |
- gksu_quark = g_quark_from_string (PACKAGE);
|
|
274 |
+ gksu_quark = g_quark_from_string (PACKAGE_NAME);
|
|
275 |
|
|
276 |
if (!context->command)
|
|
277 |
{
|
15661
|
278 |
@@ -830,7 +970,94 @@
|
8393
|
279 |
*/
|
|
280 |
prepare_xauth (context);
|
|
281 |
|
|
282 |
+#ifdef __sun
|
|
283 |
+ int slave;
|
|
284 |
+ char *slave_name;
|
|
285 |
+ void *sig_saved;
|
|
286 |
+ int fd;
|
|
287 |
+
|
|
288 |
+ fdpty = open("/dev/ptmx", O_RDWR|O_NOCTTY); /* open master */
|
|
289 |
+ sig_saved = signal(SIGCHLD, SIG_DFL);
|
|
290 |
+ grantpt(fdpty); /* change permission of slave */
|
|
291 |
+ unlockpt(fdpty); /* unlock slave */
|
|
292 |
+ signal(SIGCHLD,sig_saved);
|
|
293 |
+ slave_name = ptsname(fdpty); /* get name of slave */
|
|
294 |
+ slave = open(slave_name, O_RDWR); /* open slave */
|
|
295 |
+ ioctl(slave, I_PUSH, "ptem"); /* push ptem */
|
|
296 |
+ ioctl(slave, I_PUSH, "ldterm"); /* push ldterm*/
|
|
297 |
+ ioctl(slave, I_PUSH, "ttcompat"); /* push ttcompat*/
|
|
298 |
+ if (fdpty < 0 || slave < 0) {
|
|
299 |
+ pid = -1;
|
|
300 |
+ } else {
|
|
301 |
+ switch (pid = fork()) {
|
|
302 |
+ case -1: break;
|
|
303 |
+ case 0:
|
|
304 |
+ /* First disconnect from the old controlling tty. */
|
|
305 |
+#ifdef TIOCNOTTY
|
|
306 |
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
|
|
307 |
+ if (fd >= 0) {
|
|
308 |
+ (void) ioctl(fd, TIOCNOTTY, NULL);
|
|
309 |
+ close(fd);
|
|
310 |
+ }
|
|
311 |
+#endif /* TIOCNOTTY */
|
|
312 |
+
|
|
313 |
+ if (setsid() < 0) {
|
|
314 |
+ pid = -1;
|
|
315 |
+ break;
|
|
316 |
+ }
|
|
317 |
+
|
|
318 |
+ /*
|
|
319 |
+ * Verify that we are successfully disconnected from the
|
|
320 |
+ * controlling tty.
|
|
321 |
+ */
|
|
322 |
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
|
|
323 |
+ if (fd >= 0) {
|
|
324 |
+ pid = -1;
|
|
325 |
+ close(fd);
|
|
326 |
+ break;
|
|
327 |
+ }
|
|
328 |
+
|
|
329 |
+ /* Make it our controlling tty. */
|
|
330 |
+#ifdef TIOCSCTTY
|
|
331 |
+ if (ioctl(slave, TIOCSCTTY, NULL) < 0) {
|
|
332 |
+ pid = -1;
|
|
333 |
+ break;
|
|
334 |
+ }
|
|
335 |
+#endif /* TIOCSCTTY */
|
|
336 |
+ fd = open(slave_name, O_RDWR);
|
|
337 |
+ if (fd < 0) {
|
|
338 |
+ pid = -1;
|
|
339 |
+ break;
|
|
340 |
+ } else {
|
|
341 |
+ close(fd);
|
|
342 |
+ }
|
|
343 |
+
|
|
344 |
+ /* Verify that we now have a controlling tty. */
|
|
345 |
+ fd = open("/dev/tty", O_WRONLY);
|
|
346 |
+ if (fd < 0) {
|
|
347 |
+ pid = -1;
|
|
348 |
+ break;
|
|
349 |
+ } else {
|
|
350 |
+ close(fd);
|
|
351 |
+ }
|
|
352 |
+ (void) close(fdpty);
|
|
353 |
+ (void) dup2(slave, 0);
|
|
354 |
+ (void) dup2(slave, 1);
|
|
355 |
+ (void) dup2(slave, 2);
|
|
356 |
+ if (slave > 2)
|
|
357 |
+ (void) close(slave);
|
|
358 |
+ pid = 0;
|
|
359 |
+ break;
|
|
360 |
+ default:
|
|
361 |
+ /*
|
|
362 |
+ * parent
|
|
363 |
+ */
|
|
364 |
+ (void) close(slave);
|
|
365 |
+ }
|
|
366 |
+ }
|
|
367 |
+#else
|
|
368 |
pid = forkpty (&fdpty, NULL, NULL, NULL);
|
|
369 |
+#endif
|
|
370 |
if (pid == 0)
|
|
371 |
{
|
|
372 |
gchar **cmd = g_malloc (sizeof(gchar*)*7);
|
15661
|
373 |
@@ -1060,6 +1287,7 @@
|
8393
|
374 |
|
|
375 |
return 0;
|
|
376 |
}
|
|
377 |
+#endif
|
|
378 |
|
|
379 |
static gboolean
|
|
380 |
try_sudo_validation (GksuContext *context)
|
15661
|
381 |
@@ -1238,7 +1466,7 @@
|
8393
|
382 |
int parent_pipe[2]; /* For talking to the parent */
|
|
383 |
int child_pipe[2]; /* For talking to the child */
|
|
384 |
|
|
385 |
- gksu_quark = g_quark_from_string (PACKAGE);
|
|
386 |
+ gksu_quark = g_quark_from_string (PACKAGE_NAME);
|
|
387 |
|
|
388 |
if (!context->command)
|
|
389 |
{
|
15661
|
390 |
@@ -1496,3 +1724,1184 @@
|
7853
|
391 |
return FALSE;
|
|
392 |
}
|
|
393 |
|
8393
|
394 |
+gboolean
|
9768
|
395 |
+parse_embedded_su_output (GksuContext *context, char *outline, int *num)
|
7853
|
396 |
+{
|
|
397 |
+ char *buf;
|
|
398 |
+ char *prompt;
|
9819
|
399 |
+ gboolean complete_block_read; /* Set if we have not parsed complete block */
|
7853
|
400 |
+
|
|
401 |
+ if (context->debug)
|
|
402 |
+ fprintf (stderr, "Output from Child: %s\n", outline);
|
|
403 |
+
|
|
404 |
+ /* Now process items from the child. */
|
9819
|
405 |
+ complete_block_read = FALSE;
|
7853
|
406 |
+ if (outline != NULL) {
|
9768
|
407 |
+
|
|
408 |
+ if (*num == context->msg_num) {
|
|
409 |
+ if ( strncmp (outline, "SUCCESS", strlen("SUCCESS") ) == 0 ) {
|
|
410 |
+ context->msg_type = ES_SUCCESS;
|
9819
|
411 |
+ complete_block_read = TRUE;
|
9768
|
412 |
+ } else if ( strncmp (outline, "ERROR", strlen("ERROR") ) == 0 ) {
|
|
413 |
+ context->msg_type = ES_ERROR;
|
9819
|
414 |
+ complete_block_read = TRUE;
|
9768
|
415 |
+ } else if ( strncmp (outline, "CONV", strlen("CONV") ) == 0) {
|
|
416 |
+ sscanf(outline, "CONV %d", &(context->msg_num) );
|
|
417 |
+ context->message = (struct pam_message *)g_malloc ( sizeof(struct pam_message)*context->msg_num );
|
|
418 |
+ context->response = (struct pam_response *)g_malloc ( sizeof(struct pam_response)*context->msg_num );
|
14761
|
419 |
+ for (int i=0; i<context->msg_num; i++) {
|
|
420 |
+ context->message[i].msg = NULL;
|
|
421 |
+ context->response[i].resp = NULL;
|
|
422 |
+ }
|
9768
|
423 |
+ *num = 0;
|
9819
|
424 |
+ complete_block_read = TRUE;
|
|
425 |
+ }
|
|
426 |
+ else {
|
|
427 |
+ context->msg_type = 0;
|
|
428 |
+ complete_block_read = TRUE;
|
9768
|
429 |
+ }
|
|
430 |
+ } else {
|
|
431 |
+ if ( strncmp (outline, ".", 1) == 0 ) {
|
|
432 |
+ (*num)++;
|
9819
|
433 |
+ complete_block_read = TRUE;
|
9768
|
434 |
+ } else if ( strncmp ( outline, "PAM_PROMPT_ECHO_ON", strlen("PAM_PROMPT_ECHO_ON") ) == 0 ) {
|
|
435 |
+ context->message[*num].msg_style = PAM_PROMPT_ECHO_ON;
|
|
436 |
+ } else if ( strncmp ( outline, "PAM_PROMPT_ECHO_OFF", strlen("PAM_PROMPT_ECHO_OFF") ) == 0 ) {
|
|
437 |
+ context->message[*num].msg_style = PAM_PROMPT_ECHO_OFF;
|
|
438 |
+ } else if ( strncmp ( outline, "PAM_ERROR_MSG", strlen("PAM_ERROR_MSG") ) == 0 ) {
|
|
439 |
+ context->message[*num].msg_style = PAM_ERROR_MSG;
|
|
440 |
+ } else if ( strncmp ( outline, "PAM_TEXT_INFO", strlen("PAM_TEXT_INFO") ) == 0 ) {
|
|
441 |
+ context->message[*num].msg_style = PAM_TEXT_INFO;
|
|
442 |
+ } else {
|
|
443 |
+ switch (context->message[*num].msg_style) {
|
|
444 |
+ case PAM_PROMPT_ECHO_OFF:
|
|
445 |
+ case PAM_PROMPT_ECHO_ON:
|
|
446 |
+ if ( context->message[*num].msg == NULL )
|
|
447 |
+ context->message[*num].msg = strdup(outline);
|
|
448 |
+ context->msg_type = ES_PASSWORD;
|
|
449 |
+ break;
|
|
450 |
+ case PAM_ERROR_MSG:
|
|
451 |
+ case PAM_TEXT_INFO:
|
|
452 |
+ if ( context->message[*num].msg == NULL )
|
|
453 |
+ context->message[*num].msg = strdup(outline);
|
14761
|
454 |
+ if (context->debug)
|
|
455 |
+ {
|
|
456 |
+ fprintf (stderr, "message[*num].msg = %s\n", context->message[0].msg);
|
|
457 |
+ }
|
9768
|
458 |
+ break;
|
|
459 |
+ default:
|
|
460 |
+ break;
|
|
461 |
+ }
|
|
462 |
+ }
|
7853
|
463 |
+ }
|
|
464 |
+ }
|
9819
|
465 |
+ return complete_block_read;
|
7853
|
466 |
+}
|
|
467 |
+
|
|
468 |
+
|
|
469 |
+
|
|
470 |
+static gboolean
|
|
471 |
+try_embedded_su_validation (GksuContext *context)
|
|
472 |
+{
|
|
473 |
+ char **cmd;
|
|
474 |
+ int argcount = 4;
|
9819
|
475 |
+ char buffer[MAX_BUFFER_SIZE];
|
7853
|
476 |
+
|
|
477 |
+ pid_t pid;
|
|
478 |
+ int status;
|
|
479 |
+ size_t r;
|
|
480 |
+ FILE *infile, *outfile;
|
|
481 |
+ int parent_pipe[2]; /* For talking to the parent */
|
|
482 |
+ int child_pipe[2]; /* For talking to the child */
|
|
483 |
+
|
|
484 |
+ gboolean need_pass = TRUE;
|
|
485 |
+
|
9819
|
486 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
7853
|
487 |
+
|
|
488 |
+ if ((pipe(parent_pipe)) == -1)
|
|
489 |
+ return TRUE;
|
|
490 |
+
|
|
491 |
+ if ((pipe(child_pipe)) == -1)
|
|
492 |
+ return TRUE;
|
|
493 |
+
|
|
494 |
+ cmd = g_new (gchar *, argcount + 1);
|
|
495 |
+
|
|
496 |
+ argcount = 0;
|
|
497 |
+
|
|
498 |
+ /* embedded_su binary */
|
|
499 |
+ cmd[argcount] = g_strdup("/usr/lib/embedded_su");
|
|
500 |
+ argcount++;
|
|
501 |
+
|
|
502 |
+ if (context->login_shell)
|
|
503 |
+ {
|
|
504 |
+ cmd[argcount] = g_strdup ("-"); argcount++;
|
|
505 |
+ }
|
|
506 |
+
|
|
507 |
+ cmd[argcount] = g_strdup (context->user);
|
|
508 |
+ argcount++;
|
|
509 |
+
|
8489
|
510 |
+ cmd[argcount] = g_strdup ("-c");
|
|
511 |
+ argcount++;
|
|
512 |
+
|
|
513 |
+ cmd[argcount] = g_strdup ("echo > /dev/null");
|
|
514 |
+ argcount++;
|
|
515 |
+
|
7853
|
516 |
+ cmd[argcount] = NULL;
|
|
517 |
+
|
|
518 |
+ pid = fork();
|
|
519 |
+ if (pid == -1)
|
|
520 |
+ return TRUE;
|
|
521 |
+ else if (pid == 0)
|
|
522 |
+ {
|
|
523 |
+ // Child
|
|
524 |
+ close(child_pipe[1]);
|
|
525 |
+ dup2(child_pipe[0], STDIN_FILENO);
|
|
526 |
+ dup2(parent_pipe[1], STDOUT_FILENO);
|
|
527 |
+
|
9177
|
528 |
+ execv(cmd[0], cmd);
|
7853
|
529 |
+
|
|
530 |
+ return TRUE;
|
|
531 |
+ }
|
|
532 |
+ else
|
|
533 |
+ {
|
|
534 |
+ // Parent
|
|
535 |
+ close(parent_pipe[1]);
|
|
536 |
+
|
|
537 |
+ infile = fdopen(parent_pipe[0], "r");
|
|
538 |
+ if (!infile)
|
|
539 |
+ return TRUE;
|
|
540 |
+
|
|
541 |
+ outfile = fdopen(child_pipe[1], "w");
|
|
542 |
+ if (!outfile)
|
|
543 |
+ return TRUE;
|
|
544 |
+
|
|
545 |
+ // start conversation with embedded_su
|
8393
|
546 |
+ write (child_pipe[1], ".\n", 2);
|
7853
|
547 |
+
|
|
548 |
+
|
|
549 |
+ /*
|
|
550 |
+ we are expecting to receive a GNOME_SUDO_PASS
|
|
551 |
+ if we don't there are two possibilities: an error
|
|
552 |
+ or a password is not needed
|
|
553 |
+ */
|
8393
|
554 |
+ gboolean embedded_su_conv = FALSE;
|
9768
|
555 |
+ int n = 0;
|
7853
|
556 |
+
|
8393
|
557 |
+ while ( 1 )
|
|
558 |
+ {
|
9819
|
559 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
|
560 |
+ r = fgets (buffer, MAX_BUFFER_SIZE-1, infile);
|
8393
|
561 |
+ if (context->debug)
|
|
562 |
+ fprintf (stderr, "buffer: -%s-\n", buffer);
|
7853
|
563 |
+
|
9819
|
564 |
+ if ( parse_embedded_su_output (context, buffer, &n) == FALSE ) {
|
|
565 |
+ /* We've started to parse a conversation block, but need more */
|
|
566 |
+ continue;
|
|
567 |
+ }
|
8393
|
568 |
+
|
7853
|
569 |
+ switch (context->msg_type) {
|
|
570 |
+ case ES_SUCCESS:
|
8393
|
571 |
+ if (context->debug)
|
7853
|
572 |
+ fprintf (stderr, "We won't need a password, it seems!\n");
|
8393
|
573 |
+
|
|
574 |
+ embedded_su_conv = FALSE;
|
7853
|
575 |
+ need_pass = FALSE;
|
|
576 |
+ break;
|
|
577 |
+
|
|
578 |
+ case ES_ERROR:
|
8393
|
579 |
+ embedded_su_conv = FALSE;
|
7853
|
580 |
+ break;
|
|
581 |
+
|
8393
|
582 |
+ case ES_PASSWORD:
|
7853
|
583 |
+ if (context->debug)
|
8393
|
584 |
+ fprintf (stderr, "Yeah, we're in...\n");
|
|
585 |
+
|
|
586 |
+ write (child_pipe[1], "\n", 1);
|
|
587 |
+ kill (pid, SIGKILL);
|
|
588 |
+ embedded_su_conv = FALSE;
|
7853
|
589 |
+ break;
|
|
590 |
+
|
|
591 |
+ default:
|
8393
|
592 |
+ embedded_su_conv = TRUE;
|
7853
|
593 |
+ break;
|
8393
|
594 |
+ }
|
|
595 |
+
|
|
596 |
+ if (!embedded_su_conv)
|
|
597 |
+ {
|
|
598 |
+ if (context->debug)
|
|
599 |
+ fprintf (stderr, "I'm going to break!\n");
|
|
600 |
+ break;
|
|
601 |
+ }
|
|
602 |
+
|
7853
|
603 |
+ }
|
|
604 |
+
|
8393
|
605 |
+// kill (pid, SIGKILL);
|
7853
|
606 |
+
|
|
607 |
+// g_timeout_add(3000, ack_killed_child, GINT_TO_POINTER(pid));
|
|
608 |
+
|
|
609 |
+
|
|
610 |
+ while (!waitpid (pid, &status, WNOHANG))
|
|
611 |
+ {
|
9819
|
612 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
|
613 |
+ if(!fgets (buffer, MAX_BUFFER_SIZE-1, infile))
|
7853
|
614 |
+ break;
|
|
615 |
+ fprintf (stderr, "%s", buffer);
|
|
616 |
+ }
|
|
617 |
+
|
|
618 |
+
|
|
619 |
+ /* make sure we did read everything */
|
|
620 |
+
|
|
621 |
+ while (1)
|
|
622 |
+ {
|
9819
|
623 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
|
624 |
+ if(!fread (buffer, sizeof(gchar), MAX_BUFFER_SIZE-1, infile))
|
7853
|
625 |
+ break;
|
|
626 |
+ fprintf (stderr, "%s", buffer);
|
|
627 |
+ fflush (stderr);
|
|
628 |
+ }
|
|
629 |
+
|
|
630 |
+ }
|
|
631 |
+
|
|
632 |
+ return need_pass;
|
|
633 |
+}
|
|
634 |
+
|
|
635 |
+/**
|
|
636 |
+ * gksu_context_embedded_su_try_need_password
|
|
637 |
+ * @context: a #GksuContext
|
|
638 |
+ *
|
|
639 |
+ * Checks if we need to ask for a password or if we have ways of
|
|
640 |
+ * getting the password for ourselves or we simply don't need it.
|
|
641 |
+ *
|
|
642 |
+ * Returns: TRUE if requesting a password is needed, FALSE otherwise.
|
|
643 |
+ *
|
|
644 |
+ */
|
|
645 |
+gboolean
|
|
646 |
+gksu_context_embedded_su_try_need_password (GksuContext *context)
|
|
647 |
+{
|
|
648 |
+ if (!try_embedded_su_validation (context))
|
|
649 |
+ return FALSE;
|
|
650 |
+
|
|
651 |
+ return TRUE;
|
|
652 |
+}
|
|
653 |
+
|
|
654 |
+/**
|
|
655 |
+ * gksu_context_embedded_su_run:
|
|
656 |
+ * @context: a #GksuContext
|
|
657 |
+ * @error: a #GError object to be filled with the error code or NULL
|
|
658 |
+ *
|
|
659 |
+ * This could be considered one of the main functions in GKSu.
|
|
660 |
+ * it is responsible for doing the 'user changing' magic by
|
|
661 |
+ * calling gksu_ask_password() if it needs the user's password
|
|
662 |
+ * it behaves like sudo.
|
|
663 |
+ *
|
|
664 |
+ * Returns: the child's error status, 0 if all went fine, -1 if failed
|
|
665 |
+ */
|
|
666 |
+gboolean
|
|
667 |
+gksu_context_embedded_su_run (GksuContext *context, GError **error)
|
|
668 |
+{
|
|
669 |
+ char **cmd;
|
9819
|
670 |
+ char buffer[MAX_BUFFER_SIZE];
|
7853
|
671 |
+ int argcount = 8;
|
|
672 |
+ int i, j;
|
|
673 |
+
|
|
674 |
+ GQuark gksu_quark;
|
|
675 |
+
|
|
676 |
+ gchar *xauth = NULL,
|
|
677 |
+ *xauth_env = NULL;
|
15661
|
678 |
+ gchar *home = NULL,
|
|
679 |
+ *home_env = NULL;
|
7853
|
680 |
+
|
|
681 |
+ pid_t pid;
|
|
682 |
+ int status;
|
|
683 |
+ size_t r;
|
|
684 |
+ FILE *infile, *outfile;
|
|
685 |
+ int parent_pipe[2]; /* For talking to the parent */
|
|
686 |
+ int child_pipe[2]; /* For talking to the child */
|
|
687 |
+
|
8393
|
688 |
+ gksu_quark = g_quark_from_string (PACKAGE_NAME);
|
7853
|
689 |
+
|
|
690 |
+ if (!context->command)
|
|
691 |
+ {
|
|
692 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_NOCOMMAND,
|
|
693 |
+ _("gksu_sudo_run needs a command to be run, "
|
|
694 |
+ "none was provided."));
|
|
695 |
+ return -1;
|
|
696 |
+ }
|
|
697 |
+
|
|
698 |
+ /*
|
|
699 |
+ FIXME: need to check if we are in X
|
|
700 |
+ */
|
|
701 |
+ if (sudo_prepare_xauth (context) == 1)
|
|
702 |
+ {
|
|
703 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_XAUTH,
|
|
704 |
+ _("Unable to copy the user's Xauthorization file."));
|
|
705 |
+ return -1;
|
|
706 |
+ }
|
|
707 |
+
|
|
708 |
+ /* sets XAUTHORITY */
|
|
709 |
+ xauth = g_strdup_printf ("%s/.Xauthority", context->dir);
|
|
710 |
+ xauth_env = getenv ("XAUTHORITY");
|
|
711 |
+ setenv ("XAUTHORITY", xauth, TRUE);
|
|
712 |
+
|
15661
|
713 |
+ /*
|
|
714 |
+ * Check if the HOME environment variable is set in the user's
|
|
715 |
+ * environment. If so unset it:
|
|
716 |
+ * This will ensure that apps that require write
|
|
717 |
+ * permission eg. gconf client applications, will work.
|
|
718 |
+ */
|
|
719 |
+ home_env = getenv ("HOME");
|
|
720 |
+ home = sudo_get_home_dir (context);
|
|
721 |
+ setenv ("HOME", home, TRUE);
|
|
722 |
+
|
|
723 |
+ if (context->debug)
|
7853
|
724 |
+ {
|
15661
|
725 |
+ fprintf (stderr, "HOME: %s\n", home);
|
7853
|
726 |
+ fprintf (stderr, "xauth: %s\n", xauth);
|
|
727 |
+ }
|
|
728 |
+
|
15661
|
729 |
+ g_free(home);
|
7853
|
730 |
+ cmd = g_new (gchar *, argcount + 1);
|
|
731 |
+
|
|
732 |
+ argcount = 0;
|
|
733 |
+
|
|
734 |
+ /* embedded_su binary */
|
|
735 |
+ cmd[argcount] = g_strdup("/usr/lib/embedded_su");
|
|
736 |
+ argcount++;
|
|
737 |
+
|
|
738 |
+ if (context->login_shell)
|
|
739 |
+ {
|
|
740 |
+ cmd[argcount] = g_strdup("-");
|
|
741 |
+ argcount++;
|
|
742 |
+ }
|
|
743 |
+
|
|
744 |
+ /* user */
|
|
745 |
+ cmd[argcount] = g_strdup(context->user);
|
|
746 |
+ argcount++;
|
|
747 |
+
|
8393
|
748 |
+ /* command */
|
7853
|
749 |
+ cmd[argcount] = g_strdup("-c");
|
|
750 |
+ argcount++;
|
|
751 |
+
|
|
752 |
+ cmd[argcount] = g_strdup_printf("%s", context->command);
|
|
753 |
+ argcount++;
|
|
754 |
+
|
|
755 |
+
|
|
756 |
+ cmd[argcount] = NULL;
|
|
757 |
+
|
|
758 |
+ if (context->debug)
|
|
759 |
+ {
|
|
760 |
+ for (i = 0; cmd[i] != NULL; i++)
|
|
761 |
+ fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
|
|
762 |
+ }
|
|
763 |
+
|
|
764 |
+ if ((pipe(parent_pipe)) == -1)
|
|
765 |
+ {
|
|
766 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
767 |
+ _("Error creating pipe: %s"),
|
|
768 |
+ strerror(errno));
|
|
769 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
770 |
+ sudo_reset_home_dir (home_env);
|
7853
|
771 |
+ return -1;
|
|
772 |
+ }
|
|
773 |
+
|
|
774 |
+ if ((pipe(child_pipe)) == -1)
|
|
775 |
+ {
|
|
776 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
777 |
+ _("Error creating pipe: %s"),
|
|
778 |
+ strerror(errno));
|
|
779 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
780 |
+ sudo_reset_home_dir (home_env);
|
7853
|
781 |
+ return -1;
|
|
782 |
+ }
|
|
783 |
+
|
|
784 |
+ pid = fork();
|
|
785 |
+ if (pid == -1)
|
|
786 |
+ {
|
|
787 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_FORK,
|
|
788 |
+ _("Failed to fork new process: %s"),
|
|
789 |
+ strerror(errno));
|
|
790 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
791 |
+ sudo_reset_home_dir (home_env);
|
7853
|
792 |
+ return -1;
|
|
793 |
+ }
|
|
794 |
+ else if (pid == 0)
|
|
795 |
+ {
|
|
796 |
+ // Child
|
8393
|
797 |
+ setsid(); // make us session leader
|
7853
|
798 |
+ close(child_pipe[1]);
|
|
799 |
+ dup2(child_pipe[0], STDIN_FILENO);
|
|
800 |
+ dup2(parent_pipe[1], STDERR_FILENO);
|
|
801 |
+ dup2(parent_pipe[1], STDOUT_FILENO);
|
|
802 |
+
|
9177
|
803 |
+ execv(cmd[0], cmd);
|
7853
|
804 |
+
|
|
805 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_EXEC,
|
|
806 |
+ _("Failed to exec new process: %s"),
|
|
807 |
+ strerror(errno));
|
|
808 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
809 |
+ sudo_reset_home_dir (home_env);
|
7853
|
810 |
+ return -1;
|
|
811 |
+ }
|
|
812 |
+ else
|
|
813 |
+ {
|
|
814 |
+ gboolean auth_failed = FALSE;
|
|
815 |
+
|
|
816 |
+ // Parent
|
|
817 |
+ close(parent_pipe[1]);
|
|
818 |
+
|
|
819 |
+ infile = fdopen(parent_pipe[0], "r");
|
|
820 |
+ if (!infile)
|
|
821 |
+ {
|
|
822 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
823 |
+ _("Error opening pipe: %s"),
|
|
824 |
+ strerror(errno));
|
|
825 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
826 |
+ sudo_reset_home_dir (home_env);
|
7853
|
827 |
+ return -1;
|
|
828 |
+ }
|
|
829 |
+
|
|
830 |
+ outfile = fdopen(child_pipe[1], "w");
|
|
831 |
+ if (!outfile)
|
|
832 |
+ {
|
|
833 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
834 |
+ _("Error opening pipe: %s"),
|
|
835 |
+ strerror(errno));
|
|
836 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
837 |
+ sudo_reset_home_dir (home_env);
|
7853
|
838 |
+ return -1;
|
|
839 |
+ }
|
|
840 |
+ context->stdin_fd = parent_pipe[0];
|
|
841 |
+ context->stdout_fd = child_pipe[1];
|
8393
|
842 |
+ context->stdin_file = infile;
|
|
843 |
+ context->stdout_file = outfile;
|
9235
|
844 |
+ setvbuf (context->stdin_file, NULL, _IONBF, 0);
|
|
845 |
+ fcntl (context->stdin_fd, F_SETFL, 0);
|
7853
|
846 |
+ context->child_pid = pid;
|
8393
|
847 |
+
|
7853
|
848 |
+ // start conversation with embedded_su
|
|
849 |
+ write (child_pipe[1], ".\n", 2);
|
|
850 |
+
|
|
851 |
+ /*
|
|
852 |
+ we are expecting to receive a GNOME_SUDO_PASS
|
|
853 |
+ if we don't there are two possibilities: an error
|
|
854 |
+ or a password is not needed
|
|
855 |
+ */
|
|
856 |
+
|
|
857 |
+ gboolean embedded_su_conv = FALSE;
|
9768
|
858 |
+ int n = 0;
|
9819
|
859 |
+ gboolean found_dot = FALSE;
|
7853
|
860 |
+
|
|
861 |
+ while ( 1 )
|
|
862 |
+ {
|
9819
|
863 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
|
864 |
+ r = fgets (buffer, MAX_BUFFER_SIZE-1, infile);
|
|
865 |
+
|
7853
|
866 |
+ if (context->debug)
|
|
867 |
+ fprintf (stderr, "buffer: -%s-\n", buffer);
|
|
868 |
+
|
9819
|
869 |
+ if ( parse_embedded_su_output (context, buffer, &n) == FALSE ) {
|
|
870 |
+ /* We've started to parse a conversation block, but need more */
|
|
871 |
+ continue;
|
|
872 |
+ }
|
7853
|
873 |
+
|
|
874 |
+ switch (context->msg_type) {
|
|
875 |
+ case ES_SUCCESS:
|
8393
|
876 |
+ if (context->debug)
|
7853
|
877 |
+ fprintf (stderr, "We won't need a password, it seems!\n");
|
|
878 |
+ embedded_su_conv = FALSE;
|
|
879 |
+ break;
|
|
880 |
+
|
|
881 |
+ case ES_ERROR:
|
8393
|
882 |
+ auth_failed = TRUE;
|
7853
|
883 |
+ embedded_su_conv = FALSE;
|
|
884 |
+ break;
|
|
885 |
+
|
|
886 |
+ case ES_PASSWORD:
|
|
887 |
+ if (context->debug)
|
|
888 |
+ fprintf (stderr, "Yeah, we're in...\n");
|
|
889 |
+
|
|
890 |
+ if (context->password == NULL || (!strcmp (context->password, "")))
|
|
891 |
+ {
|
|
892 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_NOPASSWORD,
|
|
893 |
+ _("No password was supplied and sudo needs it."));
|
|
894 |
+ fprintf (outfile, "\n");
|
|
895 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
896 |
+ sudo_reset_home_dir (home_env);
|
7853
|
897 |
+ return -1;
|
|
898 |
+ }
|
|
899 |
+
|
|
900 |
+ write (child_pipe[1], context->password, strlen(context->password));
|
|
901 |
+ embedded_su_conv = TRUE;
|
|
902 |
+ break;
|
|
903 |
+
|
|
904 |
+ default:
|
|
905 |
+ embedded_su_conv = TRUE;
|
|
906 |
+ break;
|
|
907 |
+ }
|
8393
|
908 |
+
|
7853
|
909 |
+ if (!embedded_su_conv)
|
|
910 |
+ {
|
8393
|
911 |
+ if (context->debug)
|
|
912 |
+ fprintf (stderr, "I'm going to break!\n");
|
14761
|
913 |
+
|
|
914 |
+ if (context->msg_type == ES_ERROR && context->msg_num > 0 && context->message[0].msg != NULL)
|
|
915 |
+ {
|
15575
|
916 |
+ gchar *utf8 = NULL;
|
|
917 |
+
|
|
918 |
+ utf8 = g_locale_to_utf8 (context->message[0].msg, -1,
|
|
919 |
+ NULL, NULL, NULL);
|
|
920 |
+ if (utf8 == NULL)
|
|
921 |
+ utf8 = g_strdup (context->message[0].msg);
|
14761
|
922 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_WRONGPASS,
|
15575
|
923 |
+ utf8);
|
|
924 |
+ g_free (utf8);
|
14761
|
925 |
+ }
|
8393
|
926 |
+ break;
|
7853
|
927 |
+ }
|
|
928 |
+
|
|
929 |
+ }
|
14761
|
930 |
+
|
|
931 |
+
|
8393
|
932 |
+ if (!context->wait_for_child_to_exit) {
|
|
933 |
+ return FALSE;
|
7853
|
934 |
+ }
|
|
935 |
+
|
|
936 |
+ /* make sure we did read everything */
|
|
937 |
+ while (1)
|
|
938 |
+ {
|
8393
|
939 |
+
|
9819
|
940 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
|
941 |
+ if(!fgets (buffer, MAX_BUFFER_SIZE-1, infile))
|
7853
|
942 |
+ break;
|
|
943 |
+ fprintf (stderr, "%s", buffer);
|
|
944 |
+ fflush (stderr);
|
|
945 |
+ }
|
|
946 |
+
|
|
947 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
948 |
+ sudo_reset_home_dir (home_env);
|
7853
|
949 |
+
|
|
950 |
+ if (WIFEXITED(status))
|
|
951 |
+ {
|
|
952 |
+ if (WEXITSTATUS(status))
|
|
953 |
+ {
|
|
954 |
+ if (auth_failed)
|
|
955 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_WRONGPASS,
|
|
956 |
+ _("Wrong password."));
|
|
957 |
+ else
|
|
958 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_CHILDFAILED,
|
|
959 |
+ _("Child terminated with %d status"),
|
|
960 |
+ WEXITSTATUS(status));
|
|
961 |
+
|
|
962 |
+ return TRUE;
|
|
963 |
+ }
|
|
964 |
+ }
|
|
965 |
+
|
|
966 |
+ }
|
14761
|
967 |
+
|
7853
|
968 |
+ return FALSE;
|
|
969 |
+}
|
|
970 |
+
|
|
971 |
+gboolean
|
8393
|
972 |
+gksu_context_try_need_password (GksuContext *context)
|
7853
|
973 |
+{
|
8393
|
974 |
+ if ( (context->elevated_privilege) && (gksu_context_pfexec_try_run (context)))
|
7853
|
975 |
+ {
|
|
976 |
+ if (context->debug)
|
|
977 |
+ fprintf (stderr, "Enter pfexec mode!\n");
|
|
978 |
+ context->pfexec_mode = TRUE;
|
|
979 |
+ return FALSE;
|
|
980 |
+ } else
|
|
981 |
+ {
|
8393
|
982 |
+ context->pfexec_mode = FALSE;
|
7853
|
983 |
+ if ( context->debug )
|
|
984 |
+ fprintf (stderr, "Enter embedded_su mode!\n");
|
8393
|
985 |
+ if ( context->elevated_role )
|
|
986 |
+ gksu_context_set_role (context);
|
7853
|
987 |
+ if (context->debug)
|
|
988 |
+ fprintf (stderr, "Current role = %s\n", context->user);
|
|
989 |
+ return gksu_context_embedded_su_try_need_password (context);
|
|
990 |
+ }
|
|
991 |
+}
|
|
992 |
+
|
|
993 |
+
|
|
994 |
+gboolean
|
8393
|
995 |
+gksu_context_run (GksuContext *context, GError **error)
|
7853
|
996 |
+{
|
|
997 |
+ if (context->pfexec_mode)
|
|
998 |
+ gksu_context_pfexec_run (context, error);
|
|
999 |
+ else
|
|
1000 |
+ gksu_context_embedded_su_run (context, error);
|
|
1001 |
+}
|
|
1002 |
+
|
|
1003 |
+gboolean
|
|
1004 |
+gksu_context_pfexec_try_run (GksuContext *context)
|
|
1005 |
+{
|
|
1006 |
+
|
|
1007 |
+ struct passwd *pwd;
|
|
1008 |
+ gint ruid;
|
11932
|
1009 |
+ char command_line[MAX_BUFFER_SIZE];
|
|
1010 |
+ char *path, *dir, full_cmd[MAX_BUFFER_SIZE];
|
8393
|
1011 |
+ int i;
|
7853
|
1012 |
+ execattr_t *exec;
|
|
1013 |
+
|
11932
|
1014 |
+ exec = NULL;
|
7853
|
1015 |
+ ruid = getuid();
|
|
1016 |
+ pwd = getpwuid(ruid);
|
|
1017 |
+ if (pwd == NULL) {
|
11932
|
1018 |
+ /* fail if we cannot get password entry */
|
7853
|
1019 |
+ return FALSE;
|
|
1020 |
+ }
|
|
1021 |
+
|
8393
|
1022 |
+ for (i=0; ; i++) {
|
|
1023 |
+ if (context->command[i] == ' ' || context->command[i] == '\0') {
|
|
1024 |
+ command_line[i] = '\0';
|
|
1025 |
+ break;
|
|
1026 |
+ } else {
|
|
1027 |
+ command_line[i] = context->command[i];
|
|
1028 |
+ }
|
|
1029 |
+ }
|
11932
|
1030 |
+ if (strchr(command_line, '/') != NULL) {
|
|
1031 |
+ exec = getexecuser (pwd->pw_name, KV_COMMAND, command_line, GET_ALL);
|
|
1032 |
+ } else {
|
|
1033 |
+ path = getenv("PATH");
|
|
1034 |
+ if ( path != NULL ) {
|
|
1035 |
+ /* we need to copy $PATH because our sub processes may need it. */
|
|
1036 |
+ path = strdup(path);
|
|
1037 |
+ for (dir= strtok(path, ":"); dir; dir = strtok(NULL, ":")) {
|
|
1038 |
+ if (snprintf(full_cmd, sizeof(full_cmd), "%s/%s", dir, command_line) >= sizeof(full_cmd)) {
|
|
1039 |
+ continue;
|
|
1040 |
+ }
|
|
1041 |
+ if (access(full_cmd, X_OK) == 0) {
|
|
1042 |
+ exec = getexecuser (pwd->pw_name, KV_COMMAND, full_cmd, GET_ALL);
|
|
1043 |
+ break;
|
|
1044 |
+ }
|
|
1045 |
+ }
|
|
1046 |
+ free(path);
|
|
1047 |
+ }
|
|
1048 |
+ }
|
7853
|
1049 |
+ if (exec == NULL) {
|
10224
|
1050 |
+ if (context->debug) fprintf (stderr, "Error getting exec attr\n");
|
7853
|
1051 |
+ return FALSE;
|
|
1052 |
+ }
|
|
1053 |
+
|
|
1054 |
+ while (exec != NULL) {
|
|
1055 |
+ if (context->debug)
|
|
1056 |
+ {
|
|
1057 |
+ fprintf (stderr, "Exec Name: %s\n", exec->name);
|
|
1058 |
+ fprintf (stderr,"Policy Name: %s\n", exec->policy);
|
|
1059 |
+ fprintf (stderr, "Exec Type: %s\n", exec->type);
|
|
1060 |
+ fprintf (stderr, "Exec Id: %s\n", exec->id);
|
|
1061 |
+ }
|
|
1062 |
+ if ((exec->attr != NULL) && (exec->attr->length != 0)) {
|
|
1063 |
+ return TRUE;
|
|
1064 |
+ }
|
|
1065 |
+ exec = exec->next;
|
|
1066 |
+ }
|
|
1067 |
+ return FALSE;
|
|
1068 |
+
|
|
1069 |
+}
|
|
1070 |
+
|
|
1071 |
+gboolean
|
|
1072 |
+gksu_context_set_role (GksuContext *context)
|
|
1073 |
+{
|
|
1074 |
+ struct passwd *pwd;
|
|
1075 |
+ gint ruid;
|
|
1076 |
+ execattr_t *exec;
|
|
1077 |
+
|
|
1078 |
+ char *rolelist = NULL;
|
|
1079 |
+ userattr_t *user;
|
|
1080 |
+ char *username;
|
|
1081 |
+ char *rolename;
|
11932
|
1082 |
+ char command_line[MAX_BUFFER_SIZE];
|
8393
|
1083 |
+ int i;
|
7853
|
1084 |
+
|
8393
|
1085 |
+
|
|
1086 |
+ if ( !strncmp (context->user, "root", 4) ) {
|
|
1087 |
+ ruid = getuid();
|
|
1088 |
+ pwd = getpwuid(ruid);
|
|
1089 |
+ if (pwd == NULL) {
|
|
1090 |
+ // can't get pwd
|
|
1091 |
+ return FALSE;
|
|
1092 |
+ }
|
|
1093 |
+ username = strdup (pwd->pw_name);
|
|
1094 |
+ user = getusernam (username);
|
7853
|
1095 |
+ }
|
8393
|
1096 |
+ else {
|
|
1097 |
+ user = getusernam (context->user);
|
|
1098 |
+ }
|
7853
|
1099 |
+ if (user != NULL) {
|
|
1100 |
+ rolelist = kva_match (user->attr, USERATTR_ROLES_KW);
|
|
1101 |
+ if (rolelist != NULL) {
|
|
1102 |
+ } else {
|
|
1103 |
+ return FALSE;
|
|
1104 |
+ }
|
|
1105 |
+ } else {
|
|
1106 |
+ // Can't get userattr
|
|
1107 |
+ return FALSE;
|
|
1108 |
+ }
|
|
1109 |
+
|
8393
|
1110 |
+ for (i=0; ; i++) {
|
|
1111 |
+ if (context->command[i] == ' ' || context->command[i] == '\0') {
|
|
1112 |
+ command_line[i] = '\0';
|
|
1113 |
+ break;
|
|
1114 |
+ } else {
|
|
1115 |
+ command_line[i] = context->command[i];
|
|
1116 |
+ }
|
|
1117 |
+ }
|
7853
|
1118 |
+ /* Parse the rolename from the list and check execution profiles for
|
|
1119 |
+ * each role
|
8393
|
1120 |
+ */
|
7853
|
1121 |
+ rolename = strtok (rolelist, ",");
|
|
1122 |
+ while (rolename) {
|
11932
|
1123 |
+ exec = getexecuser (rolename, KV_COMMAND, command_line, GET_ALL);
|
7853
|
1124 |
+ while (exec != NULL) {
|
|
1125 |
+ if ((exec->attr != NULL) && (exec->attr->length != 0)) {
|
|
1126 |
+ if (context->debug) {
|
|
1127 |
+ printf ("Command in profile and has attributes\n");
|
|
1128 |
+ printf ("Exec Name: %s\n", exec->name);
|
|
1129 |
+ printf ("Policy Name: %s\n", exec->policy);
|
|
1130 |
+ printf ("Exec Type: %s\n", exec->type);
|
|
1131 |
+ printf ("Exec Id: %s\n", exec->id);
|
|
1132 |
+ }
|
|
1133 |
+ if (context->user != NULL) g_free (context->user);
|
|
1134 |
+ context->user = g_strdup (rolename);
|
|
1135 |
+ return TRUE;
|
|
1136 |
+ }
|
|
1137 |
+ exec = exec->next;
|
|
1138 |
+ }
|
|
1139 |
+ rolename = strtok (NULL, ",");
|
|
1140 |
+ }
|
|
1141 |
+}
|
|
1142 |
+
|
|
1143 |
+
|
|
1144 |
+gboolean
|
|
1145 |
+gksu_context_pfexec_run (GksuContext *context, GError **error)
|
|
1146 |
+{
|
|
1147 |
+ char **cmd;
|
11932
|
1148 |
+ char buffer[MAX_BUFFER_SIZE];
|
7853
|
1149 |
+ int argcount = 8;
|
|
1150 |
+ int i, j;
|
|
1151 |
+
|
|
1152 |
+ GQuark gksu_quark;
|
|
1153 |
+
|
|
1154 |
+ gchar *xauth = NULL,
|
|
1155 |
+ *xauth_env = NULL;
|
15661
|
1156 |
+ gchar *home = NULL,
|
|
1157 |
+ *home_env = NULL;
|
7853
|
1158 |
+
|
|
1159 |
+ pid_t pid;
|
|
1160 |
+ int status;
|
|
1161 |
+ size_t r;
|
|
1162 |
+ FILE *infile, *outfile;
|
|
1163 |
+ int parent_pipe[2]; /* For talking to the parent */
|
|
1164 |
+ int child_pipe[2]; /* For talking to the child */
|
11932
|
1165 |
+ int was_quoted = FALSE;
|
7853
|
1166 |
+
|
8393
|
1167 |
+ gksu_quark = g_quark_from_string (PACKAGE_NAME);
|
7853
|
1168 |
+
|
|
1169 |
+ if (!context->command)
|
|
1170 |
+ {
|
|
1171 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_NOCOMMAND,
|
|
1172 |
+ _("gksu_sudo_run needs a command to be run, "
|
|
1173 |
+ "none was provided."));
|
|
1174 |
+ return -1;
|
|
1175 |
+ }
|
|
1176 |
+
|
|
1177 |
+ /*
|
|
1178 |
+ FIXME: need to check if we are in X
|
|
1179 |
+ */
|
|
1180 |
+ if (sudo_prepare_xauth (context) == 1)
|
|
1181 |
+ {
|
|
1182 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_XAUTH,
|
|
1183 |
+ _("Unable to copy the user's Xauthorization file."));
|
|
1184 |
+ return -1;
|
|
1185 |
+ }
|
|
1186 |
+
|
|
1187 |
+ /* sets XAUTHORITY */
|
|
1188 |
+ xauth = g_strdup_printf ("%s/.Xauthority", context->dir);
|
|
1189 |
+ xauth_env = getenv ("XAUTHORITY");
|
|
1190 |
+ setenv ("XAUTHORITY", xauth, TRUE);
|
|
1191 |
+
|
15661
|
1192 |
+ /*
|
|
1193 |
+ * Check if the HOME environment variable is set in the user's
|
|
1194 |
+ * environment. If so unset it:
|
|
1195 |
+ * This will ensure that apps that require write
|
|
1196 |
+ * permission eg. gconf client applications, will work.
|
|
1197 |
+ */
|
|
1198 |
+ home_env = getenv ("HOME");
|
|
1199 |
+ home = sudo_get_home_dir (context);
|
|
1200 |
+ setenv ("HOME", home, TRUE);
|
|
1201 |
+
|
7853
|
1202 |
+ if (context->debug)
|
|
1203 |
+ {
|
15661
|
1204 |
+ fprintf (stderr, "HOME: %s\n", home);
|
7853
|
1205 |
+ fprintf (stderr, "xauth: %s\n", xauth);
|
|
1206 |
+ }
|
|
1207 |
+
|
15661
|
1208 |
+ g_free(home);
|
7853
|
1209 |
+ cmd = g_new (gchar *, argcount + 1);
|
|
1210 |
+
|
|
1211 |
+ argcount = 0;
|
|
1212 |
+
|
|
1213 |
+ /* pfexec binary */
|
|
1214 |
+ cmd[argcount] = g_strdup("/usr/bin/pfexec");
|
|
1215 |
+ argcount++;
|
|
1216 |
+
|
8393
|
1217 |
+ if (context->privspec != NULL)
|
|
1218 |
+ {
|
|
1219 |
+ cmd[argcount] = g_strdup("-P");
|
|
1220 |
+ argcount++;
|
|
1221 |
+ cmd[argcount] = g_strdup(context->privspec);
|
|
1222 |
+ argcount++;
|
|
1223 |
+ }
|
7853
|
1224 |
+
|
|
1225 |
+ for (i = j = 0; ; i++)
|
|
1226 |
+ {
|
|
1227 |
+ if (context->command[i] == ' ' || context->command[i] == '\0')
|
|
1228 |
+ {
|
|
1229 |
+ buffer[j] = '\0';
|
11932
|
1230 |
+ /* Strip the previously added quoting '<arg>' */
|
|
1231 |
+ if (was_quoted && j > 1 && buffer[j-1] == '\'')
|
|
1232 |
+ {
|
|
1233 |
+ buffer[j-1] = '\0';
|
|
1234 |
+ was_quoted = FALSE;
|
|
1235 |
+ }
|
7853
|
1236 |
+ cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
|
|
1237 |
+ cmd[argcount] = g_strdup (buffer);
|
11932
|
1238 |
+ bzero (buffer, MAX_BUFFER_SIZE);
|
7853
|
1239 |
+ argcount = argcount + 1;
|
|
1240 |
+ j = 0;
|
|
1241 |
+
|
|
1242 |
+ if (context->command[i] == '\0')
|
|
1243 |
+ break;
|
|
1244 |
+ }
|
11932
|
1245 |
+ else if ( j == 0 && context->command[i] == '\'' )
|
|
1246 |
+ {
|
|
1247 |
+ was_quoted = TRUE;
|
|
1248 |
+ /* Skip initial quote */
|
|
1249 |
+ }
|
7853
|
1250 |
+ else
|
|
1251 |
+ {
|
|
1252 |
+ if (context->command[i] == '\\')
|
|
1253 |
+ i = i + 1;
|
|
1254 |
+ buffer[j] = context->command[i];
|
|
1255 |
+ j = j + 1;
|
|
1256 |
+ }
|
|
1257 |
+ }
|
|
1258 |
+ cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
|
8393
|
1259 |
+ cmd[argcount] = NULL;
|
7853
|
1260 |
+
|
|
1261 |
+
|
|
1262 |
+ if (context->debug)
|
|
1263 |
+ {
|
|
1264 |
+ for (i = 0; cmd[i] != NULL; i++)
|
|
1265 |
+ fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
|
|
1266 |
+ }
|
|
1267 |
+
|
14430
|
1268 |
+ if (context->need_pipe)
|
7853
|
1269 |
+ {
|
14422
|
1270 |
+ if ((pipe(parent_pipe)) == -1)
|
|
1271 |
+ {
|
|
1272 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
1273 |
+ _("Error creating pipe: %s"),
|
|
1274 |
+ strerror(errno));
|
|
1275 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1276 |
+ sudo_reset_home_dir (home_env);
|
14422
|
1277 |
+ return -1;
|
|
1278 |
+ }
|
7853
|
1279 |
+
|
14422
|
1280 |
+ if ((pipe(child_pipe)) == -1)
|
|
1281 |
+ {
|
|
1282 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
1283 |
+ _("Error creating pipe: %s"),
|
|
1284 |
+ strerror(errno));
|
|
1285 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1286 |
+ sudo_reset_home_dir (home_env);
|
14422
|
1287 |
+ return -1;
|
|
1288 |
+ }
|
7853
|
1289 |
+ }
|
|
1290 |
+
|
|
1291 |
+ pid = fork();
|
|
1292 |
+ if (pid == -1)
|
|
1293 |
+ {
|
|
1294 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_FORK,
|
|
1295 |
+ _("Failed to fork new process: %s"),
|
|
1296 |
+ strerror(errno));
|
|
1297 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1298 |
+ sudo_reset_home_dir (home_env);
|
7853
|
1299 |
+ return -1;
|
|
1300 |
+ }
|
|
1301 |
+ else if (pid == 0)
|
|
1302 |
+ {
|
|
1303 |
+ // Child
|
8393
|
1304 |
+ setsid(); // make us session leader
|
14430
|
1305 |
+ if (context->need_pipe)
|
14422
|
1306 |
+ {
|
|
1307 |
+ close(child_pipe[1]);
|
|
1308 |
+ dup2(child_pipe[0], STDIN_FILENO);
|
|
1309 |
+ dup2(parent_pipe[1], STDERR_FILENO);
|
|
1310 |
+ dup2(parent_pipe[1], STDOUT_FILENO);
|
|
1311 |
+ }
|
7853
|
1312 |
+
|
|
1313 |
+ execv(cmd[0], cmd);
|
|
1314 |
+
|
|
1315 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_EXEC,
|
|
1316 |
+ _("Failed to exec new process: %s"),
|
|
1317 |
+ strerror(errno));
|
|
1318 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1319 |
+ sudo_reset_home_dir (home_env);
|
7853
|
1320 |
+ return -1;
|
|
1321 |
+ }
|
|
1322 |
+ else
|
|
1323 |
+ {
|
14430
|
1324 |
+ if (!context->need_pipe)
|
14422
|
1325 |
+ return FALSE;
|
|
1326 |
+
|
7853
|
1327 |
+ gboolean auth_failed = FALSE;
|
|
1328 |
+
|
|
1329 |
+ // Parent
|
|
1330 |
+ close(parent_pipe[1]);
|
|
1331 |
+
|
|
1332 |
+ infile = fdopen(parent_pipe[0], "r");
|
|
1333 |
+ if (!infile)
|
|
1334 |
+ {
|
|
1335 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
1336 |
+ _("Error opening pipe: %s"),
|
|
1337 |
+ strerror(errno));
|
|
1338 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1339 |
+ sudo_reset_home_dir (home_env);
|
7853
|
1340 |
+ return -1;
|
|
1341 |
+ }
|
|
1342 |
+
|
|
1343 |
+ outfile = fdopen(child_pipe[1], "w");
|
|
1344 |
+ if (!outfile)
|
|
1345 |
+ {
|
|
1346 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_PIPE,
|
|
1347 |
+ _("Error opening pipe: %s"),
|
|
1348 |
+ strerror(errno));
|
|
1349 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1350 |
+ sudo_reset_home_dir (home_env);
|
7853
|
1351 |
+ return -1;
|
|
1352 |
+ }
|
|
1353 |
+
|
|
1354 |
+ context->stdin_fd = parent_pipe[0];
|
|
1355 |
+ context->stdout_fd = child_pipe[1];
|
8393
|
1356 |
+ context->stdin_file = infile;
|
|
1357 |
+ context->stdout_file = outfile;
|
10224
|
1358 |
+ setvbuf (context->stdin_file, NULL, _IONBF, 0);
|
|
1359 |
+ fcntl (context->stdin_fd, F_SETFL, 0);
|
7853
|
1360 |
+ context->child_pid = pid;
|
|
1361 |
+
|
14430
|
1362 |
+ if (!context->wait_for_child_to_exit)
|
|
1363 |
+ return FALSE;
|
|
1364 |
+
|
7853
|
1365 |
+ /* make sure we did read everything */
|
|
1366 |
+ while (1)
|
|
1367 |
+ {
|
9819
|
1368 |
+ bzero(buffer, MAX_BUFFER_SIZE);
|
|
1369 |
+ if(!fread (buffer, sizeof(gchar), MAX_BUFFER_SIZE-1, infile))
|
7853
|
1370 |
+ break;
|
|
1371 |
+ fprintf (stderr, "%s", buffer);
|
|
1372 |
+ fflush (stderr);
|
|
1373 |
+ }
|
|
1374 |
+
|
|
1375 |
+ sudo_reset_xauth (context, xauth, xauth_env);
|
15661
|
1376 |
+ sudo_reset_home_dir (home_env);
|
7853
|
1377 |
+
|
|
1378 |
+ if (WIFEXITED(status))
|
|
1379 |
+ {
|
|
1380 |
+ if (WEXITSTATUS(status))
|
|
1381 |
+ {
|
|
1382 |
+ if (auth_failed)
|
|
1383 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_WRONGPASS,
|
|
1384 |
+ _("Wrong password."));
|
|
1385 |
+ else
|
|
1386 |
+ g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_CHILDFAILED,
|
|
1387 |
+ _("Child terminated with %d status"),
|
|
1388 |
+ WEXITSTATUS(status));
|
|
1389 |
+
|
|
1390 |
+ return TRUE;
|
|
1391 |
+ }
|
|
1392 |
+ }
|
|
1393 |
+ }
|
|
1394 |
+
|
|
1395 |
+ return FALSE;
|
|
1396 |
+}
|
|
1397 |
+
|
|
1398 |
+int
|
|
1399 |
+gksu_context_get_child_stdin_fd (GksuContext *context)
|
|
1400 |
+{
|
|
1401 |
+ return context->stdin_fd;
|
|
1402 |
+}
|
|
1403 |
+
|
|
1404 |
+
|
|
1405 |
+int
|
|
1406 |
+gksu_context_get_child_stdout_fd (GksuContext *context)
|
|
1407 |
+{
|
|
1408 |
+ return context->stdout_fd;
|
|
1409 |
+}
|
|
1410 |
+
|
8393
|
1411 |
+FILE*
|
|
1412 |
+gksu_context_get_child_stdin_file (GksuContext *context)
|
|
1413 |
+{
|
|
1414 |
+ return context->stdin_file;
|
|
1415 |
+}
|
|
1416 |
+
|
|
1417 |
+
|
|
1418 |
+FILE*
|
|
1419 |
+gksu_context_get_child_stdout_file (GksuContext *context)
|
|
1420 |
+{
|
|
1421 |
+ return context->stdout_file;
|
|
1422 |
+}
|
|
1423 |
+
|
7853
|
1424 |
+pid_t
|
|
1425 |
+gksu_context_get_child_pid (GksuContext *context)
|
|
1426 |
+{
|
|
1427 |
+ return context->child_pid;
|
|
1428 |
+}
|
|
1429 |
+
|
|
1430 |
+void
|
|
1431 |
+gksu_context_set_wait_for_child_to_exit (GksuContext *context, gboolean value)
|
|
1432 |
+{
|
|
1433 |
+ context->wait_for_child_to_exit = value;
|
|
1434 |
+}
|
|
1435 |
+
|
|
1436 |
+gboolean
|
|
1437 |
+gksu_context_get_wait_for_child_to_exit (GksuContext *context)
|
|
1438 |
+{
|
|
1439 |
+ return context->wait_for_child_to_exit;
|
|
1440 |
+}
|
8393
|
1441 |
+
|
|
1442 |
+void
|
|
1443 |
+gksu_context_set_elevated_privilege (GksuContext *context, gboolean value)
|
|
1444 |
+{
|
|
1445 |
+ context->elevated_privilege = value;
|
|
1446 |
+}
|
|
1447 |
+
|
|
1448 |
+gboolean
|
|
1449 |
+gksu_context_get_elevated_privilege (GksuContext *context)
|
|
1450 |
+{
|
|
1451 |
+ return context->elevated_privilege;
|
|
1452 |
+}
|
|
1453 |
+
|
|
1454 |
+void
|
|
1455 |
+gksu_context_set_elevated_role (GksuContext *context, gboolean value)
|
|
1456 |
+{
|
|
1457 |
+ context->elevated_role = value;
|
|
1458 |
+}
|
|
1459 |
+
|
|
1460 |
+gboolean
|
|
1461 |
+gksu_context_get_elevated_role (GksuContext *context)
|
|
1462 |
+{
|
|
1463 |
+ return context->elevated_role;
|
|
1464 |
+}
|
|
1465 |
+
|
|
1466 |
+/**
|
|
1467 |
+ * gksu_context_set_privspec:
|
|
1468 |
+ * @context: the #GksuContext you want to modify
|
|
1469 |
+ * @privspec: the target privileges specification
|
|
1470 |
+ *
|
|
1471 |
+ * Sets up privileges specification used by pfexec .
|
|
1472 |
+ *
|
|
1473 |
+ */
|
|
1474 |
+void
|
|
1475 |
+gksu_context_set_privspec (GksuContext *context, gchar *privspec)
|
|
1476 |
+{
|
|
1477 |
+ g_assert (privspec != NULL);
|
|
1478 |
+
|
|
1479 |
+ if (context->privspec)
|
|
1480 |
+ g_free (context->privspec);
|
|
1481 |
+ context->privspec = g_strdup (privspec);
|
|
1482 |
+}
|
|
1483 |
+
|
|
1484 |
+/**
|
|
1485 |
+ * gksu_context_get_privspec:
|
|
1486 |
+ * @context: the #GksuContext from which to grab the information
|
|
1487 |
+ *
|
|
1488 |
+ * Gets the privileges specification used by pfexec, as set
|
|
1489 |
+ * by gksu_context_set_privspec.
|
|
1490 |
+ *
|
|
1491 |
+ * Returns: a pointer to the string containing the privileges specification.
|
|
1492 |
+ */
|
|
1493 |
+const gchar*
|
|
1494 |
+gksu_context_get_privspec (GksuContext *context)
|
|
1495 |
+{
|
|
1496 |
+ return context->privspec;
|
|
1497 |
+}
|
|
1498 |
+
|
9768
|
1499 |
+/**
|
|
1500 |
+ * gksu_context_get_pam_num_msg:
|
|
1501 |
+ * @context: the #GksuContext from which to grab the information
|
|
1502 |
+ *
|
|
1503 |
+ * Gets the privileges specificddation used by pfexec, as set
|
|
1504 |
+ * by gksu_context_set_privspec.
|
|
1505 |
+ *
|
|
1506 |
+ * Returns: number of pam conversation.
|
|
1507 |
+ */
|
|
1508 |
+const gint
|
|
1509 |
+gksu_context_get_pam_msg_num (GksuContext *context)
|
|
1510 |
+{
|
|
1511 |
+ return context->msg_num;
|
|
1512 |
+}
|
|
1513 |
+
|
|
1514 |
+/**
|
|
1515 |
+ * gksu_context_get_pam_message:
|
|
1516 |
+ * @context: the #GksuContext from which to grab the information
|
|
1517 |
+ *
|
|
1518 |
+ *
|
|
1519 |
+ *
|
|
1520 |
+ * Returns: a pointer to the string containing the specific pam message.
|
|
1521 |
+ */
|
|
1522 |
+const gchar*
|
|
1523 |
+gksu_context_get_pam_message (GksuContext *context, gint index)
|
|
1524 |
+{
|
|
1525 |
+ return context->message[index].msg;
|
|
1526 |
+}
|
|
1527 |
+
|
|
1528 |
+/**
|
|
1529 |
+ * gksu_context_get_pam_response:
|
|
1530 |
+ * @context: the #GksuContext from which to grab the information
|
|
1531 |
+ *
|
|
1532 |
+ *
|
|
1533 |
+ *
|
|
1534 |
+ * Returns: a pointer to the string containing the specified pam response.
|
|
1535 |
+ */
|
|
1536 |
+const gchar*
|
|
1537 |
+gksu_context_get_pam_response (GksuContext *context, gint index)
|
|
1538 |
+{
|
|
1539 |
+ return context->response[index].resp;
|
|
1540 |
+}
|
|
1541 |
+
|
|
1542 |
+/**
|
|
1543 |
+ * gksu_context_set_pam_response:
|
|
1544 |
+ * @context: the #GksuContext from which to grab the information
|
|
1545 |
+ *
|
|
1546 |
+ *
|
|
1547 |
+ *
|
|
1548 |
+ * Returns: void.
|
|
1549 |
+ */
|
|
1550 |
+
|
|
1551 |
+void
|
|
1552 |
+gksu_context_set_pam_response (GksuContext *context, gint index, gchar *response)
|
|
1553 |
+{
|
|
1554 |
+ context->response[index].resp = g_strdup (response);
|
|
1555 |
+}
|
14422
|
1556 |
+
|
|
1557 |
+gboolean
|
|
1558 |
+gksu_context_get_pfexec_mode (GksuContext *context)
|
|
1559 |
+{
|
|
1560 |
+ return context->pfexec_mode;
|
|
1561 |
+}
|
|
1562 |
+
|
14430
|
1563 |
+void
|
|
1564 |
+gksu_context_set_need_pipe (GksuContext *context, gboolean value)
|
|
1565 |
+{
|
|
1566 |
+ context->need_pipe = value;
|
|
1567 |
+}
|
|
1568 |
+
|
|
1569 |
+gboolean
|
|
1570 |
+gksu_context_get_need_pipe (GksuContext *context)
|
|
1571 |
+{
|
|
1572 |
+ return context->need_pipe;
|
|
1573 |
+}
|
|
1574 |
+
|
14761
|
1575 |
diff -ru libgksu1.2-1.3.1.orig/libgksu/gksu-context.h libgksu1.2-1.3.1/libgksu/gksu-context.h
|
|
1576 |
--- libgksu1.2-1.3.1.orig/libgksu/gksu-context.h 2005-06-15 21:49:54.000000000 +0800
|
|
1577 |
+++ libgksu1.2-1.3.1/libgksu/gksu-context.h 2008-12-12 14:18:30.105150000 +0800
|
|
1578 |
@@ -23,6 +23,17 @@
|
9768
|
1579 |
|
8393
|
1580 |
#include <glib.h>
|
|
1581 |
#include <glib-object.h>
|
9768
|
1582 |
+#include <security/pam_appl.h>
|
14761
|
1583 |
+
|
8393
|
1584 |
+#ifdef __sun
|
|
1585 |
+#include <exec_attr.h>
|
|
1586 |
+#include <user_attr.h>
|
|
1587 |
+#include <auth_attr.h>
|
|
1588 |
+#include <prof_attr.h>
|
9768
|
1589 |
+#define ES_SUCCESS 1
|
|
1590 |
+#define ES_ERROR 2
|
|
1591 |
+#define ES_PASSWORD 3
|
8393
|
1592 |
+#endif
|
14761
|
1593 |
|
8393
|
1594 |
#define GKSU_TYPE_CONTEXT (gksu_context_get_type ())
|
|
1595 |
#define GKSU_CONTEXT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), GKSU_TYPE_CONTEXT, GksuContext))
|
9768
|
1596 |
@@ -31,6 +42,8 @@
|
7853
|
1597 |
#define GKSU_IS_CONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GKSU_TYPE_CONTEXT))
|
|
1598 |
#define GKSU_CONTEXT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GKSU_TYPE_CONTEXT, GksuContextClass))
|
|
1599 |
|
|
1600 |
+/* Valid PAM embedded_su request codes. */
|
|
1601 |
+
|
|
1602 |
G_BEGIN_DECLS
|
|
1603 |
|
|
1604 |
typedef enum
|
14430
|
1605 |
@@ -91,6 +104,22 @@
|
7853
|
1606 |
|
|
1607 |
gboolean debug;
|
|
1608 |
gboolean ssh_fwd;
|
|
1609 |
+
|
|
1610 |
+ int msg_type;
|
9768
|
1611 |
+ int msg_num;
|
|
1612 |
+ struct pam_message *message;
|
|
1613 |
+ struct pam_response *response;
|
8393
|
1614 |
+ gchar *privspec;
|
7853
|
1615 |
+ gboolean pfexec_mode;
|
8393
|
1616 |
+ gboolean elevated_privilege;
|
|
1617 |
+ gboolean elevated_role;
|
7853
|
1618 |
+ gboolean wait_for_child_to_exit;
|
14430
|
1619 |
+ gboolean need_pipe;
|
7853
|
1620 |
+ int child_pid;
|
|
1621 |
+ int stdin_fd;
|
|
1622 |
+ int stdout_fd;
|
8393
|
1623 |
+ FILE *stdin_file;
|
|
1624 |
+ FILE *stdout_file;
|
7853
|
1625 |
};
|
|
1626 |
|
|
1627 |
struct _GksuContextClass
|
14430
|
1628 |
@@ -135,11 +164,13 @@
|
8393
|
1629 |
gboolean
|
|
1630 |
gksu_context_get_login_shell (GksuContext *context);
|
|
1631 |
|
|
1632 |
+#ifndef __sun
|
|
1633 |
void
|
|
1634 |
gksu_context_set_keep_env (GksuContext *context, gboolean value);
|
|
1635 |
|
|
1636 |
gboolean
|
|
1637 |
gksu_context_get_keep_env (GksuContext *context);
|
|
1638 |
+#endif
|
|
1639 |
|
|
1640 |
void
|
|
1641 |
gksu_context_set_debug (GksuContext *context, gboolean value);
|
14430
|
1642 |
@@ -147,11 +178,13 @@
|
8393
|
1643 |
gboolean
|
|
1644 |
gksu_context_get_debug (GksuContext *context);
|
|
1645 |
|
|
1646 |
+#ifndef __sun
|
|
1647 |
void
|
|
1648 |
gksu_context_set_ssh_fwd (GksuContext *context, gboolean value);
|
|
1649 |
|
|
1650 |
gboolean
|
|
1651 |
gksu_context_get_ssh_fwd (GksuContext *context);
|
|
1652 |
+#endif
|
|
1653 |
|
|
1654 |
GType
|
|
1655 |
gksu_context_get_type (void);
|
14430
|
1656 |
@@ -168,6 +201,83 @@
|
7853
|
1657 |
gboolean
|
|
1658 |
gksu_context_sudo_run (GksuContext *context, GError **error);
|
|
1659 |
|
8393
|
1660 |
+#ifdef __sun
|
7853
|
1661 |
+gboolean
|
|
1662 |
+gksu_context_embedded_su_try_need_password (GksuContext *context);
|
8393
|
1663 |
+#endif
|
7853
|
1664 |
+
|
|
1665 |
+gboolean
|
|
1666 |
+gksu_context_embedded_su_run (GksuContext *context, GError **error);
|
|
1667 |
+
|
|
1668 |
+gboolean
|
|
1669 |
+gksu_context_pfexec_try_run (GksuContext *context);
|
|
1670 |
+
|
|
1671 |
+gboolean
|
|
1672 |
+gksu_context_pfexec_run (GksuContext *context, GError **error);
|
|
1673 |
+
|
|
1674 |
+gboolean
|
|
1675 |
+gksu_context_set_role (GksuContext *context);
|
|
1676 |
+
|
|
1677 |
+int
|
|
1678 |
+gksu_context_get_child_stdin_fd (GksuContext *context);
|
|
1679 |
+
|
|
1680 |
+int
|
|
1681 |
+gksu_context_get_child_stdout_fd (GksuContext *context);
|
|
1682 |
+
|
8393
|
1683 |
+FILE*
|
|
1684 |
+gksu_context_get_child_stdin_file (GksuContext *context);
|
|
1685 |
+
|
|
1686 |
+FILE*
|
|
1687 |
+gksu_context_get_child_stdout_file (GksuContext *context);
|
|
1688 |
+
|
7853
|
1689 |
+pid_t
|
|
1690 |
+gksu_context_get_child_pid (GksuContext *context);
|
|
1691 |
+
|
|
1692 |
+void
|
|
1693 |
+gksu_context_set_wait_for_child_to_exit (GksuContext *context, gboolean value);
|
|
1694 |
+
|
|
1695 |
+gboolean
|
|
1696 |
+gksu_context_get_wait_for_child_to_exit (GksuContext *context);
|
|
1697 |
+
|
8393
|
1698 |
+void
|
|
1699 |
+gksu_context_set_elevated_privilege (GksuContext *context, gboolean value);
|
|
1700 |
+
|
|
1701 |
+gboolean
|
|
1702 |
+gksu_context_get_elevated_privilege (GksuContext *context);
|
|
1703 |
+
|
|
1704 |
+void
|
|
1705 |
+gksu_context_set_elevated_role (GksuContext *context, gboolean value);
|
|
1706 |
+
|
|
1707 |
+gboolean
|
|
1708 |
+gksu_context_get_elevated_role (GksuContext *context);
|
|
1709 |
+
|
|
1710 |
+void
|
|
1711 |
+gksu_context_set_privspec (GksuContext *context, gchar *privspec);
|
|
1712 |
+
|
|
1713 |
+const gchar*
|
|
1714 |
+gksu_context_get_privspec (GksuContext *context);
|
|
1715 |
+
|
9768
|
1716 |
+gint
|
|
1717 |
+gksu_context_get_num_msg (GksuContext *context);
|
|
1718 |
+
|
|
1719 |
+const gchar*
|
|
1720 |
+gksu_context_get_pam_message (GksuContext *context, gint index);
|
|
1721 |
+
|
|
1722 |
+const gchar*
|
|
1723 |
+gksu_context_get_pam_response (GksuContext *context, gint index);
|
|
1724 |
+
|
|
1725 |
+void
|
|
1726 |
+gksu_context_set_pam_response (GksuContext *context, gint index, gchar *response);
|
8393
|
1727 |
+
|
14422
|
1728 |
+gboolean
|
|
1729 |
+gksu_context_get_pfexec_mode (GksuContext *context);
|
|
1730 |
+
|
14430
|
1731 |
+void
|
|
1732 |
+gksu_context_set_need_pipe (GksuContext *context, gboolean value);
|
|
1733 |
+
|
|
1734 |
+gboolean
|
|
1735 |
+gksu_context_get_need_pipe (GksuContext *context);
|
|
1736 |
+
|
7853
|
1737 |
G_END_DECLS
|
|
1738 |
|
|
1739 |
#endif
|
14761
|
1740 |
diff -ru libgksu1.2-1.3.1.orig/libgksu/test-gksu.c libgksu1.2-1.3.1/libgksu/test-gksu.c
|
|
1741 |
--- libgksu1.2-1.3.1.orig/libgksu/test-gksu.c 2005-06-18 22:21:47.000000000 +0800
|
|
1742 |
+++ libgksu1.2-1.3.1/libgksu/test-gksu.c 2008-12-12 14:18:30.105921000 +0800
|
8393
|
1743 |
@@ -21,7 +21,12 @@
|
|
1744 |
#include <stdlib.h>
|
|
1745 |
#include <string.h>
|
|
1746 |
#include <unistd.h>
|
|
1747 |
-
|
|
1748 |
+#include <sys/wait.h>
|
|
1749 |
+#include <sys/types.h>
|
|
1750 |
+#include <fcntl.h>
|
|
1751 |
+#include <sys/ioctl.h>
|
|
1752 |
+#include <sys/stream.h>
|
|
1753 |
+#include <sys/stropts.h>
|
|
1754 |
#include "gksu.h"
|
|
1755 |
|
|
1756 |
int
|
|
1757 |
@@ -32,6 +37,9 @@
|
7853
|
1758 |
char *password;
|
|
1759 |
gboolean try_su = TRUE;
|
|
1760 |
gboolean try_sudo = TRUE;
|
8393
|
1761 |
+ int stdin_fd, stdout_fd;
|
|
1762 |
+ FILE *infile, *outfile;
|
|
1763 |
+ pid_t child_pid;
|
7853
|
1764 |
|
|
1765 |
if (argc > 1)
|
|
1766 |
{
|
8393
|
1767 |
@@ -44,13 +52,25 @@
|
7853
|
1768 |
context = gksu_context_new ();
|
|
1769 |
|
|
1770 |
gksu_context_set_debug (context, TRUE);
|
|
1771 |
- gksu_context_set_command (context, "/usr/bin/X11/xterm");
|
8393
|
1772 |
+ gksu_context_set_elevated_privilege (context, FALSE);
|
|
1773 |
+ gksu_context_set_elevated_role (context, TRUE);
|
|
1774 |
+// gksu_context_set_user (context, "lizhi");
|
|
1775 |
+ gksu_context_set_wait_for_child_to_exit (context, FALSE);
|
|
1776 |
+// gksu_context_set_command (context, "/usr/openwin/bin/xterm");
|
|
1777 |
+ gksu_context_set_privspec (context, "All");
|
|
1778 |
+ gksu_context_set_command (context, "/usr/bin/ids");
|
|
1779 |
+ if ( gksu_context_get_wait_for_child_to_exit (context) ) {
|
|
1780 |
+ gksu_context_set_command (context, "/usr/bin/ids");
|
|
1781 |
+ } else {
|
|
1782 |
+ gksu_context_set_command (context, "/usr/bin/ids --nowait");
|
|
1783 |
+ }
|
7853
|
1784 |
|
|
1785 |
if (try_su)
|
|
1786 |
{
|
8393
|
1787 |
+ error = NULL;
|
|
1788 |
if (gksu_context_try_need_password (context))
|
|
1789 |
{
|
|
1790 |
- password = getpass ("Type the root password: ");
|
|
1791 |
+ password = getpass ( g_strdup_printf ("Type the %s password: ", context->user) );
|
|
1792 |
gksu_context_set_password (context, password);
|
|
1793 |
}
|
7853
|
1794 |
|
8393
|
1795 |
@@ -58,6 +78,47 @@
|
|
1796 |
gksu_context_run (context, &error);
|
|
1797 |
if (error)
|
|
1798 |
fprintf (stderr, "gksu_run failed: %s\n", error->message);
|
|
1799 |
+ child_pid = gksu_context_get_child_pid (context);
|
|
1800 |
+ printf ("child pid is %d\n", child_pid );
|
|
1801 |
+ stdin_fd = gksu_context_get_child_stdin_fd (context);
|
|
1802 |
+ stdout_fd = gksu_context_get_child_stdout_fd (context);
|
|
1803 |
+ fprintf (stderr, "stdin_fd = %d, stdout_fd = %d\n", stdin_fd, stdout_fd);
|
|
1804 |
+ infile = gksu_context_get_child_stdin_file (context);
|
|
1805 |
+ if (!infile)
|
|
1806 |
+ fprintf (stderr, "fdopen infile error!\n");
|
|
1807 |
+ outfile = gksu_context_get_child_stdout_file (context);
|
|
1808 |
+ if (!outfile)
|
|
1809 |
+ fprintf (stderr, "fdopen outfile error!\n");
|
|
1810 |
+ int aa, status;
|
|
1811 |
+ char buffer [256];
|
|
1812 |
+
|
|
1813 |
+ if ( gksu_context_get_wait_for_child_to_exit (context) ) {
|
|
1814 |
+ fprintf (outfile, "quit\n");
|
|
1815 |
+ fflush (outfile);
|
|
1816 |
+ } else {
|
|
1817 |
+ for (int i=0;i<5;i++) {
|
|
1818 |
+ bzero (buffer, 256);
|
|
1819 |
+ fprintf (stderr, "step 1\n");
|
|
1820 |
+ if (!fgets (buffer, 255, infile))
|
|
1821 |
+ break;
|
|
1822 |
+ fprintf (stderr, "initial input %d = %s", i+1, buffer);
|
|
1823 |
+ }
|
|
1824 |
+ while (!waitpid (child_pid, &status, WNOHANG))
|
7853
|
1825 |
+ {
|
8393
|
1826 |
+ bzero (buffer, 256);
|
|
1827 |
+ fgets (buffer, 255, stdin);
|
|
1828 |
+ fprintf (outfile,"%s", buffer);
|
|
1829 |
+ fflush (outfile);
|
|
1830 |
+
|
|
1831 |
+ bzero(buffer, 256);
|
|
1832 |
+ fgets (buffer, 255, infile);
|
|
1833 |
+
|
|
1834 |
+ if( strncmp (buffer, "quit", strlen("quit") ) == 0)
|
|
1835 |
+ break;
|
|
1836 |
+ fprintf (stderr, "echo = %s", buffer);
|
7853
|
1837 |
+ }
|
8393
|
1838 |
+ }
|
|
1839 |
+
|
|
1840 |
}
|
|
1841 |
|
|
1842 |
if (try_sudo)
|