174
166
gksu_context_set_password (GksuContext *context, gchar *password)
176
g_assert (password != NULL);
178
168
if (context->password)
180
g_free (context->password);
181
context->password = NULL;
170
g_free (context->password);
171
context->password = NULL;
184
174
if (password && strcmp ("", password) && strcmp ("\n", password))
186
176
if (password[strlen(password) - 1] == '\n')
187
context->password = g_strdup (password);
177
context->password = g_strdup (password);
189
context->password = g_strdup_printf ("%s\n", password);
179
context->password = g_strdup_printf ("%s\n", password);
610
#ifdef ENABLE_GNOME_KEYRING
612
try_gnome_keyring_password (GksuContext *context)
614
GnomeKeyringAttributeList *attributes;
615
GnomeKeyringAttribute attribute;
616
GnomeKeyringResult result;
618
GError *error = NULL;
619
gboolean keyring_has_password;
620
gchar *keyring_password;
621
gchar *keyring_command;
625
attributes = gnome_keyring_attribute_list_new ();
627
attribute.name = g_strdup ("user");
628
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
629
attribute.value.string = g_strdup (gksu_context_get_user (context));
630
g_array_append_val (attributes, attribute);
632
attribute.name = g_strdup ("type");
633
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
634
attribute.value.string = g_strdup ("local");
635
g_array_append_val (attributes, attribute);
637
attribute.name = g_strdup ("creator");
638
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
639
attribute.value.string = g_strdup ("gksu");
640
g_array_append_val (attributes, attribute);
642
list = g_list_alloc();
643
keyring_has_password = FALSE;
645
result = gnome_keyring_find_items_sync (GNOME_KEYRING_ITEM_GENERIC_SECRET,
648
gnome_keyring_attribute_list_free (attributes);
650
(result == GNOME_KEYRING_RESULT_OK) &&
651
(g_list_length(list) == 1)
654
GnomeKeyringFound *found = list->data;
655
keyring_password = g_strdup(found->secret);
657
keyring_command = g_strdup (gksu_context_get_command (context));
658
gksu_context_set_command (context, "/bin/echo test > /dev/null");
659
gksu_context_set_password (context, keyring_password);
660
gksu_context_run (context, &error);
663
keyring_has_password = TRUE;
664
gksu_context_set_command (context, keyring_command);
667
if (keyring_has_password)
671
password = g_locale_from_utf8 (keyring_password,
672
strlen (keyring_password),
674
gksu_context_set_password (context, password);
675
return FALSE; /* we do not need a password */
683
625
try_su_run (GksuContext *context)
782
726
if (try_su_run (context) == FALSE)
785
#ifdef ENABLE_GNOME_KEYRING
786
if (try_gnome_keyring_password (context) == FALSE)
733
* gksu_context_run_full:
795
734
* @context: a #GksuContext
735
* @ask_pass: a #GksuAskPasswordFunc
736
* @user_data: a #gpointer with user data to be passed to the
737
* #GksuAskPasswordFunc
738
* @pass_not_needed: a #GksuPasswordNotNeededFunc
739
* @pnn_user_data: a #gpointer with the user data to be passed to the
740
* #GksuPasswordNotNeededFunc
796
741
* @error: a #GError object to be filled with the error code or NULL
798
743
* This could be considered one of the main functions in GKSu.
799
* it is responsible for doing the 'user changing' magic.
744
* it is responsible for doing the 'user changing' magic calling
745
* the #GksuAskPasswordFunc function to request a password if needed.
746
* and the #GksuPasswordNotNeededFunc function if a password won't be
747
* needed, so the application has the oportunity of warning the user
801
751
* Returns: the child's error status, 0 if all went fine, -1 if failed
804
gksu_context_run (GksuContext *context, GError **error)
754
gksu_context_run_full (GksuContext *context,
755
GksuAskPasswordFunc ask_pass, gpointer user_data,
756
GksuPasswordNotNeededFunc pass_not_needed,
757
gpointer pnn_user_data, GError **error)
806
759
GQuark gksu_quark;
808
gboolean auth_failed = FALSE;
810
762
gchar auxcommand[] = PREFIX "/lib/" PACKAGE "/gksu-run-helper";
905
855
/* no need to ask for password if we're already root */
906
856
if (my_uid != target_uid && my_uid)
908
if (context->password)
858
if (context->password || ask_pass)
910
863
read (fdpty, buf, 256);
911
864
if (context->debug)
912
865
fprintf (stderr, "gksu_context_run: buf: -%s-\n", buf);
914
write (fdpty, context->password,
915
strlen(context->password));
869
tcgetattr (fdpty, &tio);
871
if (!(tio.c_lflag & ECHO))
873
if (!context->password)
875
if (ask_pass (context, buf, user_data, error))
878
g_return_val_if_fail (context->password, -1);
883
password_needed = TRUE;
884
write (fdpty, context->password,
885
strlen(context->password));
890
if (!password_needed)
891
pass_not_needed (context, pnn_user_data);
894
fprintf (stderr, "DEBUG (run:after-pass) buf: -%s-\n", buf);
895
if (strncmp (buf, "gksu", 4) && strncmp (buf, "su", 2))
898
/* drop the \n echoed on password entry if su did request
901
read (fdpty, buf, 256);
902
read (fdpty, buf, 255);
904
fprintf (stderr, "DEBUG (run:post-after-pass) buf: -%s-\n", buf);
907
if (!strncmp (buf, "su: Authentication failure", 26))
909
g_set_error (error, gksu_quark,
910
GKSU_CONTEXT_ERROR_WRONGPASS,
911
_("Wrong password."));
913
fprintf (stderr, "DEBUG (auth_failed) buf: -%s-\n", buf);
915
else if (!strncmp (buf, "gksu: waiting", 13))
920
fprintf (stderr, "DEBUG (gksu: waiting) buf: -%s-\n", buf);
922
line = g_strdup_printf ("gksu-run: %s\n", context->display);
923
write (fdpty, line, strlen(line));
926
line = g_strdup_printf ("gksu-run: %s\n", context->xauth);
927
write (fdpty, line, strlen(line));
933
read (fdpty, buf, 256);
937
gchar *emsg = g_strdup_printf (_("Failed to communicate with "
938
"gksu-run-helper.\n\n"
942
" %s"), buf, "gksu: waiting");
943
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_HELPER, emsg);
947
fprintf (stderr, "DEBUG (failed!) buf: -%s-\n", buf);
920
953
FD_SET(fdpty, &rfds);
939
981
read (fdpty, buf, 255);
941
if (!first_line_read)
943
/* we've already read something important on the
944
outside of the loop, probably because su gave
945
no output at all (pam_wheel trust or something)
947
if (strncmp (buf, "gksu", 4))
948
read (fdpty, buf, 255);
950
if (!strncmp (buf, "su: Authentication failure", 26))
952
else if (!strncmp (buf, "gksu: waiting", 13))
956
line = g_strdup_printf ("gksu-run: %s\n", context->display);
957
write (fdpty, line, strlen(line));
960
line = g_strdup_printf ("gksu-run: %s\n", context->xauth);
961
write (fdpty, line, strlen(line));
967
#ifdef ENABLE_GNOME_KEYRING
968
if (keyring_used && context->password)
970
static GMainLoop *keyring_loop = NULL;
971
GnomeKeyringAttributeList *attributes;
972
GnomeKeyringAttribute attribute;
976
attributes = gnome_keyring_attribute_list_new ();
978
attribute.name = g_strdup ("user");
979
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
980
attribute.value.string = g_strdup (gksu_context_get_user (context));
981
g_array_append_val (attributes, attribute);
983
attribute.name = g_strdup ("type");
984
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
985
attribute.value.string = g_strdup ("local");
986
g_array_append_val (attributes, attribute);
988
attribute.name = g_strdup ("creator");
989
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
990
attribute.value.string = g_strdup ("gksu");
991
g_array_append_val (attributes, attribute);
993
key_name = g_strdup_printf ("Local password for user %s",
994
gksu_context_get_user (context));
996
keyring_loop = g_main_loop_new (NULL, FALSE);
999
keyring_create_item_cb (GnomeKeyringResult result,
1000
guint32 id, gpointer data)
1002
g_main_loop_quit (keyring_loop);
1005
gnome_keyring_item_create (NULL,
1006
GNOME_KEYRING_ITEM_GENERIC_SECRET,
1009
gksu_context_get_password (context),
1011
keyring_create_item_cb, NULL, NULL);
1012
gnome_keyring_attribute_list_free (attributes);
1013
g_main_loop_run (keyring_loop);
1017
first_line_read = TRUE;
1019
else if (!strncmp (buf, "gksu-run:", 8))
1023
tmp = g_strrstr (buf, "\n");
1027
read (fdpty, buf, 255);
1028
tmp = g_strrstr (tmp, "\n");
1031
fprintf (stderr, "%s", tmp+1);
1035
fprintf (stderr, "%s", buf);
982
fprintf (stderr, "%s", buf);
1038
985
FD_SET(fdpty, &rfds);
1053
998
if (WEXITSTATUS(status))
1056
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_WRONGPASS,
1057
_("Wrong password."));
1059
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_CHILDFAILED,
1060
_("Child terminated with %d status"),
1002
/* su already exec()ed something else, don't report
1003
* exit status errors in that case
1005
if (!g_str_has_suffix (cmdline, "su\n"))
1014
g_set_error (error, gksu_quark,
1015
GKSU_CONTEXT_ERROR_CHILDFAILED,
1016
_("su terminated with %d status"),
1061
1017
WEXITSTATUS(status));
1062
return WEXITSTATUS(status);
1028
/* DO NOT USE -- Deprecated */
1030
gksu_context_ask_and_run (GksuContext *context, GksuAskPasswordFunc ask_pass,
1031
gpointer user_data, GError **error)
1033
return gksu_context_run_full (context, ask_pass, user_data, NULL, NULL, error);
1038
* @context: a #GksuContext
1039
* @error: a #GError object to be filled with the error code or NULL
1041
* This could be considered one of the main functions in GKSu.
1042
* it is responsible for doing the 'user changing' magic.
1044
* Returns: the child's error status, 0 if all went fine, -1 if failed
1047
gksu_context_run (GksuContext *context, GError **error)
1049
return gksu_context_run_full (context, NULL, NULL, NULL, NULL, error);
1070
1052
static gboolean
1208
* gksu_context_sudo_run:
1190
* gksu_context_sudo_run_full:
1209
1191
* @context: a #GksuContext
1192
* @ask_pass: a #GksuAskPasswordFunc
1193
* @user_data: a #gpointer with user data to be passed to the
1194
* #GksuAskPasswordFunc
1195
* @pass_not_needed: a #GksuPasswordNotNeededFunc
1196
* @pnn_user_data: a #gpointer with the user data to be passed to the
1197
* #GksuPasswordNotNeededFunc
1210
1198
* @error: a #GError object to be filled with the error code or NULL
1212
1200
* This could be considered one of the main functions in GKSu.
1213
* it is responsible for doing the 'user changing' magic by
1214
* calling gksu_ask_password() if it needs the user's password
1215
* it behaves like sudo.
1201
* it is responsible for doing the 'user changing' magic calling
1202
* the #GksuAskPasswordFunc function to request a password if needed.
1203
* and the #GksuPasswordNotNeededFunc function if a password won't be
1204
* needed, so the application has the oportunity of warning the user
1217
1208
* Returns: the child's error status, 0 if all went fine, -1 if failed
1220
gksu_context_sudo_run (GksuContext *context, GError **error)
1211
gksu_context_sudo_run_full (GksuContext *context,
1212
GksuAskPasswordFunc ask_pass, gpointer user_data,
1213
GksuPasswordNotNeededFunc pass_not_needed,
1214
gpointer pnn_user_data, GError **error)
1223
1217
char buffer[256];
1312
for (i = j = 0; ; i++)
1314
if (context->command[i] == ' ' || context->command[i] == '\0')
1317
cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
1318
cmd[argcount] = g_strdup (buffer);
1319
bzero (buffer, 256);
1320
argcount = argcount + 1;
1323
if (context->command[i] == '\0')
1328
if (context->command[i] == '\\')
1307
gchar *tmp_arg = g_malloc (sizeof(gchar)*1);
1308
gboolean inside_quotes = FALSE;
1312
for (i = j = 0; ; i++)
1314
if ((context->command[i] == '\'') && (context->command[i-1] != '\\'))
1330
buffer[j] = context->command[i];
1317
inside_quotes = !inside_quotes;
1320
if ((context->command[i] == ' ' && inside_quotes == FALSE)
1321
|| context->command[i] == '\0')
1323
tmp_arg = g_realloc (tmp_arg, sizeof(gchar)*(j+1));
1325
cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
1326
cmd[argcount] = g_strdup (tmp_arg);
1330
argcount = argcount + 1;
1333
if (context->command[i] == '\0')
1336
tmp_arg = g_malloc (sizeof(gchar)*1);
1341
if (context->command[i] == '\\')
1343
tmp_arg = g_realloc (tmp_arg, sizeof(gchar)*(j+1));
1344
tmp_arg[j] = context->command[i];
1334
1349
cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
1335
1350
cmd[argcount] = NULL;
1443
1469
fgets (buffer, 255, infile);
1444
1470
fgets (buffer, 255, infile);
1445
if (!strcmp (buffer, "Sorry, try again.\n"))
1447
else if (!strncmp (buffer, "Sorry, user ", 12))
1448
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_NOT_ALLOWED,
1449
_("The underlying authorization mechanism (sudo) "
1450
"does not allow you to run this program. Contact "
1451
"the system administrator."));
1454
gchar *haystack = buffer;
1457
needle = g_strstr_len (haystack, strlen (haystack), " ");
1458
if (needle && (needle + 1))
1461
if (!strncmp (needle, "is not in", 9))
1462
g_set_error (error, gksu_quark,
1463
GKSU_CONTEXT_ERROR_NOT_ALLOWED,
1464
_("The underlying authorization mechanism (sudo) "
1465
"does not allow you to run this program. Contact "
1466
"the system administrator."));
1472
1474
if (context->debug)
1473
1475
fprintf (stderr, "Oops... what's up?\n");
1477
pass_not_needed (context, pnn_user_data);
1475
1479
fprintf (stderr, "%s", buffer);
1479
// check if we are still dealing with sudo
1482
char *cmdfile = g_strdup_printf("/proc/%i/status",pid);
1484
f = fopen(cmdfile, "r");
1487
fgets(cmdline, sizeof(cmdline), f);
1482
if (!strcmp (buffer, "Sorry, try again.\n"))
1483
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_WRONGPASS,
1484
_("Wrong password."));
1485
else if (!strncmp (buffer, "Sorry, user ", 12))
1486
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_NOT_ALLOWED,
1487
_("The underlying authorization mechanism (sudo) "
1488
"does not allow you to run this program. Contact "
1489
"the system administrator."));
1492
gchar *haystack = buffer;
1495
needle = g_strstr_len (haystack, strlen (haystack), " ");
1496
if (needle && (needle + 1))
1499
if (!strncmp (needle, "is not in", 9))
1500
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_NOT_ALLOWED,
1501
_("The underlying authorization mechanism (sudo) "
1502
"does not allow you to run this program. Contact "
1503
"the system administrator."));
1491
1507
while (!waitpid (pid, &status, WNOHANG))
1493
f = fopen(cmdfile, "r");
1496
fgets(cmdline, sizeof(cmdline), f);
1511
cmdline = get_process_name (pid);
1501
1515
bzero(buffer, 256);
1502
1516
if(!fgets (buffer, 255, infile))
1504
1518
fprintf (stderr, "%s", buffer);
1508
1521
/* make sure we did read everything */
1522
1535
if (WEXITSTATUS(status))
1524
// sudo already exec()ed something else, don't report
1525
// exit status errors in that case
1526
if(!g_str_has_suffix(cmdline,"sudo\n"))
1539
/* sudo already exec()ed something else, don't report
1540
* exit status errors in that case
1542
if (!g_str_has_suffix (cmdline, "sudo\n"))
1530
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_WRONGPASS,
1531
_("Wrong password."));
1533
g_set_error (error, gksu_quark, GKSU_CONTEXT_ERROR_CHILDFAILED,
1534
_("Child terminated with %d status"),
1551
g_set_error (error, gksu_quark,
1552
GKSU_CONTEXT_ERROR_CHILDFAILED,
1553
_("sudo terminated with %d status"),
1535
1554
WEXITSTATUS(status));
1559
/* if error is set we have found an error condition */
1566
/* DO NOT USE -- Deprecated */
1568
gksu_context_sudo_ask_and_run (GksuContext *context, GksuAskPasswordFunc ask_pass,
1569
gpointer user_data, GError **error)
1571
return gksu_context_sudo_run_full (context, ask_pass, user_data, NULL, NULL, error);
1575
* gksu_context_sudo_run:
1576
* @context: a #GksuContext
1577
* @error: a #GError object to be filled with the error code or NULL
1579
* This could be considered one of the main functions in GKSu.
1580
* it is responsible for doing the 'user changing' magic by
1581
* calling gksu_ask_password() if it needs the user's password
1582
* it behaves like sudo.
1584
* Returns: the child's error status, 0 if all went fine, -1 if failed
1587
gksu_context_sudo_run (GksuContext *context, GError **error)
1589
return gksu_context_sudo_run_full (context, NULL, NULL, NULL, NULL, error);