mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 07:00:43 +00:00
360 lines
11 KiB
Diff
360 lines
11 KiB
Diff
diff --exclude-from=/home/dang/.scripts/diffrc -up -ruN libgksu-2.0.12.orig/libgksu/libgksu.c libgksu-2.0.12/libgksu/libgksu.c
|
|
--- libgksu-2.0.12.orig/libgksu/libgksu.c 2009-06-29 13:48:24.000000000 -0400
|
|
+++ libgksu-2.0.12/libgksu/libgksu.c 2010-01-12 07:32:10.450657456 -0500
|
|
@@ -1,7 +1,6 @@
|
|
/*
|
|
* Gksu -- a library providing access to su functionality
|
|
* Copyright (C) 2004-2009 Gustavo Noronha Silva
|
|
- * Portions Copyright (C) 2009 VMware, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
@@ -56,9 +55,6 @@
|
|
static void
|
|
gksu_context_launch_complete (GksuContext *context);
|
|
|
|
-static void
|
|
-read_line (int fd, gchar *buffer, int n);
|
|
-
|
|
GType
|
|
gksu_error_get_type (void)
|
|
{
|
|
@@ -2009,8 +2005,6 @@ gksu_su_fuller (GksuContext *context,
|
|
for (i = 0 ; cmd[i] != NULL ; i++)
|
|
g_free (cmd[i]);
|
|
g_free(cmd);
|
|
-
|
|
- _exit(1);
|
|
}
|
|
else if (pid == -1)
|
|
{
|
|
@@ -2125,10 +2119,10 @@ gksu_su_fuller (GksuContext *context,
|
|
/* drop the \n echoed on password entry if su did request
|
|
a password */
|
|
if (password_needed)
|
|
- read_line (fdpty, buf, 255);
|
|
+ read (fdpty, buf, 255);
|
|
if (context->debug)
|
|
fprintf (stderr, "DEBUG (run:post-after-pass) buf: -%s-\n", buf);
|
|
- read_line (fdpty, buf, 255);
|
|
+ read (fdpty, buf, 255);
|
|
if (context->debug)
|
|
fprintf (stderr, "DEBUG (run:post-after-pass) buf: -%s-\n", buf);
|
|
}
|
|
@@ -2142,9 +2136,7 @@ gksu_su_fuller (GksuContext *context,
|
|
{
|
|
int retval = 0;
|
|
|
|
- /* Red Hat's su shows the full path to su in its error messages. */
|
|
- if (!strncmp (buf, "su:", 3) ||
|
|
- !strncmp (buf, "/bin/su:", 7))
|
|
+ if (!strncmp (buf, "su", 2))
|
|
{
|
|
gchar **strings;
|
|
|
|
@@ -2155,11 +2147,7 @@ gksu_su_fuller (GksuContext *context,
|
|
}
|
|
|
|
strings = g_strsplit (buf, ":", 2);
|
|
-
|
|
- /* Red Hat and Fedora use 'incorrect password'. */
|
|
- if (strings[1] &&
|
|
- (g_str_has_prefix(strings[1], " Authentication failure") ||
|
|
- g_str_has_prefix(strings[1], " incorrect password")))
|
|
+ if (strings[1] && !strncmp (strings[1], " Authentication failure", 23))
|
|
{
|
|
if (used_gnome_keyring)
|
|
g_set_error (error, gksu_quark,
|
|
@@ -2473,12 +2461,6 @@ gksu_sudo_fuller (GksuContext *context,
|
|
{
|
|
char **cmd;
|
|
char buffer[256] = {0};
|
|
- char *child_stderr = NULL;
|
|
- /* This command is used to gain a token */
|
|
- char *const verifycmd[] =
|
|
- {
|
|
- "/usr/bin/sudo", "-p", "GNOME_SUDO_PASS", "-v", NULL
|
|
- };
|
|
int argcount = 8;
|
|
int i, j;
|
|
|
|
@@ -2489,8 +2471,9 @@ gksu_sudo_fuller (GksuContext *context,
|
|
|
|
pid_t pid;
|
|
int status;
|
|
- FILE *fdfile = NULL;
|
|
- int fdpty = -1;
|
|
+ FILE *infile, *outfile;
|
|
+ int parent_pipe[2]; /* For talking to the parent */
|
|
+ int child_pipe[2]; /* For talking to the child */
|
|
|
|
context->sudo_mode = TRUE;
|
|
|
|
@@ -2565,10 +2548,6 @@ gksu_sudo_fuller (GksuContext *context,
|
|
cmd[argcount] = g_strdup("-S");
|
|
argcount++;
|
|
|
|
- /* Make sudo noninteractive (we should already have a token) */
|
|
- cmd[argcount] = g_strdup("-n");
|
|
- argcount++;
|
|
-
|
|
/* Make sudo use next arg as prompt */
|
|
cmd[argcount] = g_strdup("-p");
|
|
argcount++;
|
|
@@ -2647,21 +2626,26 @@ gksu_sudo_fuller (GksuContext *context,
|
|
fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
|
|
}
|
|
|
|
- pid = forkpty(&fdpty, NULL, NULL, NULL);
|
|
- if (pid == 0)
|
|
+ if ((pipe(parent_pipe)) == -1)
|
|
{
|
|
- // Child
|
|
- setsid(); // make us session leader
|
|
-
|
|
- execv(verifycmd[0], verifycmd);
|
|
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
|
|
+ _("Error creating pipe: %s"),
|
|
+ strerror(errno));
|
|
+ sudo_reset_xauth (context, xauth, xauth_env);
|
|
+ return FALSE;
|
|
+ }
|
|
|
|
- g_set_error (error, gksu_quark, GKSU_ERROR_EXEC,
|
|
- _("Failed to exec new process: %s"),
|
|
+ if ((pipe(child_pipe)) == -1)
|
|
+ {
|
|
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
|
|
+ _("Error creating pipe: %s"),
|
|
strerror(errno));
|
|
sudo_reset_xauth (context, xauth, xauth_env);
|
|
return FALSE;
|
|
}
|
|
- else if (pid == -1)
|
|
+
|
|
+ pid = fork();
|
|
+ if (pid == -1)
|
|
{
|
|
g_set_error (error, gksu_quark, GKSU_ERROR_FORK,
|
|
_("Failed to fork new process: %s"),
|
|
@@ -2669,26 +2653,56 @@ gksu_sudo_fuller (GksuContext *context,
|
|
sudo_reset_xauth (context, xauth, xauth_env);
|
|
return FALSE;
|
|
}
|
|
+ else if (pid == 0)
|
|
+ {
|
|
+ // Child
|
|
+ setsid(); // make us session leader
|
|
+ close(child_pipe[1]);
|
|
+ dup2(child_pipe[0], STDIN_FILENO);
|
|
+ dup2(parent_pipe[1], STDERR_FILENO);
|
|
|
|
+ execv(cmd[0], cmd);
|
|
+
|
|
+ g_set_error (error, gksu_quark, GKSU_ERROR_EXEC,
|
|
+ _("Failed to exec new process: %s"),
|
|
+ strerror(errno));
|
|
+ sudo_reset_xauth (context, xauth, xauth_env);
|
|
+ return FALSE;
|
|
+ }
|
|
else
|
|
{
|
|
gint counter = 0;
|
|
gchar *cmdline = NULL;
|
|
- struct termios tio;
|
|
|
|
// Parent
|
|
- fdfile = fdopen(fdpty, "w+");
|
|
+ close(parent_pipe[1]);
|
|
|
|
- /* make sure we notice that ECHO is turned off, if it gets
|
|
- turned off */
|
|
- tcgetattr (fdpty, &tio);
|
|
- for (counter = 0; (tio.c_lflag & ECHO) && counter < 15; counter++)
|
|
- {
|
|
- usleep (1000);
|
|
- tcgetattr (fdpty, &tio);
|
|
- }
|
|
+ infile = fdopen(parent_pipe[0], "r");
|
|
+ if (!infile)
|
|
+ {
|
|
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
|
|
+ _("Error opening pipe: %s"),
|
|
+ strerror(errno));
|
|
+ sudo_reset_xauth (context, xauth, xauth_env);
|
|
+ return FALSE;
|
|
+ }
|
|
|
|
- fcntl (fdpty, F_SETFL, O_NONBLOCK);
|
|
+ outfile = fdopen(child_pipe[1], "w");
|
|
+ if (!outfile)
|
|
+ {
|
|
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
|
|
+ _("Error opening pipe: %s"),
|
|
+ strerror(errno));
|
|
+ sudo_reset_xauth (context, xauth, xauth_env);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ we are expecting to receive a GNOME_SUDO_PASS
|
|
+ if we don't there are two possibilities: an error
|
|
+ or a password is not needed
|
|
+ */
|
|
+ fcntl (parent_pipe[0], F_SETFL, O_NONBLOCK);
|
|
|
|
{ /* no matter if we can read, since we're using
|
|
O_NONBLOCK; this is just to avoid the prompt
|
|
@@ -2697,11 +2711,11 @@ gksu_sudo_fuller (GksuContext *context,
|
|
struct timeval tv;
|
|
|
|
FD_ZERO(&rfds);
|
|
- FD_SET(fdpty, &rfds);
|
|
+ FD_SET(parent_pipe[0], &rfds);
|
|
tv.tv_sec = 1;
|
|
tv.tv_usec = 0;
|
|
|
|
- select (fdpty + 1, &rfds, NULL, NULL, &tv);
|
|
+ select (parent_pipe[0] + 1, &rfds, NULL, NULL, &tv);
|
|
}
|
|
|
|
/* Try hard to find the prompt; it may happen that we're
|
|
@@ -2713,7 +2727,7 @@ gksu_sudo_fuller (GksuContext *context,
|
|
if (strncmp (buffer, "GNOME_SUDO_PASS", 15) == 0)
|
|
break;
|
|
|
|
- read_line (fdpty, buffer, 256);
|
|
+ read_line (parent_pipe[0], buffer, 256);
|
|
|
|
if (context->debug)
|
|
fprintf (stderr, "buffer: -%s-\n", buffer);
|
|
@@ -2747,17 +2761,18 @@ gksu_sudo_fuller (GksuContext *context,
|
|
|
|
usleep (1000);
|
|
|
|
- write (fdpty, password, strlen(password) + 1);
|
|
- write (fdpty, "\n", 1);
|
|
+ fprintf (outfile, "%s\n", password);
|
|
+ fclose (outfile);
|
|
|
|
nullify_password (password);
|
|
|
|
- fcntl(fdpty, F_SETFL, fcntl(fdpty, F_GETFL) & ~O_NONBLOCK);
|
|
+ /* turn NONBLOCK off */
|
|
+ fcntl(parent_pipe[0], F_SETFL, fcntl(parent_pipe[0], F_GETFL) & ~O_NONBLOCK);
|
|
/* ignore the first newline that comes right after sudo receives
|
|
the password */
|
|
- fgets (buffer, 255, fdfile);
|
|
- /* this is the status we are interested in */
|
|
- fgets (buffer, 255, fdfile);
|
|
+ fgets (buffer, 255, infile);
|
|
+ /* this is the status we are interessted in */
|
|
+ fgets (buffer, 255, infile);
|
|
}
|
|
else
|
|
{
|
|
@@ -2766,7 +2781,7 @@ gksu_sudo_fuller (GksuContext *context,
|
|
fprintf (stderr, "No password prompt found; we'll assume we don't need a password.\n");
|
|
|
|
/* turn NONBLOCK off, also if have no prompt */
|
|
- fcntl(fdpty, F_SETFL, fcntl(fdpty, F_GETFL) & ~O_NONBLOCK);
|
|
+ fcntl(parent_pipe[0], F_SETFL, fcntl(parent_pipe[0], F_GETFL) & ~O_NONBLOCK);
|
|
|
|
should_display = gconf_client_get_bool (context->gconf_client,
|
|
BASE_PATH "display-no-pass-info", NULL);
|
|
@@ -2785,9 +2800,14 @@ gksu_sudo_fuller (GksuContext *context,
|
|
fprintf (stderr, "%s", buffer);
|
|
}
|
|
|
|
- if (g_str_has_prefix (buffer, "Sorry, try again."))
|
|
+ if (!strcmp (buffer, "Sorry, try again.\n"))
|
|
g_set_error (error, gksu_quark, GKSU_ERROR_WRONGPASS,
|
|
_("Wrong password."));
|
|
+ else if (!strncmp (buffer, "Sorry, user ", 12))
|
|
+ g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
|
|
+ _("The underlying authorization mechanism (sudo) "
|
|
+ "does not allow you to run this program. Contact "
|
|
+ "the system administrator."));
|
|
else
|
|
{
|
|
gchar *haystack = buffer;
|
|
@@ -2805,10 +2825,6 @@ gksu_sudo_fuller (GksuContext *context,
|
|
}
|
|
}
|
|
|
|
- /* If we have an error, let's just stop sudo right there. */
|
|
- if (error)
|
|
- close(fdpty);
|
|
-
|
|
cmdline = g_strdup("sudo");
|
|
/* wait for the child process to end or become something other
|
|
than sudo */
|
|
@@ -2825,23 +2841,17 @@ gksu_sudo_fuller (GksuContext *context,
|
|
if (context->sn_context)
|
|
gksu_context_launch_complete (context);
|
|
|
|
+ while (read (parent_pipe[0], buffer, 255) > 0)
|
|
+ {
|
|
+ fprintf (stderr, "%s", buffer);
|
|
+ bzero(buffer, 256);
|
|
+ }
|
|
+
|
|
/* if the process is still active waitpid() on it */
|
|
if (pid_exited != pid)
|
|
waitpid(pid, &status, 0);
|
|
sudo_reset_xauth (context, xauth, xauth_env);
|
|
|
|
- /*
|
|
- * Did token acquisition succeed? If so, spawn sudo in
|
|
- * non-interactive mode. It should either succeed or die
|
|
- * immediately if you're not allowed to run the command.
|
|
- */
|
|
- if (WEXITSTATUS(status) == 0)
|
|
- {
|
|
- g_spawn_sync(NULL, cmd, NULL, 0, NULL, NULL,
|
|
- NULL, &child_stderr, &status,
|
|
- error);
|
|
- }
|
|
-
|
|
if (exit_status)
|
|
{
|
|
if (WIFEXITED(status)) {
|
|
@@ -2853,13 +2863,6 @@ gksu_sudo_fuller (GksuContext *context,
|
|
|
|
if (WEXITSTATUS(status))
|
|
{
|
|
- if (g_str_has_prefix(child_stderr, "Sorry, user "))
|
|
- {
|
|
- g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
|
|
- _("The underlying authorization mechanism (sudo) "
|
|
- "does not allow you to run this program. Contact "
|
|
- "the system administrator."));
|
|
- }
|
|
if(cmdline)
|
|
{
|
|
/* sudo already exec()ed something else, don't report
|
|
@@ -2868,7 +2871,6 @@ gksu_sudo_fuller (GksuContext *context,
|
|
if (!g_str_has_suffix (cmdline, "sudo"))
|
|
{
|
|
g_free (cmdline);
|
|
- g_free (child_stderr);
|
|
return FALSE;
|
|
}
|
|
g_free (cmdline);
|
|
@@ -2881,11 +2883,11 @@ gksu_sudo_fuller (GksuContext *context,
|
|
}
|
|
}
|
|
|
|
- fprintf(stderr, child_stderr);
|
|
- g_free(child_stderr);
|
|
-
|
|
/* if error is set we have found an error condition */
|
|
- return (error == NULL);
|
|
+ if (error)
|
|
+ return FALSE;
|
|
+
|
|
+ return TRUE;
|
|
}
|
|
|
|
/**
|