1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
|
diff --exclude-from=/home/dang/.scripts/diffrc -up -ruN libgksu-2.0.12.orig/libgksu/libgksu.c libgksu-2.0.12/libgksu/libgksu.c
--- libgksu-2.0.12.orig/libgksu/libgksu.c 2009-06-29 13:48:24.000000000 -0400
+++ libgksu-2.0.12/libgksu/libgksu.c 2010-01-12 07:32:10.450657456 -0500
@@ -1,7 +1,6 @@
/*
* Gksu -- a library providing access to su functionality
* Copyright (C) 2004-2009 Gustavo Noronha Silva
- * Portions Copyright (C) 2009 VMware, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -56,9 +55,6 @@
static void
gksu_context_launch_complete (GksuContext *context);
-static void
-read_line (int fd, gchar *buffer, int n);
-
GType
gksu_error_get_type (void)
{
@@ -2009,8 +2005,6 @@ gksu_su_fuller (GksuContext *context,
for (i = 0 ; cmd[i] != NULL ; i++)
g_free (cmd[i]);
g_free(cmd);
-
- _exit(1);
}
else if (pid == -1)
{
@@ -2125,10 +2119,10 @@ gksu_su_fuller (GksuContext *context,
/* drop the \n echoed on password entry if su did request
a password */
if (password_needed)
- read_line (fdpty, buf, 255);
+ read (fdpty, buf, 255);
if (context->debug)
fprintf (stderr, "DEBUG (run:post-after-pass) buf: -%s-\n", buf);
- read_line (fdpty, buf, 255);
+ read (fdpty, buf, 255);
if (context->debug)
fprintf (stderr, "DEBUG (run:post-after-pass) buf: -%s-\n", buf);
}
@@ -2142,9 +2136,7 @@ gksu_su_fuller (GksuContext *context,
{
int retval = 0;
- /* Red Hat's su shows the full path to su in its error messages. */
- if (!strncmp (buf, "su:", 3) ||
- !strncmp (buf, "/bin/su:", 7))
+ if (!strncmp (buf, "su", 2))
{
gchar **strings;
@@ -2155,11 +2147,7 @@ gksu_su_fuller (GksuContext *context,
}
strings = g_strsplit (buf, ":", 2);
-
- /* Red Hat and Fedora use 'incorrect password'. */
- if (strings[1] &&
- (g_str_has_prefix(strings[1], " Authentication failure") ||
- g_str_has_prefix(strings[1], " incorrect password")))
+ if (strings[1] && !strncmp (strings[1], " Authentication failure", 23))
{
if (used_gnome_keyring)
g_set_error (error, gksu_quark,
@@ -2473,12 +2461,6 @@ gksu_sudo_fuller (GksuContext *context,
{
char **cmd;
char buffer[256] = {0};
- char *child_stderr = NULL;
- /* This command is used to gain a token */
- char *const verifycmd[] =
- {
- "/usr/bin/sudo", "-p", "GNOME_SUDO_PASS", "-v", NULL
- };
int argcount = 8;
int i, j;
@@ -2489,8 +2471,9 @@ gksu_sudo_fuller (GksuContext *context,
pid_t pid;
int status;
- FILE *fdfile = NULL;
- int fdpty = -1;
+ FILE *infile, *outfile;
+ int parent_pipe[2]; /* For talking to the parent */
+ int child_pipe[2]; /* For talking to the child */
context->sudo_mode = TRUE;
@@ -2565,10 +2548,6 @@ gksu_sudo_fuller (GksuContext *context,
cmd[argcount] = g_strdup("-S");
argcount++;
- /* Make sudo noninteractive (we should already have a token) */
- cmd[argcount] = g_strdup("-n");
- argcount++;
-
/* Make sudo use next arg as prompt */
cmd[argcount] = g_strdup("-p");
argcount++;
@@ -2647,21 +2626,26 @@ gksu_sudo_fuller (GksuContext *context,
fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
}
- pid = forkpty(&fdpty, NULL, NULL, NULL);
- if (pid == 0)
+ if ((pipe(parent_pipe)) == -1)
{
- // Child
- setsid(); // make us session leader
-
- execv(verifycmd[0], verifycmd);
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
+ _("Error creating pipe: %s"),
+ strerror(errno));
+ sudo_reset_xauth (context, xauth, xauth_env);
+ return FALSE;
+ }
- g_set_error (error, gksu_quark, GKSU_ERROR_EXEC,
- _("Failed to exec new process: %s"),
+ if ((pipe(child_pipe)) == -1)
+ {
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
+ _("Error creating pipe: %s"),
strerror(errno));
sudo_reset_xauth (context, xauth, xauth_env);
return FALSE;
}
- else if (pid == -1)
+
+ pid = fork();
+ if (pid == -1)
{
g_set_error (error, gksu_quark, GKSU_ERROR_FORK,
_("Failed to fork new process: %s"),
@@ -2669,26 +2653,56 @@ gksu_sudo_fuller (GksuContext *context,
sudo_reset_xauth (context, xauth, xauth_env);
return FALSE;
}
+ else if (pid == 0)
+ {
+ // Child
+ setsid(); // make us session leader
+ close(child_pipe[1]);
+ dup2(child_pipe[0], STDIN_FILENO);
+ dup2(parent_pipe[1], STDERR_FILENO);
+ execv(cmd[0], cmd);
+
+ g_set_error (error, gksu_quark, GKSU_ERROR_EXEC,
+ _("Failed to exec new process: %s"),
+ strerror(errno));
+ sudo_reset_xauth (context, xauth, xauth_env);
+ return FALSE;
+ }
else
{
gint counter = 0;
gchar *cmdline = NULL;
- struct termios tio;
// Parent
- fdfile = fdopen(fdpty, "w+");
+ close(parent_pipe[1]);
- /* make sure we notice that ECHO is turned off, if it gets
- turned off */
- tcgetattr (fdpty, &tio);
- for (counter = 0; (tio.c_lflag & ECHO) && counter < 15; counter++)
- {
- usleep (1000);
- tcgetattr (fdpty, &tio);
- }
+ infile = fdopen(parent_pipe[0], "r");
+ if (!infile)
+ {
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
+ _("Error opening pipe: %s"),
+ strerror(errno));
+ sudo_reset_xauth (context, xauth, xauth_env);
+ return FALSE;
+ }
- fcntl (fdpty, F_SETFL, O_NONBLOCK);
+ outfile = fdopen(child_pipe[1], "w");
+ if (!outfile)
+ {
+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
+ _("Error opening pipe: %s"),
+ strerror(errno));
+ sudo_reset_xauth (context, xauth, xauth_env);
+ return FALSE;
+ }
+
+ /*
+ we are expecting to receive a GNOME_SUDO_PASS
+ if we don't there are two possibilities: an error
+ or a password is not needed
+ */
+ fcntl (parent_pipe[0], F_SETFL, O_NONBLOCK);
{ /* no matter if we can read, since we're using
O_NONBLOCK; this is just to avoid the prompt
@@ -2697,11 +2711,11 @@ gksu_sudo_fuller (GksuContext *context,
struct timeval tv;
FD_ZERO(&rfds);
- FD_SET(fdpty, &rfds);
+ FD_SET(parent_pipe[0], &rfds);
tv.tv_sec = 1;
tv.tv_usec = 0;
- select (fdpty + 1, &rfds, NULL, NULL, &tv);
+ select (parent_pipe[0] + 1, &rfds, NULL, NULL, &tv);
}
/* Try hard to find the prompt; it may happen that we're
@@ -2713,7 +2727,7 @@ gksu_sudo_fuller (GksuContext *context,
if (strncmp (buffer, "GNOME_SUDO_PASS", 15) == 0)
break;
- read_line (fdpty, buffer, 256);
+ read_line (parent_pipe[0], buffer, 256);
if (context->debug)
fprintf (stderr, "buffer: -%s-\n", buffer);
@@ -2747,17 +2761,18 @@ gksu_sudo_fuller (GksuContext *context,
usleep (1000);
- write (fdpty, password, strlen(password) + 1);
- write (fdpty, "\n", 1);
+ fprintf (outfile, "%s\n", password);
+ fclose (outfile);
nullify_password (password);
- fcntl(fdpty, F_SETFL, fcntl(fdpty, F_GETFL) & ~O_NONBLOCK);
+ /* turn NONBLOCK off */
+ fcntl(parent_pipe[0], F_SETFL, fcntl(parent_pipe[0], F_GETFL) & ~O_NONBLOCK);
/* ignore the first newline that comes right after sudo receives
the password */
- fgets (buffer, 255, fdfile);
- /* this is the status we are interested in */
- fgets (buffer, 255, fdfile);
+ fgets (buffer, 255, infile);
+ /* this is the status we are interessted in */
+ fgets (buffer, 255, infile);
}
else
{
@@ -2766,7 +2781,7 @@ gksu_sudo_fuller (GksuContext *context,
fprintf (stderr, "No password prompt found; we'll assume we don't need a password.\n");
/* turn NONBLOCK off, also if have no prompt */
- fcntl(fdpty, F_SETFL, fcntl(fdpty, F_GETFL) & ~O_NONBLOCK);
+ fcntl(parent_pipe[0], F_SETFL, fcntl(parent_pipe[0], F_GETFL) & ~O_NONBLOCK);
should_display = gconf_client_get_bool (context->gconf_client,
BASE_PATH "display-no-pass-info", NULL);
@@ -2785,9 +2800,14 @@ gksu_sudo_fuller (GksuContext *context,
fprintf (stderr, "%s", buffer);
}
- if (g_str_has_prefix (buffer, "Sorry, try again."))
+ if (!strcmp (buffer, "Sorry, try again.\n"))
g_set_error (error, gksu_quark, GKSU_ERROR_WRONGPASS,
_("Wrong password."));
+ else if (!strncmp (buffer, "Sorry, user ", 12))
+ g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
+ _("The underlying authorization mechanism (sudo) "
+ "does not allow you to run this program. Contact "
+ "the system administrator."));
else
{
gchar *haystack = buffer;
@@ -2805,10 +2825,6 @@ gksu_sudo_fuller (GksuContext *context,
}
}
- /* If we have an error, let's just stop sudo right there. */
- if (error)
- close(fdpty);
-
cmdline = g_strdup("sudo");
/* wait for the child process to end or become something other
than sudo */
@@ -2825,23 +2841,17 @@ gksu_sudo_fuller (GksuContext *context,
if (context->sn_context)
gksu_context_launch_complete (context);
+ while (read (parent_pipe[0], buffer, 255) > 0)
+ {
+ fprintf (stderr, "%s", buffer);
+ bzero(buffer, 256);
+ }
+
/* if the process is still active waitpid() on it */
if (pid_exited != pid)
waitpid(pid, &status, 0);
sudo_reset_xauth (context, xauth, xauth_env);
- /*
- * Did token acquisition succeed? If so, spawn sudo in
- * non-interactive mode. It should either succeed or die
- * immediately if you're not allowed to run the command.
- */
- if (WEXITSTATUS(status) == 0)
- {
- g_spawn_sync(NULL, cmd, NULL, 0, NULL, NULL,
- NULL, &child_stderr, &status,
- error);
- }
-
if (exit_status)
{
if (WIFEXITED(status)) {
@@ -2853,13 +2863,6 @@ gksu_sudo_fuller (GksuContext *context,
if (WEXITSTATUS(status))
{
- if (g_str_has_prefix(child_stderr, "Sorry, user "))
- {
- g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
- _("The underlying authorization mechanism (sudo) "
- "does not allow you to run this program. Contact "
- "the system administrator."));
- }
if(cmdline)
{
/* sudo already exec()ed something else, don't report
@@ -2868,7 +2871,6 @@ gksu_sudo_fuller (GksuContext *context,
if (!g_str_has_suffix (cmdline, "sudo"))
{
g_free (cmdline);
- g_free (child_stderr);
return FALSE;
}
g_free (cmdline);
@@ -2881,11 +2883,11 @@ gksu_sudo_fuller (GksuContext *context,
}
}
- fprintf(stderr, child_stderr);
- g_free(child_stderr);
-
/* if error is set we have found an error condition */
- return (error == NULL);
+ if (error)
+ return FALSE;
+
+ return TRUE;
}
/**
|