| mustberoot.subr (252995) | mustberoot.subr (263791) |
|---|---|
| 1if [ ! "$_MUSTBEROOT_SUBR" ]; then _MUSTBEROOT_SUBR=1 2# 3# Copyright (c) 2006-2013 Devin Teske 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 10 unchanged lines hidden (view full) --- 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# | 1if [ ! "$_MUSTBEROOT_SUBR" ]; then _MUSTBEROOT_SUBR=1 2# 3# Copyright (c) 2006-2013 Devin Teske 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 10 unchanged lines hidden (view full) --- 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# |
| 27# $FreeBSD: stable/9/usr.sbin/bsdconfig/share/mustberoot.subr 252995 2013-07-07 19:13:34Z dteske $ | 27# $FreeBSD: stable/9/usr.sbin/bsdconfig/share/mustberoot.subr 263791 2014-03-27 03:20:47Z dteske $ |
| 28# 29############################################################ INCLUDES 30 31BSDCFG_SHARE="/usr/share/bsdconfig" 32. $BSDCFG_SHARE/common.subr || exit 1 33f_dprintf "%s: loading includes..." mustberoot.subr 34f_include $BSDCFG_SHARE/dialog.subr | 28# 29############################################################ INCLUDES 30 31BSDCFG_SHARE="/usr/share/bsdconfig" 32. $BSDCFG_SHARE/common.subr || exit 1 33f_dprintf "%s: loading includes..." mustberoot.subr 34f_include $BSDCFG_SHARE/dialog.subr |
| 35f_include $BSDCFG_SHARE/strings.subr |
|
| 35 36BSDCFG_LIBE="/usr/libexec/bsdconfig" 37f_include_lang $BSDCFG_LIBE/include/messages.subr 38 39############################################################ CONFIGURATION 40# NOTE: These are not able to be overridden/inherited for security purposes. 41 42# --- 29 unchanged lines hidden (view full) --- 72# 73# The following environment variables effect functionality: 74# 75# USE_XDIALOG Either NULL or Non-NULL. If given a value will indicate 76# that Xdialog(1) should be used instead of dialog(1). 77# 78f_become_root_via_sudo() 79{ | 36 37BSDCFG_LIBE="/usr/libexec/bsdconfig" 38f_include_lang $BSDCFG_LIBE/include/messages.subr 39 40############################################################ CONFIGURATION 41# NOTE: These are not able to be overridden/inherited for security purposes. 42 43# --- 29 unchanged lines hidden (view full) --- 73# 74# The following environment variables effect functionality: 75# 76# USE_XDIALOG Either NULL or Non-NULL. If given a value will indicate 77# that Xdialog(1) should be used instead of dialog(1). 78# 79f_become_root_via_sudo() 80{ |
| 81 local funcname=f_become_root_via_sudo |
|
| 80 local prompt hline height width rows msg 81 82 [ "$( id -u )" = "0" ] && return $SUCCESS 83 84 f_have sudo || f_die 1 "$msg_must_be_root_to_execute" "$pgm" 85 86 # 87 # Ask the user if it's OK to become root via sudo(8) and give them 88 # the option to save this preference (by touch(1)ing a file in the 89 # user's $HOME directory). 90 # 91 local checkpath="${HOME%/}/.bsdconfig_uses_sudo" 92 if [ ! -e "$checkpath" ]; then | 82 local prompt hline height width rows msg 83 84 [ "$( id -u )" = "0" ] && return $SUCCESS 85 86 f_have sudo || f_die 1 "$msg_must_be_root_to_execute" "$pgm" 87 88 # 89 # Ask the user if it's OK to become root via sudo(8) and give them 90 # the option to save this preference (by touch(1)ing a file in the 91 # user's $HOME directory). 92 # 93 local checkpath="${HOME%/}/.bsdconfig_uses_sudo" 94 if [ ! -e "$checkpath" ]; then |
| 93 prompt=$( printf "$msg_you_are_not_root_but" bsdconfig ) 94 msg=$( printf "$msg_always_try_sudo_when_run_as" "$USER" ) | 95 f_sprintf prompt "$msg_you_are_not_root_but" bsdconfig 96 f_sprintf msg "$msg_always_try_sudo_when_run_as" "$USER" |
| 95 local menu_list=" 96 'X' '$msg_cancel_exit' 97 '1' '$msg' 98 '2' '$msg_try_sudo_only_this_once' 99 " # END-QUOTE 100 hline="$hline_arrows_tab_enter" 101 102 eval f_dialog_menu_size height width rows \ --- 16 unchanged lines hidden (view full) --- 119 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 120 ) || f_die 121 f_dialog_data_sanitize mtag 122 123 case "$mtag" in 124 X) # Cancel/Exit 125 f_die ;; 126 1) # Always try sudo(8) when run as $user | 97 local menu_list=" 98 'X' '$msg_cancel_exit' 99 '1' '$msg' 100 '2' '$msg_try_sudo_only_this_once' 101 " # END-QUOTE 102 hline="$hline_arrows_tab_enter" 103 104 eval f_dialog_menu_size height width rows \ --- 16 unchanged lines hidden (view full) --- 121 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 122 ) || f_die 123 f_dialog_data_sanitize mtag 124 125 case "$mtag" in 126 X) # Cancel/Exit 127 f_die ;; 128 1) # Always try sudo(8) when run as $user |
| 127 local err 128 if ! err=$( touch "$checkpath" 2>&1 ); then 129 f_dialog_msgbox "$err" 130 else | 129 f_eval_catch $funcname touch \ 130 'touch "%s"' "$checkpath" && |
| 131 f_show_msg "$msg_created_path" "$checkpath" | 131 f_show_msg "$msg_created_path" "$checkpath" |
| 132 fi | |
| 133 esac 134 else 135 # 136 # This user has created the path signing-off on sudo(8)-use 137 # but let's still give them a short/quick/unobtrusive reminder 138 # 139 f_dialog_info "$msg_becoming_root_via_sudo" 140 [ "$USE_XDIALOG" ] || sleep 0.6 --- 30 unchanged lines hidden (view full) --- 171 --cancel-label "$msg_cancel" \ 172 --password --inputbox "$prompt" \ 173 $height $width \ 174 2>&1 > /dev/null 175 ) 176 retval=$? 177 178 # Catch X11-related errors | 132 esac 133 else 134 # 135 # This user has created the path signing-off on sudo(8)-use 136 # but let's still give them a short/quick/unobtrusive reminder 137 # 138 f_dialog_info "$msg_becoming_root_via_sudo" 139 [ "$USE_XDIALOG" ] || sleep 0.6 --- 30 unchanged lines hidden (view full) --- 170 --cancel-label "$msg_cancel" \ 171 --password --inputbox "$prompt" \ 172 $height $width \ 173 2>&1 > /dev/null 174 ) 175 retval=$? 176 177 # Catch X11-related errors |
| 179 if [ $retval -eq 255 ]; then | 178 if [ $retval -eq $DIALOG_ESC ]; then |
| 180 f_die $retval "$password" | 179 f_die $retval "$password" |
| 181 elif [ $retval -ne 0 ]; then | 180 elif [ $retval -ne $DIALOG_OK ]; then |
| 182 # User cancelled 183 exit $retval 184 fi 185 else 186 password=$( $DIALOG \ 187 --title "$DIALOG_TITLE" \ 188 --backtitle "$DIALOG_BACKTITLE" \ 189 --hline "$hline" \ --- 30 unchanged lines hidden (view full) --- 220 fi 221 done 222 223 # 224 # If user exhausted number of allowed password tries, log 225 # the security event and exit immediately. 226 # 227 if [ $nfailures -ge $PASSWD_TRIES ]; then | 181 # User cancelled 182 exit $retval 183 fi 184 else 185 password=$( $DIALOG \ 186 --title "$DIALOG_TITLE" \ 187 --backtitle "$DIALOG_BACKTITLE" \ 188 --hline "$hline" \ --- 30 unchanged lines hidden (view full) --- 219 fi 220 done 221 222 # 223 # If user exhausted number of allowed password tries, log 224 # the security event and exit immediately. 225 # 226 if [ $nfailures -ge $PASSWD_TRIES ]; then |
| 228 msg=$( printf "$msg_nfailed_attempts" "$nfailures" ) | 227 f_sprintf msg "$msg_nfailed_attempts" "$nfailures" |
| 229 logger -p auth.notice -t sudo " " \ 230 "$USER : $msg" \ 231 "; TTY=$(tty)" \ 232 "; PWD=$PWD" \ 233 "; USER=root" \ 234 "; COMMAND=$0" 235 f_die 1 "sudo: $msg" 236 fi --- 74 unchanged lines hidden (view full) --- 311 --password --2inputsbox "$msg" \ 312 $height $width \ 313 "$field_username" "" \ 314 "$field_password" "" \ 315 2>&1 > /dev/null ) 316 retval=$? 317 318 # Catch X11-related errors | 228 logger -p auth.notice -t sudo " " \ 229 "$USER : $msg" \ 230 "; TTY=$(tty)" \ 231 "; PWD=$PWD" \ 232 "; USER=root" \ 233 "; COMMAND=$0" 234 f_die 1 "sudo: $msg" 235 fi --- 74 unchanged lines hidden (view full) --- 310 --password --2inputsbox "$msg" \ 311 $height $width \ 312 "$field_username" "" \ 313 "$field_password" "" \ 314 2>&1 > /dev/null ) 315 retval=$? 316 317 # Catch X11-related errors |
| 319 [ $retval -eq 255 ] && f_die $retval "$user_pass" | 318 [ $retval -eq $DIALOG_ESC ] && f_die $retval "$user_pass" |
| 320 321 # Exit if the user cancelled. | 319 320 # Exit if the user cancelled. |
| 322 [ $retval -eq $SUCCESS ] || exit $retval | 321 [ $retval -eq $DIALOG_OK ] || exit $retval |
| 323 324 # 325 # Make sure the user exists and is non-root 326 # 327 local user password 328 user="${user_pass%%/*}" 329 password="${user_pass#*/}" 330 unset user_pass # scrub memory --- 51 unchanged lines hidden (view full) --- 382 fi 383 done 384 385 # 386 # If user exhausted number of allowed password tries, log 387 # the security event and exit immediately. 388 # 389 if [ $nfailures -ge $PASSWD_TRIES ]; then | 322 323 # 324 # Make sure the user exists and is non-root 325 # 326 local user password 327 user="${user_pass%%/*}" 328 password="${user_pass#*/}" 329 unset user_pass # scrub memory --- 51 unchanged lines hidden (view full) --- 381 fi 382 done 383 384 # 385 # If user exhausted number of allowed password tries, log 386 # the security event and exit immediately. 387 # 388 if [ $nfailures -ge $PASSWD_TRIES ]; then |
| 390 msg=$( printf "$msg_nfailed_attempts" "$nfailures" ) | 389 f_sprintf msg "$msg_nfailed_attempts" "$nfailures" |
| 391 logger -p auth.notice -t sudo " " \ 392 "${SUDO_USER:-$USER} : $msg" \ 393 "; TTY=$(tty)" \ 394 "; PWD=$PWD" \ 395 "; USER=root" \ 396 "; COMMAND=$0" 397 f_die 1 "sudo: $message" 398 fi --- 27 unchanged lines hidden --- | 390 logger -p auth.notice -t sudo " " \ 391 "${SUDO_USER:-$USER} : $msg" \ 392 "; TTY=$(tty)" \ 393 "; PWD=$PWD" \ 394 "; USER=root" \ 395 "; COMMAND=$0" 396 f_die 1 "sudo: $message" 397 fi --- 27 unchanged lines hidden --- |