19928N/A@@ -3,7 +3,7 @@ INCLUDES = ${LIBGKSU_CFLAGS}
19928N/A AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\" -DDATA_DIR=\"$(datadir)\" -DPREFIX=\"$(prefix)\"
19928N/A # major -> breaks backward compatibility (changes to existing ABI)
19928N/A # minor -> keeps compatibility (additions to the API)
19928N/A@@ -71,6 +84,25 @@ struct _GksuContext
19928N/A+ struct pam_message *pam_message;
19928N/A+ struct pam_response *pam_response;
19928N/A+ gboolean wait_for_child_to_exit;
19928N/A+ gboolean sn_context_initiated;
19928N/A #define GKSU_TYPE_CONTEXT gksu_context_get_type()
19928N/A@@ -130,11 +162,13 @@ gksu_context_set_login_shell (GksuContex
19928N/A gksu_context_get_login_shell (GksuContext *context);
19928N/A gksu_context_set_keep_env (GksuContext *context, gboolean value);
19928N/A gksu_context_get_keep_env (GksuContext *context);
19928N/A gksu_context_set_description (GksuContext *context, gchar *description);
19928N/A@@ -252,6 +286,93 @@ gksu_ask_password_full (GksuContext *con
19928N/A gksu_ask_password (GError **error);
19928N/A+gksu_context_embedded_su_try_need_password (GksuContext *context);
19928N/A+gksu_context_embedded_su_run (GksuContext *context,
19928N/A+gksu_context_pfexec_try_run (GksuContext *context);
19928N/A+gksu_context_pfexec_run (GksuContext *context, GError **error);
19928N/A+gksu_context_set_role (GksuContext *context);
19928N/A+gksu_context_get_child_stdin_fd (GksuContext *context);
19928N/A+gksu_context_get_child_stdout_fd (GksuContext *context);
19928N/A+gksu_context_get_child_stdin_file (GksuContext *context);
19928N/A+gksu_context_get_child_stdout_file (GksuContext *context);
19928N/A+gksu_context_get_child_pid (GksuContext *context);
19928N/A+gksu_context_set_wait_for_child_to_exit (GksuContext *context, gboolean value);
19928N/A+gksu_context_get_wait_for_child_to_exit (GksuContext *context);
19928N/A+gksu_context_set_elevated_privilege (GksuContext *context, gboolean value);
19928N/A+gksu_context_get_elevated_privilege (GksuContext *context);
19928N/A+gksu_context_set_elevated_role (GksuContext *context, gboolean value);
19928N/A+gksu_context_get_elevated_role (GksuContext *context);
19928N/A+gksu_context_set_privspec (GksuContext *context, gchar *privspec);
19928N/A+gksu_context_get_privspec (GksuContext *context);
19928N/A+gksu_context_get_num_msg (GksuContext *context);
19928N/A+gksu_context_get_pam_message (GksuContext *context, gint index);
19928N/A+gksu_context_get_pam_response (GksuContext *context, gint index);
19928N/A+gksu_context_set_pam_response (GksuContext *context, gint index, gchar *response);
19928N/A+gksu_context_get_pfexec_mode (GksuContext *context);
19928N/A+gksu_context_set_need_pipe (GksuContext *context, gboolean value);
19928N/A+gksu_context_set_child_no_a11y (GksuContext *context, gboolean value);
19928N/A+gksu_context_get_need_pipe (GksuContext *context);
19928N/A+gboolean sudo_prepare_xauth (GksuContext *context);
19928N/A+void sudo_reset_xauth (GksuContext *context, gchar *xauth, gchar *xauth_env);
19928N/A@@ -532,7 +540,7 @@ report_failed_grab (FailedGrabWhat what)
19928N/A-grab_keyboard_and_mouse (GtkWidget *dialog)
19928N/A+grab_keyboard_and_mouse (GksuContext *context, GtkWidget *dialog)
19928N/A@@ -541,7 +549,7 @@ grab_keyboard_and_mouse (GtkWidget *dial
19928N/A gchar *fname = g_strdup (getenv ("GKSU_LOCK_FILE"));
19928N/A@@ -628,6 +636,7 @@ ungrab_keyboard_and_mouse (int lock)
19928N/A get_gnome_keyring_password (GksuContext *context)
19928N/A@@ -805,10 +814,12 @@ unset_gnome_keyring_password (GksuContex
19928N/A get_configuration_options (GksuContext *context)
19928N/A GConfClient *gconf_client = context->gconf_client;
19928N/A@@ -821,6 +832,10 @@ get_configuration_options (GksuContext *
19928N/A context->sudo_mode = gconf_client_get_bool (gconf_client, BASE_PATH "sudo-mode",
19928N/A@@ -910,7 +925,7 @@ su_ask_password (GksuContext *context, g
19928N/A gksuui_dialog_set_alert (GKSUUI_DIALOG(dialog), context->alert);
19928N/A- lock = grab_keyboard_and_mouse (dialog);
19928N/A+ lock = grab_keyboard_and_mouse (context, dialog);
19928N/A retvalue = gtk_dialog_run (GTK_DIALOG(dialog));
19928N/A@@ -953,6 +968,7 @@ su_ask_password (GksuContext *context, g
19928N/A cb_toggled_cb (GtkWidget *button, gpointer data)
19928N/A@@ -981,6 +997,7 @@ cb_toggled_cb (GtkWidget *button, gpoint
19928N/A@@ -1084,235 +1101,6 @@ get_process_name (pid_t pid)
19928N/A-get_xauth_token (GksuContext *context, gchar *display)
19928N/A- gchar *xauth = g_new0 (gchar, 256);
19928N/A- /* find out where the xauth binary is located */
19928N/A- "Failed to obtain xauth key: xauth binary not found "
19928N/A- /* get the authorization token */
19928N/A- tmp = g_strdup_printf ("%s list %s | "
19928N/A- "head -1 | awk '{ print $3 }'",
19928N/A- if ((xauth_output = popen (tmp, "r")) == NULL)
19928N/A- "Failed to obtain xauth key: %s",
19928N/A- fread (xauth, sizeof(char), 255, xauth_output);
19928N/A- * Sets up the variables with values for the $DISPLAY
19928N/A- * environment variable and xauth-related stuff. Also
19928N/A- * creates a temporary directory to hold a .Xauthority
19928N/A- * Returns: TRUE if it suceeds, FALSE if it fails.
19928N/A-prepare_xauth (GksuContext *context)
19928N/A- display = g_strdup (getenv ("DISPLAY"));
19928N/A- xauth = get_xauth_token (context, display);
19928N/A- /* If xauth is the empty string, then try striping the
19928N/A- * hostname part of the DISPLAY string for getting the
19928N/A- * auth token; this is needed for ssh-forwarded usage
19928N/A- cut_display = g_strdup (g_strrstr (display, ":"));
19928N/A- xauth = get_xauth_token (context, cut_display);
19928N/A- context->xauth, context->display);
19928N/A-/* Write all of buf, even if write(2) is interrupted. */
19928N/A-full_write (int d, const char *buf, size_t nbytes)
19928N/A- /* Loop until nbytes of buf have been written. */
19928N/A- /* Keep trying until write succeeds without interruption. */
19928N/A- r = write(d, buf + w, nbytes - w);
19928N/A- } while (r < 0 && errno == EINTR);
19928N/A-copy (const char *fn, const char *dir)
19928N/A- newfn = g_strdup_printf("%s/.Xauthority", dir);
19928N/A- out = open(newfn, O_WRONLY | O_CREAT | O_EXCL, 0600);
19928N/A- "Impossible to create the .Xauthority file: a file "
19928N/A- "already exists. This might be a security issue; "
19928N/A- "Error copying '%s' to '%s': %s",
19928N/A- "Error copying '%s' to '%s': %s",
19928N/A- while ((r = read(in, buf, BUFSIZ)) > 0)
19928N/A- if (full_write(out, buf, r) == -1)
19928N/A- "Error copying '%s' to '%s': %s",
19928N/A- "Error copying '%s' to '%s': %s",
19928N/A-sudo_prepare_xauth (GksuContext *context)
19928N/A- gchar template[] = "/tmp/" PACKAGE "-XXXXXX";
19928N/A- gboolean error_copying = FALSE;
19928N/A- context->dir = g_strdup (mkdtemp(template));
19928N/A- fprintf (stderr, strerror(errno));
19928N/A- xauth = g_strdup(g_getenv ("XAUTHORITY"));
19928N/A- xauth = g_strdup_printf ("%s/.Xauthority", g_get_home_dir());
19928N/A- error_copying = !copy (xauth, context->dir);
19928N/A-sudo_reset_xauth (GksuContext *context, gchar *xauth,
19928N/A- /* reset the env var as it was before or clean it */
19928N/A- setenv ("XAUTHORITY", xauth_env, TRUE);
19928N/A- fprintf (stderr, "xauth: %s\nxauth_env: %s\ndir: %s\n",
19928N/A- xauth, xauth_env, context->dir);
19928N/A startup_notification_initialize (GksuContext *context)
19928N/A@@ -1344,11 +1132,13 @@ gksu_context_new ()
19928N/A context->gconf_client = gconf_client_get_default ();
19928N/A- context->user = g_strdup ("root");
19928N/A@@ -1362,10 +1152,27 @@ gksu_context_new ()
19928N/A+ context->elevated_privilege = TRUE;
19928N/A+ context->elevated_role = TRUE;
19928N/A+ context->wait_for_child_to_exit = TRUE;
19928N/A+ context->sn_context_initiated = FALSE;
19928N/A+ context->child_no_a11y = FALSE;
19928N/A get_configuration_options (context);
19928N/A startup_notification_initialize (context);
19928N/A@@ -1485,7 +1292,9 @@ gksu_context_get_login_shell (GksuContex
19928N/A gksu_context_set_keep_env (GksuContext *context, gboolean value)
19928N/A@@ -1737,6 +1546,7 @@ gksu_context_launch_initiate (GksuContex
19928N/A gksu_context_get_command (context),
19928N/A+ context->sn_context_initiated = TRUE;
19928N/A sid = g_strdup_printf ("%s", sn_launcher_context_get_startup_id (context->sn_context));
19928N/A gksu_context_set_launcher_id (context, sid);
19928N/A@@ -1757,7 +1567,10 @@ gksu_context_launch_initiate (GksuContex
19928N/A gksu_context_launch_complete (GksuContext *context)
19928N/A- sn_launcher_context_complete(context->sn_context);
19928N/A+ if (context->sn_context_initiated)
19928N/A+ sn_launcher_context_complete(context->sn_context);
19928N/A@@ -1801,7 +1614,9 @@ gksu_context_free (GksuContext *context)
19928N/A g_object_unref (context->gconf_client);
19928N/A@@ -1810,6 +1625,14 @@ gksu_context_free (GksuContext *context)
19928N/A+ for ( int i = 0; i<context->msg_num; i++ ) {
19928N/A+ g_free (context->pam_message[i].msg);
19928N/A+ g_free (context->pam_response[i].resp);
19928N/A+ g_free (context->pam_message);
19928N/A+ g_free (context->pam_response);
19928N/A@@ -1855,6 +1678,45 @@ gksu_context_get_type (void)
19928N/A+setup_xauth (XHostAddress *host_entry, XServerInterpretedAddress *si_entry, char *rolename)
19928N/A+ si_entry->typelength = strlen ("localuser");
19928N/A+ si_entry->valuelength = strlen (rolename);
19928N/A+ host_entry->family = FamilyServerInterpreted;
19928N/A+ host_entry->address = (char *) si_entry;
19928N/A+ host_entry->length = sizeof (XServerInterpretedAddress);
19928N/A+prepare_xauth (GksuContext *context)
19928N/A+ XServerInterpretedAddress si_entry;
19928N/A+ display = gdk_x11_get_default_xdisplay ();
19928N/A+ setup_xauth (&host_entry, &si_entry, context->user);
19928N/A+ XAddHost (display, &host_entry);
19928N/A+reset_xauth (GksuContext *context)
19928N/A+ XServerInterpretedAddress si_entry;
19928N/A+ display = gdk_x11_get_default_xdisplay ();
19928N/A+ setup_xauth (&host_entry, &si_entry, context->user);
19928N/A+ XRemoveHost (display, &host_entry);
19928N/A@@ -1934,6 +1796,10 @@ gksu_su_fuller (GksuContext *context,
19928N/A gchar auxcommand[] = PREFIX "/lib/" PACKAGE "/gksu-run-helper";
19928N/A@@ -1942,10 +1808,11 @@ gksu_su_fuller (GksuContext *context,
19928N/A gksu_quark = g_quark_from_string (PACKAGE);
19928N/A+ if (!context->command || context->command[0] == '\0')
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_NOCOMMAND,
19928N/A _("gksu_run needs a command to be run, "
19928N/A@@ -1953,9 +1820,54 @@ gksu_su_fuller (GksuContext *context,
19928N/A- context->user = g_strdup ("root");
19928N/A+ if (context->saved_home == NULL)
19928N/A+ context->saved_home = home_env;
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_XAUTH,
19928N/A+ _("Unable to copy the user's Xauthorization file."));
19928N/A+ rc = gksu_context_pfexec_run (context, error);
19928N/A+ for (count = 0; count < 3; count++)
19928N/A+ if (*error) /* wrong password was given */
19928N/A+ gksu_context_set_alert (context, (*error)->message);
19928N/A+ rc = gksu_context_embedded_su_run (context, su_ask_password, NULL, error);
19928N/A+ rc = gksu_context_embedded_su_run (context, ask_pass, ask_pass_data, error);
19928N/A+ if ((*error == NULL) || ((*error)->code != GKSU_ERROR_WRONGPASS))
19928N/A if (!g_file_test (auxcommand, G_FILE_TEST_IS_EXECUTABLE))
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_HELPER,
19928N/A@@ -2347,6 +2259,7 @@ gksu_su_fuller (GksuContext *context,
19928N/A@@ -2368,8 +2281,15 @@ gksu_su (gchar *command_line, GError **e
19928N/A GksuContext *context = gksu_context_new ();
19928N/A- context->command = g_strdup (command_line);
19928N/A+ /* Set defaults to use embedded_su */
19928N/A context->user = g_strdup ("root");
19928N/A+ context->command = g_strdup (command_line);
19928N/A+ context->elevated_privilege = FALSE;
19928N/A+ context->elevated_role = TRUE;
19928N/A+ context->wait_for_child_to_exit = FALSE;
19928N/A+ context->privspec = g_strdup ("All");
19928N/A retval = gksu_su_full (context,
19928N/A@@ -2433,6 +2353,29 @@ gksu_sudo_full (GksuContext *context,
19928N/A+get_sudo_tok (GksuContext *context, FILE *inf, const char *delimiter)
19928N/A+ while ((c[0] = fgetc(inf)) != EOF) {
19928N/A+ token = g_string_append (token, c);
19928N/A+ if (g_strrstr (token->str, delimiter) ||
19928N/A+ strncmp (token->str, "GNOME_SUDO_PASS", 15) == 0) {
19928N/A+ return g_string_free (token, FALSE);
19928N/A@@ -2472,7 +2415,7 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A /* This command is used to gain a token */
19928N/A@@ -2481,22 +2424,21 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A+ int parent_pipe[2]; /* For talking to the parent */
19928N/A+ int child_pipe[2]; /* For talking to the child */
19928N/A gksu_quark = g_quark_from_string (PACKAGE);
19928N/A+ if (!context->command || context->command[0] == '\0')
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_NOCOMMAND,
19928N/A _("gksu_sudo_run needs a command to be run, "
19928N/A@@ -2504,8 +2446,11 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A- context->user = g_strdup ("root");
19928N/A+ if (context->saved_home == NULL)
19928N/A+ context->saved_home = home_env;
19928N/A@@ -2524,24 +2469,16 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A FIXME: need to set GError in a more detailed way
19928N/A- if (!sudo_prepare_xauth (context))
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_XAUTH,
19928N/A- _("Unable to copy the user's Xauthorization file."));
19928N/A+ _("Unable to setup the user's Xauthorization file."));
19928N/A- xauth = g_strdup_printf ("%s/.Xauthority", context->dir);
19928N/A- xauth_env = getenv ("XAUTHORITY");
19928N/A- setenv ("XAUTHORITY", xauth, TRUE);
19928N/A- fprintf (stderr, "xauth: %s\n", xauth);
19928N/A gksu_context_launch_initiate (context);
19928N/A@@ -2647,18 +2584,39 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
19928N/A- pid = forkpty(&fdpty, NULL, NULL, NULL);
19928N/A+ if ((pipe(parent_pipe)) == -1)
19928N/A setsid(); // make us session leader
19928N/A+ dup2(child_pipe[0], STDIN_FILENO);
19928N/A+ dup2(parent_pipe[1], STDERR_FILENO);
19928N/A execv(verifycmd[0], verifycmd);
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_EXEC,
19928N/A _("Failed to exec new process: %s"),
19928N/A- sudo_reset_xauth (context, xauth, xauth_env);
19928N/A@@ -2666,29 +2624,45 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_FORK,
19928N/A _("Failed to fork new process: %s"),
19928N/A- sudo_reset_xauth (context, xauth, xauth_env);
19928N/A+ infile = fdopen(parent_pipe[0], "r");
19928N/A+ outfile = fdopen(child_pipe[1], "w");
19928N/A /* make sure we notice that ECHO is turned off, if it gets
19928N/A+ tcgetattr (parent_pipe[0], &tio);
19928N/A+ tcgetattr (parent_pipe[0], &tio);
19928N/A- fcntl (fdpty, F_SETFL, O_NONBLOCK);
19928N/A+ fcntl (parent_pipe[0], F_SETFL, O_NONBLOCK);
19928N/A { /* no matter if we can read, since we're using
19928N/A O_NONBLOCK; this is just to avoid the prompt
19928N/A@@ -2697,12 +2671,17 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A+ FD_SET(parent_pipe[0], &rfds);
19928N/A- select (fdpty + 1, &rfds, NULL, NULL, &tv);
19928N/A+ select (parent_pipe[0] + 1, &rfds, NULL, NULL, &tv);
19928N/A+ buffer = get_sudo_tok (context, infile, "\n");
19928N/A /* Try hard to find the prompt; it may happen that we're
19928N/A * seeing sudo's lecture, or that some pam module is spitting
19928N/A@@ -2710,30 +2689,42 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A for (counter = 0; counter < 50; counter++)
19928N/A+ fprintf (stderr, "buffer: -%s-\n", buffer);
19928N/A+ if (g_str_has_prefix (buffer, "Sorry, try again."))
19928N/A if (strncmp (buffer, "GNOME_SUDO_PASS", 15) == 0)
19928N/A- read_line (fdpty, buffer, 256);
19928N/A- fprintf (stderr, "buffer: -%s-\n", buffer);
19928N/A+ buffer = get_sudo_tok (context, infile, "\n");
19928N/A- fprintf (stderr, "brute force GNOME_SUDO_PASS ended...\n");
19928N/A+ fprintf (stderr, "brute force GNOME_SUDO_PASS ended - count %d...\n", counter);
19928N/A+ /* If we tried 50 times, stop trying. */
19928N/A if (strncmp(buffer, "GNOME_SUDO_PASS", 15) == 0)
19928N/A- fprintf (stderr, "Yeah, we're in...\n");
19928N/A+ fprintf (stderr, "Asking for password.\n");
19928N/A prompt_grab = gconf_client_get_bool (context->gconf_client, BASE_PATH "prompt",
19928N/A@@ -2742,22 +2733,28 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A if (password == NULL || (*error))
19928N/A- write (fdpty, password, strlen(password) + 1);
19928N/A+ write (child_pipe[1], password, strlen(password));
19928N/A+ write (child_pipe[1], "\n", strlen("\n"));
19928N/A- fcntl(fdpty, F_SETFL, fcntl(fdpty, F_GETFL) & ~O_NONBLOCK);
19928N/A+ fcntl(parent_pipe[0], F_SETFL, fcntl(parent_pipe[0], F_GETFL) & ~O_NONBLOCK);
19928N/A /* ignore the first newline that comes right after sudo receives
19928N/A- /* this is the status we are interested in */
19928N/A+ read_line (parent_pipe[0], buffer, 256);
19928N/A+ fprintf (stderr, "buffer: -%s-\n", buffer);
19928N/A+ read_line (parent_pipe[0], buffer, 256);
19928N/A+ fprintf (stderr, "buffer: -%s-\n", buffer);
19928N/A@@ -2766,10 +2763,15 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A fprintf (stderr, "No password prompt found; we'll assume we don't need a password.\n");
19928N/A /* turn NONBLOCK off, also if have no prompt */
19928N/A- fcntl(fdpty, F_SETFL, fcntl(fdpty, F_GETFL) & ~O_NONBLOCK);
19928N/A+ fcntl(parent_pipe[0], F_SETFL, fcntl(infile, F_GETFL) & ~O_NONBLOCK);
19928N/A should_display = gconf_client_get_bool (context->gconf_client,
19928N/A BASE_PATH "display-no-pass-info", NULL);
19928N/A /* configuration tells us to show this message */
19928N/A@@ -2784,30 +2786,17 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A fprintf (stderr, "%s", buffer);
19928N/A- if (g_str_has_prefix (buffer, "Sorry, try again."))
19928N/A- g_set_error (error, gksu_quark, GKSU_ERROR_WRONGPASS,
19928N/A- needle = g_strstr_len (haystack, strlen (haystack), " ");
19928N/A- if (!strncmp (needle, "is not in", 9))
19928N/A- g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
19928N/A- _("The underlying authorization mechanism (sudo) "
19928N/A- "does not allow you to run this program. Contact "
19928N/A- "the system administrator."));
19928N/A+ if (*error == NULL && had_error == TRUE)
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_WRONGPASS,
19928N/A /* If we have an error, let's just stop sudo right there. */
19928N/A /* wait for the child process to end or become something other
19928N/A@@ -2828,7 +2817,6 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A /* if the process is still active waitpid() on it */
19928N/A- sudo_reset_xauth (context, xauth, xauth_env);
19928N/A * Did token acquisition succeed? If so, spawn sudo in
19928N/A@@ -2841,6 +2829,11 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
19928N/A@@ -2853,7 +2846,7 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A- if (g_str_has_prefix(child_stderr, "Sorry, user "))
19928N/A+ if (child_stderr != NULL && g_str_has_prefix(child_stderr, "Sorry, user "))
19928N/A g_set_error (error, gksu_quark, GKSU_ERROR_NOT_ALLOWED,
19928N/A _("The underlying authorization mechanism (sudo) "
19928N/A@@ -2869,6 +2862,7 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A@@ -2881,7 +2875,7 @@ gksu_sudo_fuller (GksuContext *context,
19928N/A- fprintf(stderr, child_stderr);
19928N/A /* if error is set we have found an error condition */
19928N/A@@ -2908,8 +2902,14 @@ gksu_sudo (gchar *command_line,
19928N/A GksuContext *context = gksu_context_new ();
19928N/A- context->command = g_strdup (command_line);
19928N/A context->user = g_strdup ("root");
19928N/A+ context->command = g_strdup (command_line);
19928N/A+ context->elevated_privilege = FALSE;
19928N/A+ context->elevated_role = TRUE;
19928N/A+ context->wait_for_child_to_exit = FALSE;
19928N/A+ context->privspec = g_strdup ("All");
19928N/A retval = gksu_sudo_full (context,
19928N/A@@ -2989,13 +2989,18 @@ gksu_run_fuller (GksuContext *context,
19928N/A gconf_client = gconf_client_get_default ();
19928N/A sudo_mode = gconf_client_get_bool (gconf_client, BASE_PATH "sudo-mode",
19928N/A return gksu_sudo_fuller (context, ask_pass, ask_pass_data,
19928N/A@@ -3024,13 +3029,18 @@ gboolean
19928N/A gconf_client = gconf_client_get_default ();
19928N/A sudo_mode = gconf_client_get_bool (gconf_client, BASE_PATH "sudo-mode",
19928N/A return gksu_sudo (command_line, error);
19928N/A@@ -46,6 +46,9 @@ main (int argc, char **argv)
19928N/A@@ -62,13 +65,25 @@ main (int argc, char **argv)
19928N/A+ gksu_context_set_user (context, "root");
19928N/A+ gksu_context_set_debug (context, TRUE);
19928N/A+ gksu_context_set_elevated_privilege (context, FALSE);
19928N/A+ gksu_context_set_elevated_role (context, TRUE);
19928N/A+ gksu_context_set_wait_for_child_to_exit (context, FALSE);
19928N/A+ gksu_context_set_privspec (context, "All");
19928N/A+ if ( gksu_context_get_wait_for_child_to_exit (context) ) {
19928N/A printf ("Testing gksu_su...\n");
19928N/A fprintf (stderr, "gksu_su failed: %s\n", error->message);
19928N/A@@ -80,6 +95,7 @@ main (int argc, char **argv)
19928N/A@@ -116,6 +132,7 @@ main (int argc, char **argv)
19928N/A fprintf (stderr, "gksu_run_full failed: %s\n", error->message);
19928N/A+#define CONTEXT_DEBUG_ON(context) (context->debug)
19928N/A+sudo_get_home_dir (GksuContext *context)
19928N/A+ pwentry = getpwnam (gksu_context_get_user (context));
19928N/A+ return g_strdup (pwentry->pw_dir);
19928N/A+sudo_reset_home_dir (gchar *home_env)
19928N/A+ /* reset the env var as it was before or clear it */
19928N/A+ setenv ("HOME", home_env, TRUE);
19928N/A+get_tok (GksuContext *context, FILE *inf, const char *delimiter)
19928N/A+ while ((c[0] = fgetc(inf)) != EOF) {
19928N/A+ token = g_string_append (token, c);
19928N/A+ * If embedded_su returns SUCCESS, then turn off a11y in gksu
19928N/A+ * immediatly so that a11y works for child. We cannot wait
19928N/A+ * for the while loop to exit since this loop hangs until the
19928N/A+ * the child process completes to get any stdout from child.
19928N/A+ if (strcmp (token->str, "SUCCESS\n") == 0) {
19928N/A+ context->child_no_a11y == FALSE)
19928N/A+ exit_func = (void (*)(void))dlsym(handle,
19928N/A+ "gnome_accessibility_module_shutdown");
19928N/A+ if (g_strrstr (token->str, delimiter)) {
19928N/A+ return g_string_free (token, FALSE);
19928N/A+set_embedded_su_alert (GksuContext *context)
19928N/A+ if (strncmp (context->pam_message->msg, "embedded_su: ", strlen ("embedded_su: ")) == 0) {
19928N/A+ msg = g_strdup_printf ("<b>%s %s</b>",
19928N/A+ context->pam_message->msg + strlen ("embedded_su: "));
19928N/A+ msg = g_strdup_printf ("<b>%s %s</b>",
19928N/A+ gksu_context_set_alert (context, msg);
19928N/A+parse_embedded_su_output (GksuContext *context, FILE *infile)
19928N/A+ const char *block_delimiter = ".\n";
19928N/A+ while ((block = get_tok (context, infile, block_delimiter)) != NULL) {
19928N/A+ const char *message_delimiter = "\n";
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Output from Child: %s\n", block);
19928N/A+ childoutput = g_strdup (block);
19928N/A+ message = strtok_r(block, message_delimiter, &message_p);
19928N/A+ if (context->msg_type == ES_ERROR)
19928N/A+ if (strncmp (message, "SUCCESS", strlen("SUCCESS")) == 0) {
19928N/A+ context->msg_type = ES_SUCCESS;
19928N/A+ /* The message contains "SUCCESS\n" followed by the
19928N/A+ * command output so if you run "gksu ls" this will
19928N/A+ * cause the ls output to echo to the terminal.
19928N/A+ message = childoutput + strlen ("SUCCESS\n");
19928N/A+ context->pam_message = (struct pam_message *)g_malloc (sizeof(struct pam_message));
19928N/A+ context->pam_message->msg_style = PAM_TEXT_INFO;
19928N/A+ context->pam_message->msg = strdup(message);
19928N/A+ } else if (strncmp(message, "ERROR", strlen("ERROR")) == 0) {
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "There are errors...\n");
19928N/A+ /* Due embedded_su(1M) there is one TEXT BLOCK
19928N/A+ message = strtok_r(NULL, message_delimiter, &message_p);
19928N/A+ context->pam_message = (struct pam_message *)g_malloc (sizeof(struct pam_message));
19928N/A+ /* Consider all other output as a message. We
19928N/A+ * treat it like an error message because we
19928N/A+ * show error messages to users.
19928N/A+ context->pam_message->msg_style = PAM_ERROR_MSG;
19928N/A+ context->pam_message->msg = strdup(message);
19928N/A+ set_embedded_su_alert (context);
19928N/A+ } else if (strncmp (message, "CONV", strlen("CONV")) == 0) {
19928N/A+ /* Get message number, then parse CONV block. */
19928N/A+ /* Ignore all other info in the same
19928N/A+ * line according to the manpage.
19928N/A+ sscanf(message, "CONV %d", &(context->msg_num));
19928N/A+ context->pam_message = (struct pam_message *)g_malloc ( sizeof(struct pam_message)*context->msg_num );
19928N/A+ context->pam_response = (struct pam_response *)g_malloc ( sizeof(struct pam_response)*context->msg_num );
19928N/A+ for (int i = 0; i < context->msg_num; i++) {
19928N/A+ message_header = strtok_r(NULL, message_delimiter, &message_p);
19928N/A+ message = strtok_r(NULL, message_delimiter, &message_p);
19928N/A+ context->pam_message[i].msg = strdup(message);
19928N/A+ if (CONTEXT_DEBUG_ON(context)) {
19928N/A+ fprintf (stderr, "Got message %d: %s\n", i, message);
19928N/A+ if (strncmp(message_header, "PAM_PROMPT_ECHO_ON", strlen("PAM_PROMPT_ECHO_ON")) == 0) {
19928N/A+ context->pam_message[i].msg_style = PAM_PROMPT_ECHO_ON;
19928N/A+ context->msg_type = ES_PASSWORD;
19928N/A+ } else if (strncmp(message_header, "PAM_PROMPT_ECHO_OFF", strlen("PAM_PROMPT_ECHO_OFF")) == 0) {
19928N/A+ context->pam_message[i].msg_style = PAM_PROMPT_ECHO_OFF;
19928N/A+ context->msg_type = ES_PASSWORD;
19928N/A+ } else if (strncmp(message_header, "PAM_ERROR_MSG", strlen("PAM_ERROR_MSG")) == 0) {
19928N/A+ context->pam_message[i].msg_style = PAM_ERROR_MSG;
19928N/A+ set_embedded_su_alert (context);
19928N/A+ } else if (strncmp(message_header, "PAM_TEXT_INFO", strlen("PAM_TEXT_INFO")) == 0) {
19928N/A+ context->pam_message[i].msg_style = PAM_TEXT_INFO;
19928N/A+ if (CONTEXT_DEBUG_ON(context)) {
19928N/A+ fprintf (stderr, "Output: %s\n", message);
19928N/A+ * Checks if we need to ask for a password or if we have ways of
19928N/A+ * getting the password for ourselves or we simply don't need it.
19928N/A+ * Returns: TRUE if requesting a password is needed, FALSE otherwise.
19928N/A+try_embedded_su_validation (GksuContext *context)
19928N/A+ int parent_pipe[2]; /* For talking to the parent */
19928N/A+ int child_pipe[2]; /* For talking to the child */
19928N/A+ bzero(buffer, MAX_BUFFER_SIZE);
19928N/A+ if ((pipe(parent_pipe)) == -1)
19928N/A+ cmd = g_new (gchar *, argcount + 1);
19928N/A+ cmd[argcount] = g_strdup ("-"); argcount++;
19928N/A+ cmd[argcount] = g_strdup (context->user);
19928N/A+ cmd[argcount] = g_strdup ("-c");
19928N/A+ dup2(child_pipe[0], STDIN_FILENO);
19928N/A+ dup2(parent_pipe[1], STDOUT_FILENO);
19928N/A+ infile = fdopen(parent_pipe[0], "r");
19928N/A+ outfile = fdopen(child_pipe[1], "w");
19928N/A+ // start conversation with embedded_su
19928N/A+ write (child_pipe[1], ".\n", 2);
19928N/A+ we are expecting to receive a GNOME_SUDO_PASS
19928N/A+ if we don't there are two possibilities: an error
19928N/A+ parse_embedded_su_output(context, infile);
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Success!\n");
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Asking for password...\n");
19928N/A+ while (!waitpid (pid, &status, WNOHANG)) {
19928N/A+ write (child_pipe[1], "\n", 1);
19928N/A+ * gksu_context_embedded_su_run:
19928N/A+ * @error: a #GError object to be filled with the error code or NULL
19928N/A+ * This could be considered one of the main functions in GKSu.
19928N/A+ * it is responsible for doing the 'user changing' magic by
19928N/A+ * calling gksu_ask_password() if it needs the user's password
19928N/A+ * Returns: the child's error status, TRUE if all went fine, FALSE if failed
19928N/A+gksu_context_embedded_su_run (GksuContext *context,
19928N/A+ int parent_pipe[2]; /* For talking to the parent */
19928N/A+ int child_pipe[2]; /* For talking to the child */
19928N/A+ gksu_quark = g_quark_from_string (PACKAGE_NAME);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_NOCOMMAND,
19928N/A+ _("gksu_sudo_run needs a command to be run, "
19928N/A+ * Check if the HOME environment variable is set in the user's
19928N/A+ * environment. If so unset it:
19928N/A+ * This will ensure that apps that require write
19928N/A+ * permission eg. gconf client applications, will work.
19928N/A+ home = sudo_get_home_dir (context);
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "HOME: %s\n", home);
19928N/A+ cmd = g_new (gchar *, argcount + 1);
19928N/A+ cmd[argcount] = g_strdup("-");
19928N/A+ cmd[argcount] = g_strdup(context->user);
19928N/A+ cmd[argcount] = g_strdup("-c");
19928N/A+ cmd[argcount] = g_strdup_printf("%s", context->command);
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ for (i = 0; cmd[i] != NULL; i++)
19928N/A+ fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
19928N/A+ if ((pipe(parent_pipe)) == -1)
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_FORK,
19928N/A+ _("Failed to fork new process: %s"),
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ setsid(); // make us session leader
19928N/A+ dup2(child_pipe[0], STDIN_FILENO);
19928N/A+ dup2(parent_pipe[1], STDERR_FILENO);
19928N/A+ dup2(parent_pipe[1], STDOUT_FILENO);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_EXEC,
19928N/A+ _("Failed to exec new process: %s"),
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ infile = fdopen(parent_pipe[0], "r");
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ outfile = fdopen(child_pipe[1], "w");
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ context->stdin_fd = parent_pipe[0];
19928N/A+ context->stdout_fd = child_pipe[1];
19928N/A+ context->stdout_file = outfile;
19928N/A+ setvbuf (context->stdin_file, NULL, _IONBF, 0);
19928N/A+ fcntl (context->stdin_fd, F_SETFL, 0);
19928N/A+ // start conversation with embedded_su
19928N/A+ write (child_pipe[1], ".\n", 2);
19928N/A+ we are expecting to receive a GNOME_SUDO_PASS
19928N/A+ if we don't there are two possibilities: an error
19928N/A+ /* 6995127 Gksu does not report expired password. We are in PAM
19928N/A+ * conversation, we need handle change the expired password. */
19928N/A+ more_data = parse_embedded_su_output(context, infile);
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Success!\n");
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Asking for password...\n");
19928N/A+ if ( context->pam_message[0].msg != NULL ) {
19928N/A+ buf = context->pam_message[0].msg;
19928N/A+ password = ask_pass (context, buf, ask_pass_data, error);
19928N/A+ if (password == NULL || (!strcmp (password, ""))) {
19928N/A+ password = g_strchomp (password);
19928N/A+ write (child_pipe[1], password, strlen(password));
19928N/A+ write (child_pipe[1], "\n", strlen("\n"));
19928N/A+ /* Reset flag so it does not get stuck */
19928N/A+ } while (context->msg_type != ES_SUCCESS && more_data);
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Done parsing embedded_su output!\n");
19928N/A+ if (context->msg_type == ES_ERROR && context->msg_num > 0 && context->pam_message[0].msg != NULL)
19928N/A+ utf8 = g_locale_to_utf8 (context->pam_message[0].msg, -1,
19928N/A+ utf8 = g_strdup (context->pam_message[0].msg);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_WRONGPASS,
19928N/A+ if (context->msg_type == ES_SUCCESS && context->pam_message[0].msg)
19928N/A+ fprintf (stdout, "%s", context->pam_message[0].msg);
19928N/A+ if (!context->wait_for_child_to_exit) {
19928N/A+ /* make sure we did read everything */
19928N/A+ while (!waitpid (pid, &status, WNOHANG)) {
19928N/A+ if (context->msg_type == ES_ERROR) {
19928N/A+ write (child_pipe[1], "\n", 1);
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ /* Do not reset error if already set to WRONGPASS */
19928N/A+ if (*error == NULL || (*error)->code != GKSU_ERROR_WRONGPASS)
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_CHILDFAILED,
19928N/A+ _("Child terminated with %d status"),
19928N/A+gksu_context_try_need_password (GksuContext *context)
19935N/A+ if ((context->elevated_privilege) && (gksu_context_pfexec_try_run (context)))
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Enter pfexec mode!\n");
19935N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Enter embedded_su mode!\n");
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Current role = %s\n", context->user);
19928N/A+ return try_embedded_su_validation (context);
19935N/A+get_stripped_exec (const gchar *full_exec)
19935N/A+ gchar *str1, *str2, *retval, *p;
19935N/A+ if (g_path_is_absolute (str2))
19935N/A+ retval = g_strdup (g_find_program_in_path ((const gchar *)str2));
19928N/A+gksu_context_pfexec_try_run (GksuContext *context)
19928N/A+ char command_line[MAX_BUFFER_SIZE];
19928N/A+ /* fail if we cannot get password entry */
19935N/A+ stripped_cmd = get_stripped_exec (context->command);
19935N/A+ path = g_find_program_in_path (g_strstrip (stripped_cmd));
19935N/A+ exec = getexecuser (pwd->pw_name, KV_COMMAND, stripped_cmd, GET_ALL);
19928N/A+ if (CONTEXT_DEBUG_ON(context)) fprintf (stderr, "Error getting exec attr\n");
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "Exec Name: %s\n", exec->name);
19928N/A+ fprintf (stderr, "Policy Name: %s\n", exec->policy);
19928N/A+ fprintf (stderr, "Exec Type: %s\n", exec->type);
19928N/A+ fprintf (stderr, "Exec Id: %s\n", exec->id);
19928N/A+ if ((exec->attr != NULL) && (exec->attr->length != 0)) {
19935N/A+ /* Set user value to the existing user */
19935N/A+ context->user = g_strdup (g_get_user_name ());
19935N/A+ * If no user was specified, try to fill in the user with the role value that can
19935N/A+ gksu_context_set_role (context);
19928N/A+gksu_context_set_role (GksuContext *context)
19935N/A+ user = getusernam (g_get_user_name ());
19935N/A+ rolelist = kva_match (user->attr, USERATTR_ROLES_KW);
19935N/A+ stripped_cmd = get_stripped_exec (context->command);
19935N/A+ path = g_find_program_in_path (g_strstrip (stripped_cmd));
19928N/A+ /* Parse the rolename from the list and check execution profiles for
19928N/A+ rolename = strtok (rolelist, ",");
19935N/A+ if (strcmp (rolename, "root") == 0) {
19935N/A+ context->user = g_strdup (rolename);
19935N/A+ exec = getexecuser (rolename, KV_COMMAND, stripped_cmd, GET_ALL);
19935N/A+ if ((exec->attr != NULL) && (exec->attr->length != 0)) {
19928N/A+ if (CONTEXT_DEBUG_ON(context)) {
19928N/A+ printf ("Command in profile and has attributes\n");
19928N/A+ printf ("Exec Name: %s\n", exec->name);
19928N/A+ printf ("Policy Name: %s\n", exec->policy);
19928N/A+ printf ("Exec Type: %s\n", exec->type);
19928N/A+ printf ("Exec Id: %s\n", exec->id);
19928N/A+ context->user = g_strdup (rolename);
19928N/A+ rolename = strtok (NULL, ",");
19928N/A+gksu_context_pfexec_run (GksuContext *context, GError **error)
19928N/A+ int parent_pipe[2]; /* For talking to the parent */
19928N/A+ int child_pipe[2]; /* For talking to the child */
19928N/A+ gksu_quark = g_quark_from_string (PACKAGE_NAME);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_NOCOMMAND,
19928N/A+ _("gksu_sudo_run needs a command to be run, "
19928N/A+ * Check if the HOME environment variable is set in the user's
19928N/A+ * environment. If so unset it:
19928N/A+ * This will ensure that apps that require write
19928N/A+ * permission eg. gconf client applications, will work.
19928N/A+ home = sudo_get_home_dir (context);
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ fprintf (stderr, "HOME: %s\n", home);
19928N/A+ cmd = g_new (gchar *, argcount + 1);
19928N/A+ if (context->privspec != NULL)
19935N/A+ cmd[argcount] = g_strdup ("-P");
19935N/A+ cmd[argcount] = g_strdup (context->privspec);
19928N/A+ if (context->command[i] == ' ' || context->command[i] == '\0')
19928N/A+ /* Strip the previously added quoting '<arg>' */
19928N/A+ if (was_quoted && j > 1 && buffer[j-1] == '\'')
19928N/A+ cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
19928N/A+ cmd[argcount] = g_strdup (buffer);
19928N/A+ bzero (buffer, MAX_BUFFER_SIZE);
19928N/A+ if (context->command[i] == '\0')
19928N/A+ else if ( j == 0 && context->command[i] == '\'' )
19928N/A+ if (context->command[i] == '\\')
19928N/A+ buffer[j] = context->command[i];
19928N/A+ cmd = g_realloc (cmd, sizeof(gchar*) * (argcount + 1));
19928N/A+ if (CONTEXT_DEBUG_ON(context))
19928N/A+ for (i = 0; cmd[i] != NULL; i++)
19928N/A+ fprintf (stderr, "cmd[%d]: %s\n", i, cmd[i]);
19928N/A+ if ((pipe(parent_pipe)) == -1)
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_FORK,
19928N/A+ _("Failed to fork new process: %s"),
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ setsid(); // make us session leader
19928N/A+ dup2(child_pipe[0], STDIN_FILENO);
19928N/A+ dup2(parent_pipe[1], STDERR_FILENO);
19928N/A+ dup2(parent_pipe[1], STDOUT_FILENO);
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ infile = fdopen(parent_pipe[0], "r");
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ outfile = fdopen(child_pipe[1], "w");
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_PIPE,
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ context->stdin_fd = parent_pipe[0];
19928N/A+ context->stdout_fd = child_pipe[1];
19928N/A+ context->stdout_file = outfile;
19928N/A+ setvbuf (context->stdin_file, NULL, _IONBF, 0);
19928N/A+ fcntl (context->stdin_fd, F_SETFL, 0);
19928N/A+ if (!context->wait_for_child_to_exit)
19928N/A+ /* make sure we did read everything */
19928N/A+ bzero(buffer, MAX_BUFFER_SIZE);
19928N/A+ if(!fread (buffer, sizeof(gchar), MAX_BUFFER_SIZE-1, infile))
19928N/A+ fprintf (stderr, "%s", buffer);
19928N/A+ sudo_reset_home_dir (home_env);
19928N/A+ g_set_error (error, gksu_quark, GKSU_ERROR_CHILDFAILED,
19928N/A+ _("Child terminated with %d status"),
19928N/A+gksu_context_get_child_stdin_fd (GksuContext *context)
19928N/A+gksu_context_get_child_stdout_fd (GksuContext *context)
19928N/A+gksu_context_get_child_stdin_file (GksuContext *context)
19928N/A+gksu_context_get_child_stdout_file (GksuContext *context)
19928N/A+gksu_context_get_child_pid (GksuContext *context)
19928N/A+gksu_context_set_wait_for_child_to_exit (GksuContext *context, gboolean value)
19928N/A+ context->wait_for_child_to_exit = value;
19928N/A+gksu_context_get_wait_for_child_to_exit (GksuContext *context)
19928N/A+ return context->wait_for_child_to_exit;
19928N/A+gksu_context_set_elevated_privilege (GksuContext *context, gboolean value)
19928N/A+ context->elevated_privilege = value;
19928N/A+gksu_context_get_elevated_privilege (GksuContext *context)
19928N/A+ return context->elevated_privilege;
19928N/A+gksu_context_set_elevated_role (GksuContext *context, gboolean value)
19928N/A+ context->elevated_role = value;
19928N/A+gksu_context_get_elevated_role (GksuContext *context)
19928N/A+ return context->elevated_role;
19928N/A+ * @context: the #GksuContext you want to modify
19928N/A+ * @privspec: the target privileges specification
19928N/A+ * Sets up privileges specification used by pfexec .
19928N/A+gksu_context_set_privspec (GksuContext *context, gchar *privspec)
19928N/A+ context->privspec = g_strdup (privspec);
19928N/A+ * @context: the #GksuContext from which to grab the information
19928N/A+ * Gets the privileges specification used by pfexec, as set
19928N/A+ * by gksu_context_set_privspec.
19928N/A+ * Returns: a pointer to the string containing the privileges specification.
19928N/A+gksu_context_get_privspec (GksuContext *context)
19928N/A+ * gksu_context_get_pam_num_msg:
19928N/A+ * @context: the #GksuContext from which to grab the information
19928N/A+ * Gets the privileges specificddation used by pfexec, as set
19928N/A+ * by gksu_context_set_privspec.
19928N/A+ * Returns: number of pam conversation.
19928N/A+gksu_context_get_pam_msg_num (GksuContext *context)
19928N/A+ * gksu_context_get_pam_message:
19928N/A+ * @context: the #GksuContext from which to grab the information
19928N/A+ * Returns: a pointer to the string containing the specific pam message.
19928N/A+gksu_context_get_pam_message (GksuContext *context, gint index)
19928N/A+ return context->pam_message[index].msg;
19928N/A+ * gksu_context_get_pam_response:
19928N/A+ * @context: the #GksuContext from which to grab the information
19928N/A+ * Returns: a pointer to the string containing the specified pam response.
19928N/A+gksu_context_get_pam_response (GksuContext *context, gint index)
19928N/A+ return context->pam_response[index].resp;
19928N/A+ * gksu_context_set_pam_response:
19928N/A+ * @context: the #GksuContext from which to grab the information
19928N/A+gksu_context_set_pam_response (GksuContext *context, gint index, gchar *response)
19928N/A+ context->pam_response[index].resp = g_strdup (response);
19928N/A+gksu_context_get_pfexec_mode (GksuContext *context)
19928N/A+gksu_context_set_need_pipe (GksuContext *context, gboolean value)
19928N/A+gksu_context_get_need_pipe (GksuContext *context)
19928N/A+gksu_context_set_child_no_a11y (GksuContext *context, gboolean value)
19928N/A+ context->child_no_a11y = value;