a h&@s:ddlZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z ddlmZddlmZddlmZmZddlmZdd lmZmZdd lmZdd lmZmZmZdd l m!Z!dd l"m#Z#m$Z$m%Z%e&e'Z(GdddeZ)Gdddej*Z+Gddde+Z,Gddde%e+ej-ddZ.dS)N)TemporaryDirectory)ListOptionalSequenceTuple)ferny)make_bootloader)Variantbus)BridgeBeibootHelper) JsonObjectget_str) BridgeConfig)ConfiguredPeerPeer PeerError) PolkitAgent)Router RoutingError RoutingRulecsBeZdZUejed<eeejdfdd ZddddZ Z S) SuperuserPeer responder)routerconfigrcst||||_dSN)super__init__r)selfrrr __class__5/usr/lib/python3.9/site-packages/cockpit/superuser.pyr-szSuperuserPeer.__init__Nreturnc st4IdH`}d|jvrDtd|j|t|jIdHntd|j|jg}d|jvrtd|jt|dg}| |t |j t j d}nd}t |}d|jvr|t}t |}d |g}n|j}|j|j||d d IdH} |dur| |z|IdHWn:t jyZ} ztd t| d | WYd} ~ n d} ~ 00WdIdHq1IdHs0YdS)NZpkexecz-connecting polkit superuser peer transport %rz1connecting non-polkit superuser peer transport %rz# cockpit-bridgez$going to beiboot superuser bridge %rz --privileged)ZgadgetszSUDO_ASKPASS=ferny-askpassz SUDO_ASKPASS=T)stderrZstart_new_sessionzauthentication-failed)message) contextlibAsyncExitStackargsloggerdebugenter_async_contextrrr appendrZstepsrZBEIBOOT_GADGETSencodeZInteractionAgentenv enter_contextrZwrite_askpass_to_tmpdirZspawnwriteZ communicateZInteractionErrorrstr) rcontextZ respondershelperZstage1ZagentZtmpdirZ ferny_askpassr/Z transportexcr!r!r"do_connect_transport1s2          z"SuperuserPeer.do_connect_transport) __name__ __module__ __qualname__rAskpassHandler__annotations__rrrr6 __classcell__r!r!rr"r*s  rc@s*eZdZdZeeeeeddddZdS)CockpitResponder)z ferny.askpasscockpit.send-stderrN)commandr)fdsr%r$c sj|dkrftj|dd>}|d|dgtjtjtddgfgWdn1s\0YdS)Nr>r)filenoi)socketpopZsendmsgZ SOL_SOCKETZ SCM_RIGHTSarray)rr?r)r@r%Zsockr!r!r"do_custom_commandZs z"CockpitResponder.do_custom_command) r7r8r9Zcommandsr2rrintrHr!r!r!r"r=Wsr=c@s.eZdZedddZeeeddddZdS) AuthorizeResponder)rcCs||_d|_dS)NF)rauthorize_attempted)rrr!r!r"rcszAuthorizeResponder.__init__z str | Nonemessagesprompthintr$cs`|jrtddSd|_dddtdD}|jd|IdH}|dkr\dS|S)NzAnoninteractive authorize during init already attempted, rejectingTcss|]}|dVqdS)Z02xNr!.0cr!r!r" mz0AuthorizeResponder.do_askpass..asciizplain1:) rKr*infojoingetpassZgetuserr.rZrequest_authorization)rrMrNrOZhexuserpasswordr!r!r" do_askpassgs zAuthorizeResponder.do_askpassN)r7r8r9rrr2r[r!r!r!r"rJbsrJcseZdZUdZeeed<eej ed<ee ed<e j dddddZe j jdgdZe j jdd dZe j jd idZeeed d d ZeeeeedddZddeedfddZddddZeejddddZeedddZddd d!Z ddd"d#Z!edd$d%d&Z"d'dd(d)d*Z#e j j$dgd+edd,d-d.Z%e j $ddd/d0Z&e j j$dgd+edd1d2d3Z'Z(S)4SuperuserRoutingRuler!superuser_configspending_promptpeersbas)valuenonea{sv})optionsr$cCs<|d}|r|jdkrdS|js*|dkr0|jStddS)N superuserroottryz access-denied)getcurrentr_r)rrfrgr!r!r" apply_rules  zSuperuserRoutingRule.apply_rulerLcsd|jdusJ|dk}t|_z2td||d|d|||jIdHWd|_Sd|_0dS)NZconfirmzprompting for %srP)r^asyncioZget_running_loopZ create_futurer*r+rN)rrMrNrOZechor!r!r"r[s  zSuperuserRoutingRule.do_askpassF privileged)rrocs8t|d|_d|_d|_|s.tdkr4d|_dS)Nrrh)rrr^r_startuposgetuidrk)rrrorr!r"rs  zSuperuserRoutingRule.__init__Nr#cCsd|_d|_dS)Nrd)rkr_rr!r!r" peer_doneszSuperuserRoutingRule.peer_done)namerr$c s|jdkrtdd|jdus$J|jdus2J|jD]}||jdfvr8qdq8tdd|dd|_t|j|||_|j |j z|jj |jj dIdHWnZt jytd d dYn:ttfy}ztdt||WYd}~n d}~00|jjj|_dS) Nrdzcockpit.Superuser.Errorz Superuser bridge already runninganyzUnknown superuser bridge type ""init) init_hostz!cockpit.Superuser.Error.CancelledzOperation aborted)rkr ZBusErrorr_rpr]rurradd_done_callbackrtstartryrmZCancelledErrorOSErrorrr2r)rrurrr5r!r!r"gos$   (zSuperuserRoutingRule.go)configscCstdt|dd|D}t||_dd|jD|_dd|D|_td|j|jdur|jj|jvrtd|jjj | dS) Nzset_configs() with %d itemscSsg|]}|jr|qSr!rnrRrr!r!r" rUz4SuperuserRoutingRule.set_configs..cSsg|] }|jqSr!)rurr!r!r"rrUcSs*i|]"}|jr|jtdt|jidqS)labelre)rr rQr!r!r" rUz4SuperuserRoutingRule.set_configs..z bridges are now %sz= stopping superuser bridge '%s': it disappeared from configs) r*r+lentupler]bridgesmethodsr_rrustop)rr~r!r!r" set_configss  z SuperuserRoutingRule.set_configscCs|jdur|jd|_dSr)r^cancelrsr!r!r" cancel_prompts  z"SuperuserRoutingRule.cancel_promptcCs.||jdur|j|jdus*JdSr)rr_closersr!r!r"shutdowns  zSuperuserRoutingRule.shutdown)paramsr$cCs<t|dd}t|j}t||||_|j|jdS)Nidrv) rrJrrmZ create_taskr} _init_taskrz _init_done)rrrurr!r!r"rxs  zSuperuserRoutingRule.initzasyncio.Task[None])taskr$cCs&td||jjdd|`dS)Nzsuperuser init done! %szsuperuser-init-done)r?)r*r+ exceptionrZ write_controlr)rrr!r!r"rszSuperuserRoutingRule._init_done)Zin_types)rur$cs|||IdHdSr)r})rrur!r!r"r{szSuperuserRoutingRule.startcCs |dSr)rrsr!r!r"rszSuperuserRoutingRule.stop)replyr$cCs0|jdur"td|j|n tddS)Nzresponding to pending promptz!got Answer, but no prompt pending)r^r*r+Z set_result)rrr!r!r"answers  zSuperuserRoutingRule.answer))r7r8r9r]rrr;rrmZFuturerr Z InterfaceZSignalrNZPropertyrrkrr rrlr2r[rboolrrtrr:r}rrrrxrZMethodr{rrr<r!r!rr"r\ss.     r\zcockpit.Superuser)Z interface)/rGrmr'rYZloggingrqrEZtempfilertypingrrrrZcockpit._vendorrZcockpit._vendor.bei.bootloaderrZcockpit._vendor.systemd_ctypesr r Zbeipackr Zjsonutilr rZpackagesrr_rrrZpolkitrrrrrZ getLoggerr7r*rr:r=rJZObjectr\r!r!r!r"s,       -