2021-04-14 05:23:55 +03:00
|
|
|
/*
|
2021-04-16 17:55:05 +03:00
|
|
|
* Copyright (c) 2021, Jesse Buhagiar <jooster669@gmail.com>
|
2021-05-30 23:06:28 +03:00
|
|
|
* Copyright (c) 2021, Andreas Kling <kling@serenityos.org>
|
2021-04-14 05:23:55 +03:00
|
|
|
*
|
2021-04-16 17:55:05 +03:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2021-04-14 05:23:55 +03:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <LibCore/Account.h>
|
|
|
|
#include <LibCore/ArgsParser.h>
|
|
|
|
#include <LibCore/GetPassword.h>
|
2021-12-16 21:18:37 +03:00
|
|
|
#include <LibCore/System.h>
|
|
|
|
#include <LibMain/Main.h>
|
2021-04-14 05:23:55 +03:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2021-12-16 21:18:37 +03:00
|
|
|
ErrorOr<int> serenity_main(Main::Arguments arguments)
|
2021-04-14 05:23:55 +03:00
|
|
|
{
|
2022-03-12 23:58:50 +03:00
|
|
|
Vector<StringView> command;
|
2021-04-14 05:23:55 +03:00
|
|
|
Core::ArgsParser args_parser;
|
2021-08-16 05:58:34 +03:00
|
|
|
uid_t as_user_uid = 0;
|
2022-06-28 20:10:31 +03:00
|
|
|
bool preserve_env = false;
|
2021-12-28 21:10:22 +03:00
|
|
|
args_parser.set_stop_on_first_non_option(true);
|
2021-08-16 05:58:34 +03:00
|
|
|
args_parser.add_option(as_user_uid, "User to execute as", nullptr, 'u', "UID");
|
2022-06-28 20:10:31 +03:00
|
|
|
args_parser.add_option(preserve_env, "Preserve user environment when running command", "preserve-env", 'E');
|
2021-04-14 05:23:55 +03:00
|
|
|
args_parser.add_positional_argument(command, "Command to run at elevated privilege level", "command");
|
2021-12-16 21:18:37 +03:00
|
|
|
args_parser.parse(arguments);
|
2021-04-14 05:23:55 +03:00
|
|
|
|
2021-12-16 21:18:37 +03:00
|
|
|
TRY(Core::System::pledge("stdio rpath exec id tty"));
|
2021-04-14 05:23:55 +03:00
|
|
|
|
2021-12-16 21:18:37 +03:00
|
|
|
TRY(Core::System::seteuid(0));
|
2021-04-16 17:55:05 +03:00
|
|
|
|
2021-12-16 21:18:37 +03:00
|
|
|
auto as_user = TRY(Core::Account::from_uid(as_user_uid));
|
2021-08-16 05:58:34 +03:00
|
|
|
|
2021-05-30 23:06:28 +03:00
|
|
|
// If the current user is not a superuser, make them authenticate themselves.
|
|
|
|
if (auto uid = getuid()) {
|
2021-12-16 21:18:37 +03:00
|
|
|
auto account = TRY(Core::Account::from_uid(uid));
|
2021-05-30 23:06:28 +03:00
|
|
|
if (account.has_password()) {
|
2021-12-16 21:18:37 +03:00
|
|
|
auto password = TRY(Core::get_password());
|
|
|
|
if (!account.authenticate(password))
|
2022-07-11 20:57:32 +03:00
|
|
|
return Error::from_string_literal("Incorrect or disabled password.");
|
2021-05-30 23:06:28 +03:00
|
|
|
}
|
2021-04-14 05:23:55 +03:00
|
|
|
}
|
|
|
|
|
2021-12-16 21:18:37 +03:00
|
|
|
TRY(Core::System::pledge("stdio rpath exec id"));
|
2021-04-14 05:23:55 +03:00
|
|
|
|
2022-08-14 22:19:05 +03:00
|
|
|
TRY(as_user.login());
|
2021-04-16 17:55:05 +03:00
|
|
|
|
2021-12-16 21:18:37 +03:00
|
|
|
TRY(Core::System::pledge("stdio rpath exec"));
|
2022-11-04 12:54:29 +03:00
|
|
|
TRY(Core::System::exec_command(command, preserve_env));
|
2021-04-14 05:23:55 +03:00
|
|
|
return 0;
|
|
|
|
}
|