Merge pull request #196 from lxqt/backend_doas

sudo: Add support for doas(1) backend
lxqt · Apr 5, 2023 · 5e2dd17 · 5e2dd17
2 parents a90da46 + 17ccaba
commit 5e2dd17
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 27 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -29,6 +29,7 @@ include(LXQtCompilerSettings NO_POLICY_SCOPE)
 
 set ( LINK_LXSU "lxsu")
 set ( LINK_LXSUDO "lxsudo")
+set ( LINK_LXDOAS "lxdoas")
 
 set ( HDRS
     passworddialog.h
@@ -81,41 +82,44 @@ target_link_libraries(lxqt-sudo
 target_compile_definitions(lxqt-sudo
     PRIVATE "LXQTSUDO_SUDO=\"sudo\""
     PRIVATE "LXQTSUDO_SU=\"su\""
+    PRIVATE "LXQTSUDO_DOAS=\"doas\""
     PRIVATE "LXQTSUDO=\"lxqt-sudo\""
     PRIVATE "LXQTSUDO_LXSU=\"${LINK_LXSU}\""
     PRIVATE "LXQTSUDO_LXSUDO=\"${LINK_LXSUDO}\""
+    PRIVATE "LXQTSUDO_LXDOAS=\"${LINK_LXDOAS}\""
     PRIVATE "LXQT_VERSION=\"${LXQT_VERSION}\""
 )
 
-add_custom_command(TARGET lxqt-sudo POST_BUILD
-    COMMAND ln -f -s lxqt-sudo "${LINK_LXSU}"
-    WORKING_DIRECTORY .
-    COMMENT "Creating ${LINK_LXSU} symlink"
-)
-
-add_custom_command(TARGET lxqt-sudo POST_BUILD
-    COMMAND ln -f -s lxqt-sudo "${LINK_LXSUDO}"
-    WORKING_DIRECTORY .
-    COMMENT "Creating ${LINK_LXSUDO} symlink"
-)
+foreach(LINK IN ITEMS ${LINK_LXSU} ${LINK_LXSUDO} ${LINK_LXDOAS})
+    add_custom_command(TARGET lxqt-sudo POST_BUILD
+        COMMAND ln -f -s lxqt-sudo "${LINK}"
+        WORKING_DIRECTORY .
+        COMMENT "Creating ${LINK} symlink"
+    )
+    install(FILES
+        "${CMAKE_CURRENT_BINARY_DIR}/${LINK}"
+        DESTINATION "${CMAKE_INSTALL_BINDIR}"
+        COMPONENT Runtime
+    )
+    install(FILES
+        "man/${LINK}.1"
+        DESTINATION "${CMAKE_INSTALL_MANDIR}/man1"
+        COMPONENT Runtime
+    )
+endforeach()
 
 install(TARGETS
     lxqt-sudo
     RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
     COMPONENT Runtime
 )
-install(FILES
-    "${CMAKE_CURRENT_BINARY_DIR}/${LINK_LXSU}" "${CMAKE_CURRENT_BINARY_DIR}/${LINK_LXSUDO}"
-    DESTINATION "${CMAKE_INSTALL_BINDIR}"
-    COMPONENT Runtime
-)
 install(FILES
     ${DESKTOP_FILES}
     DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}/applications"
     COMPONENT Runtime
 )
 install(FILES
-    man/lxqt-sudo.1 "man/${LINK_LXSU}.1" "man/${LINK_LXSUDO}.1"
+    man/lxqt-sudo.1
     DESTINATION "${CMAKE_INSTALL_MANDIR}/man1"
     COMPONENT Runtime
 )
diff --git a/man/lxdoas.1 b/man/lxdoas.1
@@ -0,0 +1 @@
+lxqt-sudo.1
diff --git a/man/lxqt-sudo.1 b/man/lxqt-sudo.1
@@ -1,16 +1,18 @@
 .TH lxqt-sudo 1 "" "" "LXQt\ Module"
 .SH NAME
-\fBlxqt-sudo\fR, \fBlxsu\fR \- execute a command as privileged user
+\fBlxqt-sudo\fR, \fBlxsu\fR, \fBlxdoas\fR \- execute a command as privileged user
 .SH SYNOPSIS
 \fBlxqt-sudo\fR \fIoption\fR [\fIcommand\fR [\fIarguments\fR]]
 .br
 \fBlxsu\fR [\fIoption\fR] [\fIcommand\fR [\fIarguments\fR]]
 .br
 \fBlxsudo\fR [\fIoption\fR] [\fIcommand\fR [\fIarguments\fR]]
+.br
+\fBlxdoas\fR [\fIoption\fR] [\fIcommand\fR [\fIarguments\fR]]
 .SH DESCRIPTION
-\fBlxqt-sudo\fR (and symlinks \fBlxsu\fR, \fBlxsudo\fR) is a graphical QT frontend for plain \fBsudo(8)\fR or \fBsu(1)\fR (for requesting optional password in GUI fashion).
+\fBlxqt-sudo\fR (and symlinks \fBlxsu\fR, \fBlxsudo\fR, \fBlxdoas\fR) is a graphical QT frontend for plain \fBsudo(8)\fR, \fBsu(1)\fR or \fBdoas(1)\fR (for requesting optional password in GUI fashion).
 .br
-When invoked it simply spawns child \fIsudo\fR or \fIsu\fR process with requested \fIcommand\fR (and optional \fIarguments\fR). If \fIsudo\fR/\fIsu\fR requests user's password,
+When invoked it simply spawns child \fIsudo\fR, \fIsu\fR or \fIdoas\fR process with requested \fIcommand\fR (and optional \fIarguments\fR). If \fIsudo\fR/\fIsu\fR/\fIdoas\fR requests user's password,
 the GUI password dialog is shown and (after submit) the password is provided to backend.
 .br
 .SH OPTIONS
@@ -20,13 +22,15 @@ the GUI password dialog is shown and (after submit) the password is provided to
 .br
   -v|--version   Print version information.
 .br
-  -s|--su        Use \fIsu\fR as backend (default for \fBlxqt-sudo\fR & \fBlxsudo\fR is \fIsudo\fR, for \fBlxsu\fR is \fIsu\fR).
+  -s|--su        Use \fIsu\fR as backend (default for \fBlxqt-sudo\fR & \fBlxsudo\fR is \fIsudo\fR, for \fBlxsu\fR \fIsu\fR, for \fBlxdoas\fR \fIdoas\fR).
+.br
+  -d|--sudo      Use \fIsudo\fR as backend (default for \fBlxqt-sudo\fR & \fBlxsudo\fR is \fIsudo\fR, for \fBlxsu\fR \fIsu\fR, for \fBlxdoas\fR \fIdoas\fR).
 .br
-  -d|--sudo      Use \fIsudo\fR as backend (default for \fBlxqt-sudo\fR & \fBlxsudo\fR is \fIsudo\fR, for \fBlxsu\fR is \fIsu\fR).
+  -a|--doas      Use \fIdoas\fR as backend (default for \fBlxqt-sudo\fR & \fBlxsudo\fR is \fIsudo\fR, for \fBlxsu\fR \fIsu\fR, for \fBlxdoas\fR \fIdoas\fR).
 .SH "REPORTING BUGS"
 Report bugs to https://github.com/lxqt/lxqt/issues
 .SH "SEE ALSO"
-\fBsudo(8)\fR \fBsu(1)\fR
+\fBsudo(8)\fR \fBsu(1)\fR \fBdoas(1)\fR
 .SH AUTHOR
 This manual page was created by \fBPalo Kisa\fR \fI<palo.kisa@gmail.com>\fR
 for \fBLXQt\fR project.
diff --git a/sudo.cpp b/sudo.cpp
@@ -61,9 +61,11 @@ namespace
     const QString app_version{QStringLiteral(LXQT_VERSION)};
     const QString app_lxsu{QStringLiteral(LXQTSUDO_LXSU)};
     const QString app_lxsudo{QStringLiteral(LXQTSUDO_LXSUDO)};
+    const QString app_lxdoas{QStringLiteral(LXQTSUDO_LXDOAS)};
 
     const QString su_prog{QStringLiteral(LXQTSUDO_SU)};
     const QString sudo_prog{QStringLiteral(LXQTSUDO_SUDO)};
+    const QString doas_prog{QStringLiteral(LXQTSUDO_DOAS)};
     const QString pwd_prompt_end{QStringLiteral(": ")};
     const QChar nl{QLatin1Char('\n')};
 
@@ -73,15 +75,16 @@ namespace
             QTextStream(stderr) << err << '\n';
         QTextStream(stdout)
             << QObject::tr("Usage: %1 option [command [arguments...]]\n\n"
-                    "GUI frontend for %2/%3\n\n"
+                    "GUI frontend for %2/%3/%4\n\n"
                     "Arguments:\n"
                     "  option:\n"
                     "    -h|--help      Print this help.\n"
                     "    -v|--version   Print version information.\n"
                     "    -s|--su        Use %3(1) as backend.\n"
                     "    -d|--sudo      Use %2(8) as backend.\n"
+                    "    -a|--doas      Use %4(1) as backend.\n"
                     "  command          Command to run.\n"
-                    "  arguments        Optional arguments for command.\n\n").arg(app_master).arg(sudo_prog).arg(su_prog);
+                    "  arguments        Optional arguments for command.\n\n").arg(app_master).arg(sudo_prog).arg(su_prog).arg(doas_prog);
         if (!err.isEmpty())
             QMessageBox(QMessageBox::Critical, app_master, err, QMessageBox::Ok).exec();
     }
@@ -155,6 +158,8 @@ Sudo::Sudo()
     mArgs.removeAt(0);
     if (app_lxsu == cmd)
         mBackend = BACK_SU;
+    else if (app_lxdoas == cmd)
+        mBackend = BACK_DOAS;
     else if (app_lxsudo == cmd || app_master == cmd)
         mBackend = BACK_SUDO;
     mRet = mPwdFd = mChildPid = 0;
@@ -186,6 +191,10 @@ int Sudo::main()
         {
             mBackend = BACK_SUDO;
             mArgs.removeAt(0);
+        } else if (QStringLiteral("-a") == arg1 || QStringLiteral("--doas") == arg1)
+        {
+            mBackend = BACK_DOAS;
+            mArgs.removeAt(0);
         }
     }
     //any other arguments we simply forward to su/sudo
@@ -242,6 +251,7 @@ QString Sudo::backendName (backend_t backEnd)
     switch (backEnd) {
         case BACK_SU   : rv = su_prog;   break;
         case BACK_SUDO : rv = sudo_prog; break;
+        case BACK_DOAS : rv = doas_prog; break;
         //: shouldn't be actually used but keep as short as possible in translations just in case.
         case BACK_NONE : rv = tr("unset");
     }
@@ -251,8 +261,22 @@ QString Sudo::backendName (backend_t backEnd)
 
 void Sudo::child()
 {
-    int params_cnt = 3 //1. su/sudo & "shell command" & last nullptr
-        + (BACK_SU == mBackend ? 1 : 3); //-c for su | -E /bin/sh -c for sudo
+    int params_cnt = 3; //su/sudo & "shell command" & last nullptr
+    switch (mBackend)
+    {
+        case BACK_SU:
+            params_cnt += 1; // -c for su
+            break;
+        case BACK_SUDO:
+            params_cnt += 3; // --preserve-env=... /bin/sh -c for sudo
+            break;
+        case BACK_DOAS:
+            params_cnt += 2; // /bin/sh -c for sudo
+            break;
+        case BACK_NONE:
+            break;
+    }
+
     std::unique_ptr<char const *[]> params{new char const *[params_cnt]};
     const char ** param_arg = params.get() + 1;
 
@@ -269,6 +293,9 @@ void Sudo::child()
             *(param_arg++) = preserve_env_param.c_str(); //preserve environment
             *(param_arg++) = "/bin/sh";
             break;
+        case BACK_DOAS:
+            *(param_arg++) = "/bin/sh";
+            [[fallthrough]];
         case BACK_SU:
         case BACK_NONE:
             env_workarounds();

diff --git a/sudo.h b/sudo.h
@@ -44,6 +44,7 @@ class Sudo : public QObject
         BACK_NONE
             , BACK_SUDO
             , BACK_SU
+            , BACK_DOAS
     };
 
 public: