a

�/�h�&�@s:
dd
lZdd
l
Z
dd
lZdd
lZdd
lZdd
lZdd
lZddlmZ
ddl	m
Z
mZmZm
Z

ddlmZ
ddlmZ
ddlmZmZ
ddlmZ
dd	lmZmZ
dd
lmZ
ddlmZmZmZ
ddl m!Z!
dd
l"m#Z#m$Z$m%Z%
e�&e'�
Z(Gdd�de�Z)Gdd�dej*�Z+Gdd�de+�Z,Gdd�de%e+ej-dd�Z.d
S)�N)
�TemporaryDirectory)�List�Optional�Sequence�Tuple)
�ferny)
�make_bootloader)�Variant�bus�
)
�BridgeBeibootHelper)�
JsonObject�get_str)
�BridgeConfig)�ConfiguredPeer�Peer�	PeerError)
�PolkitAgent)�Router�RoutingError�RoutingRulecsBeZ
dZUejed
<eeejd��f
dd�Zdd�
dd�Z	�Z
S)	�
SuperuserPeer�	responder)�router�configrcst��
|
|�
||_dS�
N)�super�__init__r)�selfrrr�
�	__class__��5/usr/lib/python3.9/site-packages/cockpit/superuser.pyr-s

zSuperuserPeer.__init__N�
�returnc
�s�
t�
�4IdH�
�`}
d
|jvrDt�d|j�
|
�t|j�
�
IdH
nt�d|j�
|jg
}d|jvr�t�d|j�
t|dg
�}|�	|�

t
|jtj
d���}nd}t�|�
}d|jvr�|
�t��
}t�|�
}d	|��g
}n|j}|j|j||d
d�IdH}	|du
�
r|	�|�

z|��IdH
Wn:tj�
yZ
}

ztdt|
�
d
�|
�WYd}
~
n
d}
~
00Wd�IdH
�
q�1IdH�
s�0


Y
dS)NZpkexecz-connecting polkit superuser peer transport %rz1connecting non-polkit superuser peer transport %rz# cockpit-bridgez$going to beiboot superuser bridge %rz--privileged)
ZgadgetszSUDO_ASKPASS=ferny-askpassz
SUDO_ASKPASS=T)�stderrZstart_new_sessionzauthentication-failed)
�message)�
contextlib�AsyncExitStack�args�logger�debug�enter_async_contextrrr�appendrZstepsrZBEIBOOT_GADGETS�encodeZInteractionAgent�env�
enter_contextrZwrite_askpass_to_tmpdirZspawn�writeZcommunicateZInteractionErrorr�str)r�contextZ
responders�helperZstage1ZagentZtmpdirZ
ferny_askpassr/Z	transport�excr!r!r"�do_connect_transport1s2






















z"SuperuserPeer.do_connect_transport)�__name__�
__module__�__qualname__r�AskpassHandler�__annotations__rrrr6�
__classcell__r!r!rr"r*s


rc@s*eZ
dZd
Zeeeeedd�dd�ZdS)�CockpitResponder)z
ferny.askpass�cockpit.send-stderrN)�commandr)�fdsr%r$c
�sj|
d
krftj|dd�
�>}|�
d�

|�dg
tjtjt�ddg
�fg
�
Wd�
n1s\0


Y
dS)Nr>r
)
�fileno�
�
i�)�socket�popZsendmsgZ
SOL_SOCKETZ
SCM_RIGHTS�array)rr?r)r@r%Zsockr!r!r"�do_custom_commandZs



z"CockpitResponder.do_custom_command)	r7r8r9Zcommandsr2rr�intrHr!r!r!r"r=Ws
r=c@s.eZ
dZed
�
dd�Zeeedd�dd�ZdS)	�AuthorizeResponder)
rcCs|
|_d
|_
dS)NF)r�authorize_attempted)rrr!r!r"rcs

zAuthorizeResponder.__init__z
str | None��messages�prompt�hintr$c�s`|jrt
�d
�

dSd|_d�dd�t���d�
D�
�
}|j�d|���
IdH}|dkr\dS|S)NzAnoninteractive authorize during init already attempted, rejectingT�c
ss|]}
|
d�V
qd
S)Z02xNr!��.0�
cr!r!r"�	<genexpr>m�z0AuthorizeResponder.do_askpass.<locals>.<genexpr>�asciizplain1:)	rKr*�info�join�getpassZgetuserr.rZrequest_authorization)rrMrNrOZhexuser�passwordr!r!r"�
do_askpassgs





zAuthorizeResponder.do_askpassN)r7r8r9rrr2r[r!r!r!r"rJbs
rJcs|
eZ
dZUd
Zeeed<eej	ed<ee
ed<ej�
ddddd�Zejjdgd�Zejjdd	d�Zejjd
id�Zeeed�dd
�Zeeeeed�dd�Zdd�
eed��f
dd�Zdd�Zeejdd�dd�Zeed�
dd�Zdd �Z d!d"�Z!edd#�d$d%�Z"d&dd'�d(d)�Z#ejj$dg
d*�
edd+�d,d-��
Z%ej�$�dd.�
d/d0��
Z&ejj$dg
d*�
edd1�d2d3��
Z'�Z(S)4�SuperuserRoutingRuler!�superuser_configs�pending_prompt�peer�
s�
b�as)
�value�none�a{sv})�optionsr$cCs<|
�d
�
}|r|j
dkrdS|js*|dkr0|jStd�
�
dS)N�	superuser�root�tryz
access-denied)�get�currentr_r)rrfrgr!r!r"�
apply_rule�s


zSuperuserRoutingRule.apply_rulerLc�sV|d
k}t�
���|_z2t�d|�
|�d|d||
�
|jIdHWd|_Sd|_0dS)NZconfirmzprompting for %srP)�asyncioZget_running_loopZ
create_futurer^r*r+rN)rrMrNrOZechor!r!r"r[�s



�zSuperuserRoutingRule.do_askpassF�
�
privileged)rroc
s8t��
|
�

d|_d|_d|_|s.t��d
kr4d|_dS)Nr
rh)rrr^r_Zstartup�os�getuidrk)rrrorr!r"r�s



zSuperuserRoutingRule.__init__c

Csd
|_d|_
dS)Nrd)rkr_�
rr!r!r"�	peer_done�s

zSuperuserRoutingRule.peer_doneN)�namerr$c
�s�|jd
krt
�dd��
|jD]}|
|jdfvr
qHqt
�dd|
�d���
d|_t|j||�|_|j�|j	�

z|jj
|jjd�
IdH
WnZtj
y�


t
�d	d
�d�Yn:ttfy�
}
zt
�dt|�
�|�WYd}~n
d}~00|jjj|_dS)Nrdzcockpit.Superuser.Errorz Superuser bridge already running�anyzUnknown superuser bridge type "�
"�init)
�	init_hostz!cockpit.Superuser.Error.CancelledzOperation aborted)rkr
ZBusErrorr]rtrrr_�add_done_callbackrs�startrxrmZCancelledError�OSErrorrr2r)rrtrrr5r!r!r"�go�s 












(zSuperuserRoutingRule.go)
�configscCs�t�
d
t|
�
�
dd�|
D�
}
t|
�
|_dd�|jD�
|_dd�|
D�
|_t�
d|j�
|jdu
r�|jj|jv
r�t�
d|jjj	�
|�
�
dS)	Nzset_configs() with %d itemsc
Ssg|]}
|
jr|
�qSr!rn�rRrr!r!r"�
<listcomp>�rUz4SuperuserRoutingRule.set_configs.<locals>.<listcomp>c
Ssg|]
}
|
j�qSr!)
rtr~r!r!r"r�rUc
Ss*i|]"}
|
jr|
jt
dt
|
j�
i
d
��qS)�labelre)r�r	rQr!r!r"�
<dictcomp>�rUz4SuperuserRoutingRule.set_configs.<locals>.<dictcomp>z  bridges are now %sz=  stopping superuser bridge '%s': it disappeared from configs)r*r+�len�tupler]�bridges�methodsr_rrt�stop)rr}r!r!r"�set_configs�s









z SuperuserRoutingRule.set_configsc

Cs|jdu
r|j�
�
d|_dSr)r^�cancelrrr!r!r"�
cancel_prompt�s




z"SuperuserRoutingRule.cancel_promptc

Cs |��
|j
du
r|j
��
dSr)r�r_�closerrr!r!r"�shutdown�s



zSuperuserRoutingRule.shutdown)�paramsr$cCs<t|
d
d�}t
|j�
}t�|�||��
|_|j�|j�

dS)N�idru)	rrJrrmZcreate_taskr|�
_init_taskry�
_init_done)rr�rtrr!r!r"rw�s




zSuperuserRoutingRule.initzasyncio.Task[None])�taskr$cCs&t�
d
|
���
|jjdd�

|`dS)Nzsuperuser init done! %szsuperuser-init-done)
r?)r*r+�	exceptionrZ
write_controlr�)rr�r!r!r"r��s


zSuperuserRoutingRule._init_done)
Zin_types)rtr$c�s|�|
|�IdH
dSr)
r|)rrtr!r!r"rz�szSuperuserRoutingRule.startr#c

Cs|��
dSr)
r�rrr!r!r"r��szSuperuserRoutingRule.stop)�replyr$cCs0|jdu
r"t
�d
�

|j�|
�

n
t
�d�

dS)Nzresponding to pending promptz!got Answer, but no prompt pending)r^r*r+Z
set_result)rr�r!r!r"�answer�s



zSuperuserRoutingRule.answer))r7r8r9r]rrr;rrmZFuturerr
Z	InterfaceZSignalrNZPropertyr�rkr�r
rrlr2r[r�boolrrsrr:r|r�r�r�rwr�ZMethodrzr�r�r<r!r!rr"r\ss.











r\zcockpit.Superuser)
Z	interface)/rGrmr'rYZloggingrprEZtempfiler�typingrrrrZcockpit._vendorrZcockpit._vendor.bei.bootloaderrZcockpit._vendor.systemd_ctypesr	r
ZbeipackrZjsonutilr
rZpackagesrr_rrrZpolkitrrrrrZ	getLoggerr7r*rr:r=rJZObjectr\r!r!r!r"�<module>s,















-