Advertisement
vonschutter

Untitled

Jun 22nd, 2021
222
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.70 KB | None | 0 0
  1. ensure_admin ()
  2. {
  3. # Description: Function to elevate priviledges of script execution and to ensure administrative privileges
  4. # such that system wide settings or configuration may be done.
  5. #
  6. # This function evaluates and uses multiple ways to elevate priviledges based on the environment. In an
  7. # X session; and normal GUI w. systemd: elevate privs with normal GUI policy kit, otherwise try dialog
  8. # menu system and cached sudo, and finally fall back on good old sudo. Since scripts may be launched with
  9. # a GUI front (for user interaction) end and NO terminal; it is really preferable to display a proper
  10. # priviledge escalation propt in a GUI format and only use sudo in cases where there is a terminal or
  11. # no other option is present.
  12. #
  13. # Should the function not discover an X session, then dialog will be preferred over regular sudo.
  14. #
  15. # Globals: $UID
  16. # Arguments: None
  17. # Outputs: GUI
  18. # Dependencies: soft dependency on "dialog", will fall back on CLI if dialog is absent.
  19. # Returns: relaunches script under sudo.
  20. # Usage: The function expects no arguments, but will prompt for system password if required.
  21. # Usage: ensure_admin
  22. #
  23. # End of documentation
  24.  
  25.     if [ ! "$UID" -eq 0 ]; then
  26.         if xset q &>/dev/null; then
  27.             # If X is running in this session then...
  28.             if echo $(systemctl get-default ) |grep graphical &>/dev/null ; then
  29.                 # If we are a normal GUI w. systemd: elevate privs with normal GUI policy kit...
  30.                 write_information "Allowing root to display menus..."
  31.                 xhost local:root
  32.                 write_information "Authenticating..."
  33.                 pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY ${0}
  34.                 exit
  35.             else
  36.                 # If we are some other kind of archane GUI then...
  37.                 write_information "Allowing root to display menus..."
  38.                 xhost local:root
  39.                 write_information "Checking for dialog..."
  40.                 if hash dialog 2>/dev/null ; then
  41.                     token=$(dialog --title "${Title:-"sudo"}" --backtitle "${BackTitle:-"$( basename $0 )"}" --insecure --stdout --passwordbox "\n This functionality requires elevated priviledges. \n Please provide your (sudo) password" 10 90)
  42.                     ret=$? ; clear
  43.                     case $ret in
  44.                         0)
  45.                             export HISTIGNORE='*sudo -S*'
  46.                             echo ${token} | sudo -S -v || ensure_admin
  47.                             sudo DISPLAY=$DISPLAY /bin/bash ${0} $@ || rtd_oem_pause 1
  48.                         ;;
  49.                         1) echo "Request cancelled" ;;
  50.                         255) echo "[esc] Request aborted" ;;
  51.                         * )  exit 1
  52.                     esac
  53.                     exit
  54.                 else
  55.                     # If we have some kind of X but not even "dialog" then...
  56.                     write_information "Dialog not found..."
  57.                     write_warning "This script needs administrative access..."
  58.                     xhost local:root
  59.                     sudo DISPLAY=$DISPLAY bash "${0}" "$@" || rtd_oem_pause 1
  60.                     exit
  61.                 fi
  62.             fi
  63.         else
  64.             # If there is no X in this session...
  65.             write_information "No X server at \$DISPLAY [$DISPLAY]"
  66.             # Use dialog if possible, otherwise just terminal...
  67.             if hash dialog 2>/dev/null ; then
  68.                 token=$(dialog --title "${Title:-"sudo"}" --backtitle "${BackTitle:-"$( basename $0 )"}" --insecure --stdout --passwordbox "\n This functionality requires elevated priviledges. \n Please provide your (sudo) password" 10 90)
  69.                 ret=$? ; clear
  70.                 case $ret in
  71.                     0)
  72.                         export HISTIGNORE='*sudo -S*'
  73.                         echo ${token} | sudo -S -v || ensure_admin
  74.                         sudo DISPLAY=$DISPLAY /bin/bash ${0} $@ || rtd_oem_pause 1
  75.                     ;;
  76.                     1) echo "Request cancelled" ;;
  77.                     255) echo "[esc] Request aborted" ;;
  78.                     * )  exit 1
  79.                 esac
  80.                 exit
  81.             else
  82.                 write_warning "This script needs administrative access..."
  83.                 sudo DISPLAY=$DISPLAY bash "${0}" "$@" || rtd_oem_pause 1
  84.                 exit
  85.             fi
  86.         fi
  87.     else
  88.         sudo sed -i s/'# session  optional       pam_xauth.so'/'session  optional       pam_xauth.so'/g /etc/pam.d/sudo
  89.     fi
  90. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement