sudo in c?

Reznic Valery Valery_Reznic at icomverse.com
Mon Jun 23 06:59:35 EDT 2003



-----Original Message-----
From: Martin Klaffenboeck [mailto:martin.klaffenboeck at gmx.at]
Sent: Monday, June 23, 2003 1:25 PM
To: mlh at zipworld.com.au
Cc: Reznic Valery; 'sudo-users at sudo.ws'
Subject: Re: sudo in c?



Am 2003.06.23 06:09 schrieb(en) mlh at zipworld.com.au:
> On Sun, Jun 22, 2003 at 05:15:20PM +0200, Martin Klaffenboeck wrote:
> >
> > Am 2003.06.22 15:44 schrieb(en) Reznic Valery:
> > >When you use popen you can ONLY read from the command's stdout
> > >or ONLY write to it's stdin.
> > >I you want both of them (and may be stderr too) you need play with
> > >fork/exec/dup call's.
> > >
> > >This is not something sudo specific it's pretty general for all
> > >commands,
> > >which needs both input and output.
> >
> > Yes, I found a thing how I can do it with fork and dup, now I'm
> trying
> > to do that.
> 
> Since popen uses the shell, you can also do something
> like
> 	popen("sudo -S whatever 2>&1");
> 
> the 2>&1 means put stderr to the same place as stdout.
> (That's if you don't mind the stderr getting mixed up
> with stdout)

That would be an option.  But at the moment I'm trying on the pipe 
thing.

> Perhaps you're better off not asking for the password
> at all (NOPASSWD option in the sudoers file)

Hm.  I don't know...

> Or asking for it separately -- do a "sudo -l" to
> validate the password, before every sudo command
> run, then make sure you run the real sudo command
> within the next 5 minutes (or whatever you've set
> the timeout to be)

That would be better.  In specific:  I do want to have two functions 
for sudo in my programm, or maybe more, but two main functions:

For password validating you can use code like this:
{
  // Flag v will force sudo only validate password and do nothing
  // Flag S - read password from STDIN, and not terminal device
  char *passwd = you_have some_how initialize password (for example, ask
user for it);
   FILE *p = popen("sudo -v -S", "w");
   fprintf(p, "%s\n", passwd);
}

Function sudo_run_command is really
Run_Same_Command_And_Got_It_Stdout_And_Stderr.
But output can be huge !
I think a better solution is provide a program with a file descriptor
 and let to application to decide how allocate space and when and how
allocate data).

If you reall need both stderr and stdout (or may be stdin too, you can have
a look to the Nedit editor sources
It has implementation for "improved popen".

Valery


int sudo_check_passwd(char *passwd);
int sudo_run_command(char *passwd,
                      char *command, /* the whole string
                                        to run with sudo */
                      callback(char *stdout_msg,
                               char *stderr_msg,
                               void **user_data),
                      void **user_data);

The ... are further arguments for the command.
Return value should always be TRUE or NULL, ...

In short, what would you put into this functions?  (Just the idea, I'll 
write them by myselfe, even if it would be great if someone else would 
do it ;-)  He would get listened on the about site of 
http://gports.sourceforge.net)

What would be your Idea to do in the functions?

Martin




-- 
If you've got an idea and need help,
or just need general encouragement,
write me a message. ;-)


More information about the sudo-users mailing list