Salastil/DankMaterialShell
1
0
Fork 0
mirror of https://github.com/AvengeMedia/DankMaterialShell.git synced 2026-04-17 11:12:06 -04:00
Code Packages Releases Activity

core: add privesc package for privilege escalation

Browse Source 
- Adds support for run0 and doas
fixes #998
This commit is contained in:
bbedward
2026-04-16 13:02:46 -04:00
parent d7fb75f7f9
commit c6e8067a22
23 changed files with 780 additions and 432 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
core/internal/headless/runner.go
View File

@@ -4,13 +4,13 @@ import (
"context"
"fmt"
"os"
"os/exec"
"strings"
"github.com/AvengeMedia/DankMaterialShell/core/internal/config"
"github.com/AvengeMedia/DankMaterialShell/core/internal/deps"
"github.com/AvengeMedia/DankMaterialShell/core/internal/distros"
"github.com/AvengeMedia/DankMaterialShell/core/internal/greeter"
"github.com/AvengeMedia/DankMaterialShell/core/internal/privesc"
)
// ErrConfirmationRequired is returned when --yes is not set and the user
@@ -383,20 +383,41 @@ func (r *Runner) parseTerminal() (deps.Terminal, error) {
}
func (r *Runner) resolveSudoPassword() (string, error) {
// Check if sudo credentials are cached (via sudo -v or NOPASSWD)
cmd := exec.Command("sudo", "-n", "true")
if err := cmd.Run(); err == nil {
r.log("sudo cache is valid, no password needed")
fmt.Fprintln(os.Stdout, "sudo: using cached credentials")
tool, err := privesc.Detect()
if err != nil {
return "", err
}
if err := privesc.CheckCached(context.Background()); err == nil {
r.log(fmt.Sprintf("%s cache is valid, no password needed", tool.Name()))
fmt.Fprintf(os.Stdout, "%s: using cached credentials\n", tool.Name())
return "", nil
}
return "", fmt.Errorf(
"sudo authentication required but no cached credentials found\n" +
"Options:\n" +
" 1. Run 'sudo -v' before dankinstall to cache credentials\n" +
" 2. Configure passwordless sudo for your user",
)
switch tool {
case privesc.ToolSudo:
return "", fmt.Errorf(
"sudo authentication required but no cached credentials found\n" +
"Options:\n" +
" 1. Run 'sudo -v' before dankinstall to cache credentials\n" +
" 2. Configure passwordless sudo for your user",
)
case privesc.ToolDoas:
return "", fmt.Errorf(
"doas authentication required but no cached credentials found\n" +
"Options:\n" +
" 1. Run 'doas true' before dankinstall to cache credentials (requires 'persist' in /etc/doas.conf)\n" +
" 2. Configure a 'nopass' rule in /etc/doas.conf for your user",
)
case privesc.ToolRun0:
return "", fmt.Errorf(
"run0 authentication required but no cached credentials found\n" +
"Configure a polkit rule granting your user passwordless privilege\n" +
"(see `man polkit` for details on rules in /etc/polkit-1/rules.d/)",
)
default:
return "", fmt.Errorf("unsupported privilege tool: %s", tool)
}
}
func (r *Runner) anyConfigEnabled(m map[string]bool) bool {