core: add privesc package for privilege escalation

- Adds support for run0 and doas fixes #998
2026-04-17 11:12:06 -04:00 · 2026-04-16 13:02:46 -04:00
parent d7fb75f7f9
commit c6e8067a22
23 changed files with 780 additions and 432 deletions
--- a/core/internal/tui/app.go
+++ b/core/internal/tui/app.go
@@ -3,6 +3,7 @@ package tui
 import (
 	"github.com/AvengeMedia/DankMaterialShell/core/internal/deps"
 	"github.com/AvengeMedia/DankMaterialShell/core/internal/distros"
+	"github.com/AvengeMedia/DankMaterialShell/core/internal/privesc"
 	"github.com/charmbracelet/bubbles/spinner"
 	"github.com/charmbracelet/bubbles/textinput"
 	tea "github.com/charmbracelet/bubbletea"
@@ -42,6 +43,9 @@ type Model struct {
 	sudoPassword       string
 	existingConfigs    []ExistingConfigInfo
 	fingerprintFailed  bool
+
+	availablePrivesc []privesc.Tool
+	selectedPrivesc  int
 }

 func NewModel(version string, logFilePath string) Model {
@@ -147,6 +151,8 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		return m.updateGentooUseFlagsState(msg)
 	case StateGentooGCCCheck:
 		return m.updateGentooGCCCheckState(msg)
+	case StateSelectPrivesc:
+		return m.updateSelectPrivescState(msg)
 	case StateAuthMethodChoice:
 		return m.updateAuthMethodChoiceState(msg)
 	case StateFingerprintAuth:
@@ -189,6 +195,8 @@ func (m Model) View() string {
 		return m.viewGentooUseFlags()
 	case StateGentooGCCCheck:
 		return m.viewGentooGCCCheck()
+	case StateSelectPrivesc:
+		return m.viewSelectPrivesc()
 	case StateAuthMethodChoice:
 		return m.viewAuthMethodChoice()
 	case StateFingerprintAuth:
--- a/core/internal/tui/states.go
+++ b/core/internal/tui/states.go
@@ -10,6 +10,7 @@ const (
 	StateDependencyReview
 	StateGentooUseFlags
 	StateGentooGCCCheck
+	StateSelectPrivesc
 	StateAuthMethodChoice
 	StateFingerprintAuth
 	StatePasswordPrompt
--- a/core/internal/tui/views_dependencies.go
+++ b/core/internal/tui/views_dependencies.go
@@ -180,16 +180,7 @@ func (m Model) updateDependencyReviewState(msg tea.Msg) (tea.Model, tea.Cmd) {
 					return m, nil
 				}
 			}
-			// Check if fingerprint is enabled
-			if checkFingerprintEnabled() {
-				m.state = StateAuthMethodChoice
-				m.selectedConfig = 0 // Default to fingerprint
-				return m, nil
-			} else {
-				m.state = StatePasswordPrompt
-				m.passwordInput.Focus()
-				return m, nil
-			}
+			return m.enterAuthPhase()
 		case "esc":
 			m.state = StateSelectWindowManager
 			return m, nil
--- a/core/internal/tui/views_gentoo_use_flags.go
+++ b/core/internal/tui/views_gentoo_use_flags.go
@@ -56,14 +56,7 @@ func (m Model) updateGentooUseFlagsState(msg tea.Msg) (tea.Model, tea.Cmd) {
 			m.state = StateGentooGCCCheck
 			return m, nil
 		}
-		if checkFingerprintEnabled() {
-			m.state = StateAuthMethodChoice
-			m.selectedConfig = 0
-		} else {
-			m.state = StatePasswordPrompt
-			m.passwordInput.Focus()
-		}
-		return m, nil
+		return m.enterAuthPhase()
 	}

 	if keyMsg, ok := msg.(tea.KeyMsg); ok {
@@ -75,14 +68,7 @@ func (m Model) updateGentooUseFlagsState(msg tea.Msg) (tea.Model, tea.Cmd) {
 			if m.selectedWM == 1 {
 				return m, m.checkGCCVersion()
 			}
-			if checkFingerprintEnabled() {
-				m.state = StateAuthMethodChoice
-				m.selectedConfig = 0
-			} else {
-				m.state = StatePasswordPrompt
-				m.passwordInput.Focus()
-			}
-			return m, nil
+			return m.enterAuthPhase()
 		case "esc":
 			m.state = StateDependencyReview
 			return m, nil
--- a/core/internal/tui/views_password.go
+++ b/core/internal/tui/views_password.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"

+	"github.com/AvengeMedia/DankMaterialShell/core/internal/privesc"
 	tea "github.com/charmbracelet/bubbletea"
 )

@@ -274,8 +275,7 @@ func (m Model) delayThenReturn() tea.Cmd {

 func (m Model) tryFingerprint() tea.Cmd {
 	return func() tea.Msg {
-		clearCmd := exec.Command("sudo", "-k")
-		clearCmd.Run()
+		_ = privesc.ClearCache(context.Background())

 		tmpDir := os.TempDir()
 		askpassScript := filepath.Join(tmpDir, fmt.Sprintf("danklinux-fp-%d.sh", time.Now().UnixNano()))
@@ -289,15 +289,9 @@ func (m Model) tryFingerprint() tea.Cmd {
 		ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
 		defer cancel()

-		cmd := exec.CommandContext(ctx, "sudo", "-A", "-v")
-		cmd.Env = append(os.Environ(), fmt.Sprintf("SUDO_ASKPASS=%s", askpassScript))
-
-		err := cmd.Run()
-
-		if err != nil {
+		if err := privesc.ValidateWithAskpass(ctx, askpassScript); err != nil {
 			return passwordValidMsg{password: "", valid: false}
 		}
-
 		return passwordValidMsg{password: "", valid: true}
 	}
 }
@@ -307,32 +301,9 @@ func (m Model) validatePassword(password string) tea.Cmd {
 		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 		defer cancel()

-		cmd := exec.CommandContext(ctx, "sudo", "-S", "-v")
-
-		stdin, err := cmd.StdinPipe()
-		if err != nil {
+		if err := privesc.ValidatePassword(ctx, password); err != nil {
 			return passwordValidMsg{password: "", valid: false}
 		}
-
-		if err := cmd.Start(); err != nil {
-			return passwordValidMsg{password: "", valid: false}
-		}
-
-		_, err = fmt.Fprintf(stdin, "%s\n", password)
-		stdin.Close()
-		if err != nil {
-			return passwordValidMsg{password: "", valid: false}
-		}
-
-		err = cmd.Wait()
-
-		if err != nil {
-			if ctx.Err() == context.DeadlineExceeded {
-				return passwordValidMsg{password: "", valid: false}
-			}
-			return passwordValidMsg{password: "", valid: false}
-		}
-
 		return passwordValidMsg{password: password, valid: true}
 	}
 }
--- a/core/internal/tui/views_privesc.go
+++ b/core/internal/tui/views_privesc.go
@@ -0,0 +1,133 @@
+package tui
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AvengeMedia/DankMaterialShell/core/internal/privesc"
+	tea "github.com/charmbracelet/bubbletea"
+)
+
+func (m Model) viewSelectPrivesc() string {
+	var b strings.Builder
+
+	b.WriteString(m.renderBanner())
+	b.WriteString("\n")
+	b.WriteString(m.styles.Title.Render("Privilege Escalation Tool"))
+	b.WriteString("\n\n")
+	b.WriteString(m.styles.Normal.Render("Multiple privilege tools are available. Choose one for installation:"))
+	b.WriteString("\n\n")
+
+	for i, t := range m.availablePrivesc {
+		label := fmt.Sprintf("%s  —  %s", t.Name(), privescToolDescription(t))
+		switch i {
+		case m.selectedPrivesc:
+			b.WriteString(m.styles.SelectedOption.Render("▶ " + label))
+		default:
+			b.WriteString(m.styles.Normal.Render("  " + label))
+		}
+		b.WriteString("\n")
+	}
+
+	b.WriteString("\n")
+	b.WriteString(m.styles.Subtle.Render(fmt.Sprintf("Set %s=<tool> to skip this prompt in future runs.", privesc.EnvVar)))
+	b.WriteString("\n\n")
+	b.WriteString(m.styles.Subtle.Render("↑/↓: Navigate, Enter: Select, Esc: Back"))
+	return b.String()
+}
+
+func (m Model) updateSelectPrivescState(msg tea.Msg) (tea.Model, tea.Cmd) {
+	keyMsg, ok := msg.(tea.KeyMsg)
+	if !ok {
+		return m, m.listenForLogs()
+	}
+
+	switch keyMsg.String() {
+	case "up":
+		if m.selectedPrivesc > 0 {
+			m.selectedPrivesc--
+		}
+	case "down":
+		if m.selectedPrivesc < len(m.availablePrivesc)-1 {
+			m.selectedPrivesc++
+		}
+	case "enter":
+		chosen := m.availablePrivesc[m.selectedPrivesc]
+		if err := privesc.SetTool(chosen); err != nil {
+			m.err = fmt.Errorf("failed to select %s: %w", chosen.Name(), err)
+			m.state = StateError
+			return m, nil
+		}
+		return m.routeToAuthAfterPrivesc()
+	case "esc":
+		m.state = StateDependencyReview
+		return m, nil
+	}
+	return m, nil
+}
+
+func privescToolDescription(t privesc.Tool) string {
+	switch t {
+	case privesc.ToolSudo:
+		return "classic sudo (supports password prompt in this installer)"
+	case privesc.ToolDoas:
+		return "OpenBSD-style doas (requires persist or nopass in /etc/doas.conf)"
+	case privesc.ToolRun0:
+		return "systemd run0 (authenticated via polkit)"
+	default:
+		return string(t)
+	}
+}
+
+// routeToAuthAfterPrivesc advances from the privesc-selection screen to the
+// right auth flow. Sudo goes through the fingerprint/password path; doas and
+// run0 skip password entry and proceed to install.
+func (m Model) routeToAuthAfterPrivesc() (tea.Model, tea.Cmd) {
+	tool, err := privesc.Detect()
+	if err != nil {
+		m.err = err
+		m.state = StateError
+		return m, nil
+	}
+
+	if tool == privesc.ToolSudo {
+		if checkFingerprintEnabled() {
+			m.state = StateAuthMethodChoice
+			m.selectedConfig = 0
+			return m, nil
+		}
+		m.state = StatePasswordPrompt
+		m.passwordInput.Focus()
+		return m, nil
+	}
+
+	m.sudoPassword = ""
+	m.packageProgress = packageInstallProgressMsg{}
+	m.state = StateInstallingPackages
+	m.isLoading = true
+	return m, tea.Batch(m.spinner.Tick, m.installPackages())
+}
+
+// enterAuthPhase is called when dependency review (or the Gentoo screens)
+// finish. It either routes directly to the sudo/fingerprint flow or shows
+// the privesc-tool selection screen when multiple tools are available and
+// no $DMS_PRIVESC override is set.
+func (m Model) enterAuthPhase() (tea.Model, tea.Cmd) {
+	tools := privesc.AvailableTools()
+	_, envSet := privesc.EnvOverride()
+
+	if len(tools) == 0 {
+		m.err = fmt.Errorf("no supported privilege tool (sudo/doas/run0) found on PATH")
+		m.state = StateError
+		return m, nil
+	}
+
+	if envSet || len(tools) == 1 {
+		return m.routeToAuthAfterPrivesc()
+	}
+
+	m.availablePrivesc = tools
+	m.selectedPrivesc = 0
+	m.state = StateSelectPrivesc
+	return m, nil
+}