#!/usr/bin/python3 # -*- Mode: Python; coding: utf-8; indent-tabs-mode: nil; tab-width: 4 -*- # Mugshot - Lightweight user configuration utility # Copyright (C) 2013-2014 Sean Davis # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License version 3, as published # by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranties of # MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR # PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . from gi.repository import Gtk, GdkPixbuf import os from locale import gettext as _ import pexpect def check_sudo(): """Return True if user has permission to use sudo.""" child = pexpect.spawn('sudo -v', env={"LANG": "C"}) child.timeout = 1 # Check for failure message. try: child.expect(["Sorry", pexpect.EOF]) child.close() return False except: child.close() return True class SudoDialog(Gtk.MessageDialog): ''' Creates a new SudoDialog. This is a replacement for using gksudo which provides additional flexibility when performing sudo commands. Only used to verify password by issuing 'sudo /bin/true'. Keyword arguments: - parent: Optional parent Gtk.Window - icon: Optional icon name or path to image file. - message: Optional message to be displayed instead of the defaults. - name: Optional name to be displayed, for when message is not used. - retries: Optional maximum number of password attempts. -1 is unlimited. Signals emitted by run(): - NONE: Dialog closed. - CANCEL: Dialog cancelled. - REJECT: Password invalid. - ACCEPT: Password valid. ''' def __init__(self, parent=None, icon=None, message=None, name=None, retries=-1): """Initialize the SudoDialog.""" # default dialog parameters message_type = Gtk.MessageType.QUESTION buttons = Gtk.ButtonsType.NONE # initialize the dialog super(SudoDialog, self).__init__(transient_for=parent, modal=True, destroy_with_parent=True, message_type=message_type, buttons=buttons, text='') self.set_dialog_icon(icon) self.connect("show", self.on_show) # add buttons button_box = self.get_children()[0].get_children()[1] self.add_button(_("Cancel"), Gtk.ResponseType.CANCEL) ok_button = Gtk.Button.new_with_label(_("OK")) ok_button.connect("clicked", self.on_ok_clicked) ok_button.set_receives_default(True) ok_button.set_can_default(True) ok_button.set_sensitive(False) self.set_default(ok_button) button_box.pack_start(ok_button, False, False, 0) # add primary and secondary text if message: primary_text = message secondary_text = None else: primary_text = _("Enter your password to\n" "perform administrative tasks.") secondary_text = _("The application '%s' lets you\n" "modify essential parts of your system." % name) self.format_primary_text(primary_text) self.format_secondary_text(secondary_text) # Pack the content area with password-related widgets. content_area = self.get_content_area() # Use an alignment to move align the password widgets with the text. self.password_alignment = Gtk.Alignment() # Make an educated guess about how for to align. left_align = Gtk.icon_size_lookup(Gtk.IconSize.DIALOG)[1] + 16 self.password_alignment.set_padding(12, 12, left_align, 0) # Outer password box for incorrect password label and inner widgets. password_outer = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=12) password_outer.set_orientation(Gtk.Orientation.VERTICAL) # Password error label, only displayed when unsuccessful. self.password_info = Gtk.Label(label="") self.password_info.set_markup("%s" % _("Incorrect password... try again.")) # Inner password box for Password: label and password entry. password_box = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=12) password_label = Gtk.Label(label=_("Password:")) self.password_entry = Gtk.Entry() self.password_entry.set_visibility(False) self.password_entry.set_activates_default(True) self.password_entry.connect("changed", self.on_password_changed, ok_button) # Pack all the widgets. password_box.pack_start(password_label, False, False, 0) password_box.pack_start(self.password_entry, True, True, 0) password_outer.pack_start(self.password_info, True, True, 0) password_outer.pack_start(password_box, True, True, 0) self.password_alignment.add(password_outer) content_area.pack_start(self.password_alignment, True, True, 0) content_area.show_all() self.password_info.set_visible(False) self.attempted_logins = 0 self.max_attempted_logins = retries def on_password_changed(self, widget, button): """Set the apply button sensitivity based on password input.""" button.set_sensitive(len(widget.get_text()) > 0) def format_primary_text(self, message_format): ''' Format the primary text widget. API extension to match with format_secondary_text. ''' label = self.get_message_area().get_children()[0] label.set_text(message_format) def set_dialog_icon(self, icon=None): ''' Set the icon for the dialog. If the icon variable is an absolute path, the icon is from an image file. Otherwise, set the icon from an icon name. ''' # default icon size is dialog. icon_size = Gtk.IconSize.DIALOG if icon: if os.path.isfile(os.path.abspath(icon)): # icon is a filename, so load it into a pixbuf to an image pixbuf = GdkPixbuf.Pixbuf.new_from_file_at_size(icon, icon_size, icon_size) image = Gtk.Image.new_from_pixbuf(pixbuf) self.set_icon_from_file(icon) else: # icon is an named icon, so load it directly to an image image = Gtk.Image.new_from_icon_name(icon, icon_size) self.set_icon_name(icon) else: # fallback on password icon image = Gtk.Image.new_from_icon_name('dialog-password', icon_size) self.set_icon_name('dialog-password') # align, show, and set the image. image.set_alignment(Gtk.Align.CENTER, Gtk.Align.FILL) image.show() self.set_image(image) def on_show(self, widget): '''When the dialog is displayed, clear the password.''' self.set_password('') def on_ok_clicked(self, widget): ''' When the OK button is clicked, attempt to use sudo with the currently entered password. If successful, emit the response signal with ACCEPT. If unsuccessful, try again until reaching maximum attempted logins, then emit the response signal with REJECT. ''' top, bottom, left, right = self.password_alignment.get_padding() # Password cannot be validated without sudo if (not check_sudo()) or self.attempt_login(): self.password_valid = True # Adjust the dialog for attactiveness. self.password_alignment.set_padding(12, bottom, left, right) self.password_info.hide() self.emit("response", Gtk.ResponseType.ACCEPT) else: self.password_valid = False # Adjust the dialog for attactiveness. self.password_alignment.set_padding(0, bottom, left, right) self.password_info.show() self.set_password('') if self.attempted_logins == self.max_attempted_logins: self.attempted_logins = 0 self.emit("response", Gtk.ResponseType.REJECT) def get_password(self): '''Return the currently entered password, or None if blank.''' password = self.password_entry.get_text() if password == '': return None return password def set_password(self, text=None): '''Set the password entry to the defined text.''' if text is None: text = '' self.password_entry.set_text(text) self.password_valid = False def attempt_login(self): ''' Try to use sudo with the current entered password. Return True if successful. ''' # Set the pexpect variables and spawn the process. child = pexpect.spawn('sudo /bin/true', env={"LANG": "C"}) child.timeout = 1 try: # Check for password prompt or program exit. child.expect([".*ssword.*", pexpect.EOF]) child.sendline(self.get_password()) child.expect(pexpect.EOF) except pexpect.TIMEOUT: # If we timeout, that means the password was unsuccessful. pass # Close the child process if it is still open. child.close() # Exit status 0 means success, anything else is an error. if child.exitstatus == 0: self.attempted_logins = 0 return True else: self.attempted_logins += 1 return False