From e0ba8c5f4d958f938a28f67a092d7db3f36e7f47 Mon Sep 17 00:00:00 2001
From: Jaromil <jaromil@dyne.org>
Date: Wed, 20 Oct 2021 16:27:27 +0200
Subject: [PATCH] wider support for privilege escalation tools

now supporting also pkexec (polkit daemon), suckless' sup and
sud.dyne.org

pkexec is autodetected when polkit is running

manpage documents the --sudo flag which overrides any autodetection
---
 doc/tomb.1 | 13 ++++++++++--
 tomb       | 59 +++++++++++++++++++++++++++++++++++-------------------
 2 files changed, 49 insertions(+), 23 deletions(-)

diff --git a/doc/tomb.1 b/doc/tomb.1
index c5bf359..bbb26a2 100644
--- a/doc/tomb.1
+++ b/doc/tomb.1
@@ -260,7 +260,8 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
 .B
 .IP "-g"
 Tell tomb to use a asymmetric GnuPG key encryption instead of a
-symmetric passphrase to protect a tomb key. This option can be followed by \fI-r\fR when the command needs to specify recipient(s).
+symmetric passphrase to protect a tomb key. This option can be
+followed by \fI-r\fR when the command needs to specify recipient(s).
 .B
 .IP "-r \fI<gpg_id>[,<gpg_id2>]\fR"
 Provide a new set of recipient(s) to encrypt a tomb key. \fIgpg_ids\fR
@@ -274,6 +275,14 @@ used.  The actual time to wait depends on the CPU speed of the
 computer where the key is used.  Using 5 or 10 is a sane amount for
 modern computers, the value is multiplied by 1 million.
 .B
+.IP "--sudo \fI<executable>\fR"
+Select a different tool than sudo for privilege escalation.
+Alternatives supported so far are: pkexec, doas, sup, sud. For any
+alternative to work the executable must be included in the current
+PATH. Automatic selection of pkexec is made even without using this
+flag in case the executable is found and the polkit daemon is
+running. Manual use of this flag overrides any automatic selection.
+.B
 .IP "--sphx-user \fI<username>\fR"
 Activate the SPHINX feature for password-authenticated key agreement.
 This option indicates the \fI<username>\fR used to retrieve the
@@ -368,7 +377,7 @@ command.
 .SH PRIVILEGE ESCALATION
 
 The tomb commandline tool needs to acquire super user rights to
-execute most of its operations: to do so it uses sudo(8), while
+execute most of its operations: so it uses pkexec(1) or sudo(8), while
 pinentry(1) is adopted to collect passwords from the user. Tomb
 executes as super user only when required.
 
diff --git a/tomb b/tomb
index 1bc09c5..ef9aa9c 100755
--- a/tomb
+++ b/tomb
@@ -45,10 +45,11 @@ typeset -a OLDARGS
 for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done
 
 # Special command requirements
-typeset -a DD WIPE PINENTRY
+typeset -a DD WIPE PINENTRY SUDO
 DD=(dd)
 WIPE=(rm -f)
 PINENTRY=(pinentry)
+SUDO=(sudo)
 
 # load zsh regex module
 zmodload zsh/mapfile
@@ -112,26 +113,10 @@ export TEXTDOMAIN=tomb
 
 # Wrap sudo with a more visible message or apply user-supplied alternative to sudo
 _sudo() {
-	if option_is_set --sudo; then
-		case `basename $(option_value --sudo)` in
-			"doas")
-				$(option_value --sudo) ${@}
-				;;
-			 *)
-				_failure "Only doas is supported as sudo alternative"
-				;;
-		esac
-		
-	else
-		local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
-		command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
-		msg=${(S)msg//::1*::/$USER}
-		sudo -p "
-$msg
-
-" ${@}
-	fi
-	}
+    _message "Enter password for user ::1 user:: to gain superuser privileges" $USER
+    _message "Using ::1 exec:: for privilege escalation" $SUDO
+    ${=SUDO} ${@}
+}
 
 # Cleanup anything sensitive before exiting.
 _endgame() {
@@ -898,6 +883,15 @@ _ensure_dependencies() {
 	# Ensure system binaries are available in the PATH
 	path+=(/sbin /usr/sbin) # zsh magic
 
+	# use pkexec in place of sudo if found in path and polkitd is running
+	command -v pkexec 1>/dev/null 2>/dev/null
+	[[ $? == 0 ]] && ps ax | grep '[p]olkitd' 1>/dev/null 2>/dev/null && {
+	    SUDO=(pkexec)	}
+	[[ "$SUDO" == "sudo" ]] && {
+	    command -v sudo 1>/dev/null 2>/dev/null ||
+		_failure "No privilege escalation tool found, not even sudo"
+	}
+
 	# Which dd command to use
 	command -v dcfldd 1>/dev/null 2>/dev/null && DD=(dcfldd statusinterval=1)
 
@@ -3260,6 +3254,29 @@ main() {
 	# read -t or --tmp flags to set a custom temporary directory
 	option_is_set --tmp && TMPDIR=$(option_value --tmp)
 
+	option_is_set --sudo && {
+	    local _opt=`option_value --sudo`
+	    case $_opt in
+		"sudo") # the worst default ever
+		    SUDO=sudo
+		    ;;
+		"doas") # openbsd
+		    SUDO=doas
+		    ;;
+		"pkexec") # policykit
+		    SUDO=pkexec
+		    ;;
+		"sup") # https://sup.dyne.org
+		    SUDO=sup
+		    ;;
+		"sud") # https://sud.dyne.org
+		    SUDO=sud
+		    ;;
+		*)
+		    _failure "Invalid privilege escalation tool: ::1 exec::" $_opt
+		    ;;
+	    esac
+	}
 
 	# When we run as root, we remember the original uid:gid to set
 	# permissions for the calling user and drop privileges