Bug 280

Summary: Sudo Askpass
Product: Sudo Reporter: Nick Hughart <mekius>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement CC: mekius
Priority: low    
Version: 1.7.0   
Hardware: PC   
OS: Linux   

Description Nick Hughart 2008-02-28 15:36:35 MST 
Have discussed this with Todd a bit already, putting here for safe keeping at his request.

The general idea is to provide an ssh askpass like mechanism to sudo.  This would allow distributions to generalize a lot of the root authentication into just using sudo.  Right now there are quite a few graphical sudo applications and all must use forking and pipes to communicate with sudo which is pretty ugly.  This also means that it's harder to create launchers and such in a generic way that will work for any desktop environment.  

Now there could be other ways to achieve this (debian alternatives system for example), but having it integrated right into sudo would be the best route imo as it provides a consistent interface for all distributions and desktop environments.
Comment 1 Todd C. Miller 2008-02-28 16:13:27 MST 
I have the beginnings of askpass support done and will update this bug when it is more complete.
Comment 2 Todd C. Miller 2008-03-02 19:40:32 MST 
I've committed a first cut of askpass support to the cvs tree.  I haven't decided what to use as a bundled askpass program.  The OpenSSH version is a bit ugly but if I can remedy that a bit I may just use that.
Comment 3 Nick Hughart 2008-03-03 00:23:03 MST 
(In reply to comment #2)
> I've committed a first cut of askpass support to the cvs tree.  I
> haven't decided what to use as a bundled askpass program.  The OpenSSH
> version is a bit ugly but if I can remedy that a bit I may just use
> that.
> 

Well I'm not sure it's exactly necessary to provide an example program since OpenSSH does come with one.  Even so, not something to worry too much about I think since most desktop environments replace the default askpass program with something else anyway.
Comment 4 Todd C. Miller 2008-03-06 12:38:52 MST 
Sudo askpass support is present in sudo 1.7b3, http://www.sudo.ws/sudo/dist/beta/sudo-1.7b3.tar.gz

There is a new --with-askpass=PATH configure option (the path may also be specified in sudoers).

Please give it a shot and let me know how it goes.
Comment 5 Nick Hughart 2008-03-27 20:51:14 MDT 
(In reply to comment #4)
> Sudo askpass support is present in sudo 1.7b3,
> http://www.sudo.ws/sudo/dist/beta/sudo-1.7b3.tar.gz
> 
> There is a new --with-askpass=PATH configure option (the path may also
> be specified in sudoers).
> 
> Please give it a shot and let me know how it goes.
> 

Any chance of having the ability to define an environment variable as well?  This is the way SSH works and offers the most flexibility since a desktop environment can update this on the fly without the user having to intervene.  If someone happens to have more then 1 desktop environment then this would be the best route.
Comment 6 Nick Hughart 2008-03-27 21:05:06 MDT 
(In reply to comment #5)
> (In reply to comment #4)
> > Sudo askpass support is present in sudo 1.7b3,
> > http://www.sudo.ws/sudo/dist/beta/sudo-1.7b3.tar.gz
> > 
> > There is a new --with-askpass=PATH configure option (the path may also
> > be specified in sudoers).
> > 
> > Please give it a shot and let me know how it goes.
> > 
> 
> Any chance of having the ability to define an environment variable as
> well?  This is the way SSH works and offers the most flexibility since
> a desktop environment can update this on the fly without the user
> having to intervene.  If someone happens to have more then 1 desktop
> environment then this would be the best route.
> 

Disregard that, actually tried it out and it does look for SUDO_ASKPASS.  Very cool, I hope others notice this addition and begin to use it.
Comment 7 Todd C. Miller 2008-06-11 09:19:06 MDT 
Marking as fixed now that sudo 1.7.0 is in release candidate mode.