Detect goofy sudo -n output under OSX

Summary: See rP2fedb6f941d8. We might need a more general version of this since we do some `sudo` stuff elsewhere, but at least on my machine `sudo -n` exits with code 0 when the target user exists but needs a password. Test Plan: - Tried to run daemons as root, with no automatic sudo to root. Got a bad result before (phd believed it had executed the daemons) and a good result afterward (phd recognized that sudo failed). - Tried to run daemons from root, as a non-root user. Got a good result in both cases. Reviewers: btrahan Reviewed By: btrahan Subscribers: fabe, epriestley Differential Revision: https://secure.phabricator.com/D11041
2024-11-10 08:52:39 +01:00 · 2014-12-23 14:45:07 -08:00 · 2014-12-23 14:45:07 -08:00 · b3394c53d8
commit b3394c53d8
parent f35a38b086
1 changed files with 17 additions and 2 deletions
--- a/src/applications/daemon/management/PhabricatorDaemonManagementWorkflow.php
+++ b/src/applications/daemon/management/PhabricatorDaemonManagementWorkflow.php
@ -221,7 +221,7 @@ abstract class PhabricatorDaemonManagementWorkflow
          $command,
          $daemon_script_dir,
          $this->runDaemonsAsUser);
-      } catch (CommandException $e) {
+      } catch (Exception $e) {
        // Retry without sudo
        $console->writeOut(pht(
          "sudo command failed. Starting daemon as current user\n"));
@ -237,6 +237,7 @@ abstract class PhabricatorDaemonManagementWorkflow
    $daemon_script_dir,
    $run_as_user = null) {

+    $is_sudo = false;
    if ($run_as_user) {
      // If anything else besides sudo should be
      // supported then insert it here (runuser, su, ...)
@ -244,11 +245,25 @@ abstract class PhabricatorDaemonManagementWorkflow
        'sudo -En -u %s -- %C',
        $run_as_user,
        $command);
+      $is_sudo = true;
    }
    $future = new ExecFuture('exec %C', $command);
    // Play games to keep 'ps' looking reasonable.
    $future->setCWD($daemon_script_dir);
-    $future->resolvex();
+    list($stdout, $stderr) = $future->resolvex();
+
+    if ($is_sudo) {
+      // On OSX, `sudo -n` exits 0 when the user does not have permission to
+      // switch accounts without a password. This is not consistent with
+      // sudo on Linux, and seems buggy/broken. Check for this by string
+      // matching the output.
+      if (preg_match('/sudo: a password is required/', $stderr)) {
+        throw new Exception(
+          pht(
+            'sudo exited with a zero exit code, but emitted output '.
+            'consistent with failure under OSX.'));
+      }
+    }
  }

  public static function ignoreSignal($signo) {