$OpenBSD: patch-kdesu_su_cpp,v 1.3 2016/12/25 16:33:01 zhuk Exp $
1. Hardcode sudo placement for safety.
2. Add doas(1) support.
--- kdesu/su.cpp.orig	Fri Jun 26 06:14:18 2015
+++ kdesu/su.cpp	Fri May  6 23:00:17 2016
@@ -51,10 +51,16 @@ int kdesuDebugArea()
 #endif
 
 #ifndef __PATH_SUDO
-#define __PATH_SUDO "false"
+#define __PATH_SUDO "${LOCALBASE}/bin/sudo"
 #endif
 
-#ifdef KDESU_USE_SUDO_DEFAULT
+#ifndef __PATH_DOAS
+#define __PATH_DOAS "/usr/bin/doas"
+#endif
+
+#if defined(KDESU_USE_DOAS_DEFAULT)
+#  define DEFAULT_SUPER_USER_COMMAND "doas"
+#elif defined(KDESU_USE_SUDO_DEFAULT)
 #  define DEFAULT_SUPER_USER_COMMAND "sudo"
 #else
 #  define DEFAULT_SUPER_USER_COMMAND "su"
@@ -79,7 +85,7 @@ SuProcess::SuProcess(const QByteArray &user, const QBy
     KConfigGroup group(config, "super-user-command");
     d->m_superUserCommand = group.readEntry("super-user-command", DEFAULT_SUPER_USER_COMMAND);
 
-    if ( d->m_superUserCommand != "sudo" && d->m_superUserCommand != "su" ) {
+    if ( d->m_superUserCommand != "doas" && d->m_superUserCommand != "sudo" && d->m_superUserCommand != "su" ) {
       kWarning() << "unknown super user command.";
       d->m_superUserCommand = DEFAULT_SUPER_USER_COMMAND;
     }
@@ -98,7 +104,7 @@ QString SuProcess::superUserCommand()
 
 bool SuProcess::useUsersOwnPassword()
 {
-    if (superUserCommand() == "sudo" && m_User == "root") {
+    if (superUserCommand() == "sudo" || superUserCommand() == "doas") {
         return true;
     }
 
@@ -132,7 +138,7 @@ int SuProcess::exec(const char *password, int check)
     }
 
     QList<QByteArray> args;
-    if (d->m_superUserCommand == "sudo") {
+    if (d->m_superUserCommand == "sudo" || d->m_superUserCommand == "doas") {
         args += "-u";
     }
 
@@ -148,7 +154,9 @@ int SuProcess::exec(const char *password, int check)
     args += "-"; // krazy:exclude=doublequote_chars (QList, not QString)
 
     QByteArray command;
-    if (d->m_superUserCommand == "sudo") {
+    if (d->m_superUserCommand == "doas") {
+        command = __PATH_DOAS;
+    } else if (d->m_superUserCommand == "sudo") {
         command = __PATH_SUDO;
     } else {
         command = __PATH_SU;
@@ -181,7 +189,7 @@ int SuProcess::exec(const char *password, int check)
     {
         if (ret == killme)
         {
-            if ( d->m_superUserCommand == "sudo" ) {
+            if ( d->m_superUserCommand != "su" ) {
  	        // sudo can not be killed, just return
  	        return ret;
  	    }
@@ -208,7 +216,7 @@ int SuProcess::exec(const char *password, int check)
     if (ret != ok)
     {
         kill(m_Pid, SIGKILL);
-        if (d->m_superUserCommand != "sudo") {
+        if (d->m_superUserCommand == "su") {
             waitForChild();
         }
         return SuIncorrectPassword;
