Commit c887166e authored by Ramiro Estrugo's avatar Ramiro Estrugo

Add authenticate helper utility to build.

parent 80a7e398
2000-04-27 Ramiro Estrugo <ramiro@eazel.com>
Add authenticate helper utility to build.
* Makefile.am:
Add helper-utilities to build.
* configure.in:
Add helper-utilities and helper-utilities/authenticate to build
using a conditional flag until better pam detection voodoo can be
written.
* helper-utilities: New dir.
* helper-utilities/authenticate: New dir. A simple utility to
authenticate a user using PAM and execute a command on their
behalf. Still needs some work to be more useful.
* helper-utilities/authenticate/nautilus-authenticate.h,
helper-utilities/authenticate/nautilus-authenticate.c,
helper-utilities/authenticate/nautilus-authenticate-pam.c,
helper-utilities/authenticate/nautilus-authenticate-fork.c:
New files. Code for authenticate helper utility.
2000-04-27 Ramiro Estrugo <ramiro@eazel.com>
More 'make dist' fixes. I missed the services dir.
......
......@@ -7,6 +7,7 @@ SUBDIRS =\
nautilus-widgets \
src \
components \
helper-utilities \
icons \
data \
intl \
......
......@@ -50,6 +50,15 @@ AC_SUBST(EAZEL_SERVICES)
AM_CONDITIONAL(EAZEL_SERVICES, test "x$EAZEL_SERVICES" = "x1")
dnl There needs to be a better check here for the real stuff the authenticate
dnl helper depends on, like pam.
BUILD_AUTHENTICATE_HELPER=
AC_ARG_ENABLE(authenticate-helper,
[--enable-authenticate-helper Authenticate Helper utility],
BUILD_AUTHENTICATE_HELPER=1)
AM_CONDITIONAL(BUILD_AUTHENTICATE_HELPER, test "x$BUILD_AUTHENTICATE_HELPER" = "x1")
dnl ====================================
dnl =
dnl = mozilla embedded component support
......@@ -293,6 +302,8 @@ components/services/Makefile
components/services/startup/Makefile
components/services/startup/icons/Makefile
components/services/install/Makefile
helper-utilities/Makefile
helper-utilities/authenticate/Makefile
po/Makefile.in
intl/Makefile
])
Makefile
Makefile.in
NULL=
if BUILD_AUTHENTICATE_HELPER
AUTHENTICATE_HELPER_SUBDIRS = authenticate
endif
SUBDIRS = \
$(AUTHENTICATE_HELPER_SUBDIRS) \
$(NULL)
.deps
.libs
Makefile
Makefile.in
nautilus-authenticate
\ No newline at end of file
NULL =
CPPFLAGS = \
-DPREFIX=\"$(prefix)\" \
-DG_LOG_DOMAIN=\"Nautilus-Authenticate\"
INCLUDES = \
-I$(top_srcdir) \
$(GNOMEUI_CFLAGS) \
$(WERROR) \
$(NULL)
bin_PROGRAMS = nautilus-authenticate
nautilus_authenticate_SOURCES =\
nautilus-authenticate.h \
nautilus-authenticate.c \
nautilus-authenticate-pam.c \
nautilus-authenticate-fork.c \
$(NULL)
nautilus_authenticate_LDFLAGS = \
$(top_builddir)/nautilus-widgets/libnautilus-widgets.la \
$(top_builddir)/libnautilus-extensions/libnautilus-extensions.la \
$(top_builddir)/librsvg/librsvg.la \
$(GNOMEUI_LIBS) \
$(GCONF_LIBS) \
-lpam \
-lpam_misc \
$(NULL)
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/*
* Copyright (C) 2000 Eazel, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors: Ramiro Estrugo <ramiro@eazel.com>
*/
/* nautilus-authenticate-fork.c - Fork a process and exec the given
* command. Return the process id in *pid_out.
*/
#include "nautilus-authenticate.h"
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
static const int FORK_FAILED = -1;
static const int FORK_CHILD = 0;
gboolean
nautilus_authenticate_fork (const char *command,
int *pid_out)
{
int pid;
g_assert (pid_out);
if (!pid_out)
return FALSE;
*pid_out = 0;
/* Fork */
pid = fork ();
/* Failed */
if (pid == FORK_FAILED)
return FALSE;
/* Child */
if (pid == FORK_CHILD) {
system (command);
fprintf (stderr,"\n");
fprintf (stdout,"\n");
fflush (stderr);
fflush (stdout);
/* Exit child */
_exit (0);
/* Not reached */
g_assert_not_reached ();
}
/* Parent */
*pid_out = (int) pid;
return TRUE;
}
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/*
* Copyright (C) 2000 Eazel, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors: Ramiro Estrugo <ramiro@eazel.com>
*/
/* nautilus-authenticate-pam.c - Use PAM to authenticate a user.
*/
#include "nautilus-authenticate.h"
#include <security/pam_appl.h>
#include <security/pam_misc.h>
typedef struct _PamConvData
{
char *username;
char *password;
} PamConvData;
static int pam_conversion_func (int num_msg,
const struct pam_message **msg,
struct pam_response **response,
void *appdata_ptr)
{
PamConvData * pdata = (PamConvData *) appdata_ptr;
struct pam_response * reply =
(struct pam_response *) malloc (sizeof (struct pam_response) * num_msg);
g_assert (pdata);
g_assert (reply);
if (reply) {
int replies;
for (replies = 0; replies < num_msg; replies++) {
switch (msg[replies]->msg_style) {
case PAM_PROMPT_ECHO_ON:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup (pdata->username);
/* PAM frees resp */
break;
case PAM_PROMPT_ECHO_OFF:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup (pdata->password);
/* PAM frees resp */
break;
case PAM_TEXT_INFO:
/* nothing */
case PAM_ERROR_MSG:
/* Ignore */
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
default:
/* Huh? */
free (reply);
reply=NULL;
return PAM_CONV_ERR;
}
}
if (reply)
*response = reply;
return PAM_SUCCESS;
}
return PAM_CONV_ERR;
}
gboolean
nautilus_authenticate_authenticate(const char *username,
const char *password)
{
char * username_copy = g_strdup(username);
char * password_copy = g_strdup(password);
gboolean rv = FALSE;
pam_handle_t * pam_handle = NULL;
struct pam_conv pam_conv_data;
static PamConvData client_data;
client_data.username = username_copy;
client_data.password = password_copy;
/* Setup the pam conversion structure */
pam_conv_data.conv = pam_conversion_func;
pam_conv_data.appdata_ptr = (void *) &client_data;
/* Start pam */
if (pam_start("su", username_copy, &pam_conv_data, &pam_handle) == PAM_SUCCESS) {
/* Attempt auth */
if (pam_authenticate(pam_handle, PAM_SILENT) == PAM_SUCCESS) {
/* Authentication worked */
pam_end (pam_handle, PAM_SUCCESS);
rv = TRUE;
}
}
if (!rv)
pam_end (pam_handle, 0);
g_free (username_copy);
g_free (password_copy);
return rv;
}
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/*
* Copyright (C) 2000 Eazel, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors: Ramiro Estrugo <ramiro@eazel.com>
*/
/* nautilus-authenticate.c - Main for helper utility to authenticate a
* user and execute a priviledge command on their behalf.
*/
#include "nautilus-authenticate.h"
#include <nautilus-widgets/nautilus-password-dialog.h>
#include <libgnomeui/gnome-init.h>
#include <stdio.h>
#include <unistd.h>
extern char gnome_do_not_create_directories;
int main (int argc, char *argv[])
{
GtkWidget * password_dialog = NULL;
gchar* command = NULL;
int rv = 1;
g_log_set_always_fatal ((GLogLevelFlags) 0xFFFF);
gnome_do_not_create_directories = 1;
gnome_init ("PrivilegedAuthentication", "1.0", argc, argv);
if (argc > 1)
{
GString *str = g_string_new ("");
guint i;
for(i = 1; i < argc; i++)
{
if (i > 1)
g_string_append(str, " ");
g_string_append (str, argv[i]);
}
command = g_strndup (str->str, str->len);
g_string_free (str, TRUE);
}
if (!command)
command = g_strdup("");
password_dialog = nautilus_password_dialog_new ("Privileged Command Execution",
"root",
"",
TRUE);
g_free (command);
if (nautilus_password_dialog_run_and_block (NAUTILUS_PASSWORD_DIALOG (password_dialog))) {
char *username;
char *password;
username = nautilus_password_dialog_get_username (NAUTILUS_PASSWORD_DIALOG (password_dialog));
password = nautilus_password_dialog_get_password (NAUTILUS_PASSWORD_DIALOG (password_dialog));
if (nautilus_authenticate_authenticate (username, password))
{
/* Free the password right away to blow it away from memory. */
if (password) {
g_free(password);
password = NULL;
}
if (setuid (0) == 0) {
gint pid = 0;
if (!nautilus_authenticate_fork (command, &pid))
perror("fork");
}
else {
perror ("setuid(0)");
}
}
else {
fprintf (stderr,
"Authentication for user '%s' failed.\n\n",
username);
}
if (username) {
g_free(username);
username = NULL;
}
if (password) {
g_free(password);
password = NULL;
}
}
return rv;
}
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/*
* Copyright (C) 2000 Eazel, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors: Ramiro Estrugo <ramiro@eazel.com>
*/
#ifndef NAUTILUS_AUTHENTICATE_H
#define NAUTILUS_AUTHENTICATE_H
#include <glib.h>
gboolean nautilus_authenticate_fork (const char *command,
gint *pid_out);
gboolean nautilus_authenticate_authenticate (const char *username,
const char *password);
#endif /* NAUTILUS_AUTHENTICATE_H */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment