Add authenticate helper utility to build.

8 files changed, 416 insertions, 0 deletions

diff --git a/helper-utilities/.cvsignore b/helper-utilities/.cvsignore
new file mode 100644
index 000000000..282522db0
--- /dev/null
+++ b/helper-utilities/.cvsignore
@@ -0,0 +1,2 @@
+Makefile
+Makefile.in
diff --git a/helper-utilities/Makefile.am b/helper-utilities/Makefile.am
new file mode 100644
index 000000000..6181abf5e
--- /dev/null
+++ b/helper-utilities/Makefile.am
@@ -0,0 +1,9 @@
+NULL=
+
+if BUILD_AUTHENTICATE_HELPER
+AUTHENTICATE_HELPER_SUBDIRS = authenticate
+endif
+
+SUBDIRS = \
+	$(AUTHENTICATE_HELPER_SUBDIRS) \
+	$(NULL)
diff --git a/helper-utilities/authenticate/.cvsignore b/helper-utilities/authenticate/.cvsignore
new file mode 100644
index 000000000..783b6b8d2
--- /dev/null
+++ b/helper-utilities/authenticate/.cvsignore
@@ -0,0 +1,5 @@
+.deps
+.libs
+Makefile
+Makefile.in
+nautilus-authenticate
\ No newline at end of file
diff --git a/helper-utilities/authenticate/Makefile.am b/helper-utilities/authenticate/Makefile.am
new file mode 100644
index 000000000..fd0f8daf7
--- /dev/null
+++ b/helper-utilities/authenticate/Makefile.am
@@ -0,0 +1,30 @@
+NULL =
+
+CPPFLAGS = \
+	-DPREFIX=\"$(prefix)\" \
+	-DG_LOG_DOMAIN=\"Nautilus-Authenticate\"
+
+INCLUDES = \
+	-I$(top_srcdir) \
+	$(GNOMEUI_CFLAGS) \
+	$(WERROR) \
+	$(NULL)
+
+bin_PROGRAMS = nautilus-authenticate
+
+nautilus_authenticate_SOURCES =\
+	nautilus-authenticate.h \
+	nautilus-authenticate.c \
+	nautilus-authenticate-pam.c \
+	nautilus-authenticate-fork.c \
+	$(NULL)
+
+nautilus_authenticate_LDFLAGS =	\
+	$(top_builddir)/nautilus-widgets/libnautilus-widgets.la \
+	$(top_builddir)/libnautilus-extensions/libnautilus-extensions.la \
+	$(top_builddir)/librsvg/librsvg.la \
+	$(GNOMEUI_LIBS)	\
+	$(GCONF_LIBS) \
+	-lpam \
+	-lpam_misc \
+	$(NULL)
diff --git a/helper-utilities/authenticate/nautilus-authenticate-fork.c b/helper-utilities/authenticate/nautilus-authenticate-fork.c
new file mode 100644
index 000000000..3488e0f4e
--- /dev/null
+++ b/helper-utilities/authenticate/nautilus-authenticate-fork.c
@@ -0,0 +1,77 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* 
+ * Copyright (C) 2000 Eazel, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Authors: Ramiro Estrugo <ramiro@eazel.com>
+ */
+
+/* nautilus-authenticate-fork.c - Fork a process and exec the given 
+ * command.   Return the process id in *pid_out.
+ */
+
+#include "nautilus-authenticate.h"
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+static const int FORK_FAILED = -1;
+static const int FORK_CHILD = 0;
+
+gboolean
+nautilus_authenticate_fork (const char	*command,
+			    int	  	*pid_out)
+{
+	int pid;
+
+	g_assert (pid_out);
+	
+	if (!pid_out)
+		return FALSE;
+	
+	*pid_out = 0;
+	
+	/* Fork */
+	pid = fork ();
+	
+	/* Failed */
+	if (pid == FORK_FAILED)
+		return FALSE;
+	
+	/* Child */
+	if (pid == FORK_CHILD) {
+		system (command);
+		
+		fprintf (stderr,"\n");
+		fprintf (stdout,"\n");
+
+		fflush (stderr);
+		fflush (stdout);
+		
+		/* Exit child */
+		_exit (0);
+		
+		/* Not reached */
+		g_assert_not_reached ();
+	}
+	
+	/* Parent */
+	*pid_out = (int) pid;
+	
+	return TRUE;
+}
diff --git a/helper-utilities/authenticate/nautilus-authenticate-pam.c b/helper-utilities/authenticate/nautilus-authenticate-pam.c
new file mode 100644
index 000000000..929ef75ee
--- /dev/null
+++ b/helper-utilities/authenticate/nautilus-authenticate-pam.c
@@ -0,0 +1,134 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* 
+ * Copyright (C) 2000 Eazel, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Authors: Ramiro Estrugo <ramiro@eazel.com>
+ */
+
+/* nautilus-authenticate-pam.c - Use PAM to authenticate a user.
+ */
+
+#include "nautilus-authenticate.h"
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+typedef struct _PamConvData
+{
+	char *username;
+	char *password;
+} PamConvData;
+
+static int pam_conversion_func (int				num_msg, 
+				const struct pam_message	**msg, 
+				struct pam_response		**response, 
+				void				*appdata_ptr)
+{
+	PamConvData * pdata = (PamConvData *) appdata_ptr;
+	
+	struct pam_response * reply = 
+		(struct pam_response *) malloc (sizeof (struct pam_response) * num_msg);
+	
+	g_assert (pdata);
+	g_assert (reply);
+
+	if (reply) {
+		int replies;
+
+		for (replies = 0; replies < num_msg; replies++) {
+			switch (msg[replies]->msg_style) {
+			case PAM_PROMPT_ECHO_ON:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = strdup (pdata->username);
+				/* PAM frees resp */
+				break;
+				
+			case PAM_PROMPT_ECHO_OFF:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = strdup (pdata->password);
+				/* PAM frees resp */
+				break;
+				
+			case PAM_TEXT_INFO:
+				/* nothing */
+				
+			case PAM_ERROR_MSG:
+				/* Ignore */
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = NULL;
+				break;
+				
+			default:
+				/* Huh? */
+				free (reply);
+				
+				reply=NULL;
+				
+				return PAM_CONV_ERR;
+			}
+		}
+		
+		if (reply)
+			*response = reply;
+		
+		return PAM_SUCCESS;
+	}
+	
+	return PAM_CONV_ERR;
+}
+
+gboolean
+nautilus_authenticate_authenticate(const char *username,
+				   const char *password)
+{
+	char * username_copy = g_strdup(username);
+	char * password_copy = g_strdup(password);
+
+	gboolean rv = FALSE;
+	pam_handle_t * pam_handle = NULL;
+	
+	struct pam_conv pam_conv_data;
+	
+	static PamConvData client_data;
+	
+	client_data.username = username_copy;
+	client_data.password = password_copy;
+	
+	/* Setup the pam conversion structure */
+	pam_conv_data.conv = pam_conversion_func;
+	pam_conv_data.appdata_ptr = (void *) &client_data;
+	
+	/* Start pam */
+	if (pam_start("su", username_copy, &pam_conv_data, &pam_handle) == PAM_SUCCESS) {
+		/* Attempt auth */
+		if (pam_authenticate(pam_handle, PAM_SILENT) == PAM_SUCCESS) {
+			/* Authentication worked */
+			pam_end (pam_handle, PAM_SUCCESS);
+			
+			rv = TRUE;
+		}
+	}
+	
+	if (!rv)
+		pam_end (pam_handle, 0);
+	
+	g_free (username_copy);
+	g_free (password_copy);
+
+	return rv;
+}
diff --git a/helper-utilities/authenticate/nautilus-authenticate.c b/helper-utilities/authenticate/nautilus-authenticate.c
new file mode 100644
index 000000000..e3ce0b9a3
--- /dev/null
+++ b/helper-utilities/authenticate/nautilus-authenticate.c
@@ -0,0 +1,125 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* 
+ * Copyright (C) 2000 Eazel, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Authors: Ramiro Estrugo <ramiro@eazel.com>
+ */
+
+/* nautilus-authenticate.c - Main for helper utility to authenticate a
+ * user and execute a priviledge command on their behalf.
+ */
+
+#include "nautilus-authenticate.h"
+
+#include <nautilus-widgets/nautilus-password-dialog.h>
+
+#include <libgnomeui/gnome-init.h>
+
+
+#include <stdio.h>
+#include <unistd.h>
+
+extern char gnome_do_not_create_directories;
+
+int main (int argc, char *argv[])
+{
+	GtkWidget * password_dialog = NULL;
+	
+	gchar* command = NULL;
+
+	int rv = 1;
+
+	g_log_set_always_fatal ((GLogLevelFlags) 0xFFFF);
+
+	gnome_do_not_create_directories = 1;
+	
+	gnome_init ("PrivilegedAuthentication", "1.0", argc, argv);
+
+	if (argc > 1)
+	{
+		GString *str = g_string_new ("");
+		guint i;
+		
+		for(i = 1; i < argc; i++)
+		{
+			if (i > 1) 
+				g_string_append(str, " ");
+			
+			g_string_append (str, argv[i]);
+		}
+		
+		command = g_strndup (str->str, str->len);
+		
+		g_string_free (str, TRUE);
+	}
+	
+	if (!command)
+		command = g_strdup("");
+	
+	password_dialog = nautilus_password_dialog_new ("Privileged Command Execution",
+							"root",
+							"",
+							TRUE);
+	
+	g_free (command);
+	
+	if (nautilus_password_dialog_run_and_block (NAUTILUS_PASSWORD_DIALOG (password_dialog))) {
+		char *username;
+		char *password;
+		
+		username = nautilus_password_dialog_get_username (NAUTILUS_PASSWORD_DIALOG (password_dialog));
+		password = nautilus_password_dialog_get_password (NAUTILUS_PASSWORD_DIALOG (password_dialog));
+		
+		if (nautilus_authenticate_authenticate (username, password))
+		{
+			/* Free the password right away to blow it away from memory. */
+			if (password) {
+				g_free(password);
+				
+				password = NULL;
+			}
+			
+			if (setuid (0) == 0) {
+				gint pid = 0;
+				
+				if (!nautilus_authenticate_fork (command, &pid))
+					perror("fork");			
+			}
+			else {
+				perror ("setuid(0)");			
+			}
+		}
+		else {
+			fprintf (stderr, 
+				 "Authentication for user '%s' failed.\n\n",
+				 username);
+		}
+
+		if (username) {
+			g_free(username);
+			username = NULL;
+		}
+		
+		if (password) {
+			g_free(password);
+			password = NULL;
+		}
+	}
+
+	return rv;
+}
diff --git a/helper-utilities/authenticate/nautilus-authenticate.h b/helper-utilities/authenticate/nautilus-authenticate.h
new file mode 100644
index 000000000..ed5e3e8d4
--- /dev/null
+++ b/helper-utilities/authenticate/nautilus-authenticate.h
@@ -0,0 +1,34 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* 
+ * Copyright (C) 2000 Eazel, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with this program; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Authors: Ramiro Estrugo <ramiro@eazel.com>
+ */
+
+#ifndef NAUTILUS_AUTHENTICATE_H
+#define NAUTILUS_AUTHENTICATE_H
+
+#include <glib.h>
+
+gboolean nautilus_authenticate_fork         (const char *command,
+					     gint       *pid_out);
+gboolean nautilus_authenticate_authenticate (const char *username,
+					     const char *password);
+
+#endif /* NAUTILUS_AUTHENTICATE_H */
+