diff options
author | Ramiro Estrugo <ramiro@src.gnome.org> | 2000-04-27 16:05:08 +0000 |
---|---|---|
committer | Ramiro Estrugo <ramiro@src.gnome.org> | 2000-04-27 16:05:08 +0000 |
commit | c887166e14073ae0622efddf56c08d65314ee06a (patch) | |
tree | d2522f3364a712b9cc2c149d4360f73c4e4401dd /helper-utilities | |
parent | 80a7e3980bce7726afd3c1ad74e639b0db101c1f (diff) | |
download | nautilus-c887166e14073ae0622efddf56c08d65314ee06a.tar.gz |
Add authenticate helper utility to build.
Diffstat (limited to 'helper-utilities')
-rw-r--r-- | helper-utilities/.cvsignore | 2 | ||||
-rw-r--r-- | helper-utilities/Makefile.am | 9 | ||||
-rw-r--r-- | helper-utilities/authenticate/.cvsignore | 5 | ||||
-rw-r--r-- | helper-utilities/authenticate/Makefile.am | 30 | ||||
-rw-r--r-- | helper-utilities/authenticate/nautilus-authenticate-fork.c | 77 | ||||
-rw-r--r-- | helper-utilities/authenticate/nautilus-authenticate-pam.c | 134 | ||||
-rw-r--r-- | helper-utilities/authenticate/nautilus-authenticate.c | 125 | ||||
-rw-r--r-- | helper-utilities/authenticate/nautilus-authenticate.h | 34 |
8 files changed, 416 insertions, 0 deletions
diff --git a/helper-utilities/.cvsignore b/helper-utilities/.cvsignore new file mode 100644 index 000000000..282522db0 --- /dev/null +++ b/helper-utilities/.cvsignore @@ -0,0 +1,2 @@ +Makefile +Makefile.in diff --git a/helper-utilities/Makefile.am b/helper-utilities/Makefile.am new file mode 100644 index 000000000..6181abf5e --- /dev/null +++ b/helper-utilities/Makefile.am @@ -0,0 +1,9 @@ +NULL= + +if BUILD_AUTHENTICATE_HELPER +AUTHENTICATE_HELPER_SUBDIRS = authenticate +endif + +SUBDIRS = \ + $(AUTHENTICATE_HELPER_SUBDIRS) \ + $(NULL) diff --git a/helper-utilities/authenticate/.cvsignore b/helper-utilities/authenticate/.cvsignore new file mode 100644 index 000000000..783b6b8d2 --- /dev/null +++ b/helper-utilities/authenticate/.cvsignore @@ -0,0 +1,5 @@ +.deps +.libs +Makefile +Makefile.in +nautilus-authenticate
\ No newline at end of file diff --git a/helper-utilities/authenticate/Makefile.am b/helper-utilities/authenticate/Makefile.am new file mode 100644 index 000000000..fd0f8daf7 --- /dev/null +++ b/helper-utilities/authenticate/Makefile.am @@ -0,0 +1,30 @@ +NULL = + +CPPFLAGS = \ + -DPREFIX=\"$(prefix)\" \ + -DG_LOG_DOMAIN=\"Nautilus-Authenticate\" + +INCLUDES = \ + -I$(top_srcdir) \ + $(GNOMEUI_CFLAGS) \ + $(WERROR) \ + $(NULL) + +bin_PROGRAMS = nautilus-authenticate + +nautilus_authenticate_SOURCES =\ + nautilus-authenticate.h \ + nautilus-authenticate.c \ + nautilus-authenticate-pam.c \ + nautilus-authenticate-fork.c \ + $(NULL) + +nautilus_authenticate_LDFLAGS = \ + $(top_builddir)/nautilus-widgets/libnautilus-widgets.la \ + $(top_builddir)/libnautilus-extensions/libnautilus-extensions.la \ + $(top_builddir)/librsvg/librsvg.la \ + $(GNOMEUI_LIBS) \ + $(GCONF_LIBS) \ + -lpam \ + -lpam_misc \ + $(NULL) diff --git a/helper-utilities/authenticate/nautilus-authenticate-fork.c b/helper-utilities/authenticate/nautilus-authenticate-fork.c new file mode 100644 index 000000000..3488e0f4e --- /dev/null +++ b/helper-utilities/authenticate/nautilus-authenticate-fork.c @@ -0,0 +1,77 @@ +/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ +/* + * Copyright (C) 2000 Eazel, Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + * + * Authors: Ramiro Estrugo <ramiro@eazel.com> + */ + +/* nautilus-authenticate-fork.c - Fork a process and exec the given + * command. Return the process id in *pid_out. + */ + +#include "nautilus-authenticate.h" + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> + +static const int FORK_FAILED = -1; +static const int FORK_CHILD = 0; + +gboolean +nautilus_authenticate_fork (const char *command, + int *pid_out) +{ + int pid; + + g_assert (pid_out); + + if (!pid_out) + return FALSE; + + *pid_out = 0; + + /* Fork */ + pid = fork (); + + /* Failed */ + if (pid == FORK_FAILED) + return FALSE; + + /* Child */ + if (pid == FORK_CHILD) { + system (command); + + fprintf (stderr,"\n"); + fprintf (stdout,"\n"); + + fflush (stderr); + fflush (stdout); + + /* Exit child */ + _exit (0); + + /* Not reached */ + g_assert_not_reached (); + } + + /* Parent */ + *pid_out = (int) pid; + + return TRUE; +} diff --git a/helper-utilities/authenticate/nautilus-authenticate-pam.c b/helper-utilities/authenticate/nautilus-authenticate-pam.c new file mode 100644 index 000000000..929ef75ee --- /dev/null +++ b/helper-utilities/authenticate/nautilus-authenticate-pam.c @@ -0,0 +1,134 @@ +/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ +/* + * Copyright (C) 2000 Eazel, Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + * + * Authors: Ramiro Estrugo <ramiro@eazel.com> + */ + +/* nautilus-authenticate-pam.c - Use PAM to authenticate a user. + */ + +#include "nautilus-authenticate.h" + +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +typedef struct _PamConvData +{ + char *username; + char *password; +} PamConvData; + +static int pam_conversion_func (int num_msg, + const struct pam_message **msg, + struct pam_response **response, + void *appdata_ptr) +{ + PamConvData * pdata = (PamConvData *) appdata_ptr; + + struct pam_response * reply = + (struct pam_response *) malloc (sizeof (struct pam_response) * num_msg); + + g_assert (pdata); + g_assert (reply); + + if (reply) { + int replies; + + for (replies = 0; replies < num_msg; replies++) { + switch (msg[replies]->msg_style) { + case PAM_PROMPT_ECHO_ON: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = strdup (pdata->username); + /* PAM frees resp */ + break; + + case PAM_PROMPT_ECHO_OFF: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = strdup (pdata->password); + /* PAM frees resp */ + break; + + case PAM_TEXT_INFO: + /* nothing */ + + case PAM_ERROR_MSG: + /* Ignore */ + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = NULL; + break; + + default: + /* Huh? */ + free (reply); + + reply=NULL; + + return PAM_CONV_ERR; + } + } + + if (reply) + *response = reply; + + return PAM_SUCCESS; + } + + return PAM_CONV_ERR; +} + +gboolean +nautilus_authenticate_authenticate(const char *username, + const char *password) +{ + char * username_copy = g_strdup(username); + char * password_copy = g_strdup(password); + + gboolean rv = FALSE; + pam_handle_t * pam_handle = NULL; + + struct pam_conv pam_conv_data; + + static PamConvData client_data; + + client_data.username = username_copy; + client_data.password = password_copy; + + /* Setup the pam conversion structure */ + pam_conv_data.conv = pam_conversion_func; + pam_conv_data.appdata_ptr = (void *) &client_data; + + /* Start pam */ + if (pam_start("su", username_copy, &pam_conv_data, &pam_handle) == PAM_SUCCESS) { + /* Attempt auth */ + if (pam_authenticate(pam_handle, PAM_SILENT) == PAM_SUCCESS) { + /* Authentication worked */ + pam_end (pam_handle, PAM_SUCCESS); + + rv = TRUE; + } + } + + if (!rv) + pam_end (pam_handle, 0); + + g_free (username_copy); + g_free (password_copy); + + return rv; +} diff --git a/helper-utilities/authenticate/nautilus-authenticate.c b/helper-utilities/authenticate/nautilus-authenticate.c new file mode 100644 index 000000000..e3ce0b9a3 --- /dev/null +++ b/helper-utilities/authenticate/nautilus-authenticate.c @@ -0,0 +1,125 @@ +/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ +/* + * Copyright (C) 2000 Eazel, Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + * + * Authors: Ramiro Estrugo <ramiro@eazel.com> + */ + +/* nautilus-authenticate.c - Main for helper utility to authenticate a + * user and execute a priviledge command on their behalf. + */ + +#include "nautilus-authenticate.h" + +#include <nautilus-widgets/nautilus-password-dialog.h> + +#include <libgnomeui/gnome-init.h> + + +#include <stdio.h> +#include <unistd.h> + +extern char gnome_do_not_create_directories; + +int main (int argc, char *argv[]) +{ + GtkWidget * password_dialog = NULL; + + gchar* command = NULL; + + int rv = 1; + + g_log_set_always_fatal ((GLogLevelFlags) 0xFFFF); + + gnome_do_not_create_directories = 1; + + gnome_init ("PrivilegedAuthentication", "1.0", argc, argv); + + if (argc > 1) + { + GString *str = g_string_new (""); + guint i; + + for(i = 1; i < argc; i++) + { + if (i > 1) + g_string_append(str, " "); + + g_string_append (str, argv[i]); + } + + command = g_strndup (str->str, str->len); + + g_string_free (str, TRUE); + } + + if (!command) + command = g_strdup(""); + + password_dialog = nautilus_password_dialog_new ("Privileged Command Execution", + "root", + "", + TRUE); + + g_free (command); + + if (nautilus_password_dialog_run_and_block (NAUTILUS_PASSWORD_DIALOG (password_dialog))) { + char *username; + char *password; + + username = nautilus_password_dialog_get_username (NAUTILUS_PASSWORD_DIALOG (password_dialog)); + password = nautilus_password_dialog_get_password (NAUTILUS_PASSWORD_DIALOG (password_dialog)); + + if (nautilus_authenticate_authenticate (username, password)) + { + /* Free the password right away to blow it away from memory. */ + if (password) { + g_free(password); + + password = NULL; + } + + if (setuid (0) == 0) { + gint pid = 0; + + if (!nautilus_authenticate_fork (command, &pid)) + perror("fork"); + } + else { + perror ("setuid(0)"); + } + } + else { + fprintf (stderr, + "Authentication for user '%s' failed.\n\n", + username); + } + + if (username) { + g_free(username); + username = NULL; + } + + if (password) { + g_free(password); + password = NULL; + } + } + + return rv; +} diff --git a/helper-utilities/authenticate/nautilus-authenticate.h b/helper-utilities/authenticate/nautilus-authenticate.h new file mode 100644 index 000000000..ed5e3e8d4 --- /dev/null +++ b/helper-utilities/authenticate/nautilus-authenticate.h @@ -0,0 +1,34 @@ +/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ +/* + * Copyright (C) 2000 Eazel, Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this program; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + * + * Authors: Ramiro Estrugo <ramiro@eazel.com> + */ + +#ifndef NAUTILUS_AUTHENTICATE_H +#define NAUTILUS_AUTHENTICATE_H + +#include <glib.h> + +gboolean nautilus_authenticate_fork (const char *command, + gint *pid_out); +gboolean nautilus_authenticate_authenticate (const char *username, + const char *password); + +#endif /* NAUTILUS_AUTHENTICATE_H */ + |