Enlightenment CVS committal
Author : xcomputerman
Project : e17
Module : apps/entrance
Dir : e17/apps/entrance/src/client
Modified Files:
entrance_auth.c entrance_auth.h entrance_config.h
entrance_session.c entrance_session.h main.c
Log Message:
Authentication bugfixes:
- Reorganize handling of pam, crypt and shadow auth modes
- Don't pass entire cfg struct to auth functions
- Change the way display is sent to auth for setting up environment
- Miscellaneous bugfixes and cleanups
Shout out to atmos for his help in putting this together.
===================================================================
RCS file: /cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_auth.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -3 -r1.21 -r1.22
--- entrance_auth.c 20 Dec 2004 03:07:04 -0000 1.21
+++ entrance_auth.c 27 Dec 2004 06:45:14 -0000 1.22
@@ -124,6 +124,7 @@
if (e->pw)
e->pw = struct_passwd_free(e->pw);
+ memset(e->user, 0, sizeof(e->user));
memset(e->pass, 0, sizeof(e->pass));
entrance_auth_session_end(e);
free(e);
@@ -151,7 +152,7 @@
* function and others.
*/
static int
-_entrance_auth_pam_initialize(Entrance_Auth * e)
+_entrance_auth_pam_initialize(Entrance_Auth * e, const char *display)
{
int pamerr;
@@ -171,7 +172,7 @@
/* Set TTY to DISPLAY */
if ((pamerr =
- pam_set_item(e->pam.handle, PAM_TTY, e->display)) != PAM_SUCCESS)
+ pam_set_item(e->pam.handle, PAM_TTY, display)) != PAM_SUCCESS)
{
syslog(LOG_CRIT, "Error: Unable to configure PAM_TTY.");
return ERROR_PAM_SET;
@@ -206,13 +207,13 @@
* @e The Entrance_Auth struct to attempt to validate on the system
* @return - 0 on success, 1 on error
*/
-int
-entrance_auth_cmp_pam(Entrance_Auth * e)
+static int
+entrance_auth_cmp_pam(Entrance_Auth * e, const char *display)
{
- int result = 0;
+ int result = AUTH_FAIL;
int pamerr;
- if (_entrance_auth_pam_initialize(e) != E_SUCCESS)
+ if (_entrance_auth_pam_initialize(e, display) != E_SUCCESS)
return ERROR_NO_PAM_INIT;
if ((pamerr = pam_authenticate(e->pam.handle, 0)) == PAM_SUCCESS)
@@ -251,25 +252,43 @@
}
#endif
-int
-entrance_auth_cmp_crypt(Entrance_Auth * e, Entrance_Config * cfg)
+static int
+entrance_auth_cmp_crypt(Entrance_Auth * e)
{
char *encrypted;
- char *correct = e->pw->pw_passwd;
+ char *correct;
+
+ correct = e->pw->pw_passwd;
-#if HAVE_SHADOW
+ /* Only successfully auth blank password *if* a blank password is given */
+ if ((!correct || !correct[0]) && !strcmp(e->pass, ""))
+ return AUTH_SUCCESS;
+
+ encrypted = crypt(e->pass, correct);
+
+ return (strcmp(encrypted, correct)) ? ERROR_BAD_PASS : AUTH_SUCCESS;
+}
+
+static int
+entrance_auth_cmp_shadow(Entrance_Auth * e)
+{
+ char *encrypted;
+ char *correct;
struct spwd *sp;
+
+ sp = getspnam(e->pw->pw_name);
+ endspent();
- if (cfg->auth == ENTRANCE_USE_SHADOW)
+ if (sp)
+ correct = sp->sp_pwdp;
+ else
{
- sp = getspnam(e->pw->pw_name);
- endspent();
-
- if (sp)
- correct = sp->sp_pwdp;
+ syslog(LOG_CRIT, "FATAL: Unable to fetch shadow password.");
+ return AUTH_FAIL;
}
-#endif
- if (!correct || !correct[0])
+
+ /* Don't authenticate blank password unless blank password is given */
+ if ((!correct || !correct[0]) && !strcmp(e->pass, ""))
return AUTH_SUCCESS;
encrypted = crypt(e->pass, correct);
@@ -277,6 +296,38 @@
return (strcmp(encrypted, correct)) ? ERROR_BAD_PASS : AUTH_SUCCESS;
}
+int
+entrance_auth_cmp(Entrance_Auth * e, const char *display, int mode)
+{
+ switch (mode)
+ {
+ case ENTRANCE_USE_PAM:
+#if HAVE_PAM
+ return (entrance_auth_cmp_pam(e, display));
+#else
+ syslog(LOG_CRIT, "FATAL: PAM authentication support unavailable.");
+ return (1);
+#endif
+ break;
+ case ENTRANCE_USE_SHADOW:
+#if HAVE_SHADOW
+ return (entrance_auth_cmp_shadow(e));
+#else
+ syslog(LOG_CRIT, "FATAL: Shadow authentication support unavailable.");
+ return (1);
+#endif
+ break;
+ case ENTRANCE_USE_CRYPT:
+ return (entrance_auth_cmp_crypt(e));
+ break;
+ default:
+ syslog(LOG_CRIT, "FATAL: Invalid authentication mode %d requested",
mode);
+ break;
+ }
+ return AUTH_FAIL;
+
+}
+
/**
* entrance_auth_set_pass: keep the error checking here
* Pass it a char* and it'll set it if it should
@@ -326,7 +377,7 @@
* I'm not sure if this is correct, but for now it works.
*/
void
-entrance_auth_setup_environment(Entrance_Auth * e)
+entrance_auth_setup_environment(Entrance_Auth * e, const char *display)
{
extern char **environ;
int size;
@@ -353,8 +404,7 @@
setenv("USER", e->pw->pw_name, 1);
setenv("LOGNAME", e->pw->pw_name, 1);
- if (e->display)
- setenv("DISPLAY", e->display, 1);
+ setenv("DISPLAY", display, 1);
size = (strlen(_PATH_MAILDIR) + strlen(e->pw->pw_name) + 2);
mail = (char *) malloc(sizeof(char) * size);
===================================================================
RCS file: /cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_auth.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -3 -r1.11 -r1.12
--- entrance_auth.h 20 Dec 2004 03:07:05 -0000 1.11
+++ entrance_auth.h 27 Dec 2004 06:45:14 -0000 1.12
@@ -33,12 +33,13 @@
#define AUTH_SUCCESS 0
#define E_SUCCESS 0
-#define ERROR_NO_PAM_INIT 1
-#define ERROR_BAD_PASS 2
-#define ERROR_PAM_SET 3
-#define ERROR_NO_PERMS 4
-#define ERROR_CRED_EXPIRED 5
-#define ERROR_BAD_CRED 6
+#define AUTH_FAIL 1
+#define ERROR_NO_PAM_INIT 2
+#define ERROR_BAD_PASS 3
+#define ERROR_PAM_SET 4
+#define ERROR_NO_PERMS 5
+#define ERROR_CRED_EXPIRED 6
+#define ERROR_BAD_CRED 7
/**
* Collection of data relating to authenticating off of the system
@@ -58,7 +59,6 @@
char user[PATH_MAX];
char pass[PATH_MAX];
char **env;
- char *display;
};
typedef struct _Entrance_Auth Entrance_Auth;
@@ -68,13 +68,12 @@
void entrance_auth_clear_pass(Entrance_Auth * e);
/* 0 on success, 1 on failure */
-int entrance_auth_cmp_pam(Entrance_Auth * e);
-int entrance_auth_cmp_crypt(Entrance_Auth * e, Entrance_Config * cfg);
+int entrance_auth_cmp(Entrance_Auth * e, const char *display, int mode);
void entrance_auth_pass_set(Entrance_Auth * e, const char *str);
/* 0 on success, 1 on no user by that name */
int entrance_auth_user_set(Entrance_Auth * e, const char *str);
-void entrance_auth_setup_environment(Entrance_Auth * e);
+void entrance_auth_setup_environment(Entrance_Auth * e, const char *display);
void entrance_auth_reset(Entrance_Auth * e);
#endif
===================================================================
RCS file:
/cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_config.h,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -3 -r1.15 -r1.16
--- entrance_config.h 10 Apr 2004 22:20:24 -0000 1.15
+++ entrance_config.h 27 Dec 2004 06:45:14 -0000 1.16
@@ -15,6 +15,7 @@
#include <unistd.h>
#include <syslog.h>
+#define ENTRANCE_USE_CRYPT 0
#define ENTRANCE_USE_PAM 1
#define ENTRANCE_USE_SHADOW 2
===================================================================
RCS file:
/cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_session.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -3 -r1.66 -r1.67
--- entrance_session.c 20 Dec 2004 03:07:05 -0000 1.66
+++ entrance_session.c 27 Dec 2004 06:45:14 -0000 1.67
@@ -32,7 +32,7 @@
* Also Allocates the auth, and parse the config struct
*/
Entrance_Session *
-entrance_session_new(const char *config, char *display, int testing)
+entrance_session_new(const char *config, const char *display, int testing)
{
Entrance_Session *e;
char *db;
@@ -46,9 +46,12 @@
memset(e, 0, sizeof(struct _Entrance_Session));
openlog("entrance", LOG_NOWAIT, LOG_DAEMON);
- e->display = display;
+ if (!display)
+ e->display = strdup(getenv("DISPLAY"));
+ else
+ e->display = strdup(display);
+
e->auth = entrance_auth_new();
- e->auth->display = display;
e->config = entrance_config_parse(db);
if (!e->config)
{
@@ -196,12 +199,7 @@
int
entrance_session_auth_user(Entrance_Session * e)
{
-#if HAVE_PAM
- if (e->config->auth == ENTRANCE_USE_PAM)
- return (entrance_auth_cmp_pam(e->auth));
- else
-#endif
- return (entrance_auth_cmp_crypt(e->auth, e->config));
+ return (entrance_auth_cmp(e->auth, e->display, e->config->auth));
}
/**
@@ -215,13 +213,9 @@
{
Evas_Object *obj = NULL;
-#if 0
if (e->auth)
entrance_auth_free(e->auth);
e->auth = entrance_auth_new();
-#else
- entrance_auth_reset(e->auth);
-#endif
if ((obj =
edje_object_part_swallow_get(e->edje, "entrance.user.avatar")))
{
@@ -341,7 +335,7 @@
{
char *homedir;
- entrance_auth_setup_environment(e->auth);
+ entrance_auth_setup_environment(e->auth, e->display);
homedir = getenv("HOME");
if (entrance_ipc_connected_get())
entrance_ipc_request_xauth(homedir, e->auth->pw->pw_uid,
@@ -364,7 +358,7 @@
char buf[PATH_MAX];
char *shell = NULL;
- entrance_auth_setup_environment(e->auth);
+ entrance_auth_setup_environment(e->auth, e->display);
if ((e->session) && (strlen(e->session) > 0))
{
if (!strcmp(e->session, "default"))
===================================================================
RCS file:
/cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_session.h,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -3 -r1.21 -r1.22
--- entrance_session.h 20 Dec 2004 03:07:05 -0000 1.21
+++ entrance_session.h 27 Dec 2004 06:45:14 -0000 1.22
@@ -41,8 +41,8 @@
typedef struct _Entrance_Session Entrance_Session;
-Entrance_Session *entrance_session_new(const char *config, char *display,
- int testing);
+Entrance_Session *entrance_session_new(const char *config,
+ const char *display, int testing);
void entrance_session_ecore_evas_set(Entrance_Session * e, Ecore_Evas * ee);
void entrance_session_free(Entrance_Session * e);
void entrance_session_run(Entrance_Session * e);
===================================================================
RCS file: /cvsroot/enlightenment/e17/apps/entrance/src/client/main.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -3 -r1.66 -r1.67
--- main.c 27 Dec 2004 03:31:21 -0000 1.66
+++ main.c 27 Dec 2004 06:45:14 -0000 1.67
@@ -692,7 +692,7 @@
config = strdup(optarg);
break;
case 'z':
- printf("entrance: main: z optarg = %s\n", optarg);
+ /* printf("entrance: main: z optarg = %s\n", optarg); */
server_pid = (pid_t) atoi(optarg);
break;
default:
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
enlightenment-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs
