author | sandman <sandman> | 2002-12-17 19:41:05 (UTC) |
---|---|---|
committer | sandman <sandman> | 2002-12-17 19:41:05 (UTC) |
commit | 0e05c298cc4e5a5d509286e31a3a863e78c76456 (patch) (side-by-side diff) | |
tree | 2a86553b593ff9690c14e1796c54c707f189fdf3 | |
parent | 98f90f6ed89986485a1413c4325411e30f4c0693 (diff) | |
download | opie-0e05c298cc4e5a5d509286e31a3a863e78c76456.zip opie-0e05c298cc4e5a5d509286e31a3a863e78c76456.tar.gz opie-0e05c298cc4e5a5d509286e31a3a863e78c76456.tar.bz2 |
Opie login becomes useable now:
- pre- and post-session scripts (in $OPIEDIR/share/opie-login) to fix
things like device ownership to user/root
- logging in now doesn't simply mean: execute bin/qpe. instead opie-login
* first tries to execute ~/.opie-session
* if that doesn't exist $OPIEDIR/share/opie-login/opie-session
* if that fails too, execute $OPIEDIR/bin/qpe
you can now handle things like ssh-agent on a per-user basis.
(I'll commit the scripts later - for now it simply works like before)
-rw-r--r-- | core/opie-login/loginapplication.cpp | 74 | ||||
-rw-r--r-- | core/opie-login/loginapplication.h | 6 | ||||
-rw-r--r-- | core/opie-login/main.cpp | 12 |
3 files changed, 82 insertions, 10 deletions
diff --git a/core/opie-login/loginapplication.cpp b/core/opie-login/loginapplication.cpp index 8d86a71..1facf2d 100644 --- a/core/opie-login/loginapplication.cpp +++ b/core/opie-login/loginapplication.cpp @@ -1,80 +1,82 @@ /* =. This file is part of the OPIE Project .=l. Copyright (c) 2002 Robert Griebl <sandman@handhelds.org> .>+-= _;:, .> :=|. This file is free software; you can .> <`_, > . <= redistribute it and/or modify it under :`=1 )Y*s>-.-- : the terms of the GNU General Public .="- .-=="i, .._ License as published by the Free Software - . .-<_> .<> Foundation; either version 2 of the License, ._= =} : or (at your option) any later version. .%`+i> _;_. .i_,=:_. -<s. This file is distributed in the hope that + . -:. = it will be useful, but WITHOUT ANY WARRANTY; : .. .:, . . . without even the implied warranty of =_ + =;=|` MERCHANTABILITY or FITNESS FOR A _.=:. : :=>`: PARTICULAR PURPOSE. See the GNU General ..}^=.= = ; Public License for more details. ++= -. .` .: : = ...= . :.=- You should have received a copy of the GNU -. .:....=;==+<; General Public License along with this file; -_. . . )=. = see the file COPYING. If not, write to the -- :-=` Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include <pwd.h> #include <grp.h> #include <unistd.h> #include <stdlib.h> #include <signal.h> +#include <sys/stat.h> +#include <sys/wait.h> #ifdef USEPAM extern "C" { #include <security/pam_appl.h> } #else #include <crypt.h> #include <shadow.h> #endif #include "loginapplication.h" LoginApplication *lApp; LoginApplication::LoginApplication ( int &argc, char **argv, pid_t parentpid ) : QPEApplication ( argc, argv, GuiServer ) { lApp = this; m_parentpid = parentpid; } const char *LoginApplication::s_username = 0; #ifdef USEPAM const char *LoginApplication::s_pam_password = 0; int LoginApplication::pam_helper ( int num_msg, const struct pam_message **msg, struct pam_response **resp, void * ) { int replies = 0; struct pam_response *reply = 0; int size = sizeof( struct pam_response ); for ( int i = 0; i < num_msg; i++ ) { switch ( msg [i]-> msg_style ) { case PAM_PROMPT_ECHO_ON: // user name given to PAM already return PAM_CONV_ERR; case PAM_PROMPT_ECHO_OFF: // wants password reply = (struct pam_response *) ::realloc ( reply, size ); if ( !reply ) return PAM_CONV_ERR; size += sizeof( struct pam_response ); reply [replies]. resp_retcode = PAM_SUCCESS; reply [replies]. resp = ::strdup ( s_pam_password ); replies++; // PAM frees resp break; @@ -113,109 +115,167 @@ bool LoginApplication::checkPassword ( const char *user, const char *pass ) } #else bool LoginApplication::checkPassword ( const char *user, const char *pass ) { char *encrypted, *correct; struct passwd *pw; if ( !user || !pass ) return false; pw = ::getpwnam ( user ); if ( !pw ) return false; if (( ::strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( ::strcmp ( pw-> pw_passwd, "*" ) == 0 )) { struct spwd *sp = ::getspnam ( pw-> pw_name ); if ( !sp ) return false; correct = sp-> sp_pwdp; } else correct = pw-> pw_passwd; if ( correct == 0 || correct[0] == '\0' ) return true; encrypted = ::crypt ( pass, correct ); return ( ::strcmp ( encrypted, correct ) == 0 ); } #endif bool LoginApplication::changeIdentity ( ) { const char *DEFAULT_LOGIN_PATH = "/bin:/usr/bin"; const char *DEFAULT_ROOT_LOGIN_PATH = "/usr/sbin:/bin:/usr/bin:/sbin"; if ( !s_username ) return false; struct passwd *pw = ::getpwnam ( s_username ); if ( !pw ) return false; + // we are still root at this point - try to run the pre-session script + if ( !runRootScript ( "OPIEDIR", "share/opie-login/pre-session", s_username )) + qWarning ( "failed to run $OPIEDIR/share/opie-login/pre-session" ); + bool fail = false; fail |= ( ::initgroups ( pw-> pw_name, pw-> pw_gid )); ::endgrent ( ); fail |= ( ::setgid ( pw-> pw_gid )); fail |= ( ::setuid ( pw-> pw_uid )); fail |= ( ::chdir ( pw-> pw_dir ) && ::chdir ( "/" )); fail |= ( ::setenv ( "HOME", pw-> pw_dir, 1 )); fail |= ( ::setenv ( "SHELL", pw-> pw_shell, 1 )); fail |= ( ::setenv ( "USER", pw-> pw_name, 1 )); fail |= ( ::setenv ( "LOGNAME", pw-> pw_name, 1 )); fail |= ( ::setenv ( "PATH", ( pw-> pw_uid ? DEFAULT_LOGIN_PATH : DEFAULT_ROOT_LOGIN_PATH ), 1 )); return !fail; } bool LoginApplication::login ( ) { - char *opie = ::getenv ( "OPIEDIR" ); - char *arg = new char [::strlen ( opie ) + 8 + 1]; + execUserScript ( "HOME", ".opie-session" ); + execUserScript ( "OPIEDIR", "share/opie-login/opie-session" ); + execUserScript ( "OPIEDIR", "bin/qpe" ); + + qWarning ( "failed to start an Opie session" ); + return false; +} + +void LoginApplication::logout ( ) +{ + // we are now root again - try to run the post-session script + if ( !runRootScript ( "OPIEDIR", "share/opie-login/post-session" )) + qWarning ( "failed to run $OPIEDIR/scripts/post-session" ); +} - ::strcpy ( arg, opie ); - ::strcat ( arg, "/bin/qpe" ); - // start qpe via a login shell - ::execl ( "/bin/sh", "-sh", "-c", arg, 0 ); +static char *buildarg ( const char *base, const char *script ) +{ + const char *dir = base ? ::getenv ( base ) : "/"; + char *arg = new char [::strlen ( dir ) + ::strlen ( script ) + 2]; - return false; + ::strcpy ( arg, dir ); + ::strcat ( arg, "/" ); + ::strcat ( arg, script ); + + return arg; +} + +bool LoginApplication::runRootScript ( const char *base, const char *script, const char *param ) +{ + bool res = false; + char *arg = buildarg ( base, script ); + + struct stat st; + if (( ::stat ( arg, &st ) == 0 ) && ( st. st_uid == 0 )) { + pid_t child = ::fork ( ); + + if ( child == 0 ) { + ::execl ( "/bin/sh", "-sh", arg, param, 0 ); + ::_exit ( -1 ); + } + else if ( child > 0 ) { + int status = 0; + + while ( ::waitpid ( child, &status, 0 ) < 0 ) { } + res = ( WIFEXITED( status )) && ( WEXITSTATUS( status ) == 0 ); + } + } + + delete [] arg; + return res; +} + +void LoginApplication::execUserScript ( const char *base, const char *script ) +{ + char *arg = buildarg ( base, script ); + + struct stat st; + if ( ::stat ( arg, &st ) == 0 ) { + if ( st. st_mode & S_IXUSR ) + ::execl ( "/bin/sh", "-sh", "-c", arg, 0 ); + else + ::execl ( "/bin/sh", "-sh", arg, 0 ); + } } const char *LoginApplication::loginAs ( ) { return s_username; } void LoginApplication::setLoginAs ( const char *name ) { s_username = name; } QStringList LoginApplication::allUsers ( ) { struct passwd *pwd; QStringList sl; while (( pwd = ::getpwent ( ))) { if (( pwd-> pw_uid == 0 ) || ( pwd-> pw_uid >= 500 && pwd-> pw_uid < 65534 )) sl << QString ( pwd-> pw_name ); } ::endpwent ( ); return sl; } void LoginApplication::quitToConsole ( ) { QPEApplication::quit ( ); ::kill ( m_parentpid, SIGTERM ); } diff --git a/core/opie-login/loginapplication.h b/core/opie-login/loginapplication.h index 4e7cf79..d8264ea 100644 --- a/core/opie-login/loginapplication.h +++ b/core/opie-login/loginapplication.h @@ -1,70 +1,74 @@ /* =. This file is part of the OPIE Project .=l. Copyright (c) 2002 Robert Griebl <sandman@handhelds.org> .>+-= _;:, .> :=|. This file is free software; you can .> <`_, > . <= redistribute it and/or modify it under :`=1 )Y*s>-.-- : the terms of the GNU General Public .="- .-=="i, .._ License as published by the Free Software - . .-<_> .<> Foundation; either version 2 of the License, ._= =} : or (at your option) any later version. .%`+i> _;_. .i_,=:_. -<s. This file is distributed in the hope that + . -:. = it will be useful, but WITHOUT ANY WARRANTY; : .. .:, . . . without even the implied warranty of =_ + =;=|` MERCHANTABILITY or FITNESS FOR A _.=:. : :=>`: PARTICULAR PURPOSE. See the GNU General ..}^=.= = ; Public License for more details. ++= -. .` .: : = ...= . :.=- You should have received a copy of the GNU -. .:....=;==+<; General Public License along with this file; -_. . . )=. = see the file COPYING. If not, write to the -- :-=` Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __OPIE_LOGINAPPLICATION_H__ #define __OPIE_LOGINAPPLICATION_H__ +#include <sys/types.h> #include <qstringlist.h> - #include <qpe/qpeapplication.h> #ifdef USEPAM struct pam_message; struct pam_response; #endif class LoginApplication : public QPEApplication { public: LoginApplication ( int &argc, char **argv, pid_t parentpid ); static bool checkPassword ( const char *user, const char *password ); static const char *loginAs ( ); static void setLoginAs ( const char *user ); static bool changeIdentity ( ); static bool login ( ); + static void logout ( ); static QStringList allUsers ( ); void quitToConsole ( ); + static bool runRootScript ( const char *base, const char *script, const char *param = 0 ); + static void execUserScript ( const char *base, const char *script ); + private: static const char *s_username; #ifdef USEPAM static int pam_helper ( int num_msg, const struct pam_message **msg, struct pam_response **resp, void * ); static const char *s_pam_password; #endif private: pid_t m_parentpid; }; extern LoginApplication *lApp; #endif diff --git a/core/opie-login/main.cpp b/core/opie-login/main.cpp index 674829d..81f4d1e 100644 --- a/core/opie-login/main.cpp +++ b/core/opie-login/main.cpp @@ -17,182 +17,187 @@ ..}^=.= = ; Public License for more details. ++= -. .` .: : = ...= . :.=- You should have received a copy of the GNU -. .:....=;==+<; General Public License along with this file; -_. . . )=. = see the file COPYING. If not, write to the -- :-=` Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #define _GNU_SOURCE #include <sys/types.h> #include <time.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <syslog.h> #include <sys/wait.h> #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <getopt.h> #include <string.h> #include <qpe/qpeapplication.h> #include <qpe/qcopenvelope_qws.h> #include <qpe/qpestyle.h> #include <qpe/power.h> #include <qpe/config.h> #include <opie/odevice.h> #include <qwindowsystem_qws.h> #include <qmessagebox.h> #include <qlabel.h> #include <qtimer.h> #include <qfile.h> #include "loginapplication.h" #include "loginwindowimpl.h" #include "calibrate.h" using namespace Opie; int login_main ( int argc, char **argv, pid_t ppid ); void sigterm ( int sig ); +void sigint ( int sig ); void exit_closelog ( ); static struct option long_options [] = { { "autologin", 1, 0, 'a' }, { 0, 0, 0, 0 } }; int main ( int argc, char **argv ) { pid_t ppid = ::getpid ( ); - if ( ::geteuid ( ) != 0 ) { ::fprintf ( stderr, "%s can only be executed by root. (or chmod +s)", argv [0] ); return 1; } if ( ::getuid ( ) != 0 ) // qt doesn't really like SUID and ::setuid ( 0 ); // messes up things like config files char *autolog = 0; int c; while (( c = ::getopt_long ( argc, argv, "a:", long_options, 0 )) != -1 ) { switch ( c ) { case 'a': autolog = optarg; break; default: ::fprintf ( stderr, "Usage: %s [-a|--autologin=<user>]\n", argv [0] ); return 2; } } // struct rlimit rl; // ::getrlimit ( RLIMIT_NOFILE, &rl ); // for ( unsigned int i = 0; i < rl. rlim_cur; i++ ) // ::close ( i ); ::setpgid ( 0, 0 ); ::setsid ( ); - ::signal ( SIGTERM, sigterm ); + ::signal ( SIGTERM, sigterm ); + ::signal ( SIGINT, sigterm ); ::openlog ( "opie-login", LOG_CONS, LOG_AUTHPRIV ); ::atexit ( exit_closelog ); while ( true ) { pid_t child = ::fork ( ); if ( child < 0 ) { ::syslog ( LOG_ERR, "Could not fork GUI process\n" ); break; } else if ( child > 0 ) { int status = 0; time_t started = ::time ( 0 ); while ( ::waitpid ( child, &status, 0 ) < 0 ) { } + LoginApplication::logout ( ); + if (( ::time ( 0 ) - started ) < 3 ) { if ( autolog ) { ::syslog ( LOG_ERR, "Respawning too fast -- disabling auto-login\n" ); autolog = 0; } else { ::syslog ( LOG_ERR, "Respawning too fast -- going down\n" ); break; } } int killedbysig = 0; if ( WIFSIGNALED( status )) { switch ( WTERMSIG( status )) { case SIGINT : case SIGTERM: case SIGKILL: break; default : killedbysig = WTERMSIG( status ); break; } } if ( killedbysig ) { // qpe was killed by an uncaught signal qApp = 0; + + ::syslog ( LOG_ERR, "Opie was killed by a signal #%d", killedbysig ); QWSServer::setDesktopBackground ( QImage ( )); QApplication *app = new QApplication ( argc, argv, QApplication::GuiServer ); app-> setFont ( QFont ( "Helvetica", 10 )); app-> setStyle ( new QPEStyle ( )); const char *sig = ::strsignal ( killedbysig ); QLabel *l = new QLabel ( 0, "sig", Qt::WStyle_Customize | Qt::WStyle_NoBorder | Qt::WStyle_Tool ); l-> setText ( LoginWindowImpl::tr( "OPIE was terminated\nby an uncaught signal\n(%1)\n" ). arg ( sig )); l-> setAlignment ( Qt::AlignCenter ); l-> move ( 0, 0 ); l-> resize ( app-> desktop ( )-> width ( ), app-> desktop ( )-> height ( )); l-> show ( ); QTimer::singleShot ( 3000, app, SLOT( quit ( ))); app-> exec ( ); delete app; qApp = 0; } } else { if ( !autolog ) { Config cfg ( "opie-login" ); cfg. setGroup ( "General" ); QString user = cfg. readEntry ( "AutoLogin" ); if ( !user. isEmpty ( )) autolog = ::strdup ( user. latin1 ( )); } if ( autolog ) { LoginApplication::setLoginAs ( autolog ); if ( LoginApplication::changeIdentity ( )) ::exit ( LoginApplication::login ( )); else ::exit ( 0 ); } else ::exit ( login_main ( argc, argv, ppid )); } } return 0; } void sigterm ( int /*sig*/ ) { ::exit ( 0 ); } @@ -258,103 +263,106 @@ public: v [ 2 ] = QMAX( 1000 * i3, 100 ); v [ 3 ] = 0; if ( !i1 && !i2 && !i3 ) QWSServer::setScreenSaverInterval ( 0 ); else QWSServer::setScreenSaverIntervals ( v ); } int backlight ( ) { if ( m_backlight_bright == -1 ) m_backlight_bright = 255; return m_backlight_bright; } void setBacklight ( int bright ) { if ( bright == -3 ) { // Forced on m_backlight_forcedoff = false; bright = -1; } if ( m_backlight_forcedoff && bright != -2 ) return ; if ( bright == -2 ) { // Toggle between off and on bright = m_backlight_bright ? 0 : -1; m_backlight_forcedoff = !bright; } m_backlight_bright = bright; bright = backlight ( ); ODevice::inst ( ) -> setDisplayBrightness ( bright ); m_backlight_bright = bright; } private: bool m_lcd_status; int m_backlight_bright; bool m_backlight_forcedoff; }; +namespace Opie { extern int force_appearance; } // HACK to get around the force-style setting int login_main ( int argc, char **argv, pid_t ppid ) { QWSServer::setDesktopBackground( QImage() ); LoginApplication *app = new LoginApplication ( argc, argv, ppid ); + Opie::force_appearance = 0; + app-> setFont ( QFont ( "Helvetica", 10 )); app-> setStyle ( new QPEStyle ( )); ODevice::inst ( )-> setSoftSuspend ( true ); #if defined(QT_QWS_CASSIOPEIA) || defined(QT_QWS_IPAQ) || defined(QT_QWS_EBX) if ( !QFile::exists ( "/etc/pointercal" )) { // Make sure calibration widget starts on top. Calibrate *cal = new Calibrate; cal-> exec ( ); delete cal; } #endif LoginScreenSaver *saver = new LoginScreenSaver; saver-> setIntervals ( ); QWSServer::setScreenSaver ( saver ); saver-> restore ( ); LoginWindowImpl *lw = new LoginWindowImpl ( ); app-> setMainWidget ( lw ); lw-> setGeometry ( 0, 0, app-> desktop ( )-> width ( ), app-> desktop ( )-> height ( )); lw-> show ( ); int rc = app-> exec ( ); ODevice::inst ( )-> setSoftSuspend ( false ); if ( app-> loginAs ( )) { if ( app-> changeIdentity ( )) { app-> login ( ); // if login succeeds, it never comes back QMessageBox::critical ( 0, LoginWindowImpl::tr( "Failure" ), LoginWindowImpl::tr( "Could not start OPIE." )); rc = 1; } else { QMessageBox::critical ( 0, LoginWindowImpl::tr( "Failure" ), LoginWindowImpl::tr( "Could not switch to new user identity" )); rc = 2; } } return rc; } |