summaryrefslogtreecommitdiff
authorsandman <sandman>2002-12-17 19:41:05 (UTC)
committer sandman <sandman>2002-12-17 19:41:05 (UTC)
commit0e05c298cc4e5a5d509286e31a3a863e78c76456 (patch) (side-by-side diff)
tree2a86553b593ff9690c14e1796c54c707f189fdf3
parent98f90f6ed89986485a1413c4325411e30f4c0693 (diff)
downloadopie-0e05c298cc4e5a5d509286e31a3a863e78c76456.zip
opie-0e05c298cc4e5a5d509286e31a3a863e78c76456.tar.gz
opie-0e05c298cc4e5a5d509286e31a3a863e78c76456.tar.bz2
Opie login becomes useable now:
- pre- and post-session scripts (in $OPIEDIR/share/opie-login) to fix things like device ownership to user/root - logging in now doesn't simply mean: execute bin/qpe. instead opie-login * first tries to execute ~/.opie-session * if that doesn't exist $OPIEDIR/share/opie-login/opie-session * if that fails too, execute $OPIEDIR/bin/qpe you can now handle things like ssh-agent on a per-user basis. (I'll commit the scripts later - for now it simply works like before)
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--core/opie-login/loginapplication.cpp74
-rw-r--r--core/opie-login/loginapplication.h6
-rw-r--r--core/opie-login/main.cpp12
3 files changed, 82 insertions, 10 deletions
diff --git a/core/opie-login/loginapplication.cpp b/core/opie-login/loginapplication.cpp
index 8d86a71..1facf2d 100644
--- a/core/opie-login/loginapplication.cpp
+++ b/core/opie-login/loginapplication.cpp
@@ -1,221 +1,281 @@
/*
               =. This file is part of the OPIE Project
             .=l. Copyright (c) 2002 Robert Griebl <sandman@handhelds.org>
           .>+-=
 _;:,     .>    :=|. This file is free software; you can
.> <`_,   >  .   <= redistribute it and/or modify it under
:`=1 )Y*s>-.--   : the terms of the GNU General Public
.="- .-=="i,     .._ License as published by the Free Software
 - .   .-<_>     .<> Foundation; either version 2 of the License,
     ._= =}       : or (at your option) any later version.
    .%`+i>       _;_.
    .i_,=:_.      -<s. This file is distributed in the hope that
     +  .  -:.       = it will be useful, but WITHOUT ANY WARRANTY;
    : ..    .:,     . . . without even the implied warranty of
    =_        +     =;=|` MERCHANTABILITY or FITNESS FOR A
  _.=:.       :    :=>`: PARTICULAR PURPOSE. See the GNU General
..}^=.=       =       ; Public License for more details.
++=   -.     .`     .:
 :     =  ...= . :.=- You should have received a copy of the GNU
 -.   .:....=;==+<; General Public License along with this file;
  -_. . .   )=.  = see the file COPYING. If not, write to the
    --        :-=` Free Software Foundation, Inc.,
59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
#include <pwd.h>
#include <grp.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
#ifdef USEPAM
extern "C" {
#include <security/pam_appl.h>
}
#else
#include <crypt.h>
#include <shadow.h>
#endif
#include "loginapplication.h"
LoginApplication *lApp;
LoginApplication::LoginApplication ( int &argc, char **argv, pid_t parentpid )
: QPEApplication ( argc, argv, GuiServer )
{
lApp = this;
m_parentpid = parentpid;
}
const char *LoginApplication::s_username = 0;
#ifdef USEPAM
const char *LoginApplication::s_pam_password = 0;
int LoginApplication::pam_helper ( int num_msg, const struct pam_message **msg, struct pam_response **resp, void * )
{
int replies = 0;
struct pam_response *reply = 0;
int size = sizeof( struct pam_response );
for ( int i = 0; i < num_msg; i++ ) {
switch ( msg [i]-> msg_style ) {
case PAM_PROMPT_ECHO_ON: // user name given to PAM already
return PAM_CONV_ERR;
case PAM_PROMPT_ECHO_OFF: // wants password
reply = (struct pam_response *) ::realloc ( reply, size );
if ( !reply )
return PAM_CONV_ERR;
size += sizeof( struct pam_response );
reply [replies]. resp_retcode = PAM_SUCCESS;
reply [replies]. resp = ::strdup ( s_pam_password );
replies++; // PAM frees resp
break;
case PAM_TEXT_INFO:
break;
default:
/* unknown or PAM_ERROR_MSG */
if ( reply )
::free ( reply );
return PAM_CONV_ERR;
}
}
if ( reply )
*resp = reply;
return PAM_SUCCESS;
}
bool LoginApplication::checkPassword ( const char *user, const char *pass )
{
static struct pam_conv conv = { &LoginApplication::pam_helper, 0 };
int pam_error;
pam_handle_t *pamh = 0;
pam_error = ::pam_start( "xdm", user, &conv, &pamh );
if ( pam_error == PAM_SUCCESS ) {
s_pam_password = pass;
pam_error = ::pam_authenticate ( pamh, 0 );
s_pam_password = 0;
}
::pam_end ( pamh, pam_error );
return ( pam_error == PAM_SUCCESS );
}
#else
bool LoginApplication::checkPassword ( const char *user, const char *pass )
{
char *encrypted, *correct;
struct passwd *pw;
if ( !user || !pass )
return false;
pw = ::getpwnam ( user );
if ( !pw )
return false;
if (( ::strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( ::strcmp ( pw-> pw_passwd, "*" ) == 0 )) {
struct spwd *sp = ::getspnam ( pw-> pw_name );
if ( !sp )
return false;
correct = sp-> sp_pwdp;
}
else
correct = pw-> pw_passwd;
if ( correct == 0 || correct[0] == '\0' )
return true;
encrypted = ::crypt ( pass, correct );
return ( ::strcmp ( encrypted, correct ) == 0 );
}
#endif
bool LoginApplication::changeIdentity ( )
{
const char *DEFAULT_LOGIN_PATH = "/bin:/usr/bin";
const char *DEFAULT_ROOT_LOGIN_PATH = "/usr/sbin:/bin:/usr/bin:/sbin";
if ( !s_username )
return false;
struct passwd *pw = ::getpwnam ( s_username );
if ( !pw )
return false;
+ // we are still root at this point - try to run the pre-session script
+ if ( !runRootScript ( "OPIEDIR", "share/opie-login/pre-session", s_username ))
+ qWarning ( "failed to run $OPIEDIR/share/opie-login/pre-session" );
+
bool fail = false;
fail |= ( ::initgroups ( pw-> pw_name, pw-> pw_gid ));
::endgrent ( );
fail |= ( ::setgid ( pw-> pw_gid ));
fail |= ( ::setuid ( pw-> pw_uid ));
fail |= ( ::chdir ( pw-> pw_dir ) && ::chdir ( "/" ));
fail |= ( ::setenv ( "HOME", pw-> pw_dir, 1 ));
fail |= ( ::setenv ( "SHELL", pw-> pw_shell, 1 ));
fail |= ( ::setenv ( "USER", pw-> pw_name, 1 ));
fail |= ( ::setenv ( "LOGNAME", pw-> pw_name, 1 ));
fail |= ( ::setenv ( "PATH", ( pw-> pw_uid ? DEFAULT_LOGIN_PATH : DEFAULT_ROOT_LOGIN_PATH ), 1 ));
return !fail;
}
bool LoginApplication::login ( )
{
- char *opie = ::getenv ( "OPIEDIR" );
- char *arg = new char [::strlen ( opie ) + 8 + 1];
+ execUserScript ( "HOME", ".opie-session" );
+ execUserScript ( "OPIEDIR", "share/opie-login/opie-session" );
+ execUserScript ( "OPIEDIR", "bin/qpe" );
+
+ qWarning ( "failed to start an Opie session" );
+ return false;
+}
+
+void LoginApplication::logout ( )
+{
+ // we are now root again - try to run the post-session script
+ if ( !runRootScript ( "OPIEDIR", "share/opie-login/post-session" ))
+ qWarning ( "failed to run $OPIEDIR/scripts/post-session" );
+}
- ::strcpy ( arg, opie );
- ::strcat ( arg, "/bin/qpe" );
- // start qpe via a login shell
- ::execl ( "/bin/sh", "-sh", "-c", arg, 0 );
+static char *buildarg ( const char *base, const char *script )
+{
+ const char *dir = base ? ::getenv ( base ) : "/";
+ char *arg = new char [::strlen ( dir ) + ::strlen ( script ) + 2];
- return false;
+ ::strcpy ( arg, dir );
+ ::strcat ( arg, "/" );
+ ::strcat ( arg, script );
+
+ return arg;
+}
+
+bool LoginApplication::runRootScript ( const char *base, const char *script, const char *param )
+{
+ bool res = false;
+ char *arg = buildarg ( base, script );
+
+ struct stat st;
+ if (( ::stat ( arg, &st ) == 0 ) && ( st. st_uid == 0 )) {
+ pid_t child = ::fork ( );
+
+ if ( child == 0 ) {
+ ::execl ( "/bin/sh", "-sh", arg, param, 0 );
+ ::_exit ( -1 );
+ }
+ else if ( child > 0 ) {
+ int status = 0;
+
+ while ( ::waitpid ( child, &status, 0 ) < 0 ) { }
+ res = ( WIFEXITED( status )) && ( WEXITSTATUS( status ) == 0 );
+ }
+ }
+
+ delete [] arg;
+ return res;
+}
+
+void LoginApplication::execUserScript ( const char *base, const char *script )
+{
+ char *arg = buildarg ( base, script );
+
+ struct stat st;
+ if ( ::stat ( arg, &st ) == 0 ) {
+ if ( st. st_mode & S_IXUSR )
+ ::execl ( "/bin/sh", "-sh", "-c", arg, 0 );
+ else
+ ::execl ( "/bin/sh", "-sh", arg, 0 );
+ }
}
const char *LoginApplication::loginAs ( )
{
return s_username;
}
void LoginApplication::setLoginAs ( const char *name )
{
s_username = name;
}
QStringList LoginApplication::allUsers ( )
{
struct passwd *pwd;
QStringList sl;
while (( pwd = ::getpwent ( ))) {
if (( pwd-> pw_uid == 0 ) || ( pwd-> pw_uid >= 500 && pwd-> pw_uid < 65534 ))
sl << QString ( pwd-> pw_name );
}
::endpwent ( );
return sl;
}
void LoginApplication::quitToConsole ( )
{
QPEApplication::quit ( );
::kill ( m_parentpid, SIGTERM );
}
diff --git a/core/opie-login/loginapplication.h b/core/opie-login/loginapplication.h
index 4e7cf79..d8264ea 100644
--- a/core/opie-login/loginapplication.h
+++ b/core/opie-login/loginapplication.h
@@ -1,70 +1,74 @@
/*
               =. This file is part of the OPIE Project
             .=l. Copyright (c) 2002 Robert Griebl <sandman@handhelds.org>
           .>+-=
 _;:,     .>    :=|. This file is free software; you can
.> <`_,   >  .   <= redistribute it and/or modify it under
:`=1 )Y*s>-.--   : the terms of the GNU General Public
.="- .-=="i,     .._ License as published by the Free Software
 - .   .-<_>     .<> Foundation; either version 2 of the License,
     ._= =}       : or (at your option) any later version.
    .%`+i>       _;_.
    .i_,=:_.      -<s. This file is distributed in the hope that
     +  .  -:.       = it will be useful, but WITHOUT ANY WARRANTY;
    : ..    .:,     . . . without even the implied warranty of
    =_        +     =;=|` MERCHANTABILITY or FITNESS FOR A
  _.=:.       :    :=>`: PARTICULAR PURPOSE. See the GNU General
..}^=.=       =       ; Public License for more details.
++=   -.     .`     .:
 :     =  ...= . :.=- You should have received a copy of the GNU
 -.   .:....=;==+<; General Public License along with this file;
  -_. . .   )=.  = see the file COPYING. If not, write to the
    --        :-=` Free Software Foundation, Inc.,
59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
#ifndef __OPIE_LOGINAPPLICATION_H__
#define __OPIE_LOGINAPPLICATION_H__
+#include <sys/types.h>
#include <qstringlist.h>
-
#include <qpe/qpeapplication.h>
#ifdef USEPAM
struct pam_message;
struct pam_response;
#endif
class LoginApplication : public QPEApplication {
public:
LoginApplication ( int &argc, char **argv, pid_t parentpid );
static bool checkPassword ( const char *user, const char *password );
static const char *loginAs ( );
static void setLoginAs ( const char *user );
static bool changeIdentity ( );
static bool login ( );
+ static void logout ( );
static QStringList allUsers ( );
void quitToConsole ( );
+ static bool runRootScript ( const char *base, const char *script, const char *param = 0 );
+ static void execUserScript ( const char *base, const char *script );
+
private:
static const char *s_username;
#ifdef USEPAM
static int pam_helper ( int num_msg, const struct pam_message **msg, struct pam_response **resp, void * );
static const char *s_pam_password;
#endif
private:
pid_t m_parentpid;
};
extern LoginApplication *lApp;
#endif
diff --git a/core/opie-login/main.cpp b/core/opie-login/main.cpp
index 674829d..81f4d1e 100644
--- a/core/opie-login/main.cpp
+++ b/core/opie-login/main.cpp
@@ -1,360 +1,368 @@
/*
               =. This file is part of the OPIE Project
             .=l. Copyright (c) 2002 Robert Griebl <sandman@handhelds.org>
           .>+-=
 _;:,     .>    :=|. This file is free software; you can
.> <`_,   >  .   <= redistribute it and/or modify it under
:`=1 )Y*s>-.--   : the terms of the GNU General Public
.="- .-=="i,     .._ License as published by the Free Software
 - .   .-<_>     .<> Foundation; either version 2 of the License,
     ._= =}       : or (at your option) any later version.
    .%`+i>       _;_.
    .i_,=:_.      -<s. This file is distributed in the hope that
     +  .  -:.       = it will be useful, but WITHOUT ANY WARRANTY;
    : ..    .:,     . . . without even the implied warranty of
    =_        +     =;=|` MERCHANTABILITY or FITNESS FOR A
  _.=:.       :    :=>`: PARTICULAR PURPOSE. See the GNU General
..}^=.=       =       ; Public License for more details.
++=   -.     .`     .:
 :     =  ...= . :.=- You should have received a copy of the GNU
 -.   .:....=;==+<; General Public License along with this file;
  -_. . .   )=.  = see the file COPYING. If not, write to the
    --        :-=` Free Software Foundation, Inc.,
59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
#define _GNU_SOURCE
#include <sys/types.h>
#include <time.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <unistd.h>
#include <syslog.h>
#include <sys/wait.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <getopt.h>
#include <string.h>
#include <qpe/qpeapplication.h>
#include <qpe/qcopenvelope_qws.h>
#include <qpe/qpestyle.h>
#include <qpe/power.h>
#include <qpe/config.h>
#include <opie/odevice.h>
#include <qwindowsystem_qws.h>
#include <qmessagebox.h>
#include <qlabel.h>
#include <qtimer.h>
#include <qfile.h>
#include "loginapplication.h"
#include "loginwindowimpl.h"
#include "calibrate.h"
using namespace Opie;
int login_main ( int argc, char **argv, pid_t ppid );
void sigterm ( int sig );
+void sigint ( int sig );
void exit_closelog ( );
static struct option long_options [] = {
{ "autologin", 1, 0, 'a' },
{ 0, 0, 0, 0 }
};
int main ( int argc, char **argv )
{
pid_t ppid = ::getpid ( );
-
if ( ::geteuid ( ) != 0 ) {
::fprintf ( stderr, "%s can only be executed by root. (or chmod +s)", argv [0] );
return 1;
}
if ( ::getuid ( ) != 0 ) // qt doesn't really like SUID and
::setuid ( 0 ); // messes up things like config files
char *autolog = 0;
int c;
while (( c = ::getopt_long ( argc, argv, "a:", long_options, 0 )) != -1 ) {
switch ( c ) {
case 'a':
autolog = optarg;
break;
default:
::fprintf ( stderr, "Usage: %s [-a|--autologin=<user>]\n", argv [0] );
return 2;
}
}
// struct rlimit rl;
// ::getrlimit ( RLIMIT_NOFILE, &rl );
// for ( unsigned int i = 0; i < rl. rlim_cur; i++ )
// ::close ( i );
::setpgid ( 0, 0 );
::setsid ( );
- ::signal ( SIGTERM, sigterm );
+ ::signal ( SIGTERM, sigterm );
+ ::signal ( SIGINT, sigterm );
::openlog ( "opie-login", LOG_CONS, LOG_AUTHPRIV );
::atexit ( exit_closelog );
while ( true ) {
pid_t child = ::fork ( );
if ( child < 0 ) {
::syslog ( LOG_ERR, "Could not fork GUI process\n" );
break;
}
else if ( child > 0 ) {
int status = 0;
time_t started = ::time ( 0 );
while ( ::waitpid ( child, &status, 0 ) < 0 ) { }
+ LoginApplication::logout ( );
+
if (( ::time ( 0 ) - started ) < 3 ) {
if ( autolog ) {
::syslog ( LOG_ERR, "Respawning too fast -- disabling auto-login\n" );
autolog = 0;
}
else {
::syslog ( LOG_ERR, "Respawning too fast -- going down\n" );
break;
}
}
int killedbysig = 0;
if ( WIFSIGNALED( status )) {
switch ( WTERMSIG( status )) {
case SIGINT :
case SIGTERM:
case SIGKILL:
break;
default :
killedbysig = WTERMSIG( status );
break;
}
}
if ( killedbysig ) { // qpe was killed by an uncaught signal
qApp = 0;
+
+ ::syslog ( LOG_ERR, "Opie was killed by a signal #%d", killedbysig );
QWSServer::setDesktopBackground ( QImage ( ));
QApplication *app = new QApplication ( argc, argv, QApplication::GuiServer );
app-> setFont ( QFont ( "Helvetica", 10 ));
app-> setStyle ( new QPEStyle ( ));
const char *sig = ::strsignal ( killedbysig );
QLabel *l = new QLabel ( 0, "sig", Qt::WStyle_Customize | Qt::WStyle_NoBorder | Qt::WStyle_Tool );
l-> setText ( LoginWindowImpl::tr( "OPIE was terminated\nby an uncaught signal\n(%1)\n" ). arg ( sig ));
l-> setAlignment ( Qt::AlignCenter );
l-> move ( 0, 0 );
l-> resize ( app-> desktop ( )-> width ( ), app-> desktop ( )-> height ( ));
l-> show ( );
QTimer::singleShot ( 3000, app, SLOT( quit ( )));
app-> exec ( );
delete app;
qApp = 0;
}
}
else {
if ( !autolog ) {
Config cfg ( "opie-login" );
cfg. setGroup ( "General" );
QString user = cfg. readEntry ( "AutoLogin" );
if ( !user. isEmpty ( ))
autolog = ::strdup ( user. latin1 ( ));
}
if ( autolog ) {
LoginApplication::setLoginAs ( autolog );
if ( LoginApplication::changeIdentity ( ))
::exit ( LoginApplication::login ( ));
else
::exit ( 0 );
}
else
::exit ( login_main ( argc, argv, ppid ));
}
}
return 0;
}
void sigterm ( int /*sig*/ )
{
::exit ( 0 );
}
void exit_closelog ( )
{
::closelog ( );
}
class LoginScreenSaver : public QWSScreenSaver
{
public:
LoginScreenSaver ( )
{
m_lcd_status = true;
m_backlight_bright = -1;
m_backlight_forcedoff = false;
// Make sure the LCD is in fact on, (if opie was killed while the LCD is off it would still be off)
ODevice::inst ( )-> setDisplayStatus ( true );
}
void restore()
{
if ( !m_lcd_status ) // We must have turned it off
ODevice::inst ( ) -> setDisplayStatus ( true );
setBacklight ( -3 );
}
bool save( int level )
{
switch ( level ) {
case 0:
if ( backlight() > 1 )
setBacklight( 1 ); // lowest non-off
return true;
break;
case 1:
setBacklight( 0 ); // off
return true;
break;
case 2:
// We're going to suspend the whole machine
if ( PowerStatusManager::readStatus().acStatus() != PowerStatus::Online ) {
QWSServer::sendKeyEvent( 0xffff, Qt::Key_F34, FALSE, TRUE, FALSE );
return true;
}
break;
}
return false;
}
private:
public:
void setIntervals( int i1 = 30, int i2 = 20, int i3 = 60 )
{
int v [4];
v [ 0 ] = QMAX( 1000 * i1, 100 );
v [ 1 ] = QMAX( 1000 * i2, 100 );
v [ 2 ] = QMAX( 1000 * i3, 100 );
v [ 3 ] = 0;
if ( !i1 && !i2 && !i3 )
QWSServer::setScreenSaverInterval ( 0 );
else
QWSServer::setScreenSaverIntervals ( v );
}
int backlight ( )
{
if ( m_backlight_bright == -1 )
m_backlight_bright = 255;
return m_backlight_bright;
}
void setBacklight ( int bright )
{
if ( bright == -3 ) {
// Forced on
m_backlight_forcedoff = false;
bright = -1;
}
if ( m_backlight_forcedoff && bright != -2 )
return ;
if ( bright == -2 ) {
// Toggle between off and on
bright = m_backlight_bright ? 0 : -1;
m_backlight_forcedoff = !bright;
}
m_backlight_bright = bright;
bright = backlight ( );
ODevice::inst ( ) -> setDisplayBrightness ( bright );
m_backlight_bright = bright;
}
private:
bool m_lcd_status;
int m_backlight_bright;
bool m_backlight_forcedoff;
};
+namespace Opie { extern int force_appearance; } // HACK to get around the force-style setting
int login_main ( int argc, char **argv, pid_t ppid )
{
QWSServer::setDesktopBackground( QImage() );
LoginApplication *app = new LoginApplication ( argc, argv, ppid );
+ Opie::force_appearance = 0;
+
app-> setFont ( QFont ( "Helvetica", 10 ));
app-> setStyle ( new QPEStyle ( ));
ODevice::inst ( )-> setSoftSuspend ( true );
#if defined(QT_QWS_CASSIOPEIA) || defined(QT_QWS_IPAQ) || defined(QT_QWS_EBX)
if ( !QFile::exists ( "/etc/pointercal" )) {
// Make sure calibration widget starts on top.
Calibrate *cal = new Calibrate;
cal-> exec ( );
delete cal;
}
#endif
LoginScreenSaver *saver = new LoginScreenSaver;
saver-> setIntervals ( );
QWSServer::setScreenSaver ( saver );
saver-> restore ( );
LoginWindowImpl *lw = new LoginWindowImpl ( );
app-> setMainWidget ( lw );
lw-> setGeometry ( 0, 0, app-> desktop ( )-> width ( ), app-> desktop ( )-> height ( ));
lw-> show ( );
int rc = app-> exec ( );
ODevice::inst ( )-> setSoftSuspend ( false );
if ( app-> loginAs ( )) {
if ( app-> changeIdentity ( )) {
app-> login ( );
// if login succeeds, it never comes back
QMessageBox::critical ( 0, LoginWindowImpl::tr( "Failure" ), LoginWindowImpl::tr( "Could not start OPIE." ));
rc = 1;
}
else {
QMessageBox::critical ( 0, LoginWindowImpl::tr( "Failure" ), LoginWindowImpl::tr( "Could not switch to new user identity" ));
rc = 2;
}
}
return rc;
}