diff options
| author | Trumeet <yuuta@yuuta.moe> | 2022-12-23 23:54:53 -0800 |
|---|---|---|
| committer | Trumeet <yuuta@yuuta.moe> | 2022-12-23 23:54:53 -0800 |
| commit | 53360dc1458f6b56bf6e939f1a8dc1645a3a141b (patch) | |
| tree | e2e8945434c904b84a0d944959a02c37a83fb78c | |
| parent | 213ef024f69c2509a774540d5a3e2d5a28c47dac (diff) | |
| download | secdesk-53360dc1458f6b56bf6e939f1a8dc1645a3a141b.tar secdesk-53360dc1458f6b56bf6e939f1a8dc1645a3a141b.tar.gz secdesk-53360dc1458f6b56bf6e939f1a8dc1645a3a141b.tar.bz2 secdesk-53360dc1458f6b56bf6e939f1a8dc1645a3a141b.zip | |
Add a naive remote detection
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | main.c | 33 |
2 files changed, 23 insertions, 13 deletions
@@ -117,7 +117,8 @@ terminal is insecure, which is what Windows RDP does regarding remote UAC consen mkdir build cd build cmake .. -sudo ./secdesktop password test # mode prompt +chown root ./secdesk && chmod 4755 ./secdesk +./secdesktop password test # mode prompt ``` The code is ugly: it is written in 4 hours. I will try to make it pretty. @@ -5,6 +5,7 @@ #include <string.h> #include <signal.h> #include <errno.h> +#include <stdlib.h> #include <sys/wait.h> struct auth_env a_env; @@ -70,21 +71,29 @@ int main(int argc, char **argv) { sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); - int r = sd_setup(); - if (r == -1) { - sd_cleanup(); - return 13; - } - if (r) { - sd_cleanup(); + int r; + /* Very naive way to determine console and remote sessions. + * Better to use PAM_RHOST, ConsoleKit, or systemd-logind. */ + if (getenv("SSH_CONNECTION")) { r = main_consent(0); } else { - dprintf(p_env.err, "Complete authorization on TTY %d by running `chvt %d`.\n", - p_env.vt, - p_env.vt); - r = main_consent(1); - sd_cleanup(); + r = sd_setup(); + if (r == -1) { + sd_cleanup(); + return 13; + } + if (r) { + sd_cleanup(); + r = main_consent(0); + } else { + dprintf(p_env.err, "Complete authorization on TTY %d by running `chvt %d`.\n", + p_env.vt, + p_env.vt); + r = main_consent(1); + sd_cleanup(); + } } + return r; } if (chld == -1) { |