From 53360dc1458f6b56bf6e939f1a8dc1645a3a141b Mon Sep 17 00:00:00 2001 From: Trumeet Date: Fri, 23 Dec 2022 23:54:53 -0800 Subject: Add a naive remote detection --- README.md | 3 ++- main.c | 33 +++++++++++++++++++++------------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index dec9818..575d2e8 100644 --- a/README.md +++ b/README.md @@ -117,7 +117,8 @@ terminal is insecure, which is what Windows RDP does regarding remote UAC consen mkdir build cd build cmake .. -sudo ./secdesktop password test # mode prompt +chown root ./secdesk && chmod 4755 ./secdesk +./secdesktop password test # mode prompt ``` The code is ugly: it is written in 4 hours. I will try to make it pretty. diff --git a/main.c b/main.c index a05f0a1..0d3a52e 100644 --- a/main.c +++ b/main.c @@ -5,6 +5,7 @@ #include #include #include +#include #include struct auth_env a_env; @@ -70,21 +71,29 @@ int main(int argc, char **argv) { sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); - int r = sd_setup(); - if (r == -1) { - sd_cleanup(); - return 13; - } - if (r) { - sd_cleanup(); + int r; + /* Very naive way to determine console and remote sessions. + * Better to use PAM_RHOST, ConsoleKit, or systemd-logind. */ + if (getenv("SSH_CONNECTION")) { r = main_consent(0); } else { - dprintf(p_env.err, "Complete authorization on TTY %d by running `chvt %d`.\n", - p_env.vt, - p_env.vt); - r = main_consent(1); - sd_cleanup(); + r = sd_setup(); + if (r == -1) { + sd_cleanup(); + return 13; + } + if (r) { + sd_cleanup(); + r = main_consent(0); + } else { + dprintf(p_env.err, "Complete authorization on TTY %d by running `chvt %d`.\n", + p_env.vt, + p_env.vt); + r = main_consent(1); + sd_cleanup(); + } } + return r; } if (chld == -1) { -- cgit v1.2.3