--- usermode-1.92/userhelper-wrap.c.user_authen 2007-06-11 22:39:16.000000000 +0200 +++ usermode-1.92/userhelper-wrap.c 2007-08-17 10:22:29.000000000 +0200 @@ -777,7 +777,7 @@ userhelper_parse_childout(char *outline) /* Customize the label. */ if (resp->responses == 0) text = g_strdup(""); - else if (resp->service != NULL) { + else if (resp->service != NULL && strcmp(resp->service, "simple_root_authen")) { if (strcmp(resp->service, "passwd") == 0) text = g_strdup(_("Changing password.")); else if (strcmp(resp->service, "chfn") == 0) --- usermode-1.92/userhelper.c.user_authen 2007-08-17 10:22:29.000000000 +0200 +++ usermode-1.92/userhelper.c 2007-08-17 12:31:46.000000000 +0200 @@ -52,6 +52,8 @@ static gboolean selinux_enabled = FALSE; #endif +static int simple_root_authen = 0; + #include "shvar.h" #include "userhelper.h" @@ -798,7 +800,7 @@ converse_console(int num_msg, const stru if ((data->banner != NULL) && (data->domain != NULL)) { text = g_strdup_printf(dgettext(data->domain, data->banner)); } else { - if ((service != NULL) && (strlen(service) > 0)) { + if ((service != NULL) && (strlen(service) > 0) && strcmp(service, "simple_root_authen")) { if (data->fallback_allowed) { text = g_strdup_printf(_("You are attempting to run \"%s\" which may benefit from administrative\nprivileges, but more information is needed in order to do so."), service); } else { @@ -1770,7 +1772,23 @@ wrap(const char *user, const char *progr g_print("userhelper: bad file permissions: %s \n", apps_filename); #endif - exit(ERR_UNK_ERROR); + /* fall back to simple auth */ + simple_root_authen = 1; + g_free (apps_filename); + if (s != NULL) + svCloseFile(s); + apps_filename = g_strconcat(SYSCONFDIR "/security/console.apps/", "simple_root_authen", NULL); + s = svNewFile(apps_filename); + if ((s == NULL) || + (fstat(s->fd, &sbuf) == -1) || + !S_ISREG(sbuf.st_mode) || + (sbuf.st_mode & S_IWOTH)) { +#ifdef DEBUG_USERHELPER + g_print("userhelper: bad file permissions: %s \n", + apps_filename); +#endif + exit(ERR_UNK_ERROR); + } } g_free(apps_filename); @@ -2040,7 +2058,7 @@ wrap(const char *user, const char *progr /* If the user we're authenticating as has root's UID, then it's * safe to let them use HOME=~root. */ - if (pwd->pw_uid == 0) + if (pwd->pw_uid == 0 && !simple_root_authen) setenv("HOME", pwd->pw_dir, 1); else { /* Otherwise, if they had a reasonable value for HOME, let them @@ -2106,7 +2124,12 @@ wrap(const char *user, const char *progr svCloseFile(s); /* Start up PAM to authenticate the specified user. */ - retval = pam_start(program, user_pam, conv, &data->pamh); + if (simple_root_authen) { + retval = pam_start("simple_root_authen", user_pam, conv,&data->pamh); + } else { + retval = pam_start(program, user_pam, conv, &data->pamh); + } + if (retval != PAM_SUCCESS) { #ifdef DEBUG_USERHELPER g_print("userhelper: pam_start() failed\n");