Re: GNOME System Monitor will use libgnomesu

[Carlos Garnacho <carlos_garnacho yahoo es>]

Hi :)

 --- Hongli Lai <h lai chello nl> escribió: 
> Carlos Garnacho wrote:
> > which is exactly the technical problem? GST handles both su and ssh
> > quite successfully, and my authentication thingy try (system-auth-agent)
> > does this too in a g_spawn fashion.
> 
> You want the child process's stdin and stdout. However, su and ssh both 
> use stdout to provide information, and read their password from the 
> terminal. How do you detect whether your password is wrong? You read 
> su/ssh's output and check whether it contains 'Incorrect password'. But 
> what if the login actually succeeded, and the child process outputs 
> 'Incorrect password', not su/ssh?

This is a really side case, right? :), For regular su you can waitpid for 
it and check error codes, but it's not the same for ssh, though...

Anyway, while comunicating with command line tools sucks widely (I quite 
agree with this :), it's not an obstacle for returning the file descriptors
after doing authentication.

> 
> And how do you know the login succeeded? What if you want to immediately 
> return after the login succeeded, and you don't care about the child's 
> output? You can't do that with plain su/ssh, unless you don't check for 
> 'Incorrect password' either.

And I guess that your su replacement check that the password is wrong, right? 
it's quite important, despite of having to parse commands output, reading 
custom output or anything like that.

BTW, you can check that the authentication has suceeded and then close the 
pipes before returning.

> 
> And furthermore, it's very difficult to correctly use a pseudo terminal.
> I wrote a program which communicates with 'su' using a pseudo terminal 
> (using getpt() and grandpt(); this program is not related to 
> libgnomesu). For some reason, on my computer (FC1), I can't read 
> anything from pseudo terminal after su prints the 'Password:' prompt, if 
> the login succeeded. So if the child process prints something, I can't 
> read it. The strange thing is, I *can* read if the login failed. I 
> checked my code 10 times and I went through all the manuals and 
> tutorials I can find, and I couldn't figure out why it doesn't work.
> The su implementations on different distributions tend to behave 
> differently. For example, on Slackware systems without Dropline, su 
> insists on reading the password from the *real* terminal, not the pseudo 
> terminal I created. Installing Dropline (and PAM) mysteriously fixed the 
> problem. On some distributions, getpt() just fails for no good reason. 
> And there are other distributions which show other problems.

GST uses forkpty() for doing comunication and (while I agree that it's a 
bit bitchy :), I've tested it personally and successfully in Redhat 9, 
Fedora Core 1 and 2, Slackware 9.1 and 10 (no Dropline), Gentoo, Debian woody, 
sarge and sid, Suse 9.0 and 9.1, Mandrake 9.0, 9.1 and 10 and FreeBSD 5.2. 

The worst (and maybe only) problems where found with FreeBSD, where I had to play
with the terminal attributes (more concretely, with echo enabling/disabling)

> 
> Back to libgnomesu. I've thoroughly investigated GST's, kdesu's and 
> gtksu's source code while writing libgnomesu. My first attempt was to 
> use pipes, but newer su's don't like it. forkpty() somehow worked, but 
> doesn't work on post-RedHat 7 systems. getpt() is apparently not 
> available on FreeBSD: GST uses a different function. But that function 
> doesn't seem to work well with all su implementations. There doesn't 
> seem to be any other portable functions for creating a pseudo terminal.
> 
> Eventually I gave up and just modified GNU su.

And even then you can't return file descriptors pointing to the auth 
process?

       Regards

> _______________________________________________
> desktop-devel-list mailing list
> desktop-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/desktop-devel-list
>  


	
	
		
______________________________________________ 
Renovamos el Correo Yahoo!: ¡250 MB GRATIS! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es