From 0eda6b79fc184d0af9cfd1e923207e597c84cb95 Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paraelsystems.com>
Date: Thu, 6 Apr 2017 15:26:30 -0400
Subject: [PATCH] 2017-04-06 Fred Gleason <fredg@paravelsystems.com> 	*
 Added an rdauth(1) utility in 'utils/rdauth/'. 	* Fixed a regression
 in 'lib/rdcart.cpp' that caused the 'Import' 	web API call to fail with an
 'unsupported format' error.

---
 .gitignore               |  1 +
 ChangeLog                |  4 +++
 configure.ac             |  1 +
 lib/rduser.cpp           | 10 ++++---
 rivendell.spec.in        |  1 +
 utils/Makefile.am        |  1 +
 utils/rdauth/Makefile.am | 49 +++++++++++++++++++++++++++++++
 utils/rdauth/rdauth.cpp  | 63 ++++++++++++++++++++++++++++++++++++++++
 utils/rdauth/rdauth.h    | 42 +++++++++++++++++++++++++++
 web/rdxport/rdxport.cpp  | 26 ++++++++---------
 10 files changed, 181 insertions(+), 17 deletions(-)
 create mode 100644 utils/rdauth/Makefile.am
 create mode 100644 utils/rdauth/rdauth.cpp
 create mode 100644 utils/rdauth/rdauth.h

diff --git a/.gitignore b/.gitignore
index f9fc4e2e..1df989de 100644
--- a/.gitignore
+++ b/.gitignore
@@ -84,6 +84,7 @@ tests/test_pam
 tests/timer_test
 tests/upload_test
 tests/wav_chunk_test
+utils/rdauth/rdauth
 utils/rdhpiinfo/rdhpiinfo
 utils/rddgimport/rddgimport
 utils/rddiscimport/rddiscimport
diff --git a/ChangeLog b/ChangeLog
index eb408806..b910d0b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15716,3 +15716,7 @@
 	* Fixed a regression in 'web/rdxport/rdxport.cpp' that broke
 	the CreateTicket web API call when connecting from localhost
 	or the machines registered IP address.
+2017-04-06 Fred Gleason <fredg@paravelsystems.com>
+	* Added an rdauth(1) utility in 'utils/rdauth/'.
+	* Fixed a regression in 'lib/rdcart.cpp' that caused the 'Import'
+	web API call to fail with an 'unsupported format' error.
diff --git a/configure.ac b/configure.ac
index abd66f52..52815ef6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -455,6 +455,7 @@ AC_CONFIG_FILES([rivendell.spec \
     cae/Makefile \
     utils/Makefile \
     utils/rdalsaconfig/Makefile \
+    utils/rdauth/Makefile \
     utils/rdcheckcuts/Makefile \
     utils/rdchunk/Makefile \
     utils/rdcleandirs/Makefile \
diff --git a/lib/rduser.cpp b/lib/rduser.cpp
index f58388ca..7a6fc6c9 100644
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@@ -18,6 +18,8 @@
 //   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 //
 
+#include <stdlib.h>
+
 #include <rdconf.h>
 #include <rdpam.h>
 #include <rduser.h>
@@ -66,10 +68,10 @@ bool RDUser::authenticated(bool webuser) const
     delete q;
   }
   else {
-    RDPam *pam=new RDPam(pamService());
-    bool ret=pam->authenticate(user_name,user_password);
-    delete pam;
-    return ret;
+    QString cmd=
+      "rdauth "+pamService()+" \""+user_name+"\" \""+user_password+"\"";
+    int exitcode=system(cmd);
+    return WEXITSTATUS(exitcode)==0;
   }
 
   return false;
diff --git a/rivendell.spec.in b/rivendell.spec.in
index 65580daf..8fbe5e42 100644
--- a/rivendell.spec.in
+++ b/rivendell.spec.in
@@ -212,6 +212,7 @@ rm -rf $RPM_BUILD_ROOT
 @LOCAL_PREFIX@/@RD_LIB_PATH@/rivendell/*.rlm
 @LOCAL_PREFIX@/bin/rdadmin
 @LOCAL_PREFIX@/bin/rdairplay
+%attr(6755,root,root)@LOCAL_PREFIX@/bin/rdauth
 @LOCAL_PREFIX@/bin/rdpanel
 @LOCAL_PREFIX@/bin/rdcartslots
 @LOCAL_PREFIX@/bin/rdcatch
diff --git a/utils/Makefile.am b/utils/Makefile.am
index 29c964a3..29008e5b 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -28,6 +28,7 @@ if ALSA_RD_AM
 endif
 SUBDIRS = $(ALSACONFIG_RD_OPT)\
           $(HPIINFO_RD_OPT)\
+          rdauth\
           rddbcheck\
           rddgimport\
           rdcheckcuts\
diff --git a/utils/rdauth/Makefile.am b/utils/rdauth/Makefile.am
new file mode 100644
index 00000000..141b7a84
--- /dev/null
+++ b/utils/rdauth/Makefile.am
@@ -0,0 +1,49 @@
+## automake.am
+##
+## Automake.am for rivendell/utils/rdauth
+##
+##   (C) Copyright 2017 Fred Gleason <fredg@paravelsystems.com>
+##
+##   This program is free software; you can redistribute it and/or modify
+##   it under the terms of the GNU General Public License version 2 as
+##   published by the Free Software Foundation.
+##
+##   This program is distributed in the hope that it will be useful,
+##   but WITHOUT ANY WARRANTY; without even the implied warranty of
+##   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##   GNU General Public License for more details.
+##
+##   You should have received a copy of the GNU General Public
+##   License along with this program; if not, write to the Free Software
+##   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+##
+## Use automake to process this into a Makefile.in
+
+AM_CPPFLAGS = -Wall -DPREFIX=\"$(prefix)\" -DQTDIR=\"@QT_DIR@\" @QT_CXXFLAGS@ -I$(top_srcdir)/lib
+LIBS = @QT_LIBS@ -L$(top_srcdir)/lib
+MOC = @QT_MOC@
+
+# The dependency for qt's Meta Object Compiler (moc)
+moc_%.cpp:	%.h
+	$(MOC) $< -o $@
+
+install-exec-hook:	
+	if test -z $(DESTDIR) ; then chown root $(DESTDIR)$(prefix)/bin/rdauth ; chmod 4755 $(DESTDIR)$(prefix)/bin/rdauth ; fi
+
+bin_PROGRAMS = rdauth
+
+dist_rdauth_SOURCES = rdauth.cpp rdauth.h
+
+rdauth_LDADD = @LIB_RDLIBS@ @LIBVORBIS@
+
+CLEANFILES = *~\
+             *.idb\
+             *ilk\
+             *.obj\
+             *.pdb\
+             *.qm\
+             moc_*
+
+MAINTAINERCLEANFILES = *~\
+                       Makefile.in\
+                       moc_*
diff --git a/utils/rdauth/rdauth.cpp b/utils/rdauth/rdauth.cpp
new file mode 100644
index 00000000..3259a6f3
--- /dev/null
+++ b/utils/rdauth/rdauth.cpp
@@ -0,0 +1,63 @@
+// rdauth.cpp
+//
+// Authenticate against a PAM service.
+//
+//   (C) Copyright 2017 Fred Gleason <fredg@paravelsystems.com>
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License version 2 as
+//   published by the Free Software Foundation.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public
+//   License along with this program; if not, write to the Free Software
+//   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+//
+
+#include <qapplication.h>
+
+#include <rdpam.h>
+
+#include "rdauth.h"
+
+MainObject::MainObject(QObject *parent)
+  :QObject(parent)
+{
+  //
+  // Read Command Options
+  //
+  QString service_name;
+  QString user;
+  QString password="";
+  RDCmdSwitch *cmd=
+    new RDCmdSwitch(qApp->argc(),qApp->argv(),"rdauth",RDAUTH_USAGE);
+  if(cmd->keys()==3) {
+    password=cmd->key(2);
+  }
+  else {
+    if(cmd->keys()!=2) {
+      fprintf(stderr,"rdauth: invalid arguments\n");
+      exit(256);
+    }
+  }
+  service_name=cmd->key(0);
+  user=cmd->key(1);
+
+  RDPam *pam=new RDPam(service_name);
+  if(pam->authenticate(user,password)) {
+    exit(0);
+  }
+  exit(1);
+}
+
+
+int main(int argc,char *argv[])
+{
+  QApplication a(argc,argv,false);
+  new MainObject();
+  return a.exec();
+}
diff --git a/utils/rdauth/rdauth.h b/utils/rdauth/rdauth.h
new file mode 100644
index 00000000..b38bc8d0
--- /dev/null
+++ b/utils/rdauth/rdauth.h
@@ -0,0 +1,42 @@
+// rdauth.h
+//
+// Authenticate against a PAM service.
+//
+//   (C) Copyright 2017 Fred Gleason <fredg@paravelsystems.com>
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License version 2 as
+//   published by the Free Software Foundation.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public
+//   License along with this program; if not, write to the Free Software
+//   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+//
+
+#ifndef RDAUTH_H
+#define RDAUTH_H
+
+#include <list>
+
+#include <qobject.h>
+#include <qsqldatabase.h>
+
+#include <rdconfig.h>
+#include <rdsettings.h>
+#include <rdcmd_switch.cpp>
+
+#define RDAUTH_USAGE "\n"
+
+class MainObject : public QObject
+{
+ public:
+  MainObject(QObject *parent=0);
+};
+
+
+#endif  // RDAUTH_H
diff --git a/web/rdxport/rdxport.cpp b/web/rdxport/rdxport.cpp
index 20a0ba48..ff7292f5 100644
--- a/web/rdxport/rdxport.cpp
+++ b/web/rdxport/rdxport.cpp
@@ -52,6 +52,19 @@ Xport::Xport(QObject *parent)
   xport_config=new RDConfig();
   xport_config->load();
 
+  //
+  // Drop root permissions
+  //
+  if(setgid(xport_config->gid())<0) {
+    XmlExit("Unable to set Rivendell group",500);
+  }
+  if(setuid(xport_config->uid())<0) {
+    XmlExit("Unable to set Rivendell user",500);
+  }
+  if(getuid()==0) {
+    XmlExit("Rivendell user should never be \"root\"!",500);
+  }
+
   //
   // Open Database
   //
@@ -126,19 +139,6 @@ Xport::Xport(QObject *parent)
     XmlExit("Invalid User",403);
   }
 
-  //
-  // Drop root permissions
-  //
-  if(setgid(xport_config->gid())<0) {
-    XmlExit("Unable to set Rivendell group",500);
-  }
-  if(setuid(xport_config->uid())<0) {
-    XmlExit("Unable to set Rivendell user",500);
-  }
-  if(getuid()==0) {
-    XmlExit("Rivendell user should never be \"root\"!",500);
-  }
-
   //
   // Read Command Variable and Dispatch 
   //