2017-04-06 Fred Gleason <fredg@paravelsystems.com>

* Added an rdauth(1) utility in 'utils/rdauth/'.
	* Fixed a regression in 'lib/rdcart.cpp' that caused the 'Import'
	web API call to fail with an 'unsupported format' error.

.gitignore

@@ -84,6 +84,7 @@ tests/test_pam
 tests/timer_test
 tests/upload_test
 tests/wav_chunk_test
+utils/rdauth/rdauth
 utils/rdhpiinfo/rdhpiinfo
 utils/rddgimport/rddgimport
 utils/rddiscimport/rddiscimport

ChangeLog

@@ -15716,3 +15716,7 @@
 	* Fixed a regression in 'web/rdxport/rdxport.cpp' that broke
 	the CreateTicket web API call when connecting from localhost
 	or the machines registered IP address.
+2017-04-06 Fred Gleason <fredg@paravelsystems.com>
+	* Added an rdauth(1) utility in 'utils/rdauth/'.
+	* Fixed a regression in 'lib/rdcart.cpp' that caused the 'Import'
+	web API call to fail with an 'unsupported format' error.

configure.ac

@@ -455,6 +455,7 @@ AC_CONFIG_FILES([rivendell.spec \
     cae/Makefile \
     utils/Makefile \
     utils/rdalsaconfig/Makefile \
+    utils/rdauth/Makefile \
     utils/rdcheckcuts/Makefile \
     utils/rdchunk/Makefile \
     utils/rdcleandirs/Makefile \

lib/rduser.cpp

@@ -18,6 +18,8 @@
 //   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 //
 
+#include <stdlib.h>
+
 #include <rdconf.h>
 #include <rdpam.h>
 #include <rduser.h>
@@ -66,10 +68,10 @@ bool RDUser::authenticated(bool webuser) const
     delete q;
   }
   else {
-    RDPam *pam=new RDPam(pamService());
+    QString cmd=
-    bool ret=pam->authenticate(user_name,user_password);
+      "rdauth "+pamService()+" \""+user_name+"\" \""+user_password+"\"";
-    delete pam;
+    int exitcode=system(cmd);
-    return ret;
+    return WEXITSTATUS(exitcode)==0;
   }
 
   return false;

rivendell.spec.in

@@ -212,6 +212,7 @@ rm -rf $RPM_BUILD_ROOT
 @LOCAL_PREFIX@/@RD_LIB_PATH@/rivendell/*.rlm
 @LOCAL_PREFIX@/bin/rdadmin
 @LOCAL_PREFIX@/bin/rdairplay
+%attr(6755,root,root)@LOCAL_PREFIX@/bin/rdauth
 @LOCAL_PREFIX@/bin/rdpanel
 @LOCAL_PREFIX@/bin/rdcartslots
 @LOCAL_PREFIX@/bin/rdcatch

utils/Makefile.am

@@ -28,6 +28,7 @@ if ALSA_RD_AM
 endif
 SUBDIRS = $(ALSACONFIG_RD_OPT)\
           $(HPIINFO_RD_OPT)\
+          rdauth\
           rddbcheck\
           rddgimport\
           rdcheckcuts\

utils/rdauth/Makefile.am

@@ -0,0 +1,49 @@
+## automake.am
+##
+## Automake.am for rivendell/utils/rdauth
+##
+##   (C) Copyright 2017 Fred Gleason <fredg@paravelsystems.com>
+##
+##   This program is free software; you can redistribute it and/or modify
+##   it under the terms of the GNU General Public License version 2 as
+##   published by the Free Software Foundation.
+##
+##   This program is distributed in the hope that it will be useful,
+##   but WITHOUT ANY WARRANTY; without even the implied warranty of
+##   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##   GNU General Public License for more details.
+##
+##   You should have received a copy of the GNU General Public
+##   License along with this program; if not, write to the Free Software
+##   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+##
+## Use automake to process this into a Makefile.in
+
+AM_CPPFLAGS = -Wall -DPREFIX=\"$(prefix)\" -DQTDIR=\"@QT_DIR@\" @QT_CXXFLAGS@ -I$(top_srcdir)/lib
+LIBS = @QT_LIBS@ -L$(top_srcdir)/lib
+MOC = @QT_MOC@
+
+# The dependency for qt's Meta Object Compiler (moc)
+moc_%.cpp:	%.h
+	$(MOC) $< -o $@
+
+install-exec-hook:	
+	if test -z $(DESTDIR) ; then chown root $(DESTDIR)$(prefix)/bin/rdauth ; chmod 4755 $(DESTDIR)$(prefix)/bin/rdauth ; fi
+
+bin_PROGRAMS = rdauth
+
+dist_rdauth_SOURCES = rdauth.cpp rdauth.h
+
+rdauth_LDADD = @LIB_RDLIBS@ @LIBVORBIS@
+
+CLEANFILES = *~\
+             *.idb\
+             *ilk\
+             *.obj\
+             *.pdb\
+             *.qm\
+             moc_*
+
+MAINTAINERCLEANFILES = *~\
+                       Makefile.in\
+                       moc_*

utils/rdauth/rdauth.cpp

@@ -0,0 +1,63 @@
+// rdauth.cpp
+//
+// Authenticate against a PAM service.
+//
+//   (C) Copyright 2017 Fred Gleason <fredg@paravelsystems.com>
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License version 2 as
+//   published by the Free Software Foundation.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public
+//   License along with this program; if not, write to the Free Software
+//   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+//
+
+#include <qapplication.h>
+
+#include <rdpam.h>
+
+#include "rdauth.h"
+
+MainObject::MainObject(QObject *parent)
+  :QObject(parent)
+{
+  //
+  // Read Command Options
+  //
+  QString service_name;
+  QString user;
+  QString password="";
+  RDCmdSwitch *cmd=
+    new RDCmdSwitch(qApp->argc(),qApp->argv(),"rdauth",RDAUTH_USAGE);
+  if(cmd->keys()==3) {
+    password=cmd->key(2);
+  }
+  else {
+    if(cmd->keys()!=2) {
+      fprintf(stderr,"rdauth: invalid arguments\n");
+      exit(256);
+    }
+  }
+  service_name=cmd->key(0);
+  user=cmd->key(1);
+
+  RDPam *pam=new RDPam(service_name);
+  if(pam->authenticate(user,password)) {
+    exit(0);
+  }
+  exit(1);
+}
+
+
+int main(int argc,char *argv[])
+{
+  QApplication a(argc,argv,false);
+  new MainObject();
+  return a.exec();
+}

utils/rdauth/rdauth.h

@@ -0,0 +1,42 @@
+// rdauth.h
+//
+// Authenticate against a PAM service.
+//
+//   (C) Copyright 2017 Fred Gleason <fredg@paravelsystems.com>
+//
+//   This program is free software; you can redistribute it and/or modify
+//   it under the terms of the GNU General Public License version 2 as
+//   published by the Free Software Foundation.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU General Public License for more details.
+//
+//   You should have received a copy of the GNU General Public
+//   License along with this program; if not, write to the Free Software
+//   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+//
+
+#ifndef RDAUTH_H
+#define RDAUTH_H
+
+#include <list>
+
+#include <qobject.h>
+#include <qsqldatabase.h>
+
+#include <rdconfig.h>
+#include <rdsettings.h>
+#include <rdcmd_switch.cpp>
+
+#define RDAUTH_USAGE "\n"
+
+class MainObject : public QObject
+{
+ public:
+  MainObject(QObject *parent=0);
+};
+
+
+#endif  // RDAUTH_H

web/rdxport/rdxport.cpp

@@ -52,6 +52,19 @@ Xport::Xport(QObject *parent)
   xport_config=new RDConfig();
   xport_config->load();
 
+  //
+  // Drop root permissions
+  //
+  if(setgid(xport_config->gid())<0) {
+    XmlExit("Unable to set Rivendell group",500);
+  }
+  if(setuid(xport_config->uid())<0) {
+    XmlExit("Unable to set Rivendell user",500);
+  }
+  if(getuid()==0) {
+    XmlExit("Rivendell user should never be \"root\"!",500);
+  }
+
   //
   // Open Database
   //
@@ -126,19 +139,6 @@ Xport::Xport(QObject *parent)
     XmlExit("Invalid User",403);
   }
 
-  //
-  // Drop root permissions
-  //
-  if(setgid(xport_config->gid())<0) {
-    XmlExit("Unable to set Rivendell group",500);
-  }
-  if(setuid(xport_config->uid())<0) {
-    XmlExit("Unable to set Rivendell user",500);
-  }
-  if(getuid()==0) {
-    XmlExit("Rivendell user should never be \"root\"!",500);
-  }
-
   //
   // Read Command Variable and Dispatch 
   //