From ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6 Mon Sep 17 00:00:00 2001
From: Paul Wolneykien <wolneykien@gmail.com>
Date: Fri, 15 Oct 2021 17:29:51 +0300
Subject: Prompt-driven auth. helper

By the term "prompt-driven" I mean two-way conversation between the
screensaver dialog and the PAM stack. As you probably know, PAM works
by conversation with a dialog program asking the user to enter
something in answer to each message it sends. In the most conventional
case, the only question is "Password:" and the password is the only
data the user enters. But in general, the number of questions and
messages are not limited to that.

The previous support of PAM helper (gs-auth-helper.c) was written and
worked for the mentioned "only password" authentication scheme. For
other schemes it wasn't enough. New implementation fixes that
limitation.

Same as the previous version of gs-auth-helper.c, the new version uses
pipe interface for interprocess communication and synchronization.
However, unlike the previous version, new version uses two pipes
instead of a single pipe: the first one is used to transfer
prompt text from PAM via the helper to the screensaver dialog, and the
second one is used to transfer the user input from the dialog to
helper (and then the helper replies with it back to PAM). Having that
bidirectional prompt/reply channel it is possible to make as many
prompt/reply passes as required by PAM.

The present helper program (see the helper/ dir) is based on the
helper written by okir@suse.de, which is in turn loosely based on
unix_chkpwd by Andrew Morgan.

All new code is untabified under the assumption the tab width is 8.

Signed-off-by: Paul Wolneykien <manowar@altlinux.org>
---
 configure.ac | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 65325cd..7c203ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -816,30 +816,29 @@ fi
 #       all in xscreensaver itself; the external program just does auth.)
 
 have_passwd_helper=no
-with_passwd_helper_req=unspecified
+builtin_helper=no
 
 AC_ARG_WITH(passwd-helper,
 [  --with-passwd-helper    Include support for an external password
                           verification helper program.],
-  [with_passwd_helper="$withval"; with_passwd_helper_req="$withval"],[with_passwd_helper=no])
+  [with_passwd_helper="$withval"],[with_passwd_helper=no])
 # no HANDLE_X_PATH_ARG for this one
 
 if test "$enable_locking" = no ; then
-  with_passwd_helper_req=no
   with_passwd_helper=no
+  builtin_helper=no
 fi
 
 case "$with_passwd_helper" in
   ""|no) : ;;
   /*)
     AC_DEFINE_UNQUOTED(PASSWD_HELPER_PROGRAM, "$with_passwd_helper", [Full pathname of password helper application])
+    builtin_helper=no
     have_passwd_helper=yes;;
   *)
     echo "error: --with-passwd-helper needs full pathname of helper (not '$with_passwd_helper')." >&2
     exit 1
 esac
-AM_CONDITIONAL(HAVE_PASSWD_HELPER, test x$have_passwd_helper = xyes)
-AC_SUBST(HAVE_PASSWD_HELPER)
 
 if test "$need_setuid" = yes -a "$have_pam" != yes ; then
   NEED_SETUID=yes
@@ -863,7 +862,9 @@ if test x$enable_authentication_scheme = xpam -a x$have_pam = xno ; then
 	AC_MSG_ERROR(PAM support requested but not available)
 fi
 if test x$enable_authentication_scheme = xhelper -a x$have_passwd_helper = xno ; then
-	AC_MSG_ERROR(Password helper support requested but not available)
+    builtin_helper=yes
+    have_passwd_helper=yes
+    AC_DEFINE_UNQUOTED(PASSWD_HELPER_PROGRAM, [PKGLIBEXECDIR "/mate-screensaver-pam-helper"], [Full pathname of password helper application])
 fi
 if test x$enable_authentication_scheme = xbsdauth -a x$have_bsdauth = xno ; then
 	AC_MSG_ERROR(bsd_auth(3) support requested but not available)
@@ -892,6 +893,9 @@ else
 fi
 
 AC_SUBST(AUTH_SCHEME)
+AM_CONDITIONAL(HAVE_PASSWD_HELPER, test x$have_passwd_helper = xyes)
+AM_CONDITIONAL(BUILTIN_HELPER, test x$builtin_helper = xyes)
+AC_SUBST(HAVE_PASSWD_HELPER)
 
 dnl ---------------------------------------------------------------------------
 dnl ConsoleKit
@@ -1000,6 +1004,14 @@ if test "x$have_libnotify" = "xyes"; then
   AC_DEFINE(WITH_LIBNOTIFY, 1, [Define for libnotify support])
 fi
 
+dnl ---------------------------------------------------------------------------
+dnl glib headers for pam-helper
+dnl ---------------------------------------------------------------------------
+
+PKG_CHECK_MODULES(PAM_HELPER,
+	glib-2.0 >= $GLIB_REQUIRED_VERSION)
+AC_SUBST(PAM_HELPER_CFLAGS)
+
 dnl ---------------------------------------------------------------------------
 dnl Finish
 dnl ---------------------------------------------------------------------------
@@ -1117,6 +1129,7 @@ data/images/cosmos/Makefile
 savers/Makefile
 doc/Makefile
 doc/mate-screensaver.xml
+helper/Makefile
 ])
 
 echo "
-- 
cgit v1.2.1