diff options
author | Brian Cameron <brian.cameron@sun.com> | 2006-09-22 23:11:26 +0000 |
---|---|---|
committer | Brian Cameron <bcameron@src.gnome.org> | 2006-09-22 23:11:26 +0000 |
commit | b69b8bafe1d0a070d24546996f59cb4194f1e963 (patch) | |
tree | 66ffaa42e7f152d288f74b634e52e485033a99cb | |
parent | a73f0e6bec93eceb7aef81be3cf6d6d872f5629d (diff) | |
download | gdm-b69b8bafe1d0a070d24546996f59cb4194f1e963.tar.gz |
Now gdm.conf has SupportAutomount option which, when turned on, changes
2006-09-22 Brian Cameron <brian.cameron@sun.com>
* config/gdm.conf.in, daemon/filecheck.c, daemon/gdm.h
daemon/gdmconfig.c, docs/C/gdm.xml: Now gdm.conf has
SupportAutomount option which, when turned on, changes
the way that GDM accessess the user's $HOME/.dmrc file
so that automounted $HOME directories can be configured
to work even with the automounter isn't started with
the --ghost option. This feature is off by default.
This addresses RFE bug #356869. Patch by
Jerzy Borkowski <jubork@ncac.torun.pl>.
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | config/gdm.conf.in | 2 | ||||
-rw-r--r-- | daemon/filecheck.c | 14 | ||||
-rw-r--r-- | daemon/gdm.h | 1 | ||||
-rw-r--r-- | daemon/gdmconfig.c | 2 | ||||
-rw-r--r-- | docs/C/gdm.xml | 15 |
6 files changed, 45 insertions, 1 deletions
@@ -1,3 +1,15 @@ +2006-09-22 Brian Cameron <brian.cameron@sun.com> + + * config/gdm.conf.in, daemon/filecheck.c, daemon/gdm.h + daemon/gdmconfig.c, docs/C/gdm.xml: Now gdm.conf has + SupportAutomount option which, when turned on, changes + the way that GDM accessess the user's $HOME/.dmrc file + so that automounted $HOME directories can be configured + to work even with the automounter isn't started with + the --ghost option. This feature is off by default. + This addresses RFE bug #356869. Patch by + Jerzy Borkowski <jubork@ncac.torun.pl>. + 2006-09-11 Brian Cameron <brian.cameron@sun.com> * daemon/gdm.c: Move call to get GDM_KEY_SYSTEM_MENU diff --git a/config/gdm.conf.in b/config/gdm.conf.in index f70d23da..c1e280e0 100644 --- a/config/gdm.conf.in +++ b/config/gdm.conf.in @@ -219,6 +219,8 @@ RelaxPermissions=0 # Check if directories are owned by logon user. Set to false, if you have, for # example, home directories owned by some other user. CheckDirOwner=true +# If your HOME is managed by automounter, set to true +SupportAutomount=false # Number of seconds to wait after a failed login #RetryDelay=1 # Maximum size of a file we wish to read. This makes it hard for a user to DoS diff --git a/daemon/filecheck.c b/daemon/filecheck.c index 5cf60066..526cbc9c 100644 --- a/daemon/filecheck.c +++ b/daemon/filecheck.c @@ -48,14 +48,26 @@ gdm_file_check (const gchar *caller, uid_t user, const gchar *dir, { struct stat statbuf; gchar *fullpath; + gchar *dirautofs; int r; if (ve_string_empty (dir) || ve_string_empty (file)) return FALSE; + /* Stat on automounted directory - append the '/.' to dereference mount point. + Do this only if GdmSupportAutomount is true (default is false) + 2006-09-22, Jerzy Borkowski, CAMK */ + if G_UNLIKELY (gdm_get_value_bool (GDM_KEY_SUPPORT_AUTOMOUNT)) { + dirautofs = g_strconcat(dir, "/.", NULL); + VE_IGNORE_EINTR (r = stat (dirautofs, &statbuf)); + g_free(dirautofs); + } /* Stat directory */ - VE_IGNORE_EINTR (r = g_stat (dir, &statbuf)); + else { + VE_IGNORE_EINTR (r = stat (dir, &statbuf)); + } + if (r < 0) { if ( ! absentdirok) syslog (LOG_WARNING, _("%s: Directory %s does not exist."), diff --git a/daemon/gdm.h b/daemon/gdm.h index aefd95d5..411b7b0b 100644 --- a/daemon/gdm.h +++ b/daemon/gdm.h @@ -293,6 +293,7 @@ enum { #define GDM_KEY_USER_MAX_FILE "security/UserMaxFile=65536" #define GDM_KEY_RELAX_PERM "security/RelaxPermissions=0" #define GDM_KEY_CHECK_DIR_OWNER "security/CheckDirOwner=true" +#define GDM_KEY_SUPPORT_AUTOMOUNT "security/SupportAutomount=false" #define GDM_KEY_RETRY_DELAY "security/RetryDelay=1" #define GDM_KEY_DISALLOW_TCP "security/DisallowTCP=true" #define GDM_KEY_PAM_STACK "security/PamStack=gdm" diff --git a/daemon/gdmconfig.c b/daemon/gdmconfig.c index 2ae638ed..016ac867 100644 --- a/daemon/gdmconfig.c +++ b/daemon/gdmconfig.c @@ -184,6 +184,7 @@ static gboolean GdmAllowRoot = FALSE; static gboolean GdmAllowRemoteRoot = FALSE; static gboolean GdmAllowRemoteAutoLogin = FALSE; static gboolean GdmCheckDirOwner = TRUE; +static gboolean GdmSupportAutomount = FALSE; static gboolean GdmTimedLoginEnable = FALSE; static gboolean GdmDynamicXservers = FALSE; static gboolean GdmVTAllocation = TRUE; @@ -374,6 +375,7 @@ gdm_config_init (void) gdm_config_add_hash (GDM_KEY_CONSOLE_NOTIFY, &GdmConsoleNotify, &bool_type); gdm_config_add_hash (GDM_KEY_TIMED_LOGIN_ENABLE, &GdmTimedLoginEnable, &bool_type); gdm_config_add_hash (GDM_KEY_CHECK_DIR_OWNER, &GdmCheckDirOwner, &bool_type); + gdm_config_add_hash (GDM_KEY_SUPPORT_AUTOMOUNT, &GdmSupportAutomount, &bool_type); gdm_config_add_hash (GDM_KEY_XDMCP, &GdmXdmcp, &bool_type); gdm_config_add_hash (GDM_KEY_INDIRECT, &GdmIndirect, &bool_type); gdm_config_add_hash (GDM_KEY_XDMCP_PROXY, &GdmXdmcpProxy, &bool_type); diff --git a/docs/C/gdm.xml b/docs/C/gdm.xml index 3d93f89b..c0b5efe5 100644 --- a/docs/C/gdm.xml +++ b/docs/C/gdm.xml @@ -2533,6 +2533,21 @@ PostSession/ </varlistentry> <varlistentry> + <term>SupportAutomount</term> + <listitem> + <synopsis>SupportAutomount=false</synopsis> + <para> + By default GDM checks the ownership of the home directories + before writing to them, this prevents security issues in case + of bad setup. However, when home directories are managed by + automounter, they are often not mounted before they are + accessed. This option works around subtleties of Linux + automounter. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>DisallowTCP</term> <listitem> <synopsis>DisallowTCP=true</synopsis> |