Now gdm.conf has SupportAutomount option which, when turned on, changes

2006-09-22  Brian Cameron  <brian.cameron@sun.com>

        * config/gdm.conf.in, daemon/filecheck.c, daemon/gdm.h
          daemon/gdmconfig.c, docs/C/gdm.xml: Now gdm.conf has
          SupportAutomount option which, when turned on, changes
          the way that GDM accessess the user's $HOME/.dmrc file
          so that automounted $HOME directories can be configured
          to work even with the automounter isn't started with
          the --ghost option.  This feature is off by default.
          This addresses RFE bug #356869.  Patch by
          Jerzy Borkowski <jubork@ncac.torun.pl>.

6 files changed, 45 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 15ac93e4..5d54fb3e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2006-09-22  Brian Cameron  <brian.cameron@sun.com>
+
+	* config/gdm.conf.in, daemon/filecheck.c, daemon/gdm.h
+	  daemon/gdmconfig.c, docs/C/gdm.xml: Now gdm.conf has
+ 	  SupportAutomount option which, when turned on, changes
+	  the way that GDM accessess the user's $HOME/.dmrc file
+	  so that automounted $HOME directories can be configured
+	  to work even with the automounter isn't started with
+	  the --ghost option.  This feature is off by default.
+	  This addresses RFE bug #356869.  Patch by 
+	  Jerzy Borkowski <jubork@ncac.torun.pl>.
+
 2006-09-11  Brian Cameron  <brian.cameron@sun.com>
 
 	* daemon/gdm.c: Move call to get GDM_KEY_SYSTEM_MENU
diff --git a/config/gdm.conf.in b/config/gdm.conf.in
index f70d23da..c1e280e0 100644
--- a/config/gdm.conf.in
+++ b/config/gdm.conf.in
@@ -219,6 +219,8 @@ RelaxPermissions=0
 # Check if directories are owned by logon user.  Set to false, if you have, for
 # example, home directories owned by some other user.
 CheckDirOwner=true
+# If your HOME is managed by automounter, set to true
+SupportAutomount=false
 # Number of seconds to wait after a failed login
 #RetryDelay=1
 # Maximum size of a file we wish to read.  This makes it hard for a user to DoS
diff --git a/daemon/filecheck.c b/daemon/filecheck.c
index 5cf60066..526cbc9c 100644
--- a/daemon/filecheck.c
+++ b/daemon/filecheck.c
@@ -48,14 +48,26 @@ gdm_file_check (const gchar *caller, uid_t user, const gchar *dir,
 {
     struct stat statbuf;
     gchar *fullpath;
+    gchar *dirautofs;
     int r;
 
     if (ve_string_empty (dir) ||
 	ve_string_empty (file))
 	    return FALSE;
 
+    /* Stat on automounted directory - append the '/.' to dereference mount point.
+       Do this only if GdmSupportAutomount is true (default is false)
+       2006-09-22, Jerzy Borkowski, CAMK */
+    if G_UNLIKELY (gdm_get_value_bool (GDM_KEY_SUPPORT_AUTOMOUNT)) {
+        dirautofs = g_strconcat(dir, "/.", NULL);
+        VE_IGNORE_EINTR (r = stat (dirautofs, &statbuf));
+        g_free(dirautofs);
+    }
     /* Stat directory */
-    VE_IGNORE_EINTR (r = g_stat (dir, &statbuf));
+    else {
+        VE_IGNORE_EINTR (r = stat (dir, &statbuf));
+    }
+            
     if (r < 0) {
 	    if ( ! absentdirok)
 		 syslog (LOG_WARNING, _("%s: Directory %s does not exist."),
diff --git a/daemon/gdm.h b/daemon/gdm.h
index aefd95d5..411b7b0b 100644
--- a/daemon/gdm.h
+++ b/daemon/gdm.h
@@ -293,6 +293,7 @@ enum {
 #define GDM_KEY_USER_MAX_FILE "security/UserMaxFile=65536"
 #define GDM_KEY_RELAX_PERM "security/RelaxPermissions=0"
 #define GDM_KEY_CHECK_DIR_OWNER "security/CheckDirOwner=true"
+#define GDM_KEY_SUPPORT_AUTOMOUNT "security/SupportAutomount=false"
 #define GDM_KEY_RETRY_DELAY "security/RetryDelay=1"
 #define GDM_KEY_DISALLOW_TCP "security/DisallowTCP=true"
 #define GDM_KEY_PAM_STACK "security/PamStack=gdm"
diff --git a/daemon/gdmconfig.c b/daemon/gdmconfig.c
index 2ae638ed..016ac867 100644
--- a/daemon/gdmconfig.c
+++ b/daemon/gdmconfig.c
@@ -184,6 +184,7 @@ static gboolean GdmAllowRoot = FALSE;
 static gboolean GdmAllowRemoteRoot = FALSE;
 static gboolean GdmAllowRemoteAutoLogin = FALSE;
 static gboolean GdmCheckDirOwner = TRUE;
+static gboolean GdmSupportAutomount = FALSE;
 static gboolean GdmTimedLoginEnable = FALSE;
 static gboolean GdmDynamicXservers = FALSE;
 static gboolean GdmVTAllocation = TRUE;
@@ -374,6 +375,7 @@ gdm_config_init (void)
    gdm_config_add_hash (GDM_KEY_CONSOLE_NOTIFY, &GdmConsoleNotify, &bool_type);
    gdm_config_add_hash (GDM_KEY_TIMED_LOGIN_ENABLE, &GdmTimedLoginEnable, &bool_type);
    gdm_config_add_hash (GDM_KEY_CHECK_DIR_OWNER, &GdmCheckDirOwner, &bool_type);
+   gdm_config_add_hash (GDM_KEY_SUPPORT_AUTOMOUNT, &GdmSupportAutomount, &bool_type);
    gdm_config_add_hash (GDM_KEY_XDMCP, &GdmXdmcp, &bool_type);
    gdm_config_add_hash (GDM_KEY_INDIRECT, &GdmIndirect, &bool_type);
    gdm_config_add_hash (GDM_KEY_XDMCP_PROXY, &GdmXdmcpProxy, &bool_type);
diff --git a/docs/C/gdm.xml b/docs/C/gdm.xml
index 3d93f89b..c0b5efe5 100644
--- a/docs/C/gdm.xml
+++ b/docs/C/gdm.xml
@@ -2533,6 +2533,21 @@ PostSession/
           </varlistentry>
 
           <varlistentry>
+            <term>SupportAutomount</term>
+            <listitem>
+              <synopsis>SupportAutomount=false</synopsis>
+              <para>
+                By default GDM checks the ownership of the home directories
+                before writing to them, this prevents security issues in case
+                of bad setup.  However, when home directories are managed by
+                automounter, they are often not mounted before they are 
+                accessed. This option works around subtleties of Linux
+                automounter.
+              </para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
             <term>DisallowTCP</term>
             <listitem>
               <synopsis>DisallowTCP=true</synopsis>