diff options
| author | George Lebl <jirka@5z.com> | 2001-05-31 10:16:37 +0000 |
|---|---|---|
| committer | George Lebl <jirka@src.gnome.org> | 2001-05-31 10:16:37 +0000 |
| commit | cc86c294958923fa28e88452ed6f99246a76aa2c (patch) | |
| tree | 0bc60ff62d1f46252a7e70f8a8efbdeed6698a27 /daemon/verify-pam.c | |
| parent | c2ff9f649bb70838b9213b00c3bb3d661323bd8e (diff) | |
| download | gdm-cc86c294958923fa28e88452ed6f99246a76aa2c.tar.gz | |
set euid/egid to 0 before verify check
Thu May 31 03:17:32 2001 George Lebl <jirka@5z.com>
* daemon/gdm.c: set euid/egid to 0 before verify check
* daemon/slave.c: set euid/egid to 0 at a bunch of places just to
make sure that's how they're set. When children want to exit they
shouldn't use the slave_exit function as that's dangerous to the
slave's health. Instead use a new function for this which
doesn't do slave specific cleanup. Also fix segfaults on startup.
* daemon/verify-pam.c: the credential setting is supposed to be done
after openning a session. Closing of a session is done silently as
well, jsut for good meassure as wel don't have anything to talk to
anymore anyway
* daemon/slave.c, daemon/server.c: when reinitting ignore X errors
and do not reopen the display. When openning the display the first
time, don't try so hard for a local display and instead wipe slave
and try again.
Diffstat (limited to 'daemon/verify-pam.c')
| -rw-r--r-- | daemon/verify-pam.c | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/daemon/verify-pam.c b/daemon/verify-pam.c index 61d363f6..46a89203 100644 --- a/daemon/verify-pam.c +++ b/daemon/verify-pam.c @@ -37,7 +37,7 @@ extern gboolean GdmAllowRoot; extern gboolean GdmAllowRemoteRoot; /* Local PAM handle */ -pam_handle_t *pamh = NULL; +static pam_handle_t *pamh = NULL; /* Internal PAM conversation function. Interfaces between the PAM @@ -149,6 +149,7 @@ gdm_verify_user (const char *username, gchar *login; struct passwd *pwent; gboolean error_msg_given = FALSE; + gboolean opened_session = FALSE; /* start the timer for timed logins */ if (local) @@ -239,6 +240,15 @@ gdm_verify_user (const char *username, goto pamerr; } + /* Register the session */ + if ((pamerr = pam_open_session (pamh, 0)) != PAM_SUCCESS) { + if (gdm_slave_should_complain ()) + gdm_error (_("Couldn't open session for %s"), login); + goto pamerr; + } + + opened_session = TRUE; + /* Set credentials */ if ((pamerr = pam_setcred (pamh, 0)) != PAM_SUCCESS) { if (gdm_slave_should_complain ()) @@ -246,12 +256,6 @@ gdm_verify_user (const char *username, goto pamerr; } - /* Register the session */ - if ((pamerr = pam_open_session (pamh, 0)) != PAM_SUCCESS) { - if (gdm_slave_should_complain ()) - gdm_error (_("Couldn't open session for %s"), login); - goto pamerr; - } return login; @@ -262,6 +266,8 @@ gdm_verify_user (const char *username, if ( ! error_msg_given && gdm_slave_should_complain ()) gdm_slave_greeter_ctl_no_ret (GDM_MSGERR, _("Authentication failed")); + if (opened_session) + pam_close_session (pamh, 0); pam_end (pamh, pamerr); pamh = NULL; @@ -286,6 +292,7 @@ void gdm_verify_setup_user (const gchar *login, const gchar *display) { gint pamerr; + gboolean opened_session = FALSE; if (!login) return; @@ -318,17 +325,19 @@ gdm_verify_setup_user (const gchar *login, const gchar *display) } #endif - /* Set credentials */ - if ((pamerr = pam_setcred (pamh, PAM_SILENT)) != PAM_SUCCESS) { + /* Register the session */ + if ((pamerr = pam_open_session (pamh, PAM_SILENT)) != PAM_SUCCESS) { if (gdm_slave_should_complain ()) - gdm_error (_("Couldn't set credentials for %s"), login); + gdm_error (_("Couldn't open session for %s"), login); goto setup_pamerr; } + + opened_session = TRUE; - /* Register the session */ - if ((pamerr = pam_open_session (pamh, PAM_SILENT)) != PAM_SUCCESS) { + /* Set credentials */ + if ((pamerr = pam_setcred (pamh, PAM_SILENT)) != PAM_SUCCESS) { if (gdm_slave_should_complain ()) - gdm_error (_("Couldn't open session for %s"), login); + gdm_error (_("Couldn't set credentials for %s"), login); goto setup_pamerr; } @@ -336,6 +345,9 @@ gdm_verify_setup_user (const gchar *login, const gchar *display) setup_pamerr: + if (opened_session) + pam_close_session (pamh, PAM_SILENT); + pam_end (pamh, pamerr); pamh = NULL; @@ -355,7 +367,7 @@ void gdm_verify_cleanup (void) { if (pamh) { - pam_close_session (pamh, 0); + pam_close_session (pamh, PAM_SILENT); pam_end (pamh, PAM_SUCCESS); pamh = NULL; |