diff options
| author | Brian Cameron <brian.cameron@sun.com> | 2008-12-10 07:41:34 +0000 |
|---|---|---|
| committer | Brian Cameron <bcameron@src.gnome.org> | 2008-12-10 07:41:34 +0000 |
| commit | ff6e0c48345114634f4b7b00592c3007025845c1 (patch) | |
| tree | 95fd18c21c40e0af081b98cefa2e97614dd9438c /daemon | |
| parent | 6b874bcce04e8443514491f11f6f75186bc66823 (diff) | |
| download | gdm-ff6e0c48345114634f4b7b00592c3007025845c1.tar.gz | |
Correct processing of CONSOLE and PASSREQ /etc/default/login parameters so
2008-12-10 Brian Cameron <brian.cameron@sun.com>
* daemon/verify-pam.c: Correct processing of CONSOLE and PASSREQ
/etc/default/login parameters so they are checked each time a
user logs in, and the latest value honored. The previous code
would not unset the setting even if you modified the
/etc/default/login file
svn path=/branches/gnome-2-20/; revision=6628
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/verify-pam.c | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/daemon/verify-pam.c b/daemon/verify-pam.c index 618f26db..3546ca8b 100644 --- a/daemon/verify-pam.c +++ b/daemon/verify-pam.c @@ -91,7 +91,7 @@ static gboolean did_we_ask_for_password = FALSE; static char *selected_user = NULL; static gboolean opened_session = FALSE; -static gboolean did_setcred = FALSE; +static gboolean did_setcred = FALSE; extern char *gdm_ack_question_response; @@ -900,6 +900,7 @@ gdm_verify_user (GdmDisplay *d, gboolean credentials_set = FALSE; gboolean error_msg_given = FALSE; gboolean started_timer = FALSE; + gboolean allow_remote = TRUE; #ifdef HAVE_ADT int pw_change = PW_FALSE; /* if got to trying to change password */ @@ -980,11 +981,9 @@ gdm_verify_user (GdmDisplay *d, #endif passreq = gdm_read_default ("PASSREQ="); - if ((passreq != NULL) && - g_ascii_strcasecmp (passreq, "YES") == 0) - gdm_daemon_config_set_value_bool (GDM_KEY_PASSWORD_REQUIRED, TRUE); - if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED)) + if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED) || + ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0)) null_tok |= PAM_DISALLOW_NULL_AUTHTOK; gdm_verify_select_user (NULL); @@ -1103,14 +1102,16 @@ gdm_verify_user (GdmDisplay *d, /* Check if user is root and is allowed to log in */ consoleonly = gdm_read_default ("CONSOLE="); - if ((consoleonly != NULL) && - g_ascii_strcasecmp (consoleonly, "/dev/console") == 0) - gdm_daemon_config_set_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT, FALSE); + if (( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT)) || + ((consoleonly != NULL) && + (g_ascii_strcasecmp (consoleonly, "/dev/console") == 0))) { + allow_remote = FALSE; + } pwent = getpwnam (login); if (( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_ROOT) || - ( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && - ! d->attached)) && pwent != NULL && pwent->pw_uid == 0) { + ( ! d->attached && allow_remote == FALSE)) && + (pwent != NULL && pwent->pw_uid == 0)) { gdm_error (_("Root login disallowed on display '%s'"), d->name); gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX, @@ -1415,11 +1416,9 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, char **new_login) g_free (pam_service_name); passreq = gdm_read_default ("PASSREQ="); - if ((passreq != NULL) && - g_ascii_strcasecmp (passreq, "YES") == 0) - gdm_daemon_config_set_value_bool (GDM_KEY_PASSWORD_REQUIRED, TRUE); - if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED)) + if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED) || + ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0)) null_tok |= PAM_DISALLOW_NULL_AUTHTOK; /* Start authentication session */ |