diff options
| author | Robert Ancell <robert.ancell@canonical.com> | 2012-03-20 16:11:28 +1100 |
|---|---|---|
| committer | Robert Ancell <robert.ancell@canonical.com> | 2012-03-20 16:11:28 +1100 |
| commit | 89a42458fad356f36742b09e04be686092e698dd (patch) | |
| tree | 5d05625c6ae79784ce51bab9b2d553ef599e0c60 /src | |
| parent | f8841d64f28da418060092a8e181e0693906b23e (diff) | |
| download | lightdm-89a42458fad356f36742b09e04be686092e698dd.tar.gz | |
Call initgroups before pam_setcred - this allows pam_setcred to change group membership correctly
Diffstat (limited to 'src')
| -rw-r--r-- | src/display.c | 3 | ||||
| -rw-r--r-- | src/seat.c | 2 | ||||
| -rw-r--r-- | src/session-child.c | 22 | ||||
| -rw-r--r-- | src/xserver-local.c | 2 | ||||
| -rw-r--r-- | src/xserver-xvnc.c | 2 |
5 files changed, 17 insertions, 14 deletions
diff --git a/src/display.c b/src/display.c index be83134e..93067350 100644 --- a/src/display.c +++ b/src/display.c @@ -290,8 +290,7 @@ create_session (Display *display) { session_set_env (session, "LIGHTDM_TEST_STATUS_SOCKET", g_getenv ("LIGHTDM_TEST_STATUS_SOCKET")); session_set_env (session, "LIGHTDM_TEST_CONFIG", g_getenv ("LIGHTDM_TEST_CONFIG")); - session_set_env (session, "LIGHTDM_TEST_HOME_DIR", g_getenv ("LIGHTDM_TEST_HOME_DIR")); - session_set_env (session, "LIGHTDM_TEST_PASSWD_FILE", g_getenv ("LIGHTDM_TEST_PASSWD_FILE")); + session_set_env (session, "LIGHTDM_TEST_ROOT", g_getenv ("LIGHTDM_TEST_ROOT")); session_set_env (session, "DBUS_SYSTEM_BUS_ADDRESS", g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")); session_set_env (session, "DBUS_SESSION_BUS_ADDRESS", g_getenv ("DBUS_SESSION_BUS_ADDRESS")); session_set_env (session, "LD_PRELOAD", g_getenv ("LD_PRELOAD")); @@ -258,7 +258,7 @@ run_script (Seat *seat, Display *display, const gchar *script_name, User *user) { process_set_env (script, "LIGHTDM_TEST_STATUS_SOCKET", g_getenv ("LIGHTDM_TEST_STATUS_SOCKET")); process_set_env (script, "LIGHTDM_TEST_CONFIG", g_getenv ("LIGHTDM_TEST_CONFIG")); - process_set_env (script, "LIGHTDM_TEST_HOME_DIR", g_getenv ("LIGHTDM_TEST_HOME_DIR")); + process_set_env (script, "LIGHTDM_TEST_ROOT", g_getenv ("LIGHTDM_TEST_ROOT")); process_set_env (script, "LD_PRELOAD", g_getenv ("LD_PRELOAD")); process_set_env (script, "LD_LIBRARY_PATH", g_getenv ("LD_LIBRARY_PATH")); process_set_env (script, "PATH", g_getenv ("PATH")); diff --git a/src/session-child.c b/src/session-child.c index 0177c65e..a106dae5 100644 --- a/src/session-child.c +++ b/src/session-child.c @@ -346,12 +346,22 @@ session_child_run (int argc, char **argv) fd = open (log_filename, O_WRONLY | O_CREAT, 0600); dup2 (fd, STDERR_FILENO); close (fd); - } + } + + /* Set group membership - these can be overriden in pam_setcred */ + if (getuid () == 0) + { + if (initgroups (username, user_get_gid (user)) < 0) + { + g_printerr ("Failed to initialize supplementary groups for %s: %s\n", username, strerror (errno)); + _exit (EXIT_FAILURE); + } + } /* Set credentials */ result = pam_setcred (pam_handle, PAM_ESTABLISH_CRED); - - /* Open a the session */ + + /* Open the session */ result = pam_open_session (pam_handle, 0); if (result != PAM_SUCCESS) { @@ -440,12 +450,6 @@ session_child_run (int argc, char **argv) /* Change to this user */ if (getuid () == 0) { - if (initgroups (username, user_get_gid (user)) < 0) - { - g_printerr ("Failed to initialize supplementary groups for %s: %s\n", username, strerror (errno)); - _exit (EXIT_FAILURE); - } - if (setgid (user_get_gid (user)) != 0) { g_printerr ("Failed to set group ID to %d: %s\n", user_get_gid (user), strerror (errno)); diff --git a/src/xserver-local.c b/src/xserver-local.c index a1e18c3f..267c1c1b 100644 --- a/src/xserver-local.c +++ b/src/xserver-local.c @@ -492,7 +492,7 @@ xserver_local_start (DisplayServer *display_server) { process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_STATUS_SOCKET", g_getenv ("LIGHTDM_TEST_STATUS_SOCKET")); process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_CONFIG", g_getenv ("LIGHTDM_TEST_CONFIG")); - process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_HOME_DIR", g_getenv ("LIGHTDM_TEST_HOME_DIR")); + process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_ROOT", g_getenv ("LIGHTDM_TEST_ROOT")); process_set_env (server->priv->xserver_process, "LD_PRELOAD", g_getenv ("LD_PRELOAD")); process_set_env (server->priv->xserver_process, "LD_LIBRARY_PATH", g_getenv ("LD_LIBRARY_PATH")); } diff --git a/src/xserver-xvnc.c b/src/xserver-xvnc.c index 2c8ed933..c43d659c 100644 --- a/src/xserver-xvnc.c +++ b/src/xserver-xvnc.c @@ -269,7 +269,7 @@ xserver_xvnc_start (DisplayServer *display_server) { process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_STATUS_SOCKET", g_getenv ("LIGHTDM_TEST_STATUS_SOCKET")); process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_CONFIG", g_getenv ("LIGHTDM_TEST_CONFIG")); - process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_HOME_DIR", g_getenv ("LIGHTDM_TEST_HOME_DIR")); + process_set_env (server->priv->xserver_process, "LIGHTDM_TEST_ROOT", g_getenv ("LIGHTDM_TEST_ROOT")); process_set_env (server->priv->xserver_process, "LD_LIBRARY_PATH", g_getenv ("LD_LIBRARY_PATH")); } |