diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/session-child.c | 5 | ||||
-rw-r--r-- | tests/Makefile.am | 6 | ||||
-rw-r--r-- | tests/scripts/autologin-cred-error.conf | 44 | ||||
-rw-r--r-- | tests/scripts/autologin-cred-expired.conf | 44 | ||||
-rw-r--r-- | tests/scripts/autologin-cred-unavail.conf | 44 | ||||
-rw-r--r-- | tests/src/libsystem.c | 13 | ||||
-rw-r--r-- | tests/src/test-runner.c | 6 | ||||
-rwxr-xr-x | tests/test-autologin-cred-error | 2 | ||||
-rwxr-xr-x | tests/test-autologin-cred-expired | 2 | ||||
-rwxr-xr-x | tests/test-autologin-cred-unavail | 2 |
11 files changed, 166 insertions, 3 deletions
@@ -1,6 +1,7 @@ Overview of changes in lightdm 1.1.10 * Backup .xsession-errors on login + * Handle failures in pam_setcred Overview of changes in lightdm 1.1.9 diff --git a/src/session-child.c b/src/session-child.c index 68ec36bb..f2aadbb6 100644 --- a/src/session-child.c +++ b/src/session-child.c @@ -364,6 +364,11 @@ session_child_run (int argc, char **argv) /* Set credentials */ result = pam_setcred (pam_handle, PAM_ESTABLISH_CRED); + if (result != PAM_SUCCESS) + { + g_printerr ("Failed to establish PAM credentials: %s\n", pam_strerror (pam_handle, result)); + return EXIT_FAILURE; + } /* Open the session */ result = pam_open_session (pam_handle, 0); diff --git a/tests/Makefile.am b/tests/Makefile.am index 13aae050..13a10502 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -17,6 +17,9 @@ TESTS = \ test-autologin-new-authtok \ test-autologin-denied \ test-autologin-expired \ + test-autologin-cred-error \ + test-autologin-cred-expired \ + test-autologin-cred-unavail \ test-autologin-session-error \ test-autologin-logout \ test-autologin-previous-session \ @@ -146,6 +149,9 @@ EXTRA_DIST = \ data/xsessions/default.desktop \ scripts/autologin.conf \ scripts/autologin-crash-authenticate.conf \ + scripts/autologin-cred-error.conf \ + scripts/autologin-cred-expired.conf \ + scripts/autologin-cred-unavail.conf \ scripts/autologin-denied.conf \ scripts/autologin-expired.conf \ scripts/autologin-guest.conf \ diff --git a/tests/scripts/autologin-cred-error.conf b/tests/scripts/autologin-cred-error.conf new file mode 100644 index 00000000..06dcb352 --- /dev/null +++ b/tests/scripts/autologin-cred-error.conf @@ -0,0 +1,44 @@ +# +# Check automatic login stops if an account can't establish credentials +# + +[LightDM] +minimum-display-number=50 + +[SeatDefaults] +autologin-user=cred-error + +#?RUNNER DAEMON-START + +# X server starts +#?XSERVER :50 START +#?XSERVER :50 INDICATE-READY + +# LightDM connects to X server +#?XSERVER :50 ACCEPT-CONNECT + +# (Session fails) + +# X server stops +#?XSERVER :50 TERMINATE SIGNAL=15 + +# X server starts +#?XSERVER :50 START +#?XSERVER :50 INDICATE-READY + +# LightDM connects to X server +#?XSERVER :50 ACCEPT-CONNECT + +# Greeter starts +#?GREETER :50 START +#?XSERVER :50 ACCEPT-CONNECT +#?GREETER :50 CONNECT-XSERVER +#?GREETER :50 CONNECT-TO-DAEMON +#?GREETER :50 CONNECTED-TO-DAEMON + +# Cleanup +#?*STOP-DAEMON +# Don't know what order they will terminate +#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15) +#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15) +#?RUNNER DAEMON-EXIT STATUS=0 diff --git a/tests/scripts/autologin-cred-expired.conf b/tests/scripts/autologin-cred-expired.conf new file mode 100644 index 00000000..b55b86de --- /dev/null +++ b/tests/scripts/autologin-cred-expired.conf @@ -0,0 +1,44 @@ +# +# Check automatic login stops if an account has expired credentials +# + +[LightDM] +minimum-display-number=50 + +[SeatDefaults] +autologin-user=cred-expired + +#?RUNNER DAEMON-START + +# X server starts +#?XSERVER :50 START +#?XSERVER :50 INDICATE-READY + +# LightDM connects to X server +#?XSERVER :50 ACCEPT-CONNECT + +# (Session fails) + +# X server stops +#?XSERVER :50 TERMINATE SIGNAL=15 + +# X server starts +#?XSERVER :50 START +#?XSERVER :50 INDICATE-READY + +# LightDM connects to X server +#?XSERVER :50 ACCEPT-CONNECT + +# Greeter starts +#?GREETER :50 START +#?XSERVER :50 ACCEPT-CONNECT +#?GREETER :50 CONNECT-XSERVER +#?GREETER :50 CONNECT-TO-DAEMON +#?GREETER :50 CONNECTED-TO-DAEMON + +# Cleanup +#?*STOP-DAEMON +# Don't know what order they will terminate +#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15) +#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15) +#?RUNNER DAEMON-EXIT STATUS=0 diff --git a/tests/scripts/autologin-cred-unavail.conf b/tests/scripts/autologin-cred-unavail.conf new file mode 100644 index 00000000..0ead3385 --- /dev/null +++ b/tests/scripts/autologin-cred-unavail.conf @@ -0,0 +1,44 @@ +# +# Check automatic login stops if an account can't access credentials +# + +[LightDM] +minimum-display-number=50 + +[SeatDefaults] +autologin-user=cred-unavail + +#?RUNNER DAEMON-START + +# X server starts +#?XSERVER :50 START +#?XSERVER :50 INDICATE-READY + +# LightDM connects to X server +#?XSERVER :50 ACCEPT-CONNECT + +# (Session fails) + +# X server stops +#?XSERVER :50 TERMINATE SIGNAL=15 + +# X server starts +#?XSERVER :50 START +#?XSERVER :50 INDICATE-READY + +# LightDM connects to X server +#?XSERVER :50 ACCEPT-CONNECT + +# Greeter starts +#?GREETER :50 START +#?XSERVER :50 ACCEPT-CONNECT +#?GREETER :50 CONNECT-XSERVER +#?GREETER :50 CONNECT-TO-DAEMON +#?GREETER :50 CONNECTED-TO-DAEMON + +# Cleanup +#?*STOP-DAEMON +# Don't know what order they will terminate +#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15) +#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15) +#?RUNNER DAEMON-EXIT STATUS=0 diff --git a/tests/src/libsystem.c b/tests/src/libsystem.c index 34be41a9..13abda8c 100644 --- a/tests/src/libsystem.c +++ b/tests/src/libsystem.c @@ -728,6 +728,9 @@ pam_open_session (pam_handle_t *pamh, int flags) if (pamh == NULL) return PAM_SYSTEM_ERR; + if (strcmp (pamh->user, "session-error") == 0) + return PAM_SESSION_ERR; + if (strcmp (pamh->user, "make-home-dir") == 0) { struct passwd *entry; @@ -735,9 +738,6 @@ pam_open_session (pam_handle_t *pamh, int flags) g_mkdir_with_parents (entry->pw_dir, 0755); } - if (strcmp (pamh->user, "session-error") == 0) - return PAM_SESSION_ERR; - return PAM_SUCCESS; } @@ -820,6 +820,13 @@ pam_setcred (pam_handle_t *pamh, int flags) pam_putenv (pamh, e); g_free (e); + if (strcmp (pamh->user, "cred-error") == 0) + return PAM_CRED_ERR; + if (strcmp (pamh->user, "cred-expired") == 0) + return PAM_CRED_EXPIRED; + if (strcmp (pamh->user, "cred-unavail") == 0) + return PAM_CRED_UNAVAIL; + /* Join special groups if requested */ if (strcmp (pamh->user, "group-member") == 0 && flags & PAM_ESTABLISH_CRED) { diff --git a/tests/src/test-runner.c b/tests/src/test-runner.c index bad796d5..a8ed5860 100644 --- a/tests/src/test-runner.c +++ b/tests/src/test-runner.c @@ -1383,6 +1383,12 @@ main (int argc, char **argv) {"make-home-dir", "", FALSE, "Make Home Dir User", NULL, NULL, NULL, NULL, 1025}, /* This account fails to open a session */ {"session-error", "password", TRUE, "Session Error", NULL, NULL, NULL, NULL, 1026}, + /* This account can't establish credentials */ + {"cred-error", "password", TRUE, "Cred Error", NULL, NULL, NULL, NULL, 1027}, + /* This account has expired credentials */ + {"cred-expired", "password", TRUE, "Cred Expired", NULL, NULL, NULL, NULL, 1028}, + /* This account has cannot access their credentials */ + {"cred-unavail", "password", TRUE, "Cred Unavail", NULL, NULL, NULL, NULL, 1029}, {NULL, NULL, FALSE, NULL, NULL, NULL, NULL, NULL, 0} }; passwd_data = g_string_new (""); diff --git a/tests/test-autologin-cred-error b/tests/test-autologin-cred-error new file mode 100755 index 00000000..1beec10c --- /dev/null +++ b/tests/test-autologin-cred-error @@ -0,0 +1,2 @@ +#!/bin/sh +./src/dbus-env ./src/test-runner autologin-cred-error test-gobject-greeter diff --git a/tests/test-autologin-cred-expired b/tests/test-autologin-cred-expired new file mode 100755 index 00000000..a07f881c --- /dev/null +++ b/tests/test-autologin-cred-expired @@ -0,0 +1,2 @@ +#!/bin/sh +./src/dbus-env ./src/test-runner autologin-cred-expired test-gobject-greeter diff --git a/tests/test-autologin-cred-unavail b/tests/test-autologin-cred-unavail new file mode 100755 index 00000000..933b3f8c --- /dev/null +++ b/tests/test-autologin-cred-unavail @@ -0,0 +1,2 @@ +#!/bin/sh +./src/dbus-env ./src/test-runner autologin-cred-unavail test-gobject-greeter |