summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS1
-rw-r--r--src/session-child.c5
-rw-r--r--tests/Makefile.am6
-rw-r--r--tests/scripts/autologin-cred-error.conf44
-rw-r--r--tests/scripts/autologin-cred-expired.conf44
-rw-r--r--tests/scripts/autologin-cred-unavail.conf44
-rw-r--r--tests/src/libsystem.c13
-rw-r--r--tests/src/test-runner.c6
-rwxr-xr-xtests/test-autologin-cred-error2
-rwxr-xr-xtests/test-autologin-cred-expired2
-rwxr-xr-xtests/test-autologin-cred-unavail2
11 files changed, 166 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index 983f0727..4ed8bc70 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
Overview of changes in lightdm 1.1.10
* Backup .xsession-errors on login
+ * Handle failures in pam_setcred
Overview of changes in lightdm 1.1.9
diff --git a/src/session-child.c b/src/session-child.c
index 68ec36bb..f2aadbb6 100644
--- a/src/session-child.c
+++ b/src/session-child.c
@@ -364,6 +364,11 @@ session_child_run (int argc, char **argv)
/* Set credentials */
result = pam_setcred (pam_handle, PAM_ESTABLISH_CRED);
+ if (result != PAM_SUCCESS)
+ {
+ g_printerr ("Failed to establish PAM credentials: %s\n", pam_strerror (pam_handle, result));
+ return EXIT_FAILURE;
+ }
/* Open the session */
result = pam_open_session (pam_handle, 0);
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 13aae050..13a10502 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -17,6 +17,9 @@ TESTS = \
test-autologin-new-authtok \
test-autologin-denied \
test-autologin-expired \
+ test-autologin-cred-error \
+ test-autologin-cred-expired \
+ test-autologin-cred-unavail \
test-autologin-session-error \
test-autologin-logout \
test-autologin-previous-session \
@@ -146,6 +149,9 @@ EXTRA_DIST = \
data/xsessions/default.desktop \
scripts/autologin.conf \
scripts/autologin-crash-authenticate.conf \
+ scripts/autologin-cred-error.conf \
+ scripts/autologin-cred-expired.conf \
+ scripts/autologin-cred-unavail.conf \
scripts/autologin-denied.conf \
scripts/autologin-expired.conf \
scripts/autologin-guest.conf \
diff --git a/tests/scripts/autologin-cred-error.conf b/tests/scripts/autologin-cred-error.conf
new file mode 100644
index 00000000..06dcb352
--- /dev/null
+++ b/tests/scripts/autologin-cred-error.conf
@@ -0,0 +1,44 @@
+#
+# Check automatic login stops if an account can't establish credentials
+#
+
+[LightDM]
+minimum-display-number=50
+
+[SeatDefaults]
+autologin-user=cred-error
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# (Session fails)
+
+# X server stops
+#?XSERVER :50 TERMINATE SIGNAL=15
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
diff --git a/tests/scripts/autologin-cred-expired.conf b/tests/scripts/autologin-cred-expired.conf
new file mode 100644
index 00000000..b55b86de
--- /dev/null
+++ b/tests/scripts/autologin-cred-expired.conf
@@ -0,0 +1,44 @@
+#
+# Check automatic login stops if an account has expired credentials
+#
+
+[LightDM]
+minimum-display-number=50
+
+[SeatDefaults]
+autologin-user=cred-expired
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# (Session fails)
+
+# X server stops
+#?XSERVER :50 TERMINATE SIGNAL=15
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
diff --git a/tests/scripts/autologin-cred-unavail.conf b/tests/scripts/autologin-cred-unavail.conf
new file mode 100644
index 00000000..0ead3385
--- /dev/null
+++ b/tests/scripts/autologin-cred-unavail.conf
@@ -0,0 +1,44 @@
+#
+# Check automatic login stops if an account can't access credentials
+#
+
+[LightDM]
+minimum-display-number=50
+
+[SeatDefaults]
+autologin-user=cred-unavail
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# (Session fails)
+
+# X server stops
+#?XSERVER :50 TERMINATE SIGNAL=15
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
diff --git a/tests/src/libsystem.c b/tests/src/libsystem.c
index 34be41a9..13abda8c 100644
--- a/tests/src/libsystem.c
+++ b/tests/src/libsystem.c
@@ -728,6 +728,9 @@ pam_open_session (pam_handle_t *pamh, int flags)
if (pamh == NULL)
return PAM_SYSTEM_ERR;
+ if (strcmp (pamh->user, "session-error") == 0)
+ return PAM_SESSION_ERR;
+
if (strcmp (pamh->user, "make-home-dir") == 0)
{
struct passwd *entry;
@@ -735,9 +738,6 @@ pam_open_session (pam_handle_t *pamh, int flags)
g_mkdir_with_parents (entry->pw_dir, 0755);
}
- if (strcmp (pamh->user, "session-error") == 0)
- return PAM_SESSION_ERR;
-
return PAM_SUCCESS;
}
@@ -820,6 +820,13 @@ pam_setcred (pam_handle_t *pamh, int flags)
pam_putenv (pamh, e);
g_free (e);
+ if (strcmp (pamh->user, "cred-error") == 0)
+ return PAM_CRED_ERR;
+ if (strcmp (pamh->user, "cred-expired") == 0)
+ return PAM_CRED_EXPIRED;
+ if (strcmp (pamh->user, "cred-unavail") == 0)
+ return PAM_CRED_UNAVAIL;
+
/* Join special groups if requested */
if (strcmp (pamh->user, "group-member") == 0 && flags & PAM_ESTABLISH_CRED)
{
diff --git a/tests/src/test-runner.c b/tests/src/test-runner.c
index bad796d5..a8ed5860 100644
--- a/tests/src/test-runner.c
+++ b/tests/src/test-runner.c
@@ -1383,6 +1383,12 @@ main (int argc, char **argv)
{"make-home-dir", "", FALSE, "Make Home Dir User", NULL, NULL, NULL, NULL, 1025},
/* This account fails to open a session */
{"session-error", "password", TRUE, "Session Error", NULL, NULL, NULL, NULL, 1026},
+ /* This account can't establish credentials */
+ {"cred-error", "password", TRUE, "Cred Error", NULL, NULL, NULL, NULL, 1027},
+ /* This account has expired credentials */
+ {"cred-expired", "password", TRUE, "Cred Expired", NULL, NULL, NULL, NULL, 1028},
+ /* This account has cannot access their credentials */
+ {"cred-unavail", "password", TRUE, "Cred Unavail", NULL, NULL, NULL, NULL, 1029},
{NULL, NULL, FALSE, NULL, NULL, NULL, NULL, NULL, 0}
};
passwd_data = g_string_new ("");
diff --git a/tests/test-autologin-cred-error b/tests/test-autologin-cred-error
new file mode 100755
index 00000000..1beec10c
--- /dev/null
+++ b/tests/test-autologin-cred-error
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner autologin-cred-error test-gobject-greeter
diff --git a/tests/test-autologin-cred-expired b/tests/test-autologin-cred-expired
new file mode 100755
index 00000000..a07f881c
--- /dev/null
+++ b/tests/test-autologin-cred-expired
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner autologin-cred-expired test-gobject-greeter
diff --git a/tests/test-autologin-cred-unavail b/tests/test-autologin-cred-unavail
new file mode 100755
index 00000000..933b3f8c
--- /dev/null
+++ b/tests/test-autologin-cred-unavail
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner autologin-cred-unavail test-gobject-greeter
View Lorry Controller Status