Date: Thu, 10 Jan 2002 10:30:22 +0100 From: Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de> To: ports@freebsd.org Subject: [*BSD] Adding setusercontext() to gdm Message-ID: <20020110103022.B8055@i2.informatik.rwth-aachen.de>
next in thread | raw e-mail | index | archive | help
--61jdw2sOBCFtR2d/
Content-Type: multipart/mixed; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi, I added setusercontext() and friends to 'gdm', so that
you would get proper settings from login.conf which are currently
ignored by gdm.
However, this opens a major can of worms:
gdm likes to set GDM_LANG which in turn causes 'gnome-session'
from x11/gnomecore to rewrite LANG on X session startup :-/
This is currently fixed by rewriting GDM_LANG with the setting
obtained from login.conf (if any).
Another issue is PATH. gdm likes to set this himself, including
configurable settings in gdm.conf -- exactly what you'd
solve with login.conf on BSD.
Please test the attached patches, note that you have to run
'autoconf' after patching. 'configure' will detect if libutil
is available and set the corresponding flag in config.h.
To check if the gdm-binary has been
correctly built, 'ldd daemon/gdm | grep util' should show
that gdm has been linked against libutil.
To verify that the patch works, modify ~/.login_conf, e.g.
set LANG, PATH, whatever and log in.
Cheers,
Volker
--=20
Wonderful \hbox (0.80312pt too nice) in paragraph at lines 16--18
Volker Stolz * stolz@i2.informatik.rwth-aachen.de
Please use PGP or S/MIME for correspondence!
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch-logincap-slave.c"
Content-Transfer-Encoding: quoted-printable
--- daemon/slave.c.orig Tue Jan 1 03:48:07 2002
+++ daemon/slave.c Fri Jan 4 17:24:13 2002
@@ -19,31 +19,38 @@
/* This is the gdm slave process. gdmslave runs the chooser, greeter
* and the user's session scripts. */
=20
-#include <config.h>
-#include <gnome.h>
-#include <gdk/gdkx.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
-#include <strings.h>
+#include <sys/socket.h>
+
#include <netinet/in.h>
#include <netdb.h>
-#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+
+#include <config.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+#include <syslog.h>
+#include <time.h>
+
+#ifdef HAVE_LOGINCAP
+#include <login_cap.h>
+#endif
+
+#include <gnome.h>
+#include <gdk/gdkx.h>
#include <X11/Xlib.h>
#ifdef HAVE_LIBXINERAMA
#include <X11/extensions/Xinerama.h>
#endif
-#include <signal.h>
-#include <pwd.h>
-#include <grp.h>
-#include <errno.h>
-#include <time.h>
-#include <syslog.h>
=20
#include <vicious.h>
=20
@@ -140,6 +147,8 @@
static gboolean x_error_occured =3D FALSE;
static gboolean gdm_got_usr2 =3D FALSE;
=20
+static void changeUser(struct passwd *pwent, char *login);
+
/* ignore handlers */
static int
ignore_xerror_handler (Display *disp, XErrorEvent *evt)
@@ -1785,6 +1794,31 @@
=20
}
=20
+#ifdef HAVE_LOGINCAP
+void changeUser(struct passwd *pwent,char *login) {
+ if (setsid() =3D=3D -1)
+ gdm_child_exit (DISPLAY_REMANAGE, _("gdm_slave_session_start: setsid()=
failed for %s. Aborting."), login);
+ if (setusercontext(NULL,pwent,pwent->pw_uid, LOGIN_SETALL) =3D=3D -1)
+ gdm_child_exit (DISPLAY_REMANAGE, _("gdm_slave_session_start: setuserc=
ontext() failed for %s. Aborting."), login);
+}
+
+#else
+
+void changeUser(struct passwd *pwent,char *login) {
+ setpgid(0,0);
+ umask(022);
+ /* setup the user's correct group */
+ if (setgid (pwent->pw_gid) < 0)
+ gdm_child_exit (DISPLAY_REMANAGE, _("gdm_slave_session_start: Could no=
t setgid %d. Aborting."), pwent->pw_gid);
+ if (initgroups (login, pwent->pw_gid) < 0)
+ gdm_child_exit (DISPLAY_REMANAGE, _("gdm_slave_session_start: initgrou=
ps() failed for %s. Aborting."), login);
+ if (setuid (pwent->pw_uid) < 0)=20
+ gdm_child_exit (DISPLAY_REMANAGE,
+ _("gdm_slave_session_start: Could not become %s. Aborting."), login);
+}
+
+#endif
+
static char *
dequote (const char *in)
{
@@ -1823,6 +1857,9 @@
char *sesspath, *sessexec;
gboolean need_config_sync =3D FALSE;
const char *shell =3D NULL;
+#ifdef HAVE_LOGINCAP
+ char *lang =3D NULL;
+#endif
=20
ve_clearenv ();
=20
@@ -1840,11 +1877,7 @@
if (gnome_session !=3D NULL)
ve_setenv ("GDM_GNOME_SESSION", gnome_session, TRUE);
=20
- /* Special PATH for root */
- if (pwent->pw_uid =3D=3D 0)
- ve_setenv ("PATH", GdmRootPath, TRUE);
- else
- ve_setenv ("PATH", GdmDefaultPath, TRUE);
+ changeUser(pwent,login);
=20
/* Eeeeek, this no lookie as a correct language code, let's
* try unaliasing it */
@@ -1853,28 +1886,42 @@
language =3D unaliaslang (language);
}
=20
+#ifndef HAVE_LOGINCAP
+
/* Set locale */
ve_setenv ("LANG", language, TRUE);
ve_setenv ("GDM_LANG", language, TRUE);
- =20
- setpgid (0, 0);
-=09
- umask (022);
+
+ /* Special PATH for root */
+ if (pwent->pw_uid =3D=3D 0)
+ ve_setenv ("PATH", GdmRootPath, TRUE);
+ else
+ ve_setenv ("PATH", GdmDefaultPath, TRUE);
+
+#else
+ /* XXX If GDM_LANG is set, this will override the LANG from login.conf
+ in 'gnome-session' (check x11/gnomecore)!
+ Our solution: set GDM_LANG to LANG *now*. Should we run unaliaslang() =
on
+ lang, too? */
+
+ lang =3D getenv("LANG");
+ if (lang) {
+ ve_setenv ("GDM_LANG", lang, TRUE);
+ } else {
+ ve_setenv ("LANG", language, TRUE);
+ ve_setenv ("GDM_LANG", language, TRUE);
+ }
=09
+ /* Do not reset PATH */
+
+#endif
+
/* setup the verify env vars */
if ( ! gdm_verify_setup_env (d))
gdm_child_exit (DISPLAY_REMANAGE,
_("%s: Could not setup environment for %s. "
"Aborting."),
"gdm_slave_session_start", login);
-
- /* setup egid to the correct group,
- * not to leave the egid around */
- setegid (pwent->pw_gid);
-
- if (setuid (pwent->pw_uid) < 0)=20
- gdm_child_exit (DISPLAY_REMANAGE,
- _("gdm_slave_session_start: Could not become %s. Aborting."), login);
=09
chdir (home_dir);
=20
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch-logincap-configure.in"
Content-Transfer-Encoding: quoted-printable
--- configure.in.orig Tue Jan 1 02:50:01 2002
+++ configure.in Fri Jan 4 17:34:29 2002
@@ -230,6 +230,11 @@
fi
AC_SUBST(GDMASKPASS)
=20
+dnl Can we use BSD's setusercontext
+AC_CHECK_HEADERS(sys/types.h login_cap.h, [
+ LIBS=3D"$LIBS -lutil"
+ AC_DEFINE(HAVE_LOGINCAP)])
+
if test x$enable_authentication_scheme =3D xpam -a x$have_pam =3D xno ; th=
en
AC_MSG_ERROR(PAM support requested but not available)
fi
--EVF5PPMfhYS0aIcm--
--61jdw2sOBCFtR2d/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (SunOS)
Comment: For info see http://www.gnupg.org
iQCVAwUBPD1fLhLpPok/0ba1AQHNbAP/WHIYq8x59+jkQjFLx1ZWa6iS48raOjf9
p/hQfGOFM1BzvQ8VPUrBOsAAmaGrtGNTOktxuXBaferEGDaxpFQt3Ohe/kkK1Obh
SMV7MHgNBbKCRS3YhnwScMUsYxYGEhdkbCTkSwZDo3d6Xy+/y8p0sGBRmoELEJ4A
5dKUSSS2QUA=
=Nyyh
-----END PGP SIGNATURE-----
--61jdw2sOBCFtR2d/--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020110103022.B8055>