From owner-freebsd-hackers  Thu Jan 22 06:54:40 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA18647
          for hackers-outgoing; Thu, 22 Jan 1998 06:54:40 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from tbuswell.ne.mediaone.net (tbuswell.ne.mediaone.net [24.128.60.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA18640
          for <hackers@freebsd.org>; Thu, 22 Jan 1998 06:54:34 -0800 (PST)
          (envelope-from tbuswell@tbuswell.ne.mediaone.net)
Received: (from tbuswell@localhost)
	by tbuswell.ne.mediaone.net (8.8.8/8.8.8) id JAA12582;
	Thu, 22 Jan 1998 09:54:15 -0500 (EST)
	(envelope-from tbuswell)
Date: Thu, 22 Jan 1998 09:54:15 -0500 (EST)
Message-Id: <199801221454.JAA12582@tbuswell.ne.mediaone.net>
From: Ted Buswell <tbuswell@mediaone.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: hackers@FreeBSD.ORG
Subject: xdm & login.conf limits.
X-Mailer: VM 6.31 under 20.2 XEmacs Lucid
Reply-To: tbuswell@mediaone.net (Ted Buswell)
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk


A couple of days ago, there was some discussion of problems stemming
from the fact that logging in via XDM didn't result in the same
set of user limits that you get when logging in via a console.

I've written a simple patch to apply to the XFree86 3.3.1 source
for xdm which remedies that [uses setusercontext()].

If someone [I don't] who exercises the different methods of
authentication were to add to this patch (probably by modifying
xdm/verify.c), we might have something worth giving to XFree86 for
incorporation in future releases.

To try it out, grab the xdm source directory from 
ftp://ftp.xfree86.org:/pub/XFree86/3.3.1/untarred/xc/programs/xdm.tar.gz
and apply the attached patch within the xdm directory; then just
'xmkmf -a; make'

-Ted

diff -r -b -C 3 ../xdm.orig/Imakefile ./Imakefile
*** ../xdm.orig/Imakefile	Wed Aug  6 10:20:35 1997
--- ./Imakefile	Wed Jan 21 21:41:22 1998
***************
*** 89,94 ****
--- 89,102 ----
  #endif
  #endif
  
+ #if defined(FreeBSDArchitecture)
+ #if (OSMajorVersion > 2) || ((OSMajorVersion == 2) && (OSMinorVersion >= 2))
+ XCOMM Use <login_cap.h> on FreeBSD 2.2.2 and beyond.
+ LOGIN_DEFINES= -DUSE_LOGINCAP
+ SYS_LIBRARIES1 = -lutil
+ #endif
+ #endif
+ 
  #if defined(UltrixArchitecture)
  SYS_LIBRARIES1 = -lauth
  #endif
***************
*** 180,186 ****
          DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
  		$(SIGNAL_DEFINES) \
  		$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \
! 		$(PWD_DEFINES) $(CONN_DEFINES) \
  		$(GREET_DEFINES) $(FRAGILE_DEFINES) \
  		-DOSMAJORVERSION=$(OSMAJORVERSION) \
  		-DOSMINORVERSION=$(OSMINORVERSION) \
--- 188,194 ----
          DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
  		$(SIGNAL_DEFINES) \
  		$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \
! 		$(PWD_DEFINES) $(CONN_DEFINES) $(LOGIN_DEFINES) \
  		$(GREET_DEFINES) $(FRAGILE_DEFINES) \
  		-DOSMAJORVERSION=$(OSMAJORVERSION) \
  		-DOSMINORVERSION=$(OSMINORVERSION) \
diff -r -b -C 3 ../xdm.orig/session.c ./session.c
*** ../xdm.orig/session.c	Thu Dec 26 22:11:50 1996
--- ./session.c	Wed Jan 21 21:49:50 1998
***************
*** 56,61 ****
--- 56,66 ----
  # include <krb5/krb5.h>
  #endif
  
+ #ifdef USE_LOGINCAP
+ #include <login_cap.h>
+ #include <pwd.h>
+ #endif
+ 
  #ifndef GREET_USER_STATIC
  #include <dlfcn.h>
  #ifndef RTLD_NOW
***************
*** 494,499 ****
--- 499,508 ----
      char	**f, *home, *getEnv ();
      char	*failsafeArgv[2];
      int	pid;
+ #ifdef USE_LOGINCAP
+     struct passwd *pwd;
+     login_cap_t *lc;
+ #endif
  
      if (verify->argv) {
  	Debug ("StartSession %s: ", verify->argv[0]);
***************
*** 523,528 ****
--- 532,556 ----
  	    return (0);
  	}
  #else /* AIXV3 */
+ 
+ #ifdef USE_LOGINCAP
+ 	pwd = getpwnam(name);
+ 	if( ! pwd ) {
+ 	  LogError("unable to getpwnam(%s)", name);
+ 	  return(0);
+ 	}
+ 	lc = login_getpwclass( pwd );
+ 	if( ! lc ) {
+ 	  LogError("unable to login_getuserclass(%s)", name);
+ 	  return(0);
+ 	}
+ 	if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) {
+ 	  LogError("setusercontext(%s) failed - exiting", name);
+ 	  return(0);
+ 	}
+       login_close(lc);
+ #else        
+ 
  	if (setgid(verify->gid) < 0)
  	{
  	    LogError("setgid %d (user \"%s\") failed, errno=%d\n",
***************
*** 547,552 ****
--- 575,581 ----
  		     verify->uid, name, errno);
  	    return (0);
  	}
+ #endif /* FreeBSD */        
  #endif /* AIXV3 */
  
  	/*