Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Jan 1998 09:54:15 -0500 (EST)
From:      Ted Buswell <tbuswell@mediaone.net>
To:        hackers@FreeBSD.ORG
Subject:   xdm & login.conf limits.
Message-ID:  <199801221454.JAA12582@tbuswell.ne.mediaone.net>

next in thread | raw e-mail | index | archive | help

A couple of days ago, there was some discussion of problems stemming
from the fact that logging in via XDM didn't result in the same
set of user limits that you get when logging in via a console.

I've written a simple patch to apply to the XFree86 3.3.1 source
for xdm which remedies that [uses setusercontext()].

If someone [I don't] who exercises the different methods of
authentication were to add to this patch (probably by modifying
xdm/verify.c), we might have something worth giving to XFree86 for
incorporation in future releases.

To try it out, grab the xdm source directory from 
ftp://ftp.xfree86.org:/pub/XFree86/3.3.1/untarred/xc/programs/xdm.tar.gz
and apply the attached patch within the xdm directory; then just
'xmkmf -a; make'

-Ted

diff -r -b -C 3 ../xdm.orig/Imakefile ./Imakefile
*** ../xdm.orig/Imakefile	Wed Aug  6 10:20:35 1997
--- ./Imakefile	Wed Jan 21 21:41:22 1998
***************
*** 89,94 ****
--- 89,102 ----
  #endif
  #endif
  
+ #if defined(FreeBSDArchitecture)
+ #if (OSMajorVersion > 2) || ((OSMajorVersion == 2) && (OSMinorVersion >= 2))
+ XCOMM Use <login_cap.h> on FreeBSD 2.2.2 and beyond.
+ LOGIN_DEFINES= -DUSE_LOGINCAP
+ SYS_LIBRARIES1 = -lutil
+ #endif
+ #endif
+ 
  #if defined(UltrixArchitecture)
  SYS_LIBRARIES1 = -lauth
  #endif
***************
*** 180,186 ****
          DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
  		$(SIGNAL_DEFINES) \
  		$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \
! 		$(PWD_DEFINES) $(CONN_DEFINES) \
  		$(GREET_DEFINES) $(FRAGILE_DEFINES) \
  		-DOSMAJORVERSION=$(OSMAJORVERSION) \
  		-DOSMINORVERSION=$(OSMINORVERSION) \
--- 188,194 ----
          DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
  		$(SIGNAL_DEFINES) \
  		$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \
! 		$(PWD_DEFINES) $(CONN_DEFINES) $(LOGIN_DEFINES) \
  		$(GREET_DEFINES) $(FRAGILE_DEFINES) \
  		-DOSMAJORVERSION=$(OSMAJORVERSION) \
  		-DOSMINORVERSION=$(OSMINORVERSION) \
diff -r -b -C 3 ../xdm.orig/session.c ./session.c
*** ../xdm.orig/session.c	Thu Dec 26 22:11:50 1996
--- ./session.c	Wed Jan 21 21:49:50 1998
***************
*** 56,61 ****
--- 56,66 ----
  # include <krb5/krb5.h>
  #endif
  
+ #ifdef USE_LOGINCAP
+ #include <login_cap.h>
+ #include <pwd.h>
+ #endif
+ 
  #ifndef GREET_USER_STATIC
  #include <dlfcn.h>
  #ifndef RTLD_NOW
***************
*** 494,499 ****
--- 499,508 ----
      char	**f, *home, *getEnv ();
      char	*failsafeArgv[2];
      int	pid;
+ #ifdef USE_LOGINCAP
+     struct passwd *pwd;
+     login_cap_t *lc;
+ #endif
  
      if (verify->argv) {
  	Debug ("StartSession %s: ", verify->argv[0]);
***************
*** 523,528 ****
--- 532,556 ----
  	    return (0);
  	}
  #else /* AIXV3 */
+ 
+ #ifdef USE_LOGINCAP
+ 	pwd = getpwnam(name);
+ 	if( ! pwd ) {
+ 	  LogError("unable to getpwnam(%s)", name);
+ 	  return(0);
+ 	}
+ 	lc = login_getpwclass( pwd );
+ 	if( ! lc ) {
+ 	  LogError("unable to login_getuserclass(%s)", name);
+ 	  return(0);
+ 	}
+ 	if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) {
+ 	  LogError("setusercontext(%s) failed - exiting", name);
+ 	  return(0);
+ 	}
+       login_close(lc);
+ #else        
+ 
  	if (setgid(verify->gid) < 0)
  	{
  	    LogError("setgid %d (user \"%s\") failed, errno=%d\n",
***************
*** 547,552 ****
--- 575,581 ----
  		     verify->uid, name, errno);
  	    return (0);
  	}
+ #endif /* FreeBSD */        
  #endif /* AIXV3 */
  
  	/*



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801221454.JAA12582>