Date: Thu, 22 Jan 1998 09:54:15 -0500 (EST) From: Ted Buswell <tbuswell@mediaone.net> To: hackers@FreeBSD.ORG Subject: xdm & login.conf limits. Message-ID: <199801221454.JAA12582@tbuswell.ne.mediaone.net>
next in thread | raw e-mail | index | archive | help
A couple of days ago, there was some discussion of problems stemming from the fact that logging in via XDM didn't result in the same set of user limits that you get when logging in via a console. I've written a simple patch to apply to the XFree86 3.3.1 source for xdm which remedies that [uses setusercontext()]. If someone [I don't] who exercises the different methods of authentication were to add to this patch (probably by modifying xdm/verify.c), we might have something worth giving to XFree86 for incorporation in future releases. To try it out, grab the xdm source directory from ftp://ftp.xfree86.org:/pub/XFree86/3.3.1/untarred/xc/programs/xdm.tar.gz and apply the attached patch within the xdm directory; then just 'xmkmf -a; make' -Ted diff -r -b -C 3 ../xdm.orig/Imakefile ./Imakefile *** ../xdm.orig/Imakefile Wed Aug 6 10:20:35 1997 --- ./Imakefile Wed Jan 21 21:41:22 1998 *************** *** 89,94 **** --- 89,102 ---- #endif #endif + #if defined(FreeBSDArchitecture) + #if (OSMajorVersion > 2) || ((OSMajorVersion == 2) && (OSMinorVersion >= 2)) + XCOMM Use <login_cap.h> on FreeBSD 2.2.2 and beyond. + LOGIN_DEFINES= -DUSE_LOGINCAP + SYS_LIBRARIES1 = -lutil + #endif + #endif + #if defined(UltrixArchitecture) SYS_LIBRARIES1 = -lauth #endif *************** *** 180,186 **** DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \ $(SIGNAL_DEFINES) \ $(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \ ! $(PWD_DEFINES) $(CONN_DEFINES) \ $(GREET_DEFINES) $(FRAGILE_DEFINES) \ -DOSMAJORVERSION=$(OSMAJORVERSION) \ -DOSMINORVERSION=$(OSMINORVERSION) \ --- 188,194 ---- DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \ $(SIGNAL_DEFINES) \ $(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \ ! $(PWD_DEFINES) $(CONN_DEFINES) $(LOGIN_DEFINES) \ $(GREET_DEFINES) $(FRAGILE_DEFINES) \ -DOSMAJORVERSION=$(OSMAJORVERSION) \ -DOSMINORVERSION=$(OSMINORVERSION) \ diff -r -b -C 3 ../xdm.orig/session.c ./session.c *** ../xdm.orig/session.c Thu Dec 26 22:11:50 1996 --- ./session.c Wed Jan 21 21:49:50 1998 *************** *** 56,61 **** --- 56,66 ---- # include <krb5/krb5.h> #endif + #ifdef USE_LOGINCAP + #include <login_cap.h> + #include <pwd.h> + #endif + #ifndef GREET_USER_STATIC #include <dlfcn.h> #ifndef RTLD_NOW *************** *** 494,499 **** --- 499,508 ---- char **f, *home, *getEnv (); char *failsafeArgv[2]; int pid; + #ifdef USE_LOGINCAP + struct passwd *pwd; + login_cap_t *lc; + #endif if (verify->argv) { Debug ("StartSession %s: ", verify->argv[0]); *************** *** 523,528 **** --- 532,556 ---- return (0); } #else /* AIXV3 */ + + #ifdef USE_LOGINCAP + pwd = getpwnam(name); + if( ! pwd ) { + LogError("unable to getpwnam(%s)", name); + return(0); + } + lc = login_getpwclass( pwd ); + if( ! lc ) { + LogError("unable to login_getuserclass(%s)", name); + return(0); + } + if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) { + LogError("setusercontext(%s) failed - exiting", name); + return(0); + } + login_close(lc); + #else + if (setgid(verify->gid) < 0) { LogError("setgid %d (user \"%s\") failed, errno=%d\n", *************** *** 547,552 **** --- 575,581 ---- verify->uid, name, errno); return (0); } + #endif /* FreeBSD */ #endif /* AIXV3 */ /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801221454.JAA12582>