2011-10-25 Thorsten Kukuk <kukuk@thkukuk.de>

* release version 1.1.5 * configure.in: Bump version number. * modules/pam_tally2/pam_tally2.8.xml: Remove never used option "no_lock_time".
author: Thorsten Kukuk <kukuk@thkukuk.de> 2011-10-25 14:24:50 +0200
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2011-10-25 14:24:50 +0200
commit: fc772e7236a7aea9c9c26b0be2ee6f3ed8ae444a (patch)
tree: 3c0cad2f3bf8c592b5f2d4a9f9f25da0a807b062 /modules/pam_xauth/pam_xauth.c
parent: 109823cb621c900c07c4b6cdc99070d354d19444 (diff)
1 files changed, 27 insertions, 18 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index a64ae89f..88624b1c 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -459,24 +459,33 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		goto cleanup;
 	}
 
-	/* Check that both users are amenable to this.  By default, this
-	 * boils down to this policy:
-	 * export(ruser=root): only if <user> is listed in .xauth/export
-	 * export(ruser=*) if <user> is listed in .xauth/export, or
-	 *                 if .xauth/export does not exist
-	 * import(user=*): if <ruser> is listed in .xauth/import, or
-	 *                 if .xauth/import does not exist */
-	i = (getuid() != 0 || tpwd->pw_uid == 0) ? PAM_SUCCESS : PAM_PERM_DENIED;
-	i = check_acl(pamh, "export", rpwd->pw_name, user, i, debug);
-	if (i != PAM_SUCCESS) {
-		retval = PAM_SESSION_ERR;
-		goto cleanup;
-	}
-	i = PAM_SUCCESS;
-	i = check_acl(pamh, "import", user, rpwd->pw_name, i, debug);
-	if (i != PAM_SUCCESS) {
-		retval = PAM_SESSION_ERR;
-		goto cleanup;
+
+	/* If current user and the target user are the same, don't
+	   check the ACL list, but forward X11 */
+	if (strcmp (rpwd->pw_name, tpwd->pw_name) != 0) {
+
+	  /* Check that both users are amenable to this.  By default, this
+	   * boils down to this policy:
+	   * export(ruser=root): only if <user> is listed in .xauth/export
+	   * export(ruser=*) if <user> is listed in .xauth/export, or
+	   *                 if .xauth/export does not exist
+	   * import(user=*): if <ruser> is listed in .xauth/import, or
+	   *                 if .xauth/import does not exist */
+	  i = (getuid() != 0 || tpwd->pw_uid == 0) ? PAM_SUCCESS : PAM_PERM_DENIED;
+	  i = check_acl(pamh, "export", rpwd->pw_name, user, i, debug);
+	  if (i != PAM_SUCCESS) {
+	    retval = PAM_SESSION_ERR;
+	    goto cleanup;
+	  }
+	  i = PAM_SUCCESS;
+	  i = check_acl(pamh, "import", user, rpwd->pw_name, i, debug);
+	  if (i != PAM_SUCCESS) {
+	    retval = PAM_SESSION_ERR;
+	    goto cleanup;
+	  }
+	}  else {
+	  if (debug)
+	    pam_syslog (pamh, LOG_DEBUG, "current and target user are the same, forward X11");
 	}
 
 	/* Figure out where the source user's .Xauthority file is. */
author	Thorsten Kukuk <kukuk@thkukuk.de>	2011-10-25 14:24:50 +0200
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2011-10-25 14:24:50 +0200
commit	fc772e7236a7aea9c9c26b0be2ee6f3ed8ae444a (patch)
tree	3c0cad2f3bf8c592b5f2d4a9f9f25da0a807b062 /modules/pam_xauth/pam_xauth.c
parent	109823cb621c900c07c4b6cdc99070d354d19444 (diff)