diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:53:41 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 18:17:08 -0800 |
| commit | 212b52cf29c06cc209bc8ac0540dbab1acdf1464 (patch) | |
| tree | 58da0bf39f5c4122e4a1b4da20fdeea52b97a671 /modules/pam_xauth/pam_xauth.c | |
| parent | 9c52e721044e7501c3d4567b36d222dc7326224a (diff) | |
| parent | 56c8282d128fb484ffc77dff73abf42229b291d3 (diff) | |
New upstream version 1.1.0
Diffstat (limited to 'modules/pam_xauth/pam_xauth.c')
| -rw-r--r-- | modules/pam_xauth/pam_xauth.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 1135d4b7..bc72a8c1 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -118,6 +118,7 @@ run_coprocess(const char *input, char **output, size_t j; char *args[10]; const char *tmp; + int maxopened; /* Drop privileges. */ setgid(gid); setgroups(0, NULL); @@ -129,7 +130,8 @@ run_coprocess(const char *input, char **output, * descriptors. */ dup2(ipipe[0], STDIN_FILENO); dup2(opipe[1], STDOUT_FILENO); - for (i = 0; i < sysconf(_SC_OPEN_MAX); i++) { + maxopened = (int)sysconf(_SC_OPEN_MAX); + for (i = 0; i < maxopened; i++) { if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { close(i); } @@ -147,7 +149,7 @@ run_coprocess(const char *input, char **output, /* Run the command. */ execv(command, args); /* Never reached. */ - exit(1); + _exit(1); } /* We're the parent, so close the other ends of the pipes. */ @@ -278,7 +280,7 @@ check_acl(pam_handle_t *pamh, return noent_code; default: if (debug) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_DEBUG, "error opening %s: %m", path); } return PAM_PERM_DENIED; @@ -291,7 +293,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { char *cookiefile = NULL, *xauthority = NULL, - *cookie = NULL, *display = NULL, *tmp = NULL; + *cookie = NULL, *display = NULL, *tmp = NULL, + *xauthlocalhostname = NULL; const char *user, *xauth = NULL; struct passwd *tpwd, *rpwd; int fd, i, debug = 0; @@ -586,14 +589,30 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, if (asprintf(&d, "DISPLAY=%s", display) < 0) { - pam_syslog(pamh, LOG_DEBUG, "out of memory"); + pam_syslog(pamh, LOG_ERR, "out of memory"); cookiefile = NULL; retval = PAM_SESSION_ERR; goto cleanup; } if (pam_putenv (pamh, d) != PAM_SUCCESS) - pam_syslog (pamh, LOG_DEBUG, + pam_syslog (pamh, LOG_ERR, + "can't set environment variable '%s'", d); + free (d); + } + + /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ + if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) { + char *d; + + if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) { + pam_syslog(pamh, LOG_ERR, "out of memory"); + retval = PAM_SESSION_ERR; + goto cleanup; + } + + if (pam_putenv (pamh, d) != PAM_SUCCESS) + pam_syslog (pamh, LOG_ERR, "can't set environment variable '%s'", d); free (d); } |