From d9b712775c5f1962d3490b43465537c3e28a8c49 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 20 Oct 2005 17:01:06 +0000 Subject: Relevant BUGIDs: Red Hat bz 171164 Purpose of commit: new feature Commit summary: --------------- 2005-10-20 Tomas Mraz * configure.in: Added check for xauth binary and --with-xauth option. * config.h.in: Added configurable PAM_PATH_XAUTH. * modules/pam_xauth/README, modules/pam_xauth/pam_xauth.8: Document where xauth is looked for. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement searching xauth binary on multiple places. (run_coprocess): Don't use execvp as it can be a security risk. --- modules/pam_xauth/pam_xauth.c | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) (limited to 'modules/pam_xauth/pam_xauth.c') diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index a830010d..886b2f88 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -58,12 +58,21 @@ #include #define DATANAME "pam_xauth_cookie_file" -#define XAUTHBIN "/usr/X11R6/bin/xauth" #define XAUTHENV "XAUTHORITY" #define HOMEENV "HOME" #define XAUTHDEF ".Xauthority" #define XAUTHTMP ".xauthXXXXXX" +/* Possible paths to xauth executable */ +static const char * const xauthpaths[] = { +#ifdef PAM_PATH_XAUTH + PAM_PATH_XAUTH, +#endif + "/usr/X11R6/bin/xauth", + "/usr/bin/xauth", + "/usr/bin/X11/xauth" +}; + /* Run a given command (with a NULL-terminated argument list), feeding it the * given input on stdin, and storing any output it generates. */ static int @@ -131,7 +140,7 @@ run_coprocess(const char *input, char **output, args[j] = strdup(tmp); } /* Run the command. */ - execvp(command, args); + execv(command, args); /* Never reached. */ exit(1); } @@ -276,10 +285,9 @@ int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - char xauthpath[] = XAUTHBIN; char *cookiefile = NULL, *xauthority = NULL, *cookie = NULL, *display = NULL, *tmp = NULL; - const char *user, *xauth = xauthpath; + const char *user, *xauth = NULL; struct passwd *tpwd, *rpwd; int fd, i, debug = 0; int retval = PAM_SUCCESS; @@ -321,6 +329,19 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, pam_syslog(pamh, LOG_WARNING, "unrecognized option `%s'", argv[i]); } + + if (xauth == NULL) { + for (i = 0; i < sizeof(xauthpaths)/sizeof(xauthpaths[0]); i++) { + if (access(xauthpaths[i], X_OK) == 0) { + xauth = xauthpaths[i]; + break; + } + } + if (xauth == NULL) { + /* xauth executable not found - nothing to do */ + return PAM_SUCCESS; + } + } /* If DISPLAY isn't set, we don't really care, now do we? */ if ((display = getenv("DISPLAY")) == NULL) { -- cgit v1.2.3