summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKean Johnson <kean@armory.com>2005-11-08 06:33:32 +0000
committerKean Johnson <kean@armory.com>2005-11-08 06:33:32 +0000
commit3834f880ba013be524cd5b4ce4ff75734742ad12 (patch)
tree4bcccc7370254f205d8eb2fec4c64353a9640ab2
parentd384b20b3d63f1b28d428f02746d5ec0c1e81a39 (diff)
See ChangeLog entry 2005-11-07 for details.XORG-6_8_99_903XORG-6_8_99_902
-rw-r--r--auth.c59
-rw-r--r--chooser.c2
-rw-r--r--config/Xsession.cpp60
-rw-r--r--dm.c9
-rw-r--r--dm.h2
-rw-r--r--greeter/verify.c96
-rw-r--r--resource.c4
-rw-r--r--session.c44
-rw-r--r--util.c2
9 files changed, 229 insertions, 49 deletions
diff --git a/auth.c b/auth.c
index 7f20381..f12d923 100644
--- a/auth.c
+++ b/auth.c
@@ -39,6 +39,7 @@ from The Open Group.
*/
#include <X11/X.h>
+#include <X11/Xlibint.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -58,8 +59,7 @@ from The Open Group.
# include <netdnet/dnetdb.h>
#endif
-#if (defined(_POSIX_SOURCE) && !defined(AIXV3) && !defined(__QNX__)) || defined(hpux) || defined(USG) || defined(SVR4) || (defined(SYSV) && defined(i386))
-#define NEED_UTSNAME
+#if defined(hpux)
#include <sys/utsname.h>
#endif
@@ -73,9 +73,7 @@ from The Open Group.
#ifdef SVR4
# include <netdb.h>
-# ifndef SCO325
# include <sys/sockio.h>
-# endif
# include <sys/stropts.h>
#endif
#ifdef __convex__
@@ -685,11 +683,7 @@ static void
DefineLocal (FILE *file, Xauth *auth)
{
char displayname[100];
- char tmp_displayname[100];
-
- strcpy(tmp_displayname, "");
-
- /* stolen from xinit.c */
+ int len = _XGetHostname (displayname, sizeof(displayname));
/* Make sure this produces the same string as _XGetHostname in lib/X/XlibInt.c.
* Otherwise, Xau will not be able to find your cookies in the Xauthority file.
@@ -699,46 +693,29 @@ DefineLocal (FILE *file, Xauth *auth)
* and so, you may be better off using gethostname (if it exists).
*/
-#ifdef NEED_UTSNAME
-
- /* hpux:
- * Why not use gethostname()? Well, at least on my system, I've had to
- * make an ugly kernel patch to get a name longer than 8 characters, and
- * uname() lets me access to the whole string (it smashes release, you
- * see), whereas gethostname() kindly truncates it for me.
- */
- {
- struct utsname name;
-
- uname(&name);
- snprintf(displayname, sizeof(displayname), "%s", name.nodename);
- }
- writeAddr (FamilyLocal, strlen (displayname), displayname, file, auth);
-
- snprintf(tmp_displayname, sizeof(tmp_displayname), "%s", displayname);
-#endif
-
-#if (!defined(NEED_UTSNAME) || defined (hpux))
- /* AIXV3:
- * In AIXV3, _POSIX_SOURCE is defined, but uname gives only first
- * field of hostname. Thus, we use gethostname instead.
- */
-
+#if defined(hpux)
/*
* For HP-UX, HP's Xlib expects a fully-qualified domain name, which
* is achieved by using gethostname(). For compatability, we must
- * also still create the entry using uname() above.
+ * also still create the entry using uname().
*/
- gethostname(displayname, sizeof(displayname));
-
+ char tmp_displayname[100];
+ struct utsname name;
+
+ tmp_displayname[0] = 0;
+ uname(&name);
+ snprintf(tmp_displayname, sizeof(tmp_displayname), "%s", name.nodename);
+ writeAddr (FamilyLocal, strlen (tmp_displayname), tmp_displayname,
+ file, auth);
+
/*
- * If gethostname and uname both returned the same name,
- * do not write a duplicate entry.
+ * If _XGetHostname() returned the same value as uname(), don't
+ * write a duplicate entry.
*/
if (strcmp (displayname, tmp_displayname))
- writeAddr (FamilyLocal, strlen (displayname), displayname,
- file, auth);
#endif
+
+ writeAddr (FamilyLocal, len, displayname, file, auth);
}
#ifdef HAS_GETIFADDRS
diff --git a/chooser.c b/chooser.c
index 162e556..5436651 100644
--- a/chooser.c
+++ b/chooser.c
@@ -75,7 +75,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/Xinerama.h>
#endif
-#if defined(SVR4) && !defined(SCO325)
+#if defined(SVR4)
#include <sys/sockio.h>
#endif
#if defined(SVR4) && defined(PowerMAX_OS)
diff --git a/config/Xsession.cpp b/config/Xsession.cpp
new file mode 100644
index 0000000..6d4fabd
--- /dev/null
+++ b/config/Xsession.cpp
@@ -0,0 +1,60 @@
+XCOMM!SHELL_CMD
+XCOMM
+XCOMM $Xorg: Xsession,v 1.4 2000/08/17 19:54:17 cpqbld Exp $
+XCOMM $XFree86: xc/programs/xdm/config/Xsession,v 1.2 1998/01/11 03:48:32 dawes Exp $
+
+XCOMM redirect errors to a file in user's home directory if we can
+for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER"
+do
+ if ( cp /dev/null "$errfile" 2> /dev/null )
+ then
+ chmod 600 "$errfile"
+ exec > "$errfile" 2>&1
+ break
+ fi
+done
+
+case $# in
+1)
+ case $1 in
+ failsafe)
+ exec BINDIR/xterm -geometry 80x24-0-0
+ ;;
+ esac
+esac
+
+XCOMM The startup script is not intended to have arguments.
+
+startup=$HOME/.xsession
+resources=$HOME/.Xresources
+
+if [ -s "$startup" ]; then
+ if [ -x "$startup" ]; then
+ exec "$startup"
+ else
+ exec /bin/sh "$startup"
+ fi
+else
+ if [ -r "$resources" ]; then
+ BINDIR/xrdb -load "$resources"
+ fi
+#if defined(__SCO__) || defined(__UNIXWARE__)
+ [ -r /etc/default/xdesktops ] && {
+ . /etc/default/xdesktops
+ }
+
+ [ -r /etc/default/xdm ] && {
+ . /etc/default/xdm
+ }
+
+ XCOMM Allow the user to over-ride the system default desktop
+ [ -r $HOME/.xdmdesktop ] && {
+ . $HOME/.xdmdesktop
+ }
+
+ [ -n "$XDESKTOP" ] && {
+ exec `eval $XDESKTOP`
+ }
+#endif
+ exec BINDIR/xsm
+fi
diff --git a/dm.c b/dm.c
index 6f41dc4..61e212d 100644
--- a/dm.c
+++ b/dm.c
@@ -56,6 +56,9 @@ from The Open Group.
#ifdef __NetBSD__
#include <sys/param.h>
#endif
+#ifdef USESECUREWARE
+#include <prot.h>
+#endif
#ifndef sigmask
#define sigmask(m) (1 << ((m - 1)))
@@ -73,7 +76,7 @@ from The Open Group.
#endif
-#if defined(SVR4) && !defined(SCO) && !defined(sun)
+#if defined(SVR4) && !defined(sun)
extern FILE *fdopen();
#endif
@@ -118,6 +121,10 @@ main (int argc, char **argv)
TitleLen = (argv[argc - 1] + strlen(argv[argc - 1])) - Title;
#endif
+#ifdef USESECUREWARE
+ set_auth_parameters (argc, argv);
+#endif
+
/*
* Step 1 - load configuration parameters
*/
diff --git a/dm.h b/dm.h
index 7c60327..3eb586c 100644
--- a/dm.h
+++ b/dm.h
@@ -80,7 +80,7 @@ from The Open Group.
#include <sys/wait.h>
#else
#define _POSIX_SOURCE
-#ifdef SCO325
+#ifdef __SCO__
#include <sys/procset.h>
#include <sys/siginfo.h>
#endif
diff --git a/greeter/verify.c b/greeter/verify.c
index da0bf3d..47771ac 100644
--- a/greeter/verify.c
+++ b/greeter/verify.c
@@ -53,6 +53,9 @@ from The Open Group.
# include <login_cap.h>
# include <varargs.h>
# include <bsd_auth.h>
+#elif defined(USESECUREWARE)
+# include <sys/types.h>
+# include <prot.h>
#endif
# include "greet.h"
@@ -291,7 +294,98 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
break;
}
}
-#else /* !USE_BSDAUTH */
+#elif defined(USESECUREWARE) /* !USE_BSDAUTH */
+/*
+ * This is a global variable and will be referenced in at least session.c
+ */
+struct smp_user_info *userp = 0;
+
+int
+Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+{
+ int ret, pwtries = 0, nis, delay;
+ char *reason = 0;
+ struct passwd *p;
+ char *shell, *home, **argv;
+
+ Debug ("Verify %s ...\n", greet->name);
+
+ p = getpwnam (greet->name);
+ endpwent();
+
+ if (!p || strlen (greet->name) == 0) {
+ LogError ("getpwnam() failed.\n");
+ bzero(greet->password, strlen(greet->password));
+ return 0;
+ }
+
+ ret = smp_check_user (SMP_LOGIN, greet->name, 0, 0, &userp, &pwtries,
+ &reason, &nis, &delay);
+ if (ret != SMP_RETIRED && userp->retired)
+ ret = userp->result = SMP_RETIRED;
+ Debug ("smp_check_user returns %d\n", ret);
+
+ switch (ret) {
+ case SMP_FAIL:
+ Debug ("Out of memory in smp_check_user\n");
+ goto smp_fail;
+ case SMP_EXTFAIL:
+ Debug ("SMP_EXTFAIL: %s", reason);
+ goto smp_fail;
+ case SMP_NOTAUTH:
+ Debug ("Not authorized\n");
+ goto smp_fail;
+ case SMP_TERMLOCK:
+ Debug ("Terminal is locked!\n");
+ goto smp_fail;
+ case SMP_ACCTLOCK:
+ Debug ("Account is locked\n");
+ goto smp_fail;
+ case SMP_RETIRED:
+ Debug ("Account is retired\n");
+ goto smp_fail;
+ case SMP_OVERRIDE:
+ Debug ("On override device ... proceeding\n");
+ break;
+ case SMP_NULLPW:
+ Debug ("NULL password entry\n");
+ if (!greet->allow_null_passwd) {
+ goto smp_fail;
+ }
+ break;
+ case SMP_BADUSER:
+ Debug ("User not found in protected password database\n");
+ goto smp_fail;
+ case SMP_PWREQ:
+ Debug ("Password change required\n");
+ goto smp_fail;
+ case SMP_HASPW:
+ break;
+ default:
+ Debug ("Unhandled smp_check_user return %d\n", ret);
+smp_fail:
+ sleep(delay);
+ smp_audit_fail (userp, 0);
+ bzero(greet->password, strlen(greet->password));
+ return 0;
+ break;
+ }
+
+ if (ret != SMP_NULLPW) {
+ /*
+ * If we require a password, check it.
+ */
+ ret = smp_check_pw (greet->password, userp, &reason);
+ switch (ret) {
+ case SMP_CANCHANGE:
+ case SMP_CANTCHANGE:
+ case SMP_OVERRIDE:
+ break;
+ default:
+ goto smp_fail;
+ }
+ }
+#else /* !USE_BSDAUTH && !USESECUREWARE */
int
Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
{
diff --git a/resource.c b/resource.c
index cd84f03..2365d40 100644
--- a/resource.c
+++ b/resource.c
@@ -133,9 +133,13 @@ int choiceTimeout; /* chooser choice timeout */
#ifndef DEF_RANDOM_FILE
#define DEF_RANDOM_FILE "/dev/mem"
#endif
+#ifdef __SCO__
+#define DEF_PRNGD_SOCKET "/etc/egd-pool"
+#else
#ifndef DEF_PRNGD_SOCKET
#define DEF_PRNGD_SOCKET "/tmp/entropy"
#endif
+#endif
#ifndef DEF_PRNGD_PORT
#define DEF_PRNGD_PORT "0"
#endif
diff --git a/session.c b/session.c
index 66d7696..05aa1dc 100644
--- a/session.c
+++ b/session.c
@@ -61,6 +61,10 @@ extern int key_setnet(struct key_netstarg *arg);
# include <krb5/krb5.h>
#endif
+#ifdef __SCO__
+#include <prot.h>
+#endif
+
#ifndef GREET_USER_STATIC
# include <dlfcn.h>
# ifndef RTLD_NOW
@@ -70,7 +74,7 @@ extern int key_setnet(struct key_netstarg *arg);
static int runAndWait (char **args, char **environ);
-#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__)
+#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__) || defined(__SCO__)
# include <sys/types.h>
# include <grp.h>
#else
@@ -88,7 +92,7 @@ extern struct spwd *getspnam(GETSPNAM_ARGS);
extern void endspent(void);
# endif
#endif
-#if defined(CSRG_BASED) || defined(__GLIBC__) || defined(USL)
+#if defined(CSRG_BASED) || defined(__GLIBC__) || defined(__UNIXWARE__) || defined(__SCO__)
# include <pwd.h>
# include <unistd.h>
#else
@@ -534,6 +538,11 @@ StartClient (
pam_handle_t *pamh = thepamh ();
int pam_error;
#endif
+#ifdef USESECUREWARE
+ char *reason, **smpenv, *smpshell;
+ int ret;
+ extern struct smp_user_info *userp;
+#endif
if (verify->argv) {
Debug ("StartSession %s: ", verify->argv[0]);
@@ -570,6 +579,35 @@ StartClient (
}
#endif
+#ifdef USESECUREWARE
+ Debug ("set_identity: uid=%d\n", userp->pw.pw_uid);
+ ret = smp_set_identity (userp, &reason, &smpenv, &smpshell);
+ Debug ("smp_set_identity returns %d luid=%d\n", ret, getluid());
+ switch (ret) {
+ case SMP_FAIL:
+ LogError ("Unable to set identity\n");
+ smp_audit_fail (userp, 0);
+ return 0;
+ case SMP_EXTFAIL:
+ LogError ("Unable to set identity: %s\n", reason);
+ smp_audit_fail (userp, 0);
+ return 0;
+ case SMP_NOTAUTH:
+ LogError ("Authorization failed\n");
+ smp_audit_fail (userp, 0);
+ return 0;
+ case SMP_ACCTLOCK:
+ LogError ("Account is locked\n");
+ smp_audit_fail (userp, 0);
+ return 0;
+ case SMP_COMPLETE:
+ break;
+ default:
+ LogError ("Unhandled identity error %d\n", ret);
+ smp_audit_fail (userp, 0);
+ return 0;
+ }
+#endif
#ifndef AIXV3
#ifndef HAS_SETUSERCONTEXT
@@ -911,7 +949,7 @@ systemEnv (struct display *d, char *user, char *home)
return env;
}
-#if (defined(Lynx) && !defined(HAS_CRYPT)) || defined(SCO) && !defined(SCO_USA) && !defined(_SCO_DS)
+#if (defined(Lynx) && !defined(HAS_CRYPT))
char *crypt(char *s1, char *s2)
{
return(s2);
diff --git a/util.c b/util.c
index cea100c..442c7ee 100644
--- a/util.c
+++ b/util.c
@@ -245,7 +245,7 @@ CleanUpChild (void)
setsid();
#else
#if defined(SYSV) || defined(SVR4) || defined(__CYGWIN__)
-#if !(defined(SVR4) && defined(i386)) || defined(SCO325)
+#if !(defined(SVR4) && defined(i386))
setpgrp ();
#endif
#else