diff options
| author | Kean Johnson <kean@armory.com> | 2005-11-08 06:33:32 +0000 |
|---|---|---|
| committer | Kean Johnson <kean@armory.com> | 2005-11-08 06:33:32 +0000 |
| commit | 3834f880ba013be524cd5b4ce4ff75734742ad12 (patch) | |
| tree | 4bcccc7370254f205d8eb2fec4c64353a9640ab2 | |
| parent | d384b20b3d63f1b28d428f02746d5ec0c1e81a39 (diff) | |
See ChangeLog entry 2005-11-07 for details.XORG-6_8_99_903XORG-6_8_99_902
| -rw-r--r-- | auth.c | 59 | ||||
| -rw-r--r-- | chooser.c | 2 | ||||
| -rw-r--r-- | config/Xsession.cpp | 60 | ||||
| -rw-r--r-- | dm.c | 9 | ||||
| -rw-r--r-- | dm.h | 2 | ||||
| -rw-r--r-- | greeter/verify.c | 96 | ||||
| -rw-r--r-- | resource.c | 4 | ||||
| -rw-r--r-- | session.c | 44 | ||||
| -rw-r--r-- | util.c | 2 |
9 files changed, 229 insertions, 49 deletions
@@ -39,6 +39,7 @@ from The Open Group. */ #include <X11/X.h> +#include <X11/Xlibint.h> #include <sys/types.h> #include <sys/stat.h> @@ -58,8 +59,7 @@ from The Open Group. # include <netdnet/dnetdb.h> #endif -#if (defined(_POSIX_SOURCE) && !defined(AIXV3) && !defined(__QNX__)) || defined(hpux) || defined(USG) || defined(SVR4) || (defined(SYSV) && defined(i386)) -#define NEED_UTSNAME +#if defined(hpux) #include <sys/utsname.h> #endif @@ -73,9 +73,7 @@ from The Open Group. #ifdef SVR4 # include <netdb.h> -# ifndef SCO325 # include <sys/sockio.h> -# endif # include <sys/stropts.h> #endif #ifdef __convex__ @@ -685,11 +683,7 @@ static void DefineLocal (FILE *file, Xauth *auth) { char displayname[100]; - char tmp_displayname[100]; - - strcpy(tmp_displayname, ""); - - /* stolen from xinit.c */ + int len = _XGetHostname (displayname, sizeof(displayname)); /* Make sure this produces the same string as _XGetHostname in lib/X/XlibInt.c. * Otherwise, Xau will not be able to find your cookies in the Xauthority file. @@ -699,46 +693,29 @@ DefineLocal (FILE *file, Xauth *auth) * and so, you may be better off using gethostname (if it exists). */ -#ifdef NEED_UTSNAME - - /* hpux: - * Why not use gethostname()? Well, at least on my system, I've had to - * make an ugly kernel patch to get a name longer than 8 characters, and - * uname() lets me access to the whole string (it smashes release, you - * see), whereas gethostname() kindly truncates it for me. - */ - { - struct utsname name; - - uname(&name); - snprintf(displayname, sizeof(displayname), "%s", name.nodename); - } - writeAddr (FamilyLocal, strlen (displayname), displayname, file, auth); - - snprintf(tmp_displayname, sizeof(tmp_displayname), "%s", displayname); -#endif - -#if (!defined(NEED_UTSNAME) || defined (hpux)) - /* AIXV3: - * In AIXV3, _POSIX_SOURCE is defined, but uname gives only first - * field of hostname. Thus, we use gethostname instead. - */ - +#if defined(hpux) /* * For HP-UX, HP's Xlib expects a fully-qualified domain name, which * is achieved by using gethostname(). For compatability, we must - * also still create the entry using uname() above. + * also still create the entry using uname(). */ - gethostname(displayname, sizeof(displayname)); - + char tmp_displayname[100]; + struct utsname name; + + tmp_displayname[0] = 0; + uname(&name); + snprintf(tmp_displayname, sizeof(tmp_displayname), "%s", name.nodename); + writeAddr (FamilyLocal, strlen (tmp_displayname), tmp_displayname, + file, auth); + /* - * If gethostname and uname both returned the same name, - * do not write a duplicate entry. + * If _XGetHostname() returned the same value as uname(), don't + * write a duplicate entry. */ if (strcmp (displayname, tmp_displayname)) - writeAddr (FamilyLocal, strlen (displayname), displayname, - file, auth); #endif + + writeAddr (FamilyLocal, len, displayname, file, auth); } #ifdef HAS_GETIFADDRS @@ -75,7 +75,7 @@ in this Software without prior written authorization from The Open Group. #include <X11/extensions/Xinerama.h> #endif -#if defined(SVR4) && !defined(SCO325) +#if defined(SVR4) #include <sys/sockio.h> #endif #if defined(SVR4) && defined(PowerMAX_OS) diff --git a/config/Xsession.cpp b/config/Xsession.cpp new file mode 100644 index 0000000..6d4fabd --- /dev/null +++ b/config/Xsession.cpp @@ -0,0 +1,60 @@ +XCOMM!SHELL_CMD +XCOMM +XCOMM $Xorg: Xsession,v 1.4 2000/08/17 19:54:17 cpqbld Exp $ +XCOMM $XFree86: xc/programs/xdm/config/Xsession,v 1.2 1998/01/11 03:48:32 dawes Exp $ + +XCOMM redirect errors to a file in user's home directory if we can +for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER" +do + if ( cp /dev/null "$errfile" 2> /dev/null ) + then + chmod 600 "$errfile" + exec > "$errfile" 2>&1 + break + fi +done + +case $# in +1) + case $1 in + failsafe) + exec BINDIR/xterm -geometry 80x24-0-0 + ;; + esac +esac + +XCOMM The startup script is not intended to have arguments. + +startup=$HOME/.xsession +resources=$HOME/.Xresources + +if [ -s "$startup" ]; then + if [ -x "$startup" ]; then + exec "$startup" + else + exec /bin/sh "$startup" + fi +else + if [ -r "$resources" ]; then + BINDIR/xrdb -load "$resources" + fi +#if defined(__SCO__) || defined(__UNIXWARE__) + [ -r /etc/default/xdesktops ] && { + . /etc/default/xdesktops + } + + [ -r /etc/default/xdm ] && { + . /etc/default/xdm + } + + XCOMM Allow the user to over-ride the system default desktop + [ -r $HOME/.xdmdesktop ] && { + . $HOME/.xdmdesktop + } + + [ -n "$XDESKTOP" ] && { + exec `eval $XDESKTOP` + } +#endif + exec BINDIR/xsm +fi @@ -56,6 +56,9 @@ from The Open Group. #ifdef __NetBSD__ #include <sys/param.h> #endif +#ifdef USESECUREWARE +#include <prot.h> +#endif #ifndef sigmask #define sigmask(m) (1 << ((m - 1))) @@ -73,7 +76,7 @@ from The Open Group. #endif -#if defined(SVR4) && !defined(SCO) && !defined(sun) +#if defined(SVR4) && !defined(sun) extern FILE *fdopen(); #endif @@ -118,6 +121,10 @@ main (int argc, char **argv) TitleLen = (argv[argc - 1] + strlen(argv[argc - 1])) - Title; #endif +#ifdef USESECUREWARE + set_auth_parameters (argc, argv); +#endif + /* * Step 1 - load configuration parameters */ @@ -80,7 +80,7 @@ from The Open Group. #include <sys/wait.h> #else #define _POSIX_SOURCE -#ifdef SCO325 +#ifdef __SCO__ #include <sys/procset.h> #include <sys/siginfo.h> #endif diff --git a/greeter/verify.c b/greeter/verify.c index da0bf3d..47771ac 100644 --- a/greeter/verify.c +++ b/greeter/verify.c @@ -53,6 +53,9 @@ from The Open Group. # include <login_cap.h> # include <varargs.h> # include <bsd_auth.h> +#elif defined(USESECUREWARE) +# include <sys/types.h> +# include <prot.h> #endif # include "greet.h" @@ -291,7 +294,98 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) break; } } -#else /* !USE_BSDAUTH */ +#elif defined(USESECUREWARE) /* !USE_BSDAUTH */ +/* + * This is a global variable and will be referenced in at least session.c + */ +struct smp_user_info *userp = 0; + +int +Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) +{ + int ret, pwtries = 0, nis, delay; + char *reason = 0; + struct passwd *p; + char *shell, *home, **argv; + + Debug ("Verify %s ...\n", greet->name); + + p = getpwnam (greet->name); + endpwent(); + + if (!p || strlen (greet->name) == 0) { + LogError ("getpwnam() failed.\n"); + bzero(greet->password, strlen(greet->password)); + return 0; + } + + ret = smp_check_user (SMP_LOGIN, greet->name, 0, 0, &userp, &pwtries, + &reason, &nis, &delay); + if (ret != SMP_RETIRED && userp->retired) + ret = userp->result = SMP_RETIRED; + Debug ("smp_check_user returns %d\n", ret); + + switch (ret) { + case SMP_FAIL: + Debug ("Out of memory in smp_check_user\n"); + goto smp_fail; + case SMP_EXTFAIL: + Debug ("SMP_EXTFAIL: %s", reason); + goto smp_fail; + case SMP_NOTAUTH: + Debug ("Not authorized\n"); + goto smp_fail; + case SMP_TERMLOCK: + Debug ("Terminal is locked!\n"); + goto smp_fail; + case SMP_ACCTLOCK: + Debug ("Account is locked\n"); + goto smp_fail; + case SMP_RETIRED: + Debug ("Account is retired\n"); + goto smp_fail; + case SMP_OVERRIDE: + Debug ("On override device ... proceeding\n"); + break; + case SMP_NULLPW: + Debug ("NULL password entry\n"); + if (!greet->allow_null_passwd) { + goto smp_fail; + } + break; + case SMP_BADUSER: + Debug ("User not found in protected password database\n"); + goto smp_fail; + case SMP_PWREQ: + Debug ("Password change required\n"); + goto smp_fail; + case SMP_HASPW: + break; + default: + Debug ("Unhandled smp_check_user return %d\n", ret); +smp_fail: + sleep(delay); + smp_audit_fail (userp, 0); + bzero(greet->password, strlen(greet->password)); + return 0; + break; + } + + if (ret != SMP_NULLPW) { + /* + * If we require a password, check it. + */ + ret = smp_check_pw (greet->password, userp, &reason); + switch (ret) { + case SMP_CANCHANGE: + case SMP_CANTCHANGE: + case SMP_OVERRIDE: + break; + default: + goto smp_fail; + } + } +#else /* !USE_BSDAUTH && !USESECUREWARE */ int Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) { @@ -133,9 +133,13 @@ int choiceTimeout; /* chooser choice timeout */ #ifndef DEF_RANDOM_FILE #define DEF_RANDOM_FILE "/dev/mem" #endif +#ifdef __SCO__ +#define DEF_PRNGD_SOCKET "/etc/egd-pool" +#else #ifndef DEF_PRNGD_SOCKET #define DEF_PRNGD_SOCKET "/tmp/entropy" #endif +#endif #ifndef DEF_PRNGD_PORT #define DEF_PRNGD_PORT "0" #endif @@ -61,6 +61,10 @@ extern int key_setnet(struct key_netstarg *arg); # include <krb5/krb5.h> #endif +#ifdef __SCO__ +#include <prot.h> +#endif + #ifndef GREET_USER_STATIC # include <dlfcn.h> # ifndef RTLD_NOW @@ -70,7 +74,7 @@ extern int key_setnet(struct key_netstarg *arg); static int runAndWait (char **args, char **environ); -#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__) +#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__) || defined(__SCO__) # include <sys/types.h> # include <grp.h> #else @@ -88,7 +92,7 @@ extern struct spwd *getspnam(GETSPNAM_ARGS); extern void endspent(void); # endif #endif -#if defined(CSRG_BASED) || defined(__GLIBC__) || defined(USL) +#if defined(CSRG_BASED) || defined(__GLIBC__) || defined(__UNIXWARE__) || defined(__SCO__) # include <pwd.h> # include <unistd.h> #else @@ -534,6 +538,11 @@ StartClient ( pam_handle_t *pamh = thepamh (); int pam_error; #endif +#ifdef USESECUREWARE + char *reason, **smpenv, *smpshell; + int ret; + extern struct smp_user_info *userp; +#endif if (verify->argv) { Debug ("StartSession %s: ", verify->argv[0]); @@ -570,6 +579,35 @@ StartClient ( } #endif +#ifdef USESECUREWARE + Debug ("set_identity: uid=%d\n", userp->pw.pw_uid); + ret = smp_set_identity (userp, &reason, &smpenv, &smpshell); + Debug ("smp_set_identity returns %d luid=%d\n", ret, getluid()); + switch (ret) { + case SMP_FAIL: + LogError ("Unable to set identity\n"); + smp_audit_fail (userp, 0); + return 0; + case SMP_EXTFAIL: + LogError ("Unable to set identity: %s\n", reason); + smp_audit_fail (userp, 0); + return 0; + case SMP_NOTAUTH: + LogError ("Authorization failed\n"); + smp_audit_fail (userp, 0); + return 0; + case SMP_ACCTLOCK: + LogError ("Account is locked\n"); + smp_audit_fail (userp, 0); + return 0; + case SMP_COMPLETE: + break; + default: + LogError ("Unhandled identity error %d\n", ret); + smp_audit_fail (userp, 0); + return 0; + } +#endif #ifndef AIXV3 #ifndef HAS_SETUSERCONTEXT @@ -911,7 +949,7 @@ systemEnv (struct display *d, char *user, char *home) return env; } -#if (defined(Lynx) && !defined(HAS_CRYPT)) || defined(SCO) && !defined(SCO_USA) && !defined(_SCO_DS) +#if (defined(Lynx) && !defined(HAS_CRYPT)) char *crypt(char *s1, char *s2) { return(s2); @@ -245,7 +245,7 @@ CleanUpChild (void) setsid(); #else #if defined(SYSV) || defined(SVR4) || defined(__CYGWIN__) -#if !(defined(SVR4) && defined(i386)) || defined(SCO325) +#if !(defined(SVR4) && defined(i386)) setpgrp (); #endif #else |