Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
pam
pam-xauth_ownership.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pam-xauth_ownership.patch of Package pam
Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c =================================================================== --- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c +++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c @@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh, char *cookiefile = NULL, *xauthority = NULL, *cookie = NULL, *display = NULL, *tmp = NULL, *xauthlocalhostname = NULL; - const char *user, *xauth = NULL; + const char *user, *xauth = NULL, *login_name; struct passwd *tpwd, *rpwd; int fd, i, debug = 0; int retval = PAM_SUCCESS; - uid_t systemuser = 499, targetuser = 0; + uid_t systemuser = 499, targetuser = 0, uid; + gid_t gid; + struct stat st; /* Parse arguments. We don't understand many, so no sense in breaking * this into a separate function. */ @@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh, retval = PAM_SESSION_ERR; goto cleanup; } - rpwd = pam_modutil_getpwuid(pamh, getuid()); + + login_name = pam_modutil_getlogin(pamh); + if (login_name == NULL) { + login_name = ""; + } + if (*login_name) + rpwd = pam_modutil_getpwnam(pamh, login_name); + else + rpwd = pam_modutil_getpwuid(pamh, getuid()); + if (rpwd == NULL) { pam_syslog(pamh, LOG_ERR, "error determining invoking user's name"); @@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh, cookiefile); } + /* Get owner and group of the cookiefile */ + uid = getuid(); + gid = getgid(); + if (stat(cookiefile, &st) == 0) { + uid = st.st_uid; + gid = st.st_gid; + } + /* Read the user's .Xauthority file. Because the current UID is * the original user's UID, this will only fail if something has * gone wrong, or we have no cookies. */ if (debug) { pam_syslog(pamh, LOG_DEBUG, - "running \"%s %s %s %s %s\" as %lu/%lu", - xauth, "-f", cookiefile, "nlist", display, - (unsigned long) getuid(), (unsigned long) getgid()); + "running \"%s %s %s %s %s %s\" as %lu/%lu", + xauth, "-i", "-f", cookiefile, "nlist", display, + (unsigned long) uid, (unsigned long) gid); } if (run_coprocess(pamh, NULL, &cookie, - getuid(), getgid(), - xauth, "-f", cookiefile, "nlist", display, + uid, gid, + xauth, "-i", "-f", cookiefile, "nlist", display, NULL) == 0) { #ifdef WITH_SELINUX security_context_t context = NULL; @@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh, cookiefile, "nlist", t, - (unsigned long) getuid(), - (unsigned long) getgid()); + (unsigned long) uid, + (unsigned long) gid); } run_coprocess(pamh, NULL, &cookie, - getuid(), getgid(), - xauth, "-f", cookiefile, + uid, gid, + xauth, "-i", "-f", cookiefile, "nlist", t, NULL); } free(t); @@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh, goto cleanup; } + if (debug) { + pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'", + xauthority); + } /* Set the new variable in the environment. */ if (pam_putenv (pamh, xauthority) != PAM_SUCCESS) pam_syslog(pamh, LOG_ERR, "can't set environment variable '%s'", xauthority); putenv (xauthority); /* The environment owns this string now. */ - xauthority = NULL; /* Don't free environment variables. */ + /* Don't free environment variables nor set them to NULL. */ /* set $DISPLAY in pam handle to make su - work */ {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor