Commit 26238518 authored by Brian Cameron's avatar Brian Cameron

Fix so that if timed login script returns an invalid user, timed login is

        * daemon/slave.c, daemon/verify-crypt.c, daemon/verify-pam.c,
          daemon/verify-shadow.c, gui/gdmcommon.c: Fix so that if
          timed login script returns an invalid user, timed login is
          not turned on.  Fixes bug #340148.  Patch by Andrew
          (andrewz@springsrescuemission.org).
        * gui/gdmuser.c: Fix gdm_is_user_valid so it is more simple,
          like implemented in daemon/slave.c by Andrew.
parent 4d886c3c
2006-09-26 Brian Cameron <brian.cameron@sun.com>
* daemon/slave.c, daemon/verify-crypt.c, daemon/verify-pam.c,
daemon/verify-shadow.c, gui/gdmcommon.c: Fix so that if
timed login script returns an invalid user, timed login is
not turned on. Fixes bug #340148. Patch by Andrew
(andrewz@springsrescuemission.org).
* gui/gdmuser.c: Fix gdm_is_user_valid so it is more simple,
like implemented in daemon/slave.c by Andrew.
2006-09-23 Brian Cameron <brian.cameron@sun.com>
* gui/gdmflexiserver.c: Add g_type_init() since this is needed
......
......@@ -184,6 +184,8 @@ static void restart_the_greeter (void);
static gboolean gdm_can_i_assume_root_role (struct passwd *pwent);
#endif
gboolean gdm_is_user_valid (const char *username);
/* Yay thread unsafety */
static gboolean x_error_occurred = FALSE;
static gboolean gdm_got_ack = FALSE;
......@@ -5476,7 +5478,20 @@ gdm_parse_enriched_login (const gchar *s, GdmDisplay *display)
}
}
return g_string_free (str, FALSE);
if (!ve_string_empty(str->str) && gdm_is_user_valid(str->str))
return g_string_free (str, FALSE);
else
{
/* "If an empty or otherwise invalid username is returned [by the script]
* automatic login [and timed login] is not performed." -- GDM manual
*/
/* fixme: also turn off automatic login */
gdm_set_value_bool(GDM_KEY_TIMED_LOGIN_ENABLE, FALSE);
d->timed_login_ok = FALSE;
do_timed_login = FALSE;
g_string_free(str, TRUE);
return NULL;
}
}
static void
......@@ -5660,4 +5675,11 @@ gdm_can_i_assume_root_role (struct passwd *pwent)
}
#endif /* HAVE_TSOL */
/* gdm_is_user_valid() mostly copied from gui/gdmuser.c */
gboolean
gdm_is_user_valid (const char *username)
{
return (NULL != getpwnam (username));
}
/* EOF */
......@@ -108,7 +108,7 @@ gdm_verify_user (GdmDisplay *d,
gint reEnter, ret;
#endif
if (local)
if (local && d->timed_login_ok)
gdm_slave_greeter_ctl_no_ret (GDM_STARTTIMER, "");
if (username == NULL) {
......
......@@ -827,6 +827,7 @@ verify_user_again:
/* start the timer for timed logins */
if ( ! ve_string_empty (gdm_get_value_string (GDM_KEY_TIMED_LOGIN)) &&
d->timed_login_ok &&
(local || gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_AUTOLOGIN))) {
gdm_slave_greeter_ctl_no_ret (GDM_STARTTIMER, "");
started_timer = TRUE;
......
......@@ -107,7 +107,7 @@ gdm_verify_user (GdmDisplay *d, const char *username, const gchar *display, gboo
gint reEnter, ret;
#endif
if (local)
if (local && d->timed_login_ok)
gdm_slave_greeter_ctl_no_ret (GDM_STARTTIMER, "");
if (username == NULL) {
......
......@@ -1182,6 +1182,21 @@ PostSession/
</listitem>
</varlistentry>
<varlistentry>
<term>SupportAutomount</term>
<listitem>
<synopsis>SupportAutomount=false</synopsis>
<para>
By default GDM checks the ownership of the home directories
before writing to them, this prevents security issues in case
of bad setup. However, when home directories are managed by
automounter, they are often not mounted before they are
accessed. This option works around subtleties of Linux
automounter.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>DisallowTCP</term>
<listitem>
......
......@@ -1640,6 +1640,21 @@ PostSession/
</listitem>
</varlistentry>
<varlistentry>
<term>SupportAutomount</term>
<listitem>
<synopsis>SupportAutomount=false</synopsis>
<para>
By default GDM checks the ownership of the home directories
before writing to them, this prevents security issues in case
of bad setup. However, when home directories are managed by
automounter, they are often not mounted before they are
accessed. This option works around subtleties of Linux
automounter.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>DisallowTCP</term>
<listitem>
......
......@@ -286,12 +286,7 @@ setup_user (struct passwd *pwent,
gboolean
gdm_is_user_valid (const char *username)
{
struct passwd *pwent;
pwent = getpwnam (username);
if (pwent != NULL)
return TRUE;
return FALSE;
return (NULL != getpwnam (username));
}
void
......
......@@ -210,7 +210,8 @@ greeter_item_is_visible (GreeterItemInfo *info)
return FALSE;
if (( ! gdm_config_get_bool (GDM_KEY_TIMED_LOGIN_ENABLE) ||
ve_string_empty (gdm_config_get_string (GDM_KEY_TIMED_LOGIN))) &&
ve_string_empty (gdm_config_get_string (GDM_KEY_TIMED_LOGIN)) ||
NULL == g_getenv("GDM_TIMED_LOGIN_OK")) &&
(info->show_type != NULL &&
strcmp (info->show_type, "timed") == 0))
return FALSE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment