Commit 44da90ee authored by Jiri (George) Lebl's avatar Jiri (George) Lebl Committed by George Lebl

Use BSD's setusercontext if found. If language is unset and there is no

Fri May 17 16:10:15 2002  George Lebl <jirka@5z.com>

	* daemon/misc.c, daemon/slave.c, configure.in, acconfig.h: Use BSD's
	  setusercontext if found.  If language is unset and there is no
	  saved preference then if we're using setusercontext don't reset
	  LANG so that the users login.conf preference takes over

	* daemon/gdm.h, gui/gdmlogin.c, gui/gdmsetup.c: Add a new key
	  greeter/MinimalUID which sets the minimal uid which is needed
	  to show up in the browser or the dropdown list in gdmsetup

	* daemon/gdmlogin.c: whack the "*" checking in the password field,
	  since we may get it normally
parent 65276a96
Fri May 17 16:10:15 2002 George Lebl <jirka@5z.com>
* daemon/misc.c, daemon/slave.c, configure.in, acconfig.h: Use BSD's
setusercontext if found. If language is unset and there is no
saved preference then if we're using setusercontext don't reset
LANG so that the users login.conf preference takes over
* daemon/gdm.h, gui/gdmlogin.c, gui/gdmsetup.c: Add a new key
greeter/MinimalUID which sets the minimal uid which is needed
to show up in the browser or the dropdown list in gdmsetup
* daemon/gdmlogin.c: whack the "*" checking in the password field,
since we may get it normally
Wed May 15 22:55:58 2002 Christophe Merlet <christophe@merlet.net>
* Makefile.am, config/Makefile.am: Added $DESTDIR variable.
......
......@@ -25,3 +25,4 @@
#undef EXPANDED_SYSCONFDIR
#undef EXPANDED_SESSDIR
#undef GETTEXT_PACKAGE
#undef HAVE_LOGINCAP
......@@ -293,6 +293,12 @@ fi
AC_SUBST(VRFY)
#
# Can we use BSD's setusercontext
#
AC_CHECK_HEADER(login_cap.h, [
LIBS="$LIBS -lutil"
AC_DEFINE(HAVE_LOGINCAP)])
#
# Xdmcp checking
......
......@@ -705,10 +705,11 @@ gdm_daemonify (void)
}
if (pid < 0)
gdm_fail (_("gdm_daemonify: fork() failed!"));
gdm_fail (_("%s: fork() failed!"), "gdm_daemonify");
if (setsid() < 0)
gdm_fail (_("gdm_daemonify: setsid() failed: %s!"), strerror(errno));
gdm_fail (_("%s: setsid() failed: %s!"), "gdm_daemonify",
strerror(errno));
chdir (GdmServAuthDir);
umask (022);
......
......@@ -194,6 +194,7 @@ enum {
#define GDM_KEY_BROWSER "greeter/Browser=false"
#define GDM_KEY_EXCLUDE "greeter/Exclude=bin,daemon,adm,lp,sync,shutdown,halt,mail,news,uucp,operator,nobody,gdm,postgres,pvm"
#define GDM_KEY_MINIMALUID "greeter/MinimalUID=100"
#define GDM_KEY_FACE "greeter/DefaultFace=" EXPANDED_PIXMAPDIR "nobody.png"
#define GDM_KEY_FACEDIR "greeter/GlobalFaceDir=" EXPANDED_DATADIR "/faces/"
#define GDM_KEY_ICON "greeter/Icon=" EXPANDED_PIXMAPDIR "/gdm.xpm"
......
......@@ -814,6 +814,8 @@ gdm_is_loopback_addr (struct in_addr *ia)
gboolean
gdm_setup_gids (const char *login, gid_t gid)
{
/* FIXME: perhaps for *BSD there should be setusercontext
* stuff here */
if (setgid (gid) < 0) {
gdm_error (_("Could not setgid %d. Aborting."), (int)gid);
return FALSE;
......
......@@ -26,6 +26,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#ifdef HAVE_LOGINCAP
#include <login_cap.h>
#endif
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
......@@ -2008,6 +2011,7 @@ session_child_run (struct passwd *pwent,
const char *session,
const char *save_session,
const char *language,
gboolean def_language,
const char *gnome_session,
gboolean usrcfgok,
gboolean savesess,
......@@ -2023,6 +2027,11 @@ session_child_run (struct passwd *pwent,
gdm_clearenv ();
if (setsid() < 0)
/* should never happen */
gdm_error (_("%s: setsid() failed: %s!"),
"session_child_run", strerror(errno));
/* Prepare user session */
gnome_setenv ("XAUTHORITY", d->userauth, TRUE);
gnome_setenv ("DISPLAY", d->name, TRUE);
......@@ -2050,10 +2059,6 @@ session_child_run (struct passwd *pwent,
language = unaliaslang (language);
}
/* Set locale */
gnome_setenv ("LANG", language, TRUE);
gnome_setenv ("GDM_LANG", language, TRUE);
setpgid (0, 0);
umask (022);
......@@ -2069,9 +2074,34 @@ session_child_run (struct passwd *pwent,
* not to leave the egid around */
setegid (pwent->pw_gid);
#ifdef HAVE_LOGINCAP
if (setusercontext (NULL, pwent, pwent->pw_uid,
LOGIN_SETLOGIN | LOGIN_SETPATH |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES |
LOGIN_SETUMASK | LOGIN_SETUSER) < 0)
gdm_child_exit (DISPLAY_REMANAGE,
_("%s: setusercontext() failed for %s. "
"Aborting."), "gdm_slave_session_start",
login);
/* A different language was selected, or taken from the saved
* prefs of the user */
if ( ! def_language) {
gnome_setenv ("LANG", language, TRUE);
gnome_setenv ("GDM_LANG", language, TRUE);
} else {
/* setusercontext sets up user languages */
gnome_setenv ("GDM_LANG", g_getenv ("LANG"), TRUE);
}
#else
if (setuid (pwent->pw_uid) < 0)
gdm_child_exit (DISPLAY_REMANAGE,
_("gdm_slave_session_start: Could not become %s. Aborting."), login);
/* Set locale */
gnome_setenv ("LANG", language, TRUE);
gnome_setenv ("GDM_LANG", language, TRUE);
#endif
chdir (home_dir);
......@@ -2259,6 +2289,7 @@ gdm_slave_session_start (void)
char *gnome_session = NULL;
gboolean savesess = FALSE, savelang = FALSE, savegnomesess = FALSE;
gboolean usrcfgok = FALSE, sessoptok = FALSE, authok = FALSE;
gboolean def_language = FALSE;
const char *home_dir = NULL;
gboolean home_dir_ok = FALSE;
pid_t pid;
......@@ -2392,12 +2423,13 @@ gdm_slave_session_start (void)
language = g_strdup (lang);
else
language = g_strdup (GdmDefaultLocale);
savelang = TRUE;
if (ve_string_empty (language)) {
g_free (language);
language = g_strdup ("C");
}
def_language = TRUE;
}
/* save this session as the users session */
......@@ -2499,6 +2531,7 @@ gdm_slave_session_start (void)
session,
save_session,
language,
def_language,
gnome_session,
usrcfgok,
savesess,
......
......@@ -109,6 +109,7 @@ static gchar *GdmSessionDir;
static gchar *GdmLocaleFile;
static gchar *GdmDefaultLocale;
static gchar *GdmExclude;
static int GdmMinimalUID;
static gchar *GdmGlobalFaceDir;
static gchar *GdmDefaultFace;
static gboolean GdmTimedLoginEnable;
......@@ -815,6 +816,7 @@ gdm_login_parse_config (void)
GdmBackgroundRemoteOnlyColor = gnome_config_get_bool (GDM_KEY_BACKGROUNDREMOTEONLYCOLOR);
GdmGtkRC = gnome_config_get_string (GDM_KEY_GTKRC);
GdmExclude = gnome_config_get_string (GDM_KEY_EXCLUDE);
GdmMinimalUID = gnome_config_get_int (GDM_KEY_MINIMALUID);
GdmGlobalFaceDir = gnome_config_get_string (GDM_KEY_FACEDIR);
GdmDefaultFace = gnome_config_get_string (GDM_KEY_FACE);
GdmDebug = gnome_config_get_bool (GDM_KEY_DEBUG);
......@@ -3419,7 +3421,7 @@ gdm_login_user_alloc (const gchar *logname, uid_t uid, const gchar *homedir)
static gboolean
gdm_login_check_exclude (struct passwd *pwent)
{
const char * const lockout_passes[] = { "*", "!!", NULL };
const char * const lockout_passes[] = { "!!", NULL };
gint i;
if ( ! GdmAllowRoot && pwent->pw_uid == 0)
......@@ -3428,6 +3430,9 @@ gdm_login_check_exclude (struct passwd *pwent)
if ( ! GdmAllowRemoteRoot && ! login_is_local && pwent->pw_uid == 0)
return TRUE;
if (pwent->pw_uid < GdmMinimalUID)
return TRUE;
for (i=0 ; lockout_passes[i] != NULL ; i++) {
if (strcmp (lockout_passes[i], pwent->pw_passwd) == 0) {
return TRUE;
......
......@@ -50,6 +50,7 @@ static gboolean DOING_GDM_DEVELOPMENT = FALSE;
static gboolean RUNNING_UNDER_GDM = FALSE;
static gboolean gdm_running = FALSE;
static int GdmMinimalUID = 100;
static GladeXML *xml;
......@@ -362,8 +363,7 @@ setup_user_combo (const char *name, const char *key)
pwent = getpwent();
while (pwent != NULL) {
/* FIXME: 100 is a pretty arbitrary constant */
if (pwent->pw_uid >= 100 &&
if (pwent->pw_uid >= GdmMinimalUID &&
strcmp (ve_sure_string (str), pwent->pw_name) != 0) {
users = g_list_append (users,
g_strdup (pwent->pw_name));
......@@ -1965,6 +1965,12 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
/* XXX: the setup proggie using a greeter config var for it's
* ui? Say it ain't so. Our config sections are SUCH A MESS */
gnome_config_push_prefix ("=" GDM_CONFIG_FILE "=/");
GdmMinimalUID = gnome_config_get_int (GDM_KEY_MINIMALUID);
gnome_config_pop_prefix ();
setup_gui ();
gtk_main ();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment