Commit bf2d3e2c authored by Jiri (George) Lebl's avatar Jiri (George) Lebl Committed by George Lebl

Fixup enviroment issues. Clear the environment before running a session

Mon Apr 23 22:04:24 2001  George Lebl <jirka@5z.com>

	* configure.in, acconfig.h, daemon/auth.c, daemon/misc.[ch],
	  daemon/slave.c, daemon/verify.h,
	  daemon/verify-(pam|crypt|shadow).h:  Fixup enviroment issues.
	  Clear the environment before running a session and before launching
	  the greeter (taking care to save the localisation vars).  Also
	  don't set user env on the slave and leave it, if we set it it's
	  only temporary.  Also fix one possible crash by strduping the
	  pam env since that will go away and putenv doesn't strdup.
parent 7a1cc044
Mon Apr 23 22:04:24 2001 George Lebl <jirka@5z.com>
* configure.in, acconfig.h, daemon/auth.c, daemon/misc.[ch],
daemon/slave.c, daemon/verify.h,
daemon/verify-(pam|crypt|shadow).h: Fixup enviroment issues.
Clear the environment before running a session and before launching
the greeter (taking care to save the localisation vars). Also
don't set user env on the slave and leave it, if we set it it's
only temporary. Also fix one possible crash by strduping the
pam env since that will go away and putenv doesn't strdup.
Mon Apr 23 20:16:07 2001 George Lebl <jirka@5z.com>
* configure.in: when we find libwrap.a instead of specifying that
......
......@@ -11,3 +11,6 @@
#undef HAVE_SHADOW
#undef HAVE_CRYPT
#undef HAVE_LIBXINERAMA
#undef HAVE_SETENV
#undef HAVE_UNSETENV
#undef HAVE_CLEARENV
......@@ -40,7 +40,7 @@ ALL_LINGUAS="az ca cs da de el es et fi fr ga gl hu it ja ko lt nl nn no pl pt_B
dnl AM_GNOME_GETTEXT
AM_GNU_GETTEXT
AC_CHECK_FUNCS([setenv unsetenv])
AC_CHECK_FUNCS([setenv unsetenv clearenv])
# TCP Wrappers for XDMCP access control
AC_MSG_CHECKING("whether to use TCP wrappers")
......
......@@ -285,7 +285,6 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, gchar *homedir)
fclose (af);
XauUnlockAuth (d->userauth);
gdm_setenv ("XAUTHORITY", d->userauth);
gdm_debug ("gdm_auth_user_add: Done");
......
......@@ -30,6 +30,8 @@ static const gchar RCSid[]="$Id$";
extern gchar *GdmPidFile;
extern gboolean GdmDebug;
extern char **environ;
/**
* gdm_fail:
......@@ -250,4 +252,39 @@ gdm_unsetenv (const gchar *var)
}
#endif
void
gdm_clearenv (void)
{
#ifdef HAVE_CLEARENV
clearenv ();
#else
environ[0] = NULL;
#endif
}
/* clear environment, but keep the i18n ones,
* note that this leak memory so only use before exec */
void
gdm_clearenv_no_lang (void)
{
int i;
GList *li, *envs = NULL;
for (i = 0; environ[i] != NULL; i++) {
char *env = environ[i];
if (strncmp (env, "LC_", 3) == 0 ||
strncmp (env, "LANG", 4) == 0 ||
strncmp (env, "LINGUAS", 7) == 0)
envs = g_list_prepend (envs, g_strdup (env));
}
gdm_clearenv ();
for (li = envs; li != NULL; li = li->next) {
putenv (li->data);
}
g_list_free (envs);
}
/* EOF */
......@@ -39,6 +39,12 @@ gint gdm_setenv (const gchar *var, const gchar *value);
gint gdm_unsetenv (const gchar *var);
#endif
void gdm_clearenv (void);
/* clear environment, but keep the i18n ones (LANG, LC_ALL, etc...),
* note that this leak memory so only use before exec */
void gdm_clearenv_no_lang (void);
#endif /* GDM_MISC_H */
/* EOF */
......@@ -308,6 +308,7 @@ gdm_slave_greeter (void)
if (setuid (GdmUserId) < 0)
gdm_slave_exit (DISPLAY_ABORT, _("gdm_slave_greeter: Couldn't set userid to %d"), GdmUserId);
gdm_clearenv_no_lang ();
gdm_setenv ("XAUTHORITY", d->authfile);
gdm_setenv ("DISPLAY", d->name);
gdm_setenv ("HOME", "/"); /* Hack */
......@@ -460,36 +461,26 @@ gdm_slave_session_start (void)
if (GdmKillInitClients)
gdm_server_whack_clients (d);
/* Prepare user session */
/* setup some env for PreSession script */
gdm_setenv ("DISPLAY", d->name);
gdm_setenv ("LOGNAME", login);
gdm_setenv ("USER", login);
gdm_setenv ("USERNAME", login);
gdm_setenv ("HOME", pwent->pw_dir);
gdm_setenv ("GDMSESSION", session);
gdm_setenv ("SHELL", pwent->pw_shell);
gdm_unsetenv ("MAIL"); /* Unset $MAIL for broken shells */
/* Special PATH for root */
if (pwent->pw_uid == 0)
gdm_setenv ("PATH", GdmRootPath);
else
gdm_setenv ("PATH", GdmDefaultPath);
/* Set locale */
if (strcasecmp (language, "english") == 0) {
gdm_setenv ("LANG", "C");
gdm_setenv ("GDM_LANG", "C");
} else {
gdm_setenv ("LANG", language);
gdm_setenv ("GDM_LANG", language);
}
/* If script fails reset X server and restart greeter */
if (gdm_slave_exec_script (d, GdmPreSession) != EXIT_SUCCESS)
gdm_slave_exit (DISPLAY_REMANAGE,
_("gdm_slave_session_start: Execution of PreSession script returned > 0. Aborting."));
/* set things back to moi, for lack of confusion */
gdm_setenv ("LOGNAME", GdmUser);
gdm_setenv ("USER", GdmUser);
gdm_setenv ("USERNAME", GdmUser);
gdm_setenv ("HOME", "/");
gdm_setenv ("SHELL", "/bin/sh");
/* Setup cookie -- We need this information during cleanup, thus
* cookie handling is done before fork()ing */
......@@ -517,6 +508,40 @@ gdm_slave_session_start (void)
gdm_slave_exit (DISPLAY_ABORT, _("gdm_slave_session_start: Error forking user session"));
case 0:
gdm_clearenv ();
/* Prepare user session */
gdm_setenv ("XAUTHORITY", d->userauth);
gdm_setenv ("DISPLAY", d->name);
gdm_setenv ("LOGNAME", login);
gdm_setenv ("USER", login);
gdm_setenv ("USERNAME", login);
gdm_setenv ("HOME", pwent->pw_dir);
gdm_setenv ("GDMSESSION", session);
gdm_setenv ("SHELL", pwent->pw_shell);
#if 0
gdm_unsetenv ("MAIL"); /* Unset $MAIL for broken shells */
#endif
/* Special PATH for root */
if (pwent->pw_uid == 0)
gdm_setenv ("PATH", GdmRootPath);
else
gdm_setenv ("PATH", GdmDefaultPath);
/* Set locale */
if (strcasecmp (language, "english") == 0) {
gdm_setenv ("LANG", "C");
gdm_setenv ("GDM_LANG", "C");
} else {
gdm_setenv ("LANG", language);
gdm_setenv ("GDM_LANG", language);
}
/* setup the verify env vars */
gdm_verify_env_setup ();
setpgid (0, 0);
umask (022);
......@@ -641,7 +666,7 @@ gdm_slave_session_stop (pid_t sesspid)
seteuid (pwent->pw_uid);
gdm_auth_user_remove (d, pwent->pw_uid);
seteuid (0);
setegid (GdmGroupId);
}
......@@ -841,7 +866,10 @@ gdm_slave_exec_script (GdmDisplay *d, gchar *dir)
switch (pid = fork()) {
case 0:
gdm_setenv ("XAUTHORITY", d->authfile);
gdm_setenv ("DISPLAY", d->name);
gdm_setenv ("PATH", GdmRootPath);
gdm_unsetenv ("MAIL");
argv = g_strsplit (scr, argdelim, MAX_ARGS);
execv (argv[0], argv);
syslog (LOG_ERR, _("gdm_slave_exec_script: Failed starting: %s"), scr);
......
......@@ -143,4 +143,10 @@ gdm_verify_check (void)
{
}
/* used in pam */
void
gdm_verify_env_setup (void)
{
}
/* EOF */
......@@ -132,7 +132,6 @@ gdm_verify_user (const gchar *display)
{
gint pamerr;
gchar *login;
gchar **pamenv;
struct passwd *pwent;
gboolean error_msg_given = FALSE;
......@@ -210,14 +209,6 @@ gdm_verify_user (const gchar *display)
goto pamerr;
}
/* Migrate any PAM env. variables to the user's environment */
if ((pamenv = pam_getenvlist (pamh))) {
gint i;
for (i = 0 ; pamenv[i] ; i++)
putenv (pamenv[i]);
}
return login;
pamerr:
......@@ -250,7 +241,6 @@ void
gdm_verify_setup_user (const gchar *login, const gchar *display)
{
gint pamerr;
gchar **pamenv;
if (!login)
return;
......@@ -293,14 +283,6 @@ gdm_verify_setup_user (const gchar *login, const gchar *display)
goto setup_pamerr;
}
/* Migrate any PAM env. variables to the user's environment */
if ((pamenv = pam_getenvlist (pamh))) {
gint i;
for (i = 0 ; pamenv[i] ; i++)
putenv (pamenv[i]);
}
return;
setup_pamerr:
......@@ -352,5 +334,20 @@ gdm_verify_check (void)
gdm_fail (_("gdm_verify_check: Can't find PAM configuration file for gdm"));
}
/* used in pam */
void
gdm_verify_env_setup (void)
{
gchar **pamenv;
/* Migrate any PAM env. variables to the user's environment */
if ((pamenv = pam_getenvlist (pamh))) {
gint i;
for (i = 0 ; pamenv[i] ; i++) {
putenv (g_strdup (pamenv[i]));
}
}
}
/* EOF */
......@@ -154,4 +154,10 @@ gdm_verify_check (void)
{
}
/* used in pam */
void
gdm_verify_env_setup (void)
{
}
/* EOF */
......@@ -24,6 +24,8 @@
gchar *gdm_verify_user (const gchar *display);
void gdm_verify_cleanup (void);
void gdm_verify_check (void);
/* used in pam */
void gdm_verify_env_setup (void);
void gdm_verify_setup_user (const gchar *login, const gchar *display) ;
#endif /* GDM_VERIFY_H */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment