gdm r6628 - in branches/gnome-2-20: . daemon

[bcameron svn gnome org]

Author: bcameron
Date: Wed Dec 10 07:41:34 2008
New Revision: 6628
URL: http://svn.gnome.org/viewvc/gdm?rev=6628&view=rev

Log:
2008-12-10 Brian Cameron <brian cameron sun com>

        * daemon/verify-pam.c: Correct processing of CONSOLE and PASSREQ
          /etc/default/login parameters so they are checked each time a
          user logs in, and the latest value honored.  The previous code
          would not unset the setting even if you modified the
          /etc/default/login file


Modified:
   branches/gnome-2-20/ChangeLog
   branches/gnome-2-20/daemon/verify-pam.c

Modified: branches/gnome-2-20/daemon/verify-pam.c
==============================================================================
--- branches/gnome-2-20/daemon/verify-pam.c	(original)
+++ branches/gnome-2-20/daemon/verify-pam.c	Wed Dec 10 07:41:34 2008
@@ -91,7 +91,7 @@
 static char *selected_user = NULL;
 
 static gboolean opened_session = FALSE;
-static gboolean did_setcred = FALSE;
+static gboolean did_setcred    = FALSE;
 
 extern char *gdm_ack_question_response;
 
@@ -900,6 +900,7 @@
 	gboolean credentials_set = FALSE;
 	gboolean error_msg_given = FALSE;
 	gboolean started_timer   = FALSE;
+	gboolean allow_remote    = TRUE;
 
 #ifdef HAVE_ADT
 	int pw_change = PW_FALSE;   /* if got to trying to change password */
@@ -980,11 +981,9 @@
 #endif
 
 	passreq = gdm_read_default ("PASSREQ=");
-	if ((passreq != NULL) &&
-	    g_ascii_strcasecmp (passreq, "YES") == 0)
-		gdm_daemon_config_set_value_bool (GDM_KEY_PASSWORD_REQUIRED, TRUE);
 
-	if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED))
+	if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED) ||
+            ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0))
 		null_tok |= PAM_DISALLOW_NULL_AUTHTOK;
 
 	gdm_verify_select_user (NULL);
@@ -1103,14 +1102,16 @@
 
 	/* Check if user is root and is allowed to log in */
 	consoleonly = gdm_read_default ("CONSOLE=");
-	if ((consoleonly != NULL) &&
-	    g_ascii_strcasecmp (consoleonly, "/dev/console") == 0)
-		gdm_daemon_config_set_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT, FALSE);
+	if (( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT)) ||
+            ((consoleonly != NULL) &&
+	     (g_ascii_strcasecmp (consoleonly, "/dev/console") == 0))) {
+		allow_remote = FALSE;
+	}
 
 	pwent = getpwnam (login);
 	if (( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_ROOT) ||
-	    ( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) &&
-	      ! d->attached)) && pwent != NULL && pwent->pw_uid == 0) {
+            ( ! d->attached && allow_remote == FALSE)) &&
+            (pwent != NULL && pwent->pw_uid == 0)) {
 		gdm_error (_("Root login disallowed on display '%s'"),
 			   d->name);
 		gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
@@ -1415,11 +1416,9 @@
 	g_free (pam_service_name);
 
 	passreq = gdm_read_default ("PASSREQ=");
-	if ((passreq != NULL) &&
-	    g_ascii_strcasecmp (passreq, "YES") == 0)
-		gdm_daemon_config_set_value_bool (GDM_KEY_PASSWORD_REQUIRED, TRUE);
 
-	if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED))
+	if (gdm_daemon_config_get_value_bool (GDM_KEY_PASSWORD_REQUIRED) ||
+            ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0))
 		null_tok |= PAM_DISALLOW_NULL_AUTHTOK;
 
 	/* Start authentication session */