[gdm-list] [PATCH] Support new PAM items
- From: Eamon Walsh <ewalsh tycho nsa gov>
- To: gdm-list gnome org
- Subject: [gdm-list] [PATCH] Support new PAM items
- Date: Wed, 11 Jun 2008 21:43:27 -0400
This patch adds support for the PAM_XDISPLAY and PAM_XAUTHDATA items
which were released with Linux-PAM 1.0.
This follows up on an earlier patch (r5674), committed in February, that
added the authority file name to the things passed to
gdm-session-worker. Now that the PAM items are released, the support
itself can be added.
Signed-off-by: Eamon Walsh <ewalsh tycho nsa gov>
---
Makefile.am | 1
gdm-session-worker.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 65 insertions(+), 3 deletions(-)
Index: daemon/gdm-session-worker.c
===================================================================
--- daemon/gdm-session-worker.c (revision 6266)
+++ daemon/gdm-session-worker.c (working copy)
@@ -34,6 +34,8 @@
#include <security/pam_appl.h>
+#include <X11/Xauth.h>
+
#include <glib.h>
#include <glib/gi18n.h>
#include <glib/gstdio.h>
@@ -925,6 +927,35 @@
#endif
}
+static struct pam_xauth_data *
+_get_xauth_for_pam (const char *x11_authority_file)
+{
+ FILE *fh;
+ Xauth *auth = NULL;
+ struct pam_xauth_data *retval = NULL;
+ gsize len = sizeof (*retval) + 1;
+
+ fh = fopen (x11_authority_file, "r");
+ if (fh) {
+ auth = XauReadAuth (fh);
+ fclose (fh);
+ }
+ if (auth) {
+ len += auth->name_length + auth->data_length;
+ retval = g_malloc0 (len);
+ }
+ if (retval) {
+ retval->namelen = auth->name_length;
+ retval->name = (char *) (retval + 1);
+ memcpy (retval->name, auth->name, auth->name_length);
+ retval->datalen = auth->data_length;
+ retval->data = retval->name + auth->name_length + 1;
+ memcpy (retval->data, auth->data, auth->data_length);
+ }
+ XauDisposeAuth (auth);
+ return retval;
+}
+
static gboolean
gdm_session_worker_initialize_pam (GdmSessionWorker *worker,
const char *service,
@@ -935,9 +966,10 @@
const char *display_device,
GError **error)
{
- struct pam_conv pam_conversation;
- int error_code;
- char *pam_tty;
+ struct pam_conv pam_conversation;
+ struct pam_xauth_data *pam_xauth;
+ int error_code;
+ char *pam_tty;
g_assert (worker->priv->pam_handle == NULL);
@@ -1011,6 +1043,35 @@
goto out;
}
+#ifdef PAM_XDISPLAY
+ /* set XDISPLAY */
+ error_code = pam_set_item (worker->priv->pam_handle, PAM_XDISPLAY, x11_display_name);
+
+ if (error_code != PAM_SUCCESS) {
+ g_set_error (error,
+ GDM_SESSION_WORKER_ERROR,
+ GDM_SESSION_WORKER_ERROR_AUTHENTICATING,
+ _("error informing authentication system of display string - %s"),
+ pam_strerror (worker->priv->pam_handle, error_code));
+ goto out;
+ }
+#endif
+#ifdef PAM_XAUTHDATA
+ /* set XAUTHDATA */
+ pam_xauth = _get_xauth_for_pam (x11_authority_file);
+ error_code = pam_set_item (worker->priv->pam_handle, PAM_XAUTHDATA, pam_xauth);
+ g_free (pam_xauth);
+
+ if (error_code != PAM_SUCCESS) {
+ g_set_error (error,
+ GDM_SESSION_WORKER_ERROR,
+ GDM_SESSION_WORKER_ERROR_AUTHENTICATING,
+ _("error informing authentication system of display xauth credentials - %s"),
+ pam_strerror (worker->priv->pam_handle, error_code));
+ goto out;
+ }
+#endif
+
g_debug ("GdmSessionWorker: state SETUP_COMPLETE");
worker->priv->state = GDM_SESSION_WORKER_STATE_SETUP_COMPLETE;
Index: daemon/Makefile.am
===================================================================
--- daemon/Makefile.am (revision 6266)
+++ daemon/Makefile.am (working copy)
@@ -267,6 +267,7 @@
endif
gdm_session_worker_LDFLAGS = \
+ $(XLIB_LIBS) \
$(PAM_LIBS) \
$(NULL)
--
Eamon Walsh <ewalsh tycho nsa gov>
National Security Agency
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
