|
1 From 0ccf6e6afa7eb6f5dc8b8c6689caa8bb190fef0d Mon Sep 17 00:00:00 2001 |
|
2 From: Alan Coopersmith <[email protected]> |
|
3 Date: Tue, 29 Dec 2015 14:21:38 -0800 |
|
4 Subject: [PATCH 06/19] /etc/default/login |
|
5 |
|
6 Add support for /etc/default/login configuration. |
|
7 Original date:2009-03-31 owner:yippi type:feature |
|
8 --- |
|
9 daemon/gdm-session-worker.c | 83 +++++++++++++++++++++++++++++++++++++++++---- |
|
10 1 file changed, 76 insertions(+), 7 deletions(-) |
|
11 |
|
12 diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c |
|
13 index 93c9e82..5fc83d6 100644 |
|
14 --- a/daemon/gdm-session-worker.c |
|
15 +++ b/daemon/gdm-session-worker.c |
|
16 @@ -222,6 +222,33 @@ G_DEFINE_TYPE_WITH_CODE (GdmSessionWorker, |
|
17 G_IMPLEMENT_INTERFACE (GDM_DBUS_TYPE_WORKER, |
|
18 worker_interface_init)) |
|
19 |
|
20 +#if __sun |
|
21 +#include <deflt.h> |
|
22 + |
|
23 +/* |
|
24 + * gdm_read_default |
|
25 + * |
|
26 + * This function is used to support systems that have the /etc/default/login |
|
27 + * interface to control programs that affect security. This is a Solaris |
|
28 + * thing, though some users on other systems may find it useful. |
|
29 + */ |
|
30 +static gchar * |
|
31 +gdm_read_default (gchar *key) |
|
32 +{ |
|
33 + gchar *retval = NULL; |
|
34 + |
|
35 + if (defopen ("/etc/default/login") == 0) { |
|
36 + int flags = defcntl (DC_GETFLAGS, 0); |
|
37 + |
|
38 + TURNOFF (flags, DC_CASE); |
|
39 + (void) defcntl (DC_SETFLAGS, flags); /* ignore case */ |
|
40 + retval = g_strdup (defread (key)); |
|
41 + (void) defopen ((char *)NULL); |
|
42 + } |
|
43 + return retval; |
|
44 +} |
|
45 +#endif |
|
46 + |
|
47 #ifdef WITH_CONSOLE_KIT |
|
48 static gboolean |
|
49 open_ck_session (GdmSessionWorker *worker) |
|
50 @@ -1351,6 +1378,28 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker, |
|
51 g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session", |
|
52 password_is_required); |
|
53 |
|
54 +#ifdef __sun |
|
55 + char *consoleonly = gdm_read_default ("CONSOLE="); |
|
56 + |
|
57 + if ((consoleonly != NULL) && |
|
58 + (strcmp (consoleonly, "/dev/console") == 0)) { |
|
59 + |
|
60 + if (worker->priv->hostname != NULL && |
|
61 + worker->priv->hostname[0] != '\0') { |
|
62 + struct passwd *passwd_entry; |
|
63 + |
|
64 + passwd_entry = getpwnam (worker->priv->username); |
|
65 + if (passwd_entry->pw_uid == 0) { |
|
66 + error_code = PAM_PERM_DENIED; |
|
67 + |
|
68 + g_debug ("The system administrator is not allowed to log in remotely"); |
|
69 + g_set_error (error, GDM_SESSION_WORKER_ERROR, GDM_SESSION_WORKER_ERROR_AUTHORIZING, "%s", pam_strerror (worker->priv->pam_handle, error_code)); |
|
70 + goto out; |
|
71 + } |
|
72 + } |
|
73 + } |
|
74 +#endif |
|
75 + |
|
76 authentication_flags = 0; |
|
77 |
|
78 if (password_is_required) { |
|
79 @@ -1716,6 +1765,7 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker, |
|
80 gid_t gid; |
|
81 char *shell; |
|
82 char *home; |
|
83 + char *path_str; |
|
84 int error_code; |
|
85 |
|
86 ret = FALSE; |
|
87 @@ -1756,18 +1806,26 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker, |
|
88 home, |
|
89 shell); |
|
90 |
|
91 - /* Let's give the user a default PATH if he doesn't already have one |
|
92 - */ |
|
93 - if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) { |
|
94 + path_str = NULL; |
|
95 + |
|
96 +#ifdef __sun |
|
97 + if (uid == 0) |
|
98 + path_str = gdm_read_default ("SUPATH="); |
|
99 + |
|
100 + if (path_str == NULL) |
|
101 + path_str = gdm_read_default ("PATH="); |
|
102 +#endif |
|
103 + |
|
104 + if (path_str == NULL) { |
|
105 if (strcmp (BINDIR, "/usr/bin") == 0) { |
|
106 - gdm_session_worker_set_environment_variable (worker, "PATH", |
|
107 - GDM_SESSION_DEFAULT_PATH); |
|
108 + path_str = GDM_SESSION_DEFAULT_PATH; |
|
109 } else { |
|
110 - gdm_session_worker_set_environment_variable (worker, "PATH", |
|
111 - BINDIR ":" GDM_SESSION_DEFAULT_PATH); |
|
112 + path_str = BINDIR ":" GDM_SESSION_DEFAULT_PATH; |
|
113 } |
|
114 } |
|
115 |
|
116 + gdm_session_worker_set_environment_variable (worker, "PATH", path_str); |
|
117 + |
|
118 if (! _change_user (worker, uid, gid)) { |
|
119 g_debug ("GdmSessionWorker: Unable to change to user"); |
|
120 error_code = PAM_SYSTEM_ERR; |
|
121 @@ -2768,6 +2826,17 @@ do_setup (GdmSessionWorker *worker) |
|
122 GError *error; |
|
123 gboolean res; |
|
124 |
|
125 +#ifdef __sun |
|
126 + char *passreq; |
|
127 + |
|
128 + passreq = gdm_read_default ("PASSREQ="); |
|
129 + |
|
130 + if ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0) |
|
131 + worker->priv->password_is_required = TRUE; |
|
132 + else |
|
133 + worker->priv->password_is_required = FALSE; |
|
134 +#endif |
|
135 + |
|
136 error = NULL; |
|
137 res = gdm_session_worker_initialize_pam (worker, |
|
138 worker->priv->service, |
|
139 -- |
|
140 2.7.4 |
|
141 |