From c3ff1bcebbe08abbd64067209e388a91dbc402c3 Mon Sep 17 00:00:00 2001 From: jsorg71 Date: Sun, 14 Aug 2005 02:22:11 +0000 Subject: [PATCH] changed pam session and env --- sesman/sesman.c | 169 +++++++++++++++++------------- sesman/verify_user.c | 7 ++ sesman/verify_user_pam.c | 47 ++++++++- sesman/verify_user_pam_userpass.c | 7 ++ 4 files changed, 154 insertions(+), 76 deletions(-) diff --git a/sesman/sesman.c b/sesman/sesman.c index b47b1c30..f1866cda 100644 --- a/sesman/sesman.c +++ b/sesman/sesman.c @@ -30,9 +30,11 @@ long DEFAULT_CC auth_userpass(char* user, char* pass); int DEFAULT_CC -auth_start_session(long in_val); +auth_start_session(long in_val, int in_display); int DEFAULT_CC auth_end(long in_val); +int DEFAULT_CC +auth_set_env(long in_val); static int g_sck; static int g_pid; @@ -166,7 +168,6 @@ cterm(int s) { if (session_items[i].pid == pid) { - auth_end(session_items[i].data); g_memset(session_items + i, 0, sizeof(struct session_item)); } } @@ -197,26 +198,65 @@ check_password_file(char* filename, char* password) /******************************************************************************/ static int DEFAULT_CC +set_user(char* username, char* passwd_file, int display) +{ + int error; + int pw_uid; + int pw_gid; + int uid; + char pw_shell[256]; + char pw_dir[256]; + char pw_gecos[256]; + char text[256]; + + error = g_getuser_info(username, &pw_gid, &pw_uid, pw_shell, pw_dir, + pw_gecos); + if (error == 0) + { + error = g_setgid(pw_gid); + if (error == 0) + { + uid = pw_uid; + error = g_setuid(uid); + } + if (error == 0) + { + g_clearenv(); + g_setenv("SHELL", pw_shell, 1); + g_setenv("PATH", "/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin", 1); + g_setenv("USER", username, 1); + g_sprintf(text, "%d", uid); + g_setenv("UID", text, 1); + g_setenv("HOME", pw_dir, 1); + g_set_current_dir(pw_dir); + g_sprintf(text, ":%d.0", display); + g_setenv("DISPLAY", text, 1); + if (passwd_file != 0) + { + g_mkdir(".vnc"); + g_sprintf(passwd_file, "%s/.vnc/sesman_passwd", pw_dir); + } + } + } + return error; +} + +/******************************************************************************/ +/* returns 0 if error else the display number the session was started on */ +static int DEFAULT_CC start_session(int width, int height, int bpp, char* username, char* password, long data) { int display; int pid; - int uid; int wmpid; int xpid; - int error; - int pw_uid; - int pw_gid; - char pw_gecos[256]; - char pw_dir[256]; - char pw_shell[256]; - char text[256]; - char passwd_file[256]; char geometry[32]; char depth[32]; char screen[32]; char cur_dir[256]; + char text[256]; + char passwd_file[256]; g_get_current_dir(cur_dir, 255); display = 10; @@ -228,7 +268,6 @@ start_session(int width, int height, int bpp, char* username, char* password, { return 0; } - auth_start_session(data); wmpid = 0; pid = g_fork(); if (pid == -1) @@ -236,74 +275,54 @@ start_session(int width, int height, int bpp, char* username, char* password, } else if (pid == 0) /* child */ { - error = g_getuser_info(username, &pw_gid, &pw_uid, pw_shell, pw_dir, - pw_gecos); - if (error == 0) + g_unset_signals(); + auth_start_session(data, display); + g_sprintf(geometry, "%dx%d", width, height); + g_sprintf(depth, "%d", bpp); + g_sprintf(screen, ":%d", display); + wmpid = g_fork(); + if (wmpid == -1) { - error = g_setgid(pw_gid); - if (error == 0) + } + else if (wmpid == 0) /* child */ + { + /* give X a bit to start */ + g_sleep(1000); + set_user(username, 0, display); + if (x_server_running(display)) { - uid = pw_uid; - error = g_setuid(uid); + auth_set_env(data); + g_sprintf(text, "%s/startwm.sh", cur_dir); + g_execlp3(text, "startwm.sh", 0); + /* should not get here */ } - if (error == 0) + g_printf("error\n"); + g_exit(0); + } + else /* parent */ + { + xpid = g_fork(); + if (xpid == -1) { - g_clearenv(); - g_setenv("SHELL", pw_shell, 1); - g_setenv("PATH", "/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin", 1); - g_setenv("USER", username, 1); - g_sprintf(text, "%d", uid); - g_setenv("UID", text, 1); - g_setenv("HOME", pw_dir, 1); - g_set_current_dir(pw_dir); - g_sprintf(text, ":%d.0", display); - g_setenv("DISPLAY", text, 1); - g_sprintf(geometry, "%dx%d", width, height); - g_sprintf(depth, "%d", bpp); - g_sprintf(screen, ":%d", display); - g_mkdir(".vnc"); - g_sprintf(passwd_file, "%s/.vnc/sesman_passwd", pw_dir); + } + else if (xpid == 0) /* child */ + { + set_user(username, passwd_file, display); check_password_file(passwd_file, password); - wmpid = g_fork(); - if (wmpid == -1) - { - } - else if (wmpid == 0) /* child */ - { - /* give X a bit to start */ - g_sleep(500); - if (x_server_running(display)) - { - g_sprintf(text, "%s/startwm.sh", cur_dir); - g_execlp3(text, "startwm.sh", 0); - /* should not get here */ - } - g_printf("error\n"); - g_exit(0); - } - else /* parent */ - { - xpid = g_fork(); - if (xpid == -1) - { - } - else if (xpid == 0) /* child */ - { - g_execlp11("Xvnc", "Xvnc", screen, "-geometry", geometry, - "-depth", depth, "-bs", "-rfbauth", passwd_file, 0); - /* should not get here */ - g_printf("error\n"); - g_exit(0); - } - else /* parent */ - { - g_waitpid(wmpid); - g_sigterm(xpid); - g_sigterm(wmpid); - g_sleep(1000); - g_exit(0); - } - } + g_execlp11("Xvnc", "Xvnc", screen, "-geometry", geometry, + "-depth", depth, "-bs", "-rfbauth", passwd_file, 0); + /* should not get here */ + g_printf("error\n"); + g_exit(0); + } + else /* parent */ + { + g_waitpid(wmpid); + g_sigterm(xpid); + g_sigterm(wmpid); + g_sleep(1000); + auth_end(data); + g_exit(0); } } } diff --git a/sesman/verify_user.c b/sesman/verify_user.c index 9a7c1164..4ec94dac 100644 --- a/sesman/verify_user.c +++ b/sesman/verify_user.c @@ -103,3 +103,10 @@ auth_end(void) { return 0; } + +/******************************************************************************/ +int DEFAULT_CC +auth_set_env(void) +{ + return 0; +} diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c index e58576fe..40af68af 100644 --- a/sesman/verify_user_pam.c +++ b/sesman/verify_user_pam.c @@ -133,12 +133,20 @@ auth_userpass(char* user, char* pass) /******************************************************************************/ /* returns error */ int DEFAULT_CC -auth_start_session(long in_val) +auth_start_session(long in_val, int in_display) { struct t_auth_info* auth_info; int error; + char display[256]; + g_sprintf(display, ":%d", in_display); auth_info = (struct t_auth_info*)in_val; + error = pam_set_item(auth_info->ph, PAM_TTY, display); + if (error != PAM_SUCCESS) + { + g_printf("pam_set_item failed: %s\n\r", pam_strerror(auth_info->ph, error)); + return 1; + } error = pam_setcred(auth_info->ph, PAM_ESTABLISH_CRED); if (error != PAM_SUCCESS) { @@ -185,3 +193,40 @@ auth_end(long in_val) g_free(auth_info); return 0; } + +/******************************************************************************/ +/* returns error */ +/* set any pam env vars */ +int DEFAULT_CC +auth_set_env(long in_val) +{ + struct t_auth_info* auth_info; + char** pam_envlist; + char** pam_env; + char item[256]; + char value[256]; + int eq_pos; + + auth_info = (struct t_auth_info*)in_val; + if (auth_info != 0) + { + /* export PAM environment */ + pam_envlist = pam_getenvlist(auth_info->ph); + if (pam_envlist != NULL) + { + for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) + { + eq_pos = g_pos(*pam_env, "="); + if (eq_pos >= 0 && eq_pos < 250) + { + g_strncpy(item, *pam_env, eq_pos); + g_strncpy(value, (*pam_env) + eq_pos + 1, 255); + g_setenv(item, value, 1); + } + g_free(*pam_env); + } + g_free(pam_envlist); + } + } + return 0; +} diff --git a/sesman/verify_user_pam_userpass.c b/sesman/verify_user_pam_userpass.c index 85f45d75..bc133139 100644 --- a/sesman/verify_user_pam_userpass.c +++ b/sesman/verify_user_pam_userpass.c @@ -83,3 +83,10 @@ auth_end(void) { return 0; } + +/******************************************************************************/ +int DEFAULT_CC +auth_set_env(void) +{ + return 0; +}