solaris-desktop/patches/gdm-05-default.diff

	gdm-05-default.diff revision 18683
18683N/A--- gdm-2.30.1/common/gdm-common.h-orig 2009-03-30 14:58:43.821340000 -0500
18683N/A+++ gdm-2.30.1/common/gdm-common.h  2009-03-30 14:58:03.958286000 -0500
16880N/A@@ -52,6 +52,8 @@ gboolean       gdm_string_hex_decode
16880N/A                                           int            insert_at);
16880N/A char          *gdm_generate_random_bytes (gsize          size,
16880N/A                                           GError       **error);
16880N/A+char          *gdm_read_default          (gchar *key);
16880N/A+
16880N/A
16880N/A G_END_DECLS
16880N/A
18683N/A--- gdm-2.30.1/common/gdm-common.c-orig 2009-03-30 14:59:24.837987000 -0500
18683N/A+++ gdm-2.30.1/common/gdm-common.c  2009-03-30 15:00:41.625204000 -0500
16880N/A@@ -26,6 +26,7 @@
16880N/A #include <locale.h>
16880N/A #include <fcntl.h>
16880N/A #include <sys/wait.h>
16880N/A+#include <deflt.h>
16880N/A
16880N/A #include <glib.h>
16880N/A #include <glib/gi18n.h>
16880N/A@@ -451,3 +452,27 @@ gdm_generate_random_bytes (gsize    size
16880N/A         close (fd);
16880N/A         return bytes;
16880N/A }
16880N/A+
16880N/A+/*
16880N/A+ * gdm_read_default
16880N/A+ *
16880N/A+ * This function is used to support systems that have the /etc/default/login
16880N/A+ * interface to control programs that affect security.  This is a Solaris
16880N/A+ * thing, though some users on other systems may find it useful.
16880N/A+ */
16880N/A+gchar *
16880N/A+gdm_read_default (gchar *key)
16880N/A+{
16880N/A+    gchar *retval = NULL;
16880N/A+
16880N/A+    if (defopen ("/etc/default/login") == 0) {
16880N/A+       int flags = defcntl (DC_GETFLAGS, 0);
16880N/A+
16880N/A+       TURNOFF (flags, DC_CASE);
16880N/A+       (void) defcntl (DC_SETFLAGS, flags);  /* ignore case */
16880N/A+       retval = g_strdup (defread (key));
16880N/A+       (void) defopen ((char *)NULL);
16880N/A+    }
16880N/A+    return retval;
16880N/A+}
16880N/A+
18683N/A--- gdm-2.30.1/daemon/gdm-session-direct.c-orig 2010-04-26 14:52:23.950164465 -0500
18683N/A+++ gdm-2.30.1/daemon/gdm-session-direct.c  2010-04-26 14:52:49.618142348 -0500
18683N/A@@ -2014,6 +2014,9 @@ gdm_session_direct_set_environment_varia
18683N/A static void
18683N/A setup_session_environment (GdmSessionDirect *session)
18683N/A {
18683N/A+        struct passwd *passwd_entry;
18683N/A+        char *path_str = NULL;
18683N/A+
18683N/A         gdm_session_direct_set_environment_variable (session,
18683N/A                                                      "GDMSESSION",
18683N/A                                                      get_session_name (session));
18683N/A@@ -2050,15 +2053,20 @@ setup_session_environment (GdmSessionDir
18683N/A                                                      g_getenv ("WINDOWPATH"));
18683N/A
18683N/A
18683N/A+        passwd_entry = getpwnam (session->priv->selected_user);
18683N/A+        if (passwd_entry != NULL && passwd_entry->pw_uid == 0)
18683N/A+                path_str = gdm_read_default ("SUPATH=");
18683N/A+
18683N/A+        if (path_str == NULL)
18683N/A+                path_str = gdm_read_default ("PATH=");
18683N/A+
18683N/A+        if (path_str == NULL)
18683N/A+                path_str = GDM_SESSION_DEFAULT_PATH;
18683N/A+
18683N/A         /* FIXME: We do this here and in the session worker.  We should consolidate
18683N/A          * somehow.
18683N/A          */
18683N/A-        gdm_session_direct_set_environment_variable (session,
18683N/A-                                                     "PATH",
18683N/A-                                                     strcmp (BINDIR, "/usr/bin") == 0?
18683N/A-                                                     GDM_SESSION_DEFAULT_PATH :
18683N/A-                                                     BINDIR ":" GDM_SESSION_DEFAULT_PATH);
18683N/A-
18683N/A+        gdm_session_direct_set_environment_variable (session, "PATH", path_str);
18683N/A }
18683N/A
18683N/A static void
18683N/A--- gdm-2.30.1/daemon/gdm-session-worker.c-orig 2010-04-26 14:52:34.008619408 -0500
18683N/A+++ gdm-2.30.1/daemon/gdm-session-worker.c  2010-04-26 14:52:49.616650736 -0500
18683N/A@@ -1443,9 +1443,28 @@ gdm_session_worker_authorize_user (GdmSe
16880N/A {
16880N/A         int error_code;
16880N/A         int authentication_flags;
16880N/A+        char *consoleonly;
16880N/A
16880N/A         g_debug ("GdmSessionWorker: determining if authenticated user is authorized to session");
16880N/A
16880N/A+        consoleonly = gdm_read_default ("CONSOLE=");
16880N/A+
16880N/A+        if ((consoleonly != NULL) &&
16880N/A+            (strcmp (consoleonly, "/dev/console") == 0)) {
16880N/A+
16880N/A+                if (worker->priv->hostname != NULL && worker->priv->hostname[0] != '\0') {
16880N/A+                        struct passwd *passwd_entry;
16880N/A+
16880N/A+                        passwd_entry = getpwnam (worker->priv->username);
16880N/A+                        if (passwd_entry->pw_uid == 0) {
16880N/A+                                error_code = PAM_PERM_DENIED;
16880N/A+
16880N/A+                                g_debug ("The system administrator is not allowed to log in remotely");
16880N/A+                                goto out;
16880N/A+                        }
16880N/A+                }
16880N/A+        }
16880N/A+
16880N/A         authentication_flags = 0;
16880N/A
16880N/A         if (password_is_required) {
18683N/A@@ -1648,6 +1667,7 @@ gdm_session_worker_accredit_user (GdmSes
16880N/A         gid_t    gid;
16880N/A         char    *shell;
16880N/A         char    *home;
16880N/A+        char    *path_str;
16880N/A         int      error_code;
16880N/A
16880N/A         ret = FALSE;
18683N/A@@ -1687,17 +1707,17 @@ gdm_session_worker_accredit_user (GdmSes
16880N/A                                                                 home,
16880N/A                                                                 shell);
16880N/A
16880N/A-        /* Let's give the user a default PATH if he doesn't already have one
16880N/A-         */
16880N/A-        if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) {
16880N/A-                if (strcmp (BINDIR, "/usr/bin") == 0) {
16880N/A-                        gdm_session_worker_set_environment_variable (worker, "PATH",
16880N/A-                                                                     GDM_SESSION_DEFAULT_PATH);
16880N/A-                } else {
16880N/A-                        gdm_session_worker_set_environment_variable (worker, "PATH",
16880N/A-                                                                     BINDIR ":" GDM_SESSION_DEFAULT_PATH);
16880N/A-                }
16880N/A-        }
17526N/A+        path_str = NULL;
16880N/A+        if (uid == 0)
16880N/A+                path_str = gdm_read_default ("SUPATH=");
16880N/A+
16880N/A+        if (path_str == NULL)
16880N/A+                path_str = gdm_read_default ("PATH=");
16880N/A+
16880N/A+        if (path_str == NULL)
16880N/A+                path_str = GDM_SESSION_DEFAULT_PATH;
16880N/A+
16880N/A+        gdm_session_worker_set_environment_variable (worker, "PATH", path_str);
16880N/A
16880N/A         if (! _change_user (worker, uid, gid)) {
16880N/A                 g_debug ("GdmSessionWorker: Unable to change to user");
18683N/A@@ -2315,6 +2335,14 @@ do_setup (GdmSessionWorker *worker)
16880N/A {
16880N/A         GError  *error;
16880N/A         gboolean res;
16880N/A+        char    *passreq;
16880N/A+
16880N/A+        passreq = gdm_read_default ("PASSREQ=");
16880N/A+
16880N/A+        if ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0)
16880N/A+                worker->priv->password_is_required = TRUE;
16880N/A+        else
16880N/A+                worker->priv->password_is_required = FALSE;
16880N/A
16880N/A         worker->priv->user_settings = gdm_session_settings_new ();
16880N/A