7199N/AFrom 0ccf6e6afa7eb6f5dc8b8c6689caa8bb190fef0d Mon Sep 17 00:00:00 2001

7199N/AFrom: Alan Coopersmith <alan.coopersmith@oracle.com>

7199N/ADate: Tue, 29 Dec 2015 14:21:38 -0800

7199N/ASubject: [PATCH 06/19] /etc/default/login

7199N/A

7199N/AAdd support for /etc/default/login configuration.

7199N/AOriginal date:2009-03-31 owner:yippi type:feature

7199N/A---

7199N/A daemon/gdm-session-worker.c | 83 +++++++++++++++++++++++++++++++++++++++++----

7199N/A 1 file changed, 76 insertions(+), 7 deletions(-)

7199N/A

7199N/Adiff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c

7199N/Aindex 93c9e82..5fc83d6 100644

7199N/A--- a/daemon/gdm-session-worker.c

7199N/A+++ b/daemon/gdm-session-worker.c

7199N/A@@ -222,6 +222,33 @@ G_DEFINE_TYPE_WITH_CODE (GdmSessionWorker,

7199N/A G_IMPLEMENT_INTERFACE (GDM_DBUS_TYPE_WORKER,

7199N/A worker_interface_init))

7199N/A

7199N/A+#if __sun

7199N/A+#include <deflt.h>

7199N/A+

7199N/A+/*

7199N/A+ * gdm_read_default

7199N/A+ *

7199N/A+ * This function is used to support systems that have the /etc/default/login

7199N/A+ * interface to control programs that affect security. This is a Solaris

7199N/A+ * thing, though some users on other systems may find it useful.

7199N/A+ */

7199N/A+static gchar *

7199N/A+gdm_read_default (gchar *key)

7199N/A+{

7199N/A+ gchar *retval = NULL;

7199N/A+

7199N/A+ if (defopen ("/etc/default/login") == 0) {

7199N/A+ int flags = defcntl (DC_GETFLAGS, 0);

7199N/A+

7199N/A+ TURNOFF (flags, DC_CASE);

7199N/A+ (void) defcntl (DC_SETFLAGS, flags); /* ignore case */

7199N/A+ retval = g_strdup (defread (key));

7199N/A+ (void) defopen ((char *)NULL);

7199N/A+ }

7199N/A+ return retval;

7199N/A+}

7199N/A+#endif

7199N/A+

7199N/A #ifdef WITH_CONSOLE_KIT

7199N/A static gboolean

7199N/A open_ck_session (GdmSessionWorker *worker)

7199N/A@@ -1351,6 +1378,28 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker,

7199N/A g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session",

7199N/A password_is_required);

7199N/A

7199N/A+#ifdef __sun

7199N/A+ char *consoleonly = gdm_read_default ("CONSOLE=");

7199N/A+

7199N/A+ if ((consoleonly != NULL) &&

7199N/A+ (strcmp (consoleonly, "/dev/console") == 0)) {

7199N/A+

7199N/A+ if (worker->priv->hostname != NULL &&

7199N/A+ worker->priv->hostname[0] != '\0') {

7199N/A+ struct passwd *passwd_entry;

7199N/A+

7199N/A+ passwd_entry = getpwnam (worker->priv->username);

7199N/A+ if (passwd_entry->pw_uid == 0) {

7199N/A+ error_code = PAM_PERM_DENIED;

7199N/A+

7199N/A+ g_debug ("The system administrator is not allowed to log in remotely");

7199N/A+ g_set_error (error, GDM_SESSION_WORKER_ERROR, GDM_SESSION_WORKER_ERROR_AUTHORIZING, "%s", pam_strerror (worker->priv->pam_handle, error_code));

7199N/A+ goto out;

7199N/A+ }

7199N/A+ }

7199N/A+ }

7199N/A+#endif

7199N/A+

7199N/A authentication_flags = 0;

7199N/A

7199N/A if (password_is_required) {

7199N/A@@ -1716,6 +1765,7 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker,

7199N/A gid_t gid;

7199N/A char *shell;

7199N/A char *home;

7199N/A+ char *path_str;

7199N/A int error_code;

7199N/A

7199N/A ret = FALSE;

7199N/A@@ -1756,18 +1806,26 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker,

7199N/A home,

7199N/A shell);

7199N/A

7199N/A- /* Let's give the user a default PATH if he doesn't already have one

7199N/A- */

7199N/A- if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) {

7199N/A+ path_str = NULL;

7199N/A+

7199N/A+#ifdef __sun

7199N/A+ if (uid == 0)

7199N/A+ path_str = gdm_read_default ("SUPATH=");

7199N/A+

7199N/A+ if (path_str == NULL)

7199N/A+ path_str = gdm_read_default ("PATH=");

7199N/A+#endif

7199N/A+

7199N/A+ if (path_str == NULL) {

7199N/A if (strcmp (BINDIR, "/usr/bin") == 0) {

7199N/A- gdm_session_worker_set_environment_variable (worker, "PATH",

7199N/A- GDM_SESSION_DEFAULT_PATH);

7199N/A+ path_str = GDM_SESSION_DEFAULT_PATH;

7199N/A } else {

7199N/A- gdm_session_worker_set_environment_variable (worker, "PATH",

7199N/A- BINDIR ":" GDM_SESSION_DEFAULT_PATH);

7199N/A+ path_str = BINDIR ":" GDM_SESSION_DEFAULT_PATH;

7199N/A }

7199N/A }

7199N/A

7199N/A+ gdm_session_worker_set_environment_variable (worker, "PATH", path_str);

7199N/A+

7199N/A if (! _change_user (worker, uid, gid)) {

7199N/A g_debug ("GdmSessionWorker: Unable to change to user");

7199N/A error_code = PAM_SYSTEM_ERR;

7199N/A@@ -2768,6 +2826,17 @@ do_setup (GdmSessionWorker *worker)

7199N/A GError *error;

7199N/A gboolean res;

7199N/A

7199N/A+#ifdef __sun

7199N/A+ char *passreq;

7199N/A+

7199N/A+ passreq = gdm_read_default ("PASSREQ=");

7199N/A+

7199N/A+ if ((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0)

7199N/A+ worker->priv->password_is_required = TRUE;

7199N/A+ else

7199N/A+ worker->priv->password_is_required = FALSE;

7199N/A+#endif

7199N/A+

7199N/A error = NULL;

7199N/A res = gdm_session_worker_initialize_pam (worker,

7199N/A worker->priv->service,

7199N/A--

7199N/A2.7.4

7199N/A