pam/Linux-PAM-1.1.1-xauth-groups.patch

--- Linux-PAM-1_2_0/modules/pam_xauth/pam_xauth.c.0512~	2015-04-27 16:57:39.000000000 +0200
+++ Linux-PAM-1_2_0/modules/pam_xauth/pam_xauth.c	2015-06-11 17:30:15.830251670 +0200
@@ -90,7 +90,7 @@ static const char * const xauthpaths[] =
  * given input on stdin, and storing any output it generates. */
 static int
 run_coprocess(pam_handle_t *pamh, const char *input, char **output,
-	      uid_t uid, gid_t gid, const char *command, ...)
+	      uid_t uid, gid_t gid, const char *name, const char *command, ...)
 {
 	int ipipe[2], opipe[2], i;
 	char buf[LINE_MAX];
@@ -142,6 +142,12 @@ run_coprocess(pam_handle_t *pamh, const
 		    pam_syslog (pamh, LOG_ERR, "setgroups() failed: %m");
 		    _exit (err);
 		  }
+
+               /* Mandriva Linux specific:
+                * we need to set the extra groups because in high security levels
+                * access to /usr/X11R6/bin dir is controlled by a group */
+                initgroups(name, gid);
+
 		if (setuid(uid) == -1)
 		  {
 		    int err = errno;
@@ -180,6 +186,7 @@ run_coprocess(pam_handle_t *pamh, const
 		}
 		/* Run the command. */
 		execv(command, (char *const *) args);
+		syslog(LOG_ERR, "pam_xauth: execvp of %s failed: %m", command);
 		/* Never reached. */
 		_exit(1);
 	}
@@ -524,7 +531,7 @@ pam_sm_open_session (pam_handle_t *pamh,
 			   (unsigned long) getuid(), (unsigned long) getgid());
 	}
 	if (run_coprocess(pamh, NULL, &cookie,
-			  getuid(), getgid(),
+			  getuid(), getgid(), rpwd->pw_name,
 			  xauth, "-f", cookiefile, "nlist", display,
 			  NULL) == 0) {
 #ifdef WITH_SELINUX
@@ -583,7 +590,7 @@ pam_sm_open_session (pam_handle_t *pamh,
 						       (unsigned long) getgid());
 					}
 					run_coprocess(pamh, NULL, &cookie,
-						      getuid(), getgid(),
+						      getuid(), getgid(), rpwd->pw_name,
 						      xauth, "-f", cookiefile,
 						      "nlist", t, NULL);
 				}
@@ -725,7 +732,7 @@ pam_sm_open_session (pam_handle_t *pamh,
 				  (unsigned long) tpwd->pw_gid);
 		}
 		run_coprocess(pamh, cookie, &tmp,
-			      tpwd->pw_uid, tpwd->pw_gid,
+			      tpwd->pw_uid, tpwd->pw_gid, tpwd->pw_name,
 			      xauth, "-f", cookiefile, "nmerge", "-", NULL);
 
 		/* We don't need to keep a copy of these around any more. */
add patchset 2020-05-11 23:32:07 +00:00			`--- Linux-PAM-1_2_0/modules/pam_xauth/pam_xauth.c.0512~ 2015-04-27 16:57:39.000000000 +0200`
			`+++ Linux-PAM-1_2_0/modules/pam_xauth/pam_xauth.c 2015-06-11 17:30:15.830251670 +0200`
			`@@ -90,7 +90,7 @@ static const char * const xauthpaths[] =`
			`* given input on stdin, and storing any output it generates. */`
			`static int`
			`run_coprocess(pam_handle_t pamh, const char input, char **output,`
			`- uid_t uid, gid_t gid, const char *command, ...)`
			`+ uid_t uid, gid_t gid, const char name, const char command, ...)`
			`{`
			`int ipipe[2], opipe[2], i;`
			`char buf[LINE_MAX];`
			`@@ -142,6 +142,12 @@ run_coprocess(pam_handle_t *pamh, const`
			`pam_syslog (pamh, LOG_ERR, "setgroups() failed: %m");`
			`_exit (err);`
			`}`
			`+`
			`+ /* Mandriva Linux specific:`
			`+ * we need to set the extra groups because in high security levels`
			`+ * access to /usr/X11R6/bin dir is controlled by a group */`
			`+ initgroups(name, gid);`
			`+`
			`if (setuid(uid) == -1)`
			`{`
			`int err = errno;`
			`@@ -180,6 +186,7 @@ run_coprocess(pam_handle_t *pamh, const`
			`}`
			`/* Run the command. */`
			`execv(command, (char const ) args);`
			`+ syslog(LOG_ERR, "pam_xauth: execvp of %s failed: %m", command);`
			`/* Never reached. */`
			`_exit(1);`
			`}`
			`@@ -524,7 +531,7 @@ pam_sm_open_session (pam_handle_t *pamh,`
			`(unsigned long) getuid(), (unsigned long) getgid());`
			`}`
			`if (run_coprocess(pamh, NULL, &cookie,`
			`- getuid(), getgid(),`
			`+ getuid(), getgid(), rpwd->pw_name,`
			`xauth, "-f", cookiefile, "nlist", display,`
			`NULL) == 0) {`
			`#ifdef WITH_SELINUX`
			`@@ -583,7 +590,7 @@ pam_sm_open_session (pam_handle_t *pamh,`
			`(unsigned long) getgid());`
			`}`
			`run_coprocess(pamh, NULL, &cookie,`
			`- getuid(), getgid(),`
			`+ getuid(), getgid(), rpwd->pw_name,`
			`xauth, "-f", cookiefile,`
			`"nlist", t, NULL);`
			`}`
			`@@ -725,7 +732,7 @@ pam_sm_open_session (pam_handle_t *pamh,`
			`(unsigned long) tpwd->pw_gid);`
			`}`
			`run_coprocess(pamh, cookie, &tmp,`
			`- tpwd->pw_uid, tpwd->pw_gid,`
			`+ tpwd->pw_uid, tpwd->pw_gid, tpwd->pw_name,`
			`xauth, "-f", cookiefile, "nmerge", "-", NULL);`

			`/* We don't need to keep a copy of these around any more. */`