Djam/pam
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/pam.git synced 2025-02-23 16:32:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
pam/Linux-PAM-1.1.3-xauth-groups.patch
Alexander Stefanov 4172c3e368 1.4.0
2020-11-06 13:59:14 +00:00

53 lines
2 KiB
Diff
Raw Blame History

diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index ae73121..f4f3df4 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -91,7 +91,7 @@ static const char * const xauthpaths[] = {
* given input on stdin, and storing any output it generates. */
static int
run_coprocess(pam_handle_t *pamh, const char *input, char **output,
- uid_t uid, gid_t gid, const char *command, ...)
+ uid_t uid, gid_t gid, const char *name, const char *command, ...)
{
int ipipe[2], opipe[2], i;
char buf[LINE_MAX];
@@ -143,6 +143,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output,
pam_syslog (pamh, LOG_ERR, "setgroups() failed: %m");
_exit (err);
}
+
+ /* Mandriva Linux specific:
+ * we need to set the extra groups because in high security levels
+ * access to /usr/X11R6/bin dir is controlled by a group */
+ initgroups(name, gid);
+
if (setuid(uid) == -1)
{
int err = errno;
@@ -528,7 +534,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
(unsigned long) getuid(), (unsigned long) getgid());
}
if (run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
+ getuid(), getgid(), rpwd->pw_name,
xauth, "-f", cookiefile, "nlist", display,
NULL) == 0) {
#ifdef WITH_SELINUX
@@ -587,7 +593,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
(unsigned long) getgid());
}
run_coprocess(pamh, NULL, &cookie,
- getuid(), getgid(),
+ getuid(), getgid(), rpwd->pw_name,
xauth, "-f", cookiefile,
"nlist", t, NULL);
}
@@ -729,7 +735,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
(unsigned long) tpwd->pw_gid);
}
run_coprocess(pamh, cookie, &tmp,
- tpwd->pw_uid, tpwd->pw_gid,
+ tpwd->pw_uid, tpwd->pw_gid, tpwd->pw_name,
xauth, "-f", cookiefile, "nmerge", "-", NULL);
/* We don't need to keep a copy of these around any more. */
Reference in a new issue View git blame Copy permalink