]>
Commit | Line | Data |
---|---|---|
4d9f8ff4 AM |
1 | diff -urN X11-6.9.0.org/xc/config/cf/Server.tmpl X11-6.9.0/xc/config/cf/Server.tmpl |
2 | --- X11-6.9.0.org/xc/config/cf/Server.tmpl 2004-04-23 20:41:58.000000000 +0200 | |
3 | +++ X11-6.9.0/xc/config/cf/Server.tmpl 2005-12-22 10:50:30.350963000 +0100 | |
0c801e26 AM |
4 | @@ -25,8 +25,14 @@ |
5 | #ifndef DoThreadedServer | |
6 | #define DoThreadedServer NO | |
7 | #endif | |
8 | +#ifndef XserverNeedsSetUID | |
9 | +#define XserverNeedsSetUID NO | |
10 | +#endif | |
11 | +#ifndef UseXserverWrapper | |
12 | +#define UseXserverWrapper XserverNeedsSetUID | |
13 | +#endif | |
14 | #ifndef InstallServerSetUID | |
15 | -#define InstallServerSetUID NO | |
16 | +#define InstallServerSetUID (XserverNeedsSetUID && !UseXserverWrapper) | |
17 | #endif | |
18 | ||
19 | #ifdef CrossCompileDir | |
4d9f8ff4 AM |
20 | diff -urN X11-6.9.0.org/xc/config/cf/xorg.cf X11-6.9.0/xc/config/cf/xorg.cf |
21 | --- X11-6.9.0.org/xc/config/cf/xorg.cf 2005-12-22 10:49:00.730963000 +0100 | |
22 | +++ X11-6.9.0/xc/config/cf/xorg.cf 2005-12-22 10:50:53.520963000 +0100 | |
23 | @@ -835,12 +835,15 @@ | |
24 | #endif | |
25 | ||
26 | /* | |
27 | - * The default is to install the X servers setuid-root on most OSs. | |
28 | - * It the servers are only started by xdm, they should not be setuid-root. | |
29 | + * The X servers need to run as root on most OSs. We're now using a | |
30 | + * wrapper in that case, but we still need to make it known that the | |
31 | + * servers need SetUID. When only using xdm, this (and the wrapper) | |
32 | + * are not required. Disabling this automatically disables use of the | |
33 | + * wrapper. | |
34 | */ | |
35 | #if !defined(i386MachArchitecture) && !defined(OS2Architecture) | |
36 | -# ifndef InstallXserverSetUID | |
37 | -# define InstallXserverSetUID YES | |
38 | +# ifndef XserverNeedsSetUID | |
39 | +# define XserverNeedsSetUID YES | |
40 | # endif | |
41 | #endif | |
42 | ||
43 | diff -urN X11-6.9.0.org/xc/config/cf/xorgsite.def X11-6.9.0/xc/config/cf/xorgsite.def | |
44 | --- X11-6.9.0.org/xc/config/cf/xorgsite.def 2005-12-22 10:49:00.730963000 +0100 | |
45 | +++ X11-6.9.0/xc/config/cf/xorgsite.def 2005-12-22 10:50:53.510963000 +0100 | |
756a6f4b | 46 | @@ -75,14 +75,15 @@ |
0c801e26 AM |
47 | */ |
48 | ||
49 | /* | |
50 | - * If you only run the X server under xdm the X servers don't need to be | |
51 | - * installed SetUID, and you may comment out the lines below. If you run | |
52 | - * the servers by hand (with xinit or startx), then they do need to be | |
53 | - * installed SetUID on most platforms. | |
54 | + * The X servers need to run as root on most OSs. We're now using a | |
55 | + * wrapper in that case, but we still need to make it known that the | |
56 | + * servers need SetUID. When only using xdm, this (and the wrapper) | |
57 | + * are not required. Disabling this automatically disables use of the | |
58 | + * wrapper. | |
59 | * | |
60 | - * Consult your system administrator before making the X server setuid. | |
61 | + * If you're only starting the Xservers with xdm set this to NO | |
62 | * | |
63 | -#define InstallXserverSetUID NO | |
64 | +#define XserverNeedsSetUID NO | |
65 | */ | |
66 | ||
67 | ||
4d9f8ff4 AM |
68 | diff -urN X11-6.9.0.org/xc/programs/xinit/startx.cpp X11-6.9.0/xc/programs/xinit/startx.cpp |
69 | --- X11-6.9.0.org/xc/programs/xinit/startx.cpp 2005-11-15 05:03:10.000000000 +0100 | |
70 | +++ X11-6.9.0/xc/programs/xinit/startx.cpp 2005-12-22 10:53:22.620963000 +0100 | |
71 | @@ -65,7 +65,7 @@ | |
72 | userserverrc=$HOME/.xserverrc | |
73 | sysserverrc=XINITDIR/xserverrc | |
74 | defaultclient=XTERM | |
75 | -defaultserver=XSERVER | |
76 | +defaultserver=BINDIR/Xwrapper | |
77 | defaultclientargs="" | |
78 | defaultserverargs="" | |
79 | clientargs="" | |
80 | diff -urN X11-6.9.0.org/xc/programs/xinit/xinit.c X11-6.9.0/xc/programs/xinit/xinit.c | |
81 | --- X11-6.9.0.org/xc/programs/xinit/xinit.c 2005-10-04 03:27:34.000000000 +0200 | |
82 | +++ X11-6.9.0/xc/programs/xinit/xinit.c 2005-12-22 10:50:53.630963000 +0100 | |
83 | @@ -156,6 +156,7 @@ | |
84 | #define OK_EXIT 0 | |
85 | #define ERR_EXIT 1 | |
0c801e26 | 86 | |
4d9f8ff4 AM |
87 | +char *default_wrapper = BINDIR "/Xwrapper"; |
88 | char *default_server = "X"; | |
89 | char *default_display = ":0"; /* choose most efficient */ | |
90 | char *default_client[] = {"xterm", "-geometry", "+1+1", "-n", "login", NULL}; | |
91 | @@ -346,7 +347,10 @@ | |
92 | if (argc == 0 || | |
93 | #ifndef __UNIXOS2__ | |
94 | (**argv != '/' && **argv != '.')) { | |
95 | - *sptr++ = default_server; | |
96 | + if (access(default_wrapper, X_OK) == 0) | |
97 | + *sptr++ = default_wrapper; | |
98 | + else | |
99 | + *sptr++ = default_server; | |
100 | #else | |
101 | (**argv != '/' && **argv != '\\' && **argv != '.' && | |
102 | !(isalpha(**argv) && (*argv)[1]==':'))) { | |
103 | diff -urN X11-6.9.0.org/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c X11-6.9.0/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c | |
104 | --- X11-6.9.0.org/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c 2005-08-26 09:35:55.000000000 +0200 | |
105 | +++ X11-6.9.0/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c 2005-12-22 10:52:06.630963000 +0100 | |
106 | @@ -104,8 +104,10 @@ | |
0c801e26 | 107 | |
4d9f8ff4 AM |
108 | /* when KeepTty check if we're run with euid==0 */ |
109 | if (KeepTty && geteuid() != 0) | |
110 | - FatalError("xf86OpenConsole:" | |
111 | - " Server must be suid root for option \"KeepTTY\"\n"); | |
112 | + FatalError("xf86OpenConsole: Server must be running with root " | |
113 | + "permissions\n" | |
114 | + "You should be using Xwrapper to start the server or xdm.\n" | |
115 | + "We strongly advise against making the server SUID root!\n"); | |
116 | ||
117 | /* | |
118 | * setup the virtual terminal manager | |
119 | diff -urN X11-6.9.0.org/xc/programs/Xserver/Imakefile X11-6.9.0/xc/programs/Xserver/Imakefile | |
120 | --- X11-6.9.0.org/xc/programs/Xserver/Imakefile 2005-11-18 19:15:23.000000000 +0100 | |
121 | +++ X11-6.9.0/xc/programs/Xserver/Imakefile 2005-12-22 10:50:53.540963000 +0100 | |
756a6f4b | 122 | @@ -5,11 +5,6 @@ |
0c801e26 | 123 | */ |
756a6f4b | 124 | XCOMM $XFree86: xc/programs/Xserver/Imakefile,v 3.296 2003/11/23 06:47:00 torrey Exp $ |
0c801e26 AM |
125 | |
126 | -#ifndef InstallXserverSetUID | |
127 | -#define InstallXserverSetUID NO | |
128 | -#endif | |
129 | -#define InstallServerSetUID InstallXserverSetUID | |
130 | - | |
131 | #include <Server.tmpl> | |
132 | ||
4d9f8ff4 AM |
133 | /* On most systems the linker requires the libraries in dependency order. |
134 | @@ -893,6 +888,11 @@ | |
0c801e26 AM |
135 | #endif /* XnestServer */ |
136 | ||
137 | ||
138 | +#if UseXserverWrapper | |
139 | +SetUIDProgramTarget(Xwrapper,os/wrapper.o,NullParameter,$(PAMLIBS),NullParameter) | |
140 | +InstallProgramWithFlags(Xwrapper,$(BINDIR),$(INSTUIDFLAGS)) | |
141 | +#endif | |
142 | + | |
143 | #if defined(XnonServer) && XnonServer | |
144 | XCOMM | |
145 | XCOMM non server, just compile sources for build test | |
4d9f8ff4 AM |
146 | diff -urN X11-6.9.0.org/xc/programs/Xserver/os/Imakefile X11-6.9.0/xc/programs/Xserver/os/Imakefile |
147 | --- X11-6.9.0.org/xc/programs/Xserver/os/Imakefile 2005-03-23 20:58:45.000000000 +0100 | |
148 | +++ X11-6.9.0/xc/programs/Xserver/os/Imakefile 2005-12-22 10:52:36.410963000 +0100 | |
149 | @@ -132,6 +132,7 @@ | |
0c801e26 AM |
150 | INCLUDES = -I. -I../include -I$(XINCLUDESRC) -I$(EXTINCSRC) \ |
151 | -I$(SERVERSRC)/Xext -I$(FONTINCSRC) -I$(SERVERSRC)/render \ | |
4d9f8ff4 | 152 | -I$(TOP)/lib/Xau -I../lbx -I../Xprint Krb5Includes |
0c801e26 AM |
153 | + EXTRA_DEFINES = -DUSE_PAM |
154 | DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) $(EXT_DEFINES) \ | |
756a6f4b AM |
155 | $(TRANS_INCLUDES) $(CONNECTION_FLAGS) $(GETPEER_DEFINES) \ |
156 | DependDefines | |
4d9f8ff4 | 157 | @@ -179,6 +180,14 @@ |
0c801e26 AM |
158 | SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES)) |
159 | #endif | |
160 | ||
161 | +#if UseXserverWrapper | |
162 | +AllTarget(wrapper.o) | |
163 | + | |
164 | + WRAPPER_DEFINES = -DXSERVER_PATH=\"/etc/X11/X\" | |
165 | + | |
166 | +SpecialCObjectRule(wrapper,NullParameter,$(WRAPPER_DEFINES)) | |
167 | +#endif | |
168 | + | |
169 | #if HasKrb5 | |
170 | LinkSourceFile(k5encode.c,$(XAUTHSRC)) | |
171 | #endif | |
4d9f8ff4 AM |
172 | diff -urN X11-6.9.0.org/xc/programs/Xserver/os/wrapper.c X11-6.9.0/xc/programs/Xserver/os/wrapper.c |
173 | --- X11-6.9.0.org/xc/programs/Xserver/os/wrapper.c 1970-01-01 01:00:00.000000000 +0100 | |
174 | +++ X11-6.9.0/xc/programs/Xserver/os/wrapper.c 2005-12-22 10:50:53.610963000 +0100 | |
0c801e26 AM |
175 | @@ -0,0 +1,304 @@ |
176 | +/* | |
177 | + * X server wrapper. | |
178 | + * | |
179 | + * This wrapper makes some sanity checks on the command line arguments | |
180 | + * and environment variables when run with euid == 0 && euid != uid. | |
181 | + * If the checks fail, the wrapper exits with a message. | |
182 | + * If they succeed, it exec's the Xserver. | |
183 | + */ | |
184 | + | |
185 | +/* | |
186 | + * Copyright (c) 1998 by The XFree86 Project, Inc. All Rights Reserved. | |
187 | + * | |
188 | + * Permission is hereby granted, free of charge, to any person obtaining | |
189 | + * a copy of this software and associated documentation files (the | |
190 | + * "Software"), to deal in the Software without restriction, including | |
191 | + * without limitation the rights to use, copy, modify, merge, publish, | |
192 | + * distribute, sublicense, and/or sell copies of the Software, and to | |
193 | + * permit persons to whom the Software is furnished to do so, subject | |
194 | + * to the following conditions: | |
195 | + * | |
196 | + * The above copyright notice and this permission notice shall be included | |
197 | + * in all copies or substantial portions of the Software. | |
198 | + * | |
199 | + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | |
200 | + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |
201 | + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | |
202 | + * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES | |
203 | + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | |
204 | + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE | |
205 | + * OR OTHER DEALINGS IN THE SOFTWARE. | |
206 | + * | |
207 | + * Except as contained in this notice, the name of the XFree86 Project | |
208 | + * shall not be used in advertising or otherwise to promote the sale, | |
209 | + * use or other dealings in this Software without prior written | |
210 | + * authorization from the XFree86 Project. | |
211 | + */ | |
212 | + | |
213 | +/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */ | |
214 | + | |
215 | +/* This is normally set in the Imakefile */ | |
216 | +#ifndef XSERVER_PATH | |
217 | +#define XSERVER_PATH "/etc/X11/X" | |
218 | +#endif | |
219 | + | |
220 | +#include <stdio.h> | |
221 | +#include <stdlib.h> | |
222 | +#include <string.h> | |
223 | +#include <errno.h> | |
224 | +#include <unistd.h> | |
225 | +#include <sys/types.h> | |
226 | +#ifdef USE_PAM | |
227 | +#include <security/pam_appl.h> | |
228 | +#include <security/pam_misc.h> | |
229 | +#include <pwd.h> | |
230 | +#endif /* USE_PAM */ | |
231 | + | |
232 | +/* Neither of these should be required for XFree86 3.3.2 */ | |
233 | +#ifndef REJECT_CONFIG | |
234 | +#define REJECT_CONFIG 0 | |
235 | +#endif | |
236 | +#ifndef REJECT_XKBDIR | |
237 | +#define REJECT_XKBDIR 0 | |
238 | +#endif | |
239 | + | |
240 | +/* Consider LD* variables insecure ? */ | |
241 | +#ifndef REMOVE_ENV_LD | |
242 | +#define REMOVE_ENV_LD 1 | |
243 | +#endif | |
244 | + | |
245 | +/* Remove long environment variables? */ | |
246 | +#ifndef REMOVE_LONG_ENV | |
247 | +#define REMOVE_LONG_ENV 1 | |
248 | +#endif | |
249 | + | |
250 | +/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */ | |
251 | +#ifndef CHECK_EUID | |
252 | +#define CHECK_EUID 1 | |
253 | +#endif | |
254 | + | |
255 | +/* | |
256 | + * Maybe the locale can be faked to make isprint(3) report that everything | |
257 | + * is printable? Avoid it by default. | |
258 | + */ | |
259 | +#ifndef USE_ISPRINT | |
260 | +#define USE_ISPRINT 0 | |
261 | +#endif | |
262 | + | |
263 | +#define MAX_ARG_LENGTH 128 | |
264 | +#define MAX_ENV_LENGTH 256 | |
265 | +#define MAX_ENV_PATH_LENGTH 2048 | |
266 | + | |
267 | +#if USE_ISPRINT | |
268 | +#include <ctype.h> | |
269 | +#define checkPrintable(c) isprint(c) | |
270 | +#else | |
271 | +#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f) | |
272 | +#endif | |
273 | + | |
274 | +enum BadCode { | |
275 | + NotBad = 0, | |
276 | + UnsafeArg, | |
277 | + ArgTooLong, | |
278 | + UnprintableArg, | |
279 | + EnvTooLong, | |
280 | + InternalError, | |
281 | +#ifdef USE_PAM | |
282 | + PamFailed, | |
283 | + PamAuthFailed, | |
284 | +#endif /* USE_PAM */ | |
285 | +}; | |
286 | + | |
287 | +#define ARGMSG \ | |
288 | + "\nIf the arguments used are valid, and have been rejected incorrectly\n" \ | |
289 | + "please send details of the arguments and why they are valid to\n" \ | |
290 | + "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \ | |
291 | + "the \"super user\" (root).\n" | |
292 | + | |
293 | +#define ENVMSG \ | |
294 | + "\nIf the environment is valid, and have been rejected incorrectly\n" \ | |
295 | + "please send details of the environment and why it is valid to\n" \ | |
296 | + "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \ | |
297 | + "the \"super user\" (root).\n" | |
298 | + | |
299 | +#ifdef USE_PAM | |
300 | +static struct pam_conv conv = { | |
301 | + misc_conv, | |
302 | + NULL | |
303 | +}; | |
304 | +#endif /* USE_PAM */ | |
305 | + | |
306 | + | |
307 | +int | |
308 | +main(int argc, char **argv, char **envp) | |
309 | +{ | |
310 | + enum BadCode bad = NotBad; | |
311 | + int i, j; | |
312 | + char *a, *e; | |
313 | +#ifdef USE_PAM | |
314 | + pam_handle_t *pamh = NULL; | |
315 | + struct passwd *pw; | |
316 | + int retval; | |
317 | + | |
318 | + pw = getpwuid(getuid()); | |
319 | + if (pw == NULL) { | |
320 | + bad = InternalError; | |
321 | + } | |
322 | + | |
323 | + if (!bad) { | |
324 | + retval = pam_start("xserver", pw->pw_name, &conv, &pamh); | |
325 | + if (retval != PAM_SUCCESS) | |
326 | + bad = PamFailed; | |
327 | + } | |
328 | + | |
329 | + if (!bad) { | |
330 | + retval = pam_authenticate(pamh, 0); | |
331 | + if (retval != PAM_SUCCESS) { | |
332 | + pam_end(pamh, retval); | |
333 | + bad = PamAuthFailed; | |
334 | + } | |
335 | + } | |
336 | + | |
337 | + if (!bad) { | |
338 | + retval = pam_acct_mgmt(pamh, 0); | |
339 | + if (retval != PAM_SUCCESS) { | |
340 | + pam_end(pamh, retval); | |
341 | + bad = PamAuthFailed; | |
342 | + } | |
343 | + } | |
344 | + | |
345 | + /* this is not a session, so do not do session management */ | |
346 | + | |
347 | + if (!bad) pam_end(pamh, PAM_SUCCESS); | |
348 | +#endif /* USE_PAM */ | |
349 | + | |
350 | +#if CHECK_EUID | |
351 | + if (!bad && geteuid() == 0 && getuid() != geteuid()) { | |
352 | +#else | |
353 | + if (!bad) { | |
354 | +#endif | |
355 | + /* Check each argv[] */ | |
356 | + for (i = 1; i < argc; i++) { | |
357 | + | |
358 | + /* Check for known bad arguments */ | |
359 | +#if REJECT_CONFIG | |
360 | + if (strcmp(argv[i], "-config") == 0) { | |
361 | + bad = UnsafeArg; | |
362 | + break; | |
363 | + } | |
364 | +#endif | |
365 | +#if REJECT_XKBDIR | |
366 | + if (strcmp(argv[i], "-xkbdir") == 0) { | |
367 | + bad = UnsafeArg; | |
368 | + break; | |
369 | + } | |
370 | +#endif | |
371 | + if (strlen(argv[i]) > MAX_ARG_LENGTH) { | |
372 | + bad = ArgTooLong; | |
373 | + break; | |
374 | + } | |
375 | + a = argv[i]; | |
376 | + while (*a) { | |
377 | + if (checkPrintable(*a) == 0) { | |
378 | + bad = UnprintableArg; | |
379 | + break; | |
380 | + } | |
381 | + a++; | |
382 | + } | |
383 | + if (bad) | |
384 | + break; | |
385 | + } | |
386 | + /* Check each envp[] */ | |
387 | + if (!bad) | |
388 | + for (i = 0; envp[i]; i++) { | |
389 | + | |
390 | + /* Check for bad environment variables and values */ | |
391 | +#if REMOVE_ENV_LD | |
392 | + while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) { | |
393 | + for (j = i; envp[j]; j++) { | |
394 | + envp[j] = envp[j+1]; | |
395 | + } | |
396 | + } | |
397 | +#endif | |
398 | + if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) { | |
399 | +#if REMOVE_LONG_ENV | |
400 | + for (j = i; envp[j]; j++) { | |
401 | + envp[j] = envp[j+1]; | |
402 | + } | |
403 | + i--; | |
404 | +#else | |
405 | + char *eq; | |
406 | + int len; | |
407 | + | |
408 | + eq = strchr(envp[i], '='); | |
409 | + if (!eq) | |
410 | + continue; | |
411 | + len = eq - envp[i]; | |
412 | + e = malloc(len + 1); | |
413 | + if (!e) { | |
414 | + bad = InternalError; | |
415 | + break; | |
416 | + } | |
417 | + strncpy(e, envp[i], len); | |
418 | + e[len] = 0; | |
419 | + if (len >= 4 && | |
420 | + (strcmp(e + len - 4, "PATH") == 0 || | |
421 | + strcmp(e, "TERMCAP") == 0)) { | |
422 | + if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) { | |
423 | + bad = EnvTooLong; | |
424 | + break; | |
425 | + } else { | |
426 | + free(e); | |
427 | + } | |
428 | + } else { | |
429 | + bad = EnvTooLong; | |
430 | + break; | |
431 | + } | |
432 | +#endif | |
433 | + } | |
434 | + } | |
435 | + } | |
436 | + switch (bad) { | |
437 | + case NotBad: | |
438 | + execve(XSERVER_PATH, argv, envp); | |
439 | + fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH, | |
440 | + errno); | |
441 | + break; | |
442 | + case UnsafeArg: | |
443 | + fprintf(stderr, "Command line argument number %d is unsafe\n", i); | |
444 | + fprintf(stderr, ARGMSG); | |
445 | + break; | |
446 | + case ArgTooLong: | |
447 | + fprintf(stderr, "Command line argument number %d is too long\n", i); | |
448 | + fprintf(stderr, ARGMSG); | |
449 | + break; | |
450 | + case UnprintableArg: | |
451 | + fprintf(stderr, "Command line argument number %d contains unprintable" | |
452 | + " characters\n", i); | |
453 | + fprintf(stderr, ARGMSG); | |
454 | + break; | |
455 | + case EnvTooLong: | |
456 | + fprintf(stderr, "Environment variable `%s' is too long\n", e); | |
457 | + fprintf(stderr, ENVMSG); | |
458 | + break; | |
459 | + case InternalError: | |
460 | + fprintf(stderr, "Internal Error\n"); | |
461 | + break; | |
462 | +#ifdef USE_PAM | |
463 | + case PamFailed: | |
464 | + fprintf(stderr, "Authentication System Failure, " | |
465 | + "missing or mangled PAM configuration file or module?\n"); | |
466 | + break; | |
467 | + case PamAuthFailed: | |
468 | + fprintf(stderr, "PAM authentication failed\n"); | |
469 | + break; | |
470 | +#endif | |
471 | + default: | |
472 | + fprintf(stderr, "Unknown error\n"); | |
473 | + fprintf(stderr, ARGMSG); | |
474 | + fprintf(stderr, ENVMSG); | |
475 | + break; | |
476 | + } | |
477 | + exit(1); | |
478 | +} | |
479 | + |