]>
Commit | Line | Data |
---|---|---|
ca47a6d2 JB |
1 | --- xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c.orig 2015-12-05 22:58:04.135435699 +0100 |
2 | +++ xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c 2015-12-19 11:04:14.816470975 +0100 | |
3 | @@ -44,6 +44,13 @@ | |
4 | #include <drm.h> | |
5 | #include <xf86drm.h> /* For DRM_DEV_NAME */ | |
6 | #endif | |
7 | +#define WITH_PAM 1 | |
8 | +#ifdef WITH_PAM | |
9 | +#include <security/pam_appl.h> | |
10 | +#include <security/pam_misc.h> | |
11 | +#include <pwd.h> | |
12 | +#endif /* WITH_PAM */ | |
13 | + | |
14 | ||
15 | #include "misc.h" | |
16 | ||
17 | @@ -51,7 +58,7 @@ | |
18 | ||
19 | static const char *progname; | |
20 | ||
21 | -enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY }; | |
22 | +enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY, USEPAM }; | |
23 | ||
24 | /* KISS non locale / LANG parsing isspace version */ | |
25 | static int is_space(char c) | |
26 | @@ -125,6 +132,10 @@ | |
27 | *allowed = CONSOLE_ONLY; | |
28 | else if (strcmp(value, "anybody") == 0) | |
29 | *allowed = ANYBODY; | |
30 | +#ifdef WITH_PAM | |
31 | + else if (strcmp(value, "pam") == 0) | |
32 | + *allowed = USEPAM; | |
33 | +#endif | |
34 | else { | |
35 | fprintf(stderr, | |
36 | "%s: Invalid value '%s' for 'allowed_users' at %s line %d\n", | |
37 | @@ -186,6 +197,45 @@ | |
38 | return 0; | |
39 | } | |
40 | ||
41 | +#ifdef WITH_PAM | |
42 | +static int do_pam(void) | |
43 | +{ | |
44 | + int retval; | |
45 | + struct passwd *pw; | |
46 | + pam_handle_t *pamh = NULL; | |
47 | + static struct pam_conv conv = { | |
48 | + misc_conv, | |
49 | + NULL | |
50 | + }; | |
51 | + | |
52 | + pw = getpwuid(getuid()); | |
53 | + if (pw == NULL) { | |
54 | + fprintf(stderr, "%s: Unable to read passwd entry\n", progname); | |
55 | + return -1; | |
56 | + } | |
57 | + retval = pam_start("xserver", pw->pw_name, &conv, &pamh); | |
58 | + if (retval != PAM_SUCCESS) { | |
59 | + fprintf(stderr, "%s: PAM failed\n", progname); | |
60 | + return -1; | |
61 | + } | |
62 | + retval = pam_authenticate(pamh, 0); | |
63 | + if (retval != PAM_SUCCESS) { | |
64 | + fprintf(stderr, "%s: PAM auth failed\n", progname); | |
65 | + pam_end(pamh, retval); | |
66 | + return -1; | |
67 | + } | |
68 | + retval = pam_acct_mgmt(pamh, 0); | |
69 | + if (retval != PAM_SUCCESS) { | |
70 | + fprintf(stderr, "%s: PAM auth failed\n", progname); | |
71 | + pam_end(pamh, retval); | |
72 | + return -1; | |
73 | + } | |
74 | + /* this is not a session, so do not do session management */ | |
75 | + pam_end(pamh, PAM_SUCCESS); | |
76 | + return 0; | |
77 | +} | |
78 | +#endif | |
79 | + | |
80 | int main(int argc, char *argv[]) | |
81 | { | |
82 | #ifdef WITH_LIBDRM | |
83 | @@ -195,7 +245,11 @@ | |
84 | int i, r, fd; | |
85 | int kms_cards = 0; | |
86 | int total_cards = 0; | |
87 | +#if WITH_PAM | |
88 | + int allowed = USEPAM; | |
89 | +#else | |
90 | int allowed = CONSOLE_ONLY; | |
91 | +#endif | |
92 | int needs_root_rights = -1; | |
93 | char *const empty_envp[1] = { NULL, }; | |
94 | ||
95 | @@ -203,6 +257,12 @@ | |
96 | ||
97 | parse_config(&allowed, &needs_root_rights); | |
98 | ||
99 | +#if WITH_PAM | |
100 | + if (allowed == USEPAM) { | |
101 | + if(do_pam() < 0) | |
102 | + exit(1); | |
103 | + } else | |
104 | +#endif | |
105 | /* For non root users check if they are allowed to run the X server */ | |
106 | if (getuid() != 0) { | |
107 | switch (allowed) { | |
108 | --- xorg-server-1.18.0/hw/xfree86/Makefile.am.orig 2015-10-28 19:15:36.000000000 +0100 | |
109 | +++ xorg-server-1.18.0/hw/xfree86/Makefile.am 2015-12-19 11:04:50.946469457 +0100 | |
110 | @@ -85,6 +85,7 @@ | |
111 | wrapdir = $(SUID_WRAPPER_DIR) | |
112 | wrap_PROGRAMS = Xorg.wrap | |
113 | Xorg_wrap_SOURCES = xorg-wrapper.c | |
114 | +Xorg_wrap_LDADD = -lpam_misc -lpam | |
115 | endif | |
116 | ||
117 | BUILT_SOURCES = xorg.conf.example |