]> git.pld-linux.org Git - packages/xorg-xserver-server.git/blame - xorg-xserver-server-xwrapper-pam.patch
projects / packages / xorg-xserver-server.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- up to 1.20.1
[packages/xorg-xserver-server.git] / xorg-xserver-server-xwrapper-pam.patch
CommitLineData
ca47a6d2
JB		 1--- xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c.orig 2015-12-05 22:58:04.135435699 +0100
2+++ xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c 2015-12-19 11:04:14.816470975 +0100
3@@ -44,6 +44,13 @@
4 #include <drm.h>
5 #include <xf86drm.h> /* For DRM_DEV_NAME */
6 #endif
7+#define WITH_PAM 1
8+#ifdef WITH_PAM
9+#include <security/pam_appl.h>
10+#include <security/pam_misc.h>
11+#include <pwd.h>
12+#endif /* WITH_PAM */
13+
14
15 #include "misc.h"
16
17@@ -51,7 +58,7 @@
18
19 static const char *progname;
20
21-enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY };
22+enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY, USEPAM };
23
24 /* KISS non locale / LANG parsing isspace version */
25 static int is_space(char c)
26@@ -125,6 +132,10 @@
27 *allowed = CONSOLE_ONLY;
28 else if (strcmp(value, "anybody") == 0)
29 *allowed = ANYBODY;
30+#ifdef WITH_PAM
31+ else if (strcmp(value, "pam") == 0)
32+ *allowed = USEPAM;
33+#endif
34 else {
35 fprintf(stderr,
36 "%s: Invalid value '%s' for 'allowed_users' at %s line %d\n",
37@@ -186,6 +197,45 @@
38 return 0;
39 }
40
41+#ifdef WITH_PAM
42+static int do_pam(void)
43+{
44+ int retval;
45+ struct passwd *pw;
46+ pam_handle_t *pamh = NULL;
47+ static struct pam_conv conv = {
48+ misc_conv,
49+ NULL
50+ };
51+
52+ pw = getpwuid(getuid());
53+ if (pw == NULL) {
54+ fprintf(stderr, "%s: Unable to read passwd entry\n", progname);
55+ return -1;
56+ }
57+ retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
58+ if (retval != PAM_SUCCESS) {
59+ fprintf(stderr, "%s: PAM failed\n", progname);
60+ return -1;
61+ }
62+ retval = pam_authenticate(pamh, 0);
63+ if (retval != PAM_SUCCESS) {
64+ fprintf(stderr, "%s: PAM auth failed\n", progname);
65+ pam_end(pamh, retval);
66+ return -1;
67+ }
68+ retval = pam_acct_mgmt(pamh, 0);
69+ if (retval != PAM_SUCCESS) {
70+ fprintf(stderr, "%s: PAM auth failed\n", progname);
71+ pam_end(pamh, retval);
72+ return -1;
73+ }
74+ /* this is not a session, so do not do session management */
75+ pam_end(pamh, PAM_SUCCESS);
76+ return 0;
77+}
78+#endif
79+
80 int main(int argc, char *argv[])
81 {
82 #ifdef WITH_LIBDRM
83@@ -195,7 +245,11 @@
84 int i, r, fd;
85 int kms_cards = 0;
86 int total_cards = 0;
87+#if WITH_PAM
88+ int allowed = USEPAM;
89+#else
90 int allowed = CONSOLE_ONLY;
91+#endif
92 int needs_root_rights = -1;
93 char *const empty_envp[1] = { NULL, };
94
95@@ -203,6 +257,12 @@
96
97 parse_config(&allowed, &needs_root_rights);
98
99+#if WITH_PAM
100+ if (allowed == USEPAM) {
101+ if(do_pam() < 0)
102+ exit(1);
103+ } else
104+#endif
105 /* For non root users check if they are allowed to run the X server */
106 if (getuid() != 0) {
107 switch (allowed) {
108--- xorg-server-1.18.0/hw/xfree86/Makefile.am.orig 2015-10-28 19:15:36.000000000 +0100
109+++ xorg-server-1.18.0/hw/xfree86/Makefile.am 2015-12-19 11:04:50.946469457 +0100
110@@ -85,6 +85,7 @@
111 wrapdir = $(SUID_WRAPPER_DIR)
112 wrap_PROGRAMS = Xorg.wrap
113 Xorg_wrap_SOURCES = xorg-wrapper.c
114+Xorg_wrap_LDADD = -lpam_misc -lpam
115 endif
116
117 BUILT_SOURCES = xorg.conf.example
X.org server
This page took 0.110491 seconds and 4 git commands to generate.