[packages/xorg-xserver-server.git] / xorg-xserver-server-xwrapper.patch

--- hw/xfree86/os-support/linux/lnx_init.c	2005-08-26 09:35:55.000000000 +0200
+++ hw/xfree86/os-support/linux/lnx_init.c	2005-12-22 10:52:06.630963000 +0100
@@ -104,8 +104,10 @@
 
 	/* when KeepTty check if we're run with euid==0 */
 	if (KeepTty && geteuid() != 0) 
-	    FatalError("xf86OpenConsole:"
-		       " Server must be suid root for option \"KeepTTY\"\n");
+	    FatalError("xf86OpenConsole: Server must be running with root "
+			    "permissions\n"
+			    "You should be using Xwrapper to start the server or xdm.\n"
+			    "We strongly advise against making the server SUID root!\n");
 
 	/*
 	 * setup the virtual terminal manager
--- os/wrapper.c	1970-01-01 01:00:00.000000000 +0100
+++ os/wrapper.c	2005-12-22 10:50:53.610963000 +0100
@@ -0,0 +1,304 @@
+/*
+ * X server wrapper.
+ *
+ * This wrapper makes some sanity checks on the command line arguments
+ * and environment variables when run with euid == 0 && euid != uid.
+ * If the checks fail, the wrapper exits with a message.
+ * If they succeed, it exec's the Xserver.
+ */
+
+/*
+ * Copyright (c) 1998 by The XFree86 Project, Inc.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject
+ * to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
+ * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+ * OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Except as contained in this notice, the name of the XFree86 Project
+ * shall not be used in advertising or otherwise to promote the sale,
+ * use or other dealings in this Software without prior written
+ * authorization from the XFree86 Project.
+ */
+
+/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
+
+/* This is normally set in the Imakefile */
+#ifndef XSERVER_PATH
+#define XSERVER_PATH	"/etc/X11/X"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <pwd.h>
+#endif /* USE_PAM */
+
+/* Neither of these should be required for XFree86 3.3.2 */
+#ifndef REJECT_CONFIG
+#define REJECT_CONFIG 0
+#endif
+#ifndef REJECT_XKBDIR
+#define REJECT_XKBDIR 0
+#endif
+
+/* Consider LD* variables insecure ? */
+#ifndef REMOVE_ENV_LD
+#define REMOVE_ENV_LD 1
+#endif
+
+/* Remove long environment variables? */
+#ifndef REMOVE_LONG_ENV
+#define REMOVE_LONG_ENV 1
+#endif
+
+/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
+#ifndef CHECK_EUID
+#define CHECK_EUID 1
+#endif
+
+/*
+ * Maybe the locale can be faked to make isprint(3) report that everything
+ * is printable?  Avoid it by default.
+ */
+#ifndef USE_ISPRINT
+#define USE_ISPRINT 0
+#endif
+
+#define MAX_ARG_LENGTH		128
+#define MAX_ENV_LENGTH		256
+#define MAX_ENV_PATH_LENGTH	2048
+
+#if USE_ISPRINT
+#include <ctype.h>
+#define checkPrintable(c) isprint(c)
+#else
+#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
+#endif
+
+enum BadCode {
+    NotBad = 0,
+    UnsafeArg,
+    ArgTooLong,
+    UnprintableArg,
+    EnvTooLong,
+    InternalError,
+#ifdef USE_PAM
+    PamFailed,
+    PamAuthFailed,
+#endif /* USE_PAM */
+};
+
+#define ARGMSG \
+    "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
+      "please send details of the arguments and why they are valid to\n" \
+      "XFree86@XFree86.org.  In the meantime, you can start the Xserver as\n" \
+      "the \"super user\" (root).\n"   
+
+#define ENVMSG \
+    "\nIf the environment is valid, and have been rejected incorrectly\n" \
+      "please send details of the environment and why it is valid to\n" \
+      "XFree86@XFree86.org.  In the meantime, you can start the Xserver as\n" \
+      "the \"super user\" (root).\n"
+
+#ifdef USE_PAM
+static struct pam_conv conv = {
+    misc_conv,
+    NULL
+};
+#endif /* USE_PAM */
+
+
+int
+main(int argc, char **argv, char **envp)
+{
+    enum BadCode bad = NotBad;
+    int i, j;
+    char *a, *e;
+#ifdef USE_PAM
+    pam_handle_t *pamh = NULL;
+    struct passwd *pw;
+    int retval;
+
+    pw = getpwuid(getuid());
+    if (pw == NULL) {
+	bad = InternalError;
+    }
+
+    if (!bad) {
+	retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
+	if (retval != PAM_SUCCESS)
+	    bad = PamFailed;
+    }
+
+    if (!bad) {
+	retval = pam_authenticate(pamh, 0);
+	if (retval != PAM_SUCCESS) {
+	    pam_end(pamh, retval);
+	    bad = PamAuthFailed;
+	}
+    }
+
+    if (!bad) {
+	retval = pam_acct_mgmt(pamh, 0);
+	if (retval != PAM_SUCCESS) {
+	    pam_end(pamh, retval);
+	    bad = PamAuthFailed;
+	}
+    }
+
+    /* this is not a session, so do not do session management */
+
+    if (!bad) pam_end(pamh, PAM_SUCCESS);
+#endif /* USE_PAM */
+
+#if CHECK_EUID
+    if (!bad && geteuid() == 0 && getuid() != geteuid()) {
+#else
+    if (!bad) {
+#endif
+	/* Check each argv[] */
+	for (i = 1; i < argc; i++) {
+
+	    /* Check for known bad arguments */
+#if REJECT_CONFIG
+	    if (strcmp(argv[i], "-config") == 0) {
+		bad = UnsafeArg;
+		break;
+	    }
+#endif
+#if REJECT_XKBDIR
+	    if (strcmp(argv[i], "-xkbdir") == 0) {
+		bad = UnsafeArg;
+		break;
+	    }
+#endif
+	    if (strlen(argv[i]) > MAX_ARG_LENGTH) {
+		bad = ArgTooLong;
+		break;
+	    }
+	    a = argv[i];
+	    while (*a) {
+		if (checkPrintable(*a) == 0) {
+		    bad = UnprintableArg;
+		    break;
+		}
+		a++;
+	    }
+	    if (bad)
+		break;
+	}
+	/* Check each envp[] */
+	if (!bad)
+	    for (i = 0; envp[i]; i++) {
+
+		/* Check for bad environment variables and values */
+#if REMOVE_ENV_LD
+		while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
+		    for (j = i; envp[j]; j++) {
+			envp[j] = envp[j+1];
+		    }
+		}
+#endif   
+		if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
+#if REMOVE_LONG_ENV
+		    for (j = i; envp[j]; j++) {
+			envp[j] = envp[j+1];
+		    }
+		    i--;
+#else
+		    char *eq;
+		    int len;
+
+		    eq = strchr(envp[i], '=');
+		    if (!eq)
+			continue;
+		    len = eq - envp[i];
+		    e = malloc(len + 1);
+		    if (!e) {
+			bad = InternalError;
+			break;
+		    }
+		    strncpy(e, envp[i], len);
+		    e[len] = 0;
+		    if (len >= 4 &&
+			(strcmp(e + len - 4, "PATH") == 0 ||
+			 strcmp(e, "TERMCAP") == 0)) {
+			if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
+			    bad = EnvTooLong;
+			    break;
+			} else {
+			    free(e);
+			}
+		    } else {
+			bad = EnvTooLong;
+			break;
+		    }
+#endif
+		}
+	    }
+    }
+    switch (bad) {
+    case NotBad:
+	execve(XSERVER_PATH, argv, envp);
+	fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
+		errno);
+	break;
+    case UnsafeArg:
+	fprintf(stderr, "Command line argument number %d is unsafe\n", i);
+	fprintf(stderr, ARGMSG);
+	break;
+    case ArgTooLong:
+	fprintf(stderr, "Command line argument number %d is too long\n", i);
+	fprintf(stderr, ARGMSG);
+	break;
+    case UnprintableArg:
+	fprintf(stderr, "Command line argument number %d contains unprintable"
+		" characters\n", i);
+	fprintf(stderr, ARGMSG);
+	break;
+    case EnvTooLong:
+	fprintf(stderr, "Environment variable `%s' is too long\n", e);
+	fprintf(stderr, ENVMSG);
+	break;
+    case InternalError:
+	fprintf(stderr, "Internal Error\n");
+	break;
+#ifdef USE_PAM
+    case PamFailed:
+	fprintf(stderr, "Authentication System Failure, "
+			"missing or mangled PAM configuration file or module?\n");
+	break;
+    case PamAuthFailed:
+	fprintf(stderr, "PAM authentication failed\n");
+	break;
+#endif
+    default:
+	fprintf(stderr, "Unknown error\n");
+	fprintf(stderr, ARGMSG);
+	fprintf(stderr, ENVMSG);
+	break;
+    }
+    exit(1);
+}
+
--- os/Makefile.am	2005-12-06 16:50:35.000000000 +0100
+++ os/Makefile.am	2006-02-05 14:36:53.211755250 +0100
@@ -24,6 +24,11 @@
 	xprintf.c	\
 	$(XORG_SRCS)
 
+bin_PROGRAMS = Xwrapper
+Xwrapper_SOURCES = wrapper.c
+Xwrapper_CFLAGS = -DUSE_PAM -DXSERVER_PATH=\"/usr/bin/Xorg\" $(AM_CFLAGS)
+Xwrapper_LDADD = -lpam_misc
+
 if SECURE_RPC
 libos_la_SOURCES += $(SECURERPC_SRCS)
 endif
Commit	Line	Data
69af3e9f PS	1	--- hw/xfree86/os-support/linux/lnx_init.c 2005-08-26 09:35:55.000000000 +0200
	2	+++ hw/xfree86/os-support/linux/lnx_init.c 2005-12-22 10:52:06.630963000 +0100
	3	@@ -104,8 +104,10 @@
	4
	5	/* when KeepTty check if we're run with euid==0 */
	6	if (KeepTty && geteuid() != 0)
	7	- FatalError("xf86OpenConsole:"
	8	- " Server must be suid root for option \"KeepTTY\"\n");
	9	+ FatalError("xf86OpenConsole: Server must be running with root "
	10	+ "permissions\n"
	11	+ "You should be using Xwrapper to start the server or xdm.\n"
	12	+ "We strongly advise against making the server SUID root!\n");
	13
	14	/*
	15	* setup the virtual terminal manager
	16	--- os/wrapper.c 1970-01-01 01:00:00.000000000 +0100
	17	+++ os/wrapper.c 2005-12-22 10:50:53.610963000 +0100
	18	@@ -0,0 +1,304 @@
	19	+/*
	20	+ * X server wrapper.
	21	+ *
	22	+ * This wrapper makes some sanity checks on the command line arguments
	23	+ * and environment variables when run with euid == 0 && euid != uid.
	24	+ * If the checks fail, the wrapper exits with a message.
	25	+ * If they succeed, it exec's the Xserver.
	26	+ */
	27	+
	28	+/*
	29	+ * Copyright (c) 1998 by The XFree86 Project, Inc. All Rights Reserved.
	30	+ *
	31	+ * Permission is hereby granted, free of charge, to any person obtaining
	32	+ * a copy of this software and associated documentation files (the
	33	+ * "Software"), to deal in the Software without restriction, including
	34	+ * without limitation the rights to use, copy, modify, merge, publish,
	35	+ * distribute, sublicense, and/or sell copies of the Software, and to
	36	+ * permit persons to whom the Software is furnished to do so, subject
	37	+ * to the following conditions:
	38	+ *
	39	+ * The above copyright notice and this permission notice shall be included
	40	+ * in all copies or substantial portions of the Software.
	41	+ *
	42	+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	43	+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	44	+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	45	+ * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
	46	+ * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
	47	+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
	48	+ * OR OTHER DEALINGS IN THE SOFTWARE.
	49	+ *
	50	+ * Except as contained in this notice, the name of the XFree86 Project
	51	+ * shall not be used in advertising or otherwise to promote the sale,
	52	+ * use or other dealings in this Software without prior written
	53	+ * authorization from the XFree86 Project.
	54	+ */
	55	+
	56	+/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
	57	+
	58	+/* This is normally set in the Imakefile */
	59	+#ifndef XSERVER_PATH
	60	+#define XSERVER_PATH "/etc/X11/X"
	61	+#endif
	62	+
	63	+#include <stdio.h>
	64	+#include <stdlib.h>
65	+#include <string.h>
66	+#include <errno.h>
67	+#include <unistd.h>
68	+#include <sys/types.h>
69	+#ifdef USE_PAM
70	+#include <security/pam_appl.h>
71	+#include <security/pam_misc.h>
72	+#include <pwd.h>
73	+#endif /* USE_PAM */
74	+
75	+/* Neither of these should be required for XFree86 3.3.2 */
76	+#ifndef REJECT_CONFIG
77	+#define REJECT_CONFIG 0
78	+#endif
79	+#ifndef REJECT_XKBDIR
80	+#define REJECT_XKBDIR 0
81	+#endif
82	+
83	+/* Consider LD* variables insecure ? */
84	+#ifndef REMOVE_ENV_LD
85	+#define REMOVE_ENV_LD 1
86	+#endif
87	+
88	+/* Remove long environment variables? */
89	+#ifndef REMOVE_LONG_ENV
90	+#define REMOVE_LONG_ENV 1
91	+#endif
92	+
93	+/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
94	+#ifndef CHECK_EUID
95	+#define CHECK_EUID 1
96	+#endif
97	+
98	+/*
99	+ * Maybe the locale can be faked to make isprint(3) report that everything
100	+ * is printable? Avoid it by default.
101	+ */
102	+#ifndef USE_ISPRINT
103	+#define USE_ISPRINT 0
104	+#endif
105	+
106	+#define MAX_ARG_LENGTH 128
107	+#define MAX_ENV_LENGTH 256
108	+#define MAX_ENV_PATH_LENGTH 2048
109	+
110	+#if USE_ISPRINT
111	+#include <ctype.h>
112	+#define checkPrintable(c) isprint(c)
113	+#else
114	+#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
115	+#endif
116	+
117	+enum BadCode {
118	+ NotBad = 0,
119	+ UnsafeArg,
120	+ ArgTooLong,
121	+ UnprintableArg,
122	+ EnvTooLong,
123	+ InternalError,
124	+#ifdef USE_PAM
125	+ PamFailed,
126	+ PamAuthFailed,
127	+#endif /* USE_PAM */
128	+};
129	+
130	+#define ARGMSG \
131	+ "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
132	+ "please send details of the arguments and why they are valid to\n" \
133	+ "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
134	+ "the \"super user\" (root).\n"
135	+
136	+#define ENVMSG \
137	+ "\nIf the environment is valid, and have been rejected incorrectly\n" \
138	+ "please send details of the environment and why it is valid to\n" \
139	+ "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
140	+ "the \"super user\" (root).\n"
141	+
142	+#ifdef USE_PAM
143	+static struct pam_conv conv = {
144	+ misc_conv,
145	+ NULL
146	+};
147	+#endif /* USE_PAM */
148	+
149	+
150	+int
151	+main(int argc, char argv, char envp)
152	+{
153	+ enum BadCode bad = NotBad;
154	+ int i, j;
155	+ char a, e;
156	+#ifdef USE_PAM
157	+ pam_handle_t *pamh = NULL;
158	+ struct passwd *pw;
159	+ int retval;
160	+
161	+ pw = getpwuid(getuid());
162	+ if (pw == NULL) {
163	+ bad = InternalError;
164	+ }
165	+
166	+ if (!bad) {
167	+ retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
168	+ if (retval != PAM_SUCCESS)
169	+ bad = PamFailed;
170	+ }
171	+
172	+ if (!bad) {
173	+ retval = pam_authenticate(pamh, 0);
174	+ if (retval != PAM_SUCCESS) {
175	+ pam_end(pamh, retval);
176	+ bad = PamAuthFailed;
177	+ }
178	+ }
179	+
180	+ if (!bad) {
181	+ retval = pam_acct_mgmt(pamh, 0);
182	+ if (retval != PAM_SUCCESS) {
183	+ pam_end(pamh, retval);
184	+ bad = PamAuthFailed;
185	+ }
186	+ }
187	+
188	+ /* this is not a session, so do not do session management */
189	+
190	+ if (!bad) pam_end(pamh, PAM_SUCCESS);
191	+#endif /* USE_PAM */
192	+
193	+#if CHECK_EUID
194	+ if (!bad && geteuid() == 0 && getuid() != geteuid()) {
195	+#else
196	+ if (!bad) {
197	+#endif
198	+ /* Check each argv[] */
199	+ for (i = 1; i < argc; i++) {
200	+
201	+ /* Check for known bad arguments */
202	+#if REJECT_CONFIG
203	+ if (strcmp(argv[i], "-config") == 0) {
204	+ bad = UnsafeArg;
205	+ break;
206	+ }
207	+#endif
208	+#if REJECT_XKBDIR
209	+ if (strcmp(argv[i], "-xkbdir") == 0) {
210	+ bad = UnsafeArg;
211	+ break;
212	+ }
213	+#endif
214	+ if (strlen(argv[i]) > MAX_ARG_LENGTH) {
215	+ bad = ArgTooLong;
216	+ break;
217	+ }
218	+ a = argv[i];
219	+ while (*a) {
220	+ if (checkPrintable(*a) == 0) {
221	+ bad = UnprintableArg;
222	+ break;
223	+ }
224	+ a++;
225	+ }
226	+ if (bad)
227	+ break;
228	+ }
229	+ /* Check each envp[] */
230	+ if (!bad)
231	+ for (i = 0; envp[i]; i++) {
232	+
233	+ /* Check for bad environment variables and values */
234	+#if REMOVE_ENV_LD
235	+ while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
236	+ for (j = i; envp[j]; j++) {
237	+ envp[j] = envp[j+1];
238	+ }
239	+ }
240	+#endif
241	+ if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
242	+#if REMOVE_LONG_ENV
243	+ for (j = i; envp[j]; j++) {
244	+ envp[j] = envp[j+1];
245	+ }
246	+ i--;
247	+#else
248	+ char *eq;
249	+ int len;
250	+
251	+ eq = strchr(envp[i], '=');
252	+ if (!eq)
253	+ continue;
254	+ len = eq - envp[i];
255	+ e = malloc(len + 1);
256	+ if (!e) {
257	+ bad = InternalError;
258	+ break;
259	+ }
260	+ strncpy(e, envp[i], len);
261	+ e[len] = 0;
262	+ if (len >= 4 &&
263	+ (strcmp(e + len - 4, "PATH") == 0 \|\|
264	+ strcmp(e, "TERMCAP") == 0)) {
265	+ if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
266	+ bad = EnvTooLong;
267	+ break;
268	+ } else {
269	+ free(e);
270	+ }
271	+ } else {
272	+ bad = EnvTooLong;
273	+ break;
274	+ }
275	+#endif
276	+ }
277	+ }
278	+ }
279	+ switch (bad) {
280	+ case NotBad:
281	+ execve(XSERVER_PATH, argv, envp);
282	+ fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
283	+ errno);
284	+ break;
285	+ case UnsafeArg:
286	+ fprintf(stderr, "Command line argument number %d is unsafe\n", i);
287	+ fprintf(stderr, ARGMSG);
288	+ break;
289	+ case ArgTooLong:
290	+ fprintf(stderr, "Command line argument number %d is too long\n", i);
291	+ fprintf(stderr, ARGMSG);
292	+ break;
293	+ case UnprintableArg:
294	+ fprintf(stderr, "Command line argument number %d contains unprintable"
295	+ " characters\n", i);
296	+ fprintf(stderr, ARGMSG);
297	+ break;
298	+ case EnvTooLong:
299	+ fprintf(stderr, "Environment variable `%s' is too long\n", e);
300	+ fprintf(stderr, ENVMSG);
301	+ break;
302	+ case InternalError:
303	+ fprintf(stderr, "Internal Error\n");
304	+ break;
305	+#ifdef USE_PAM
306	+ case PamFailed:
307	+ fprintf(stderr, "Authentication System Failure, "
308	+ "missing or mangled PAM configuration file or module?\n");
309	+ break;
310	+ case PamAuthFailed:
311	+ fprintf(stderr, "PAM authentication failed\n");
312	+ break;
313	+#endif
314	+ default:
315	+ fprintf(stderr, "Unknown error\n");
316	+ fprintf(stderr, ARGMSG);
317	+ fprintf(stderr, ENVMSG);
318	+ break;
319	+ }
320	+ exit(1);
321	+}
322	+
7485730a PS	323	--- os/Makefile.am 2005-12-06 16:50:35.000000000 +0100
7485730a PS	324	+++ os/Makefile.am 2006-02-05 14:36:53.211755250 +0100
a3ebf0f3	325	@@ -24,6 +24,11 @@
69af3e9f	326	xprintf.c \
a3ebf0f3	327	$(XORG_SRCS)
69af3e9f PS	328
	329	+bin_PROGRAMS = Xwrapper
	330	+Xwrapper_SOURCES = wrapper.c
	331	+Xwrapper_CFLAGS = -DUSE_PAM -DXSERVER_PATH=\"/usr/bin/Xorg\" $(AM_CFLAGS)
	332	+Xwrapper_LDADD = -lpam_misc
	333	+
a3ebf0f3 AM	334	if SECURE_RPC
a3ebf0f3 AM	335	libos_la_SOURCES += $(SECURERPC_SRCS)
69af3e9f	336	endif