1 --- xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c.orig 2015-12-05 22:58:04.135435699 +0100
2 +++ xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c 2015-12-19 11:04:14.816470975 +0100
5 #include <xf86drm.h> /* For DRM_DEV_NAME */
9 +#include <security/pam_appl.h>
10 +#include <security/pam_misc.h>
12 +#endif /* WITH_PAM */
19 static const char *progname;
21 -enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY };
22 +enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY, USEPAM };
24 /* KISS non locale / LANG parsing isspace version */
25 static int is_space(char c)
27 *allowed = CONSOLE_ONLY;
28 else if (strcmp(value, "anybody") == 0)
31 + else if (strcmp(value, "pam") == 0)
36 "%s: Invalid value '%s' for 'allowed_users' at %s line %d\n",
42 +static int do_pam(void)
46 + pam_handle_t *pamh = NULL;
47 + static struct pam_conv conv = {
52 + pw = getpwuid(getuid());
54 + fprintf(stderr, "%s: Unable to read passwd entry\n", progname);
57 + retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
58 + if (retval != PAM_SUCCESS) {
59 + fprintf(stderr, "%s: PAM failed\n", progname);
62 + retval = pam_authenticate(pamh, 0);
63 + if (retval != PAM_SUCCESS) {
64 + fprintf(stderr, "%s: PAM auth failed\n", progname);
65 + pam_end(pamh, retval);
68 + retval = pam_acct_mgmt(pamh, 0);
69 + if (retval != PAM_SUCCESS) {
70 + fprintf(stderr, "%s: PAM auth failed\n", progname);
71 + pam_end(pamh, retval);
74 + /* this is not a session, so do not do session management */
75 + pam_end(pamh, PAM_SUCCESS);
80 int main(int argc, char *argv[])
88 + int allowed = USEPAM;
90 int allowed = CONSOLE_ONLY;
92 int needs_root_rights = -1;
93 char *const empty_envp[1] = { NULL, };
97 parse_config(&allowed, &needs_root_rights);
100 + if (allowed == USEPAM) {
105 /* For non root users check if they are allowed to run the X server */
108 --- xorg-server-1.18.0/hw/xfree86/Makefile.am.orig 2015-10-28 19:15:36.000000000 +0100
109 +++ xorg-server-1.18.0/hw/xfree86/Makefile.am 2015-12-19 11:04:50.946469457 +0100
111 wrapdir = $(SUID_WRAPPER_DIR)
112 wrap_PROGRAMS = Xorg.wrap
113 Xorg_wrap_SOURCES = xorg-wrapper.c
114 +Xorg_wrap_LDADD = -lpam_misc -lpam
117 BUILT_SOURCES = xorg.conf.example