From ce51da7e2600c87a1426b4a7c1ddba8ddf622752 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Tue, 1 Apr 2014 13:11:57 -0400

Subject: [PATCH] worker: get PATH from parent instead of #define

If no PATH is set, then the session worker tries to set one up,

based on guess. This commit changes GDM to just use the PATH given

to GDM itself, rather than guessing (and getting it wrong).

---

 daemon/Makefile.am          |  1 -

 daemon/gdm-session-worker.c | 15 ++++-----------

 daemon/gdm-slave.c          |  2 +-

 3 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/daemon/Makefile.am b/daemon/Makefile.am

index 750735a..b8b83c8 100644

--- a/daemon/Makefile.am

+++ b/daemon/Makefile.am

@@ -1,53 +1,52 @@

 NULL =

 AM_CPPFLAGS = \

 	-I.						\

 	-I..						\

 	-I$(top_srcdir)/common				\

 	-I$(top_builddir)/common			\

 	-DAUTHDIR=\"$(authdir)\"			\

 	-DBINDIR=\"$(bindir)\"				\

 	-DDATADIR=\"$(datadir)\"			\

 	-DDMCONFDIR=\"$(dmconfdir)\"			\

 	-DGDMCONFDIR=\"$(gdmconfdir)\"			\

 	-DLIBDIR=\"$(libdir)\"				\

 	-DLIBEXECDIR=\"$(libexecdir)\"			\

 	-DLOCALSTATEDIR=\"$(localstatedir)\"		\

 	-DLOGDIR=\"$(logdir)\"				\

 	-DSBINDIR=\"$(sbindir)\"			\

 	-DGNOMELOCALEDIR=\""$(datadir)/locale"\"	\

 	-DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\"		\

 	-DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\"		\

 	-DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\"		\

 	-DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\"	\

-	-DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \

 	-DCONSOLEKIT_DIR=\"$(CONSOLEKIT_DIR)\" \

 	$(DISABLE_DEPRECATED_CFLAGS)			\

 	$(DAEMON_CFLAGS)				\

 	$(XLIB_CFLAGS)					\

 	$(WARN_CFLAGS)					\

 	$(DEBUG_CFLAGS)					\

 	$(SYSTEMD_CFLAGS)				\

 	$(JOURNALD_CFLAGS)				\

 	$(LIBSELINUX_CFLAGS)	 			\

 	-DLANG_CONFIG_FILE=\"$(LANG_CONFIG_FILE)\"	\

 	$(NULL)

 BUILT_SOURCES =					\

 	gdm-slave-glue.h			\

 	gdm-xdmcp-chooser-slave-glue.h		\

 	gdm-display-glue.h			\

 	gdm-xdmcp-display-glue.h		\

 	gdm-manager-glue.h			\

 	gdm-static-display-glue.h		\

 	gdm-transient-display-glue.h		\

 	gdm-local-display-factory-glue.h	\

 	gdm-session-glue.h			\

 	gdm-session-worker-glue.h		\

 	gdm-session-enum-types.h		\

 	$(NULL)

 gdm-session-enum-types.h: gdm-session-enum-types.h.in gdm-session.h

 	$(AM_V_GEN) glib-mkenums --template $^ > $@

 gdm-session-enum-types.c: gdm-session-enum-types.c.in gdm-session.h

diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c

index eb81450..fe64804 100644

--- a/daemon/gdm-session-worker.c

+++ b/daemon/gdm-session-worker.c

@@ -59,64 +59,60 @@

 #endif /* HAVE_SELINUX */

 #include "gdm-common.h"

 #include "gdm-log.h"

 #include "gdm-session-worker.h"

 #include "gdm-session-glue.h"

 #include "gdm-session.h"

 #if defined (HAVE_ADT)

 #include "gdm-session-solaris-auditor.h"

 #elif defined (HAVE_LIBAUDIT)

 #include "gdm-session-linux-auditor.h"

 #else

 #include "gdm-session-auditor.h"

 #endif

 #include "gdm-session-settings.h"

 #define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate))

 #define GDM_SESSION_DBUS_PATH         "/org/gnome/DisplayManager/Session"

 #define GDM_SESSION_DBUS_NAME         "org.gnome.DisplayManager.Session"

 #define GDM_SESSION_DBUS_ERROR_CANCEL "org.gnome.DisplayManager.Session.Error.Cancel"

 #define GDM_WORKER_DBUS_PATH "/org/gnome/DisplayManager/Worker"

 #ifndef GDM_PASSWD_AUXILLARY_BUFFER_SIZE

 #define GDM_PASSWD_AUXILLARY_BUFFER_SIZE 1024

 #endif

-#ifndef GDM_SESSION_DEFAULT_PATH

-#define GDM_SESSION_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin"

-#endif

-

 #ifndef GDM_SESSION_ROOT_UID

 #define GDM_SESSION_ROOT_UID 0

 #endif

 #ifndef GDM_SESSION_LOG_FILENAME

 #define GDM_SESSION_LOG_FILENAME "session.log"

 #endif

 #define MAX_FILE_SIZE     65536

 #define MAX_LOGS          5

 enum {

         GDM_SESSION_WORKER_STATE_NONE = 0,

         GDM_SESSION_WORKER_STATE_SETUP_COMPLETE,

         GDM_SESSION_WORKER_STATE_AUTHENTICATED,

         GDM_SESSION_WORKER_STATE_AUTHORIZED,

         GDM_SESSION_WORKER_STATE_ACCREDITED,

         GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED,

         GDM_SESSION_WORKER_STATE_SESSION_OPENED,

         GDM_SESSION_WORKER_STATE_SESSION_STARTED

 };

 typedef struct

 {

         GdmSessionWorker *worker;

         GdmSession       *session;

         GPid              pid_of_caller;

         uid_t             uid_of_caller;

 } ReauthenticationRequest;

@@ -1467,67 +1463,64 @@ gdm_session_worker_accredit_user (GdmSessionWorker  *worker,

                              _("no user account available"));

                 goto out;

         }

         uid = 0;

         gid = 0;

         res = _lookup_passwd_info (worker->priv->username,

                                    &uid,

                                    &gid,

                                    &home,

                                    &shell);

         if (! res) {

                 g_debug ("GdmSessionWorker: Unable to lookup account info");

                 error_code = PAM_AUTHINFO_UNAVAIL;

                 g_set_error (error,

                              GDM_SESSION_WORKER_ERROR,

                              GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,

                              _("no user account available"));

                 goto out;

         }

         gdm_session_worker_update_environment_from_passwd_info (worker,

                                                                 uid,

                                                                 gid,

                                                                 home,

                                                                 shell);

         /* Let's give the user a default PATH if he doesn't already have one

          */

         if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) {

-                if (strcmp (BINDIR, "/usr/bin") == 0) {

-                        gdm_session_worker_set_environment_variable (worker, "PATH",

-                                                                     GDM_SESSION_DEFAULT_PATH);

-                } else {

-                        gdm_session_worker_set_environment_variable (worker, "PATH",

-                                                                     BINDIR ":" GDM_SESSION_DEFAULT_PATH);

-                }

+                const char *path;

+

+                path = g_getenv ("PATH");

+                gdm_session_worker_set_environment_variable (worker, "PATH", path);

         }

         if (! _change_user (worker, uid, gid)) {

                 g_debug ("GdmSessionWorker: Unable to change to user");

                 error_code = PAM_SYSTEM_ERR;

                 g_set_error (error, GDM_SESSION_WORKER_ERROR,

                              GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,

                              "%s", _("Unable to change to user"));

                 goto out;

         }

         error_code = pam_setcred (worker->priv->pam_handle, worker->priv->cred_flags);

         /* If the user is reauthenticating and they've made it this far, then there

          * is no reason we should lock them out of their session.  They've already

          * proved they are they same person who logged in, and that's all we care

          * about.

          */

         if (worker->priv->is_reauth_session) {

                 error_code = PAM_SUCCESS;

         }

         if (error_code != PAM_SUCCESS) {

                 g_set_error (error,

                              GDM_SESSION_WORKER_ERROR,

                              GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,

                              "%s",

                              pam_strerror (worker->priv->pam_handle, error_code));

                 goto out;

         }

diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c

index 44b2ffe..52d16e5 100644

--- a/daemon/gdm-slave.c

+++ b/daemon/gdm-slave.c

@@ -230,61 +230,61 @@ get_script_environment (GdmSlave   *slave,

                                                      g_strdup (pwent->pw_dir));

                         }

                         g_hash_table_insert (hash, g_strdup ("SHELL"),

                                              g_strdup (pwent->pw_shell));

                 }

         }

 #if 0

         if (display_is_parented) {

                 g_hash_table_insert (hash, g_strdup ("GDM_PARENT_DISPLAY"), g_strdup (parent_display_name));

                 /*g_hash_table_insert (hash, "GDM_PARENT_XAUTHORITY"), slave->priv->parent_temp_auth_file));*/

         }

 #endif

         /* some env for use with the Pre and Post scripts */

         temp = g_strconcat (slave->priv->display_name, ".Xservers", NULL);

         x_servers_file = g_build_filename (AUTHDIR, temp, NULL);

         g_free (temp);

         g_hash_table_insert (hash, g_strdup ("X_SERVERS"), x_servers_file);

         if (! slave->priv->display_is_local) {

                 g_hash_table_insert (hash, g_strdup ("REMOTE_HOST"), g_strdup (slave->priv->display_hostname));

         }

         /* Runs as root */

         g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (slave->priv->display_x11_authority_file));

         g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (slave->priv->display_name));

-        g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (GDM_SESSION_DEFAULT_PATH));

+        g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (g_getenv ("PATH")));

         g_hash_table_insert (hash, g_strdup ("RUNNING_UNDER_GDM"), g_strdup ("true"));

         g_hash_table_remove (hash, "MAIL");

         g_hash_table_foreach (hash, (GHFunc)listify_hash, env);

         g_hash_table_destroy (hash);

         g_ptr_array_add (env, NULL);

         return env;

 }

 gboolean

 gdm_slave_run_script (GdmSlave   *slave,

                       const char *dir,

                       const char *login)

 {

         char      *script;

         char     **argv;

         gint       status;

         GError    *error;

         GPtrArray *env;

         gboolean   res;

         gboolean   ret;

         ret = FALSE;

         g_assert (dir != NULL);

         g_assert (login != NULL);

-- 

1.9.0