|
|
01018b |
From ce51da7e2600c87a1426b4a7c1ddba8ddf622752 Mon Sep 17 00:00:00 2001
|
|
|
01018b |
From: Ray Strode <rstrode@redhat.com>
|
|
|
01018b |
Date: Tue, 1 Apr 2014 13:11:57 -0400
|
|
|
01018b |
Subject: [PATCH] worker: get PATH from parent instead of #define
|
|
|
01018b |
|
|
|
01018b |
If no PATH is set, then the session worker tries to set one up,
|
|
|
01018b |
based on guess. This commit changes GDM to just use the PATH given
|
|
|
01018b |
to GDM itself, rather than guessing (and getting it wrong).
|
|
|
01018b |
---
|
|
|
01018b |
daemon/Makefile.am | 1 -
|
|
|
01018b |
daemon/gdm-session-worker.c | 15 ++++-----------
|
|
|
01018b |
daemon/gdm-slave.c | 2 +-
|
|
|
01018b |
3 files changed, 5 insertions(+), 13 deletions(-)
|
|
|
01018b |
|
|
|
01018b |
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
|
|
|
01018b |
index 750735a..b8b83c8 100644
|
|
|
01018b |
--- a/daemon/Makefile.am
|
|
|
01018b |
+++ b/daemon/Makefile.am
|
|
|
01018b |
@@ -1,53 +1,52 @@
|
|
|
01018b |
NULL =
|
|
|
01018b |
|
|
|
01018b |
AM_CPPFLAGS = \
|
|
|
01018b |
-I. \
|
|
|
01018b |
-I.. \
|
|
|
01018b |
-I$(top_srcdir)/common \
|
|
|
01018b |
-I$(top_builddir)/common \
|
|
|
01018b |
-DAUTHDIR=\"$(authdir)\" \
|
|
|
01018b |
-DBINDIR=\"$(bindir)\" \
|
|
|
01018b |
-DDATADIR=\"$(datadir)\" \
|
|
|
01018b |
-DDMCONFDIR=\"$(dmconfdir)\" \
|
|
|
01018b |
-DGDMCONFDIR=\"$(gdmconfdir)\" \
|
|
|
01018b |
-DLIBDIR=\"$(libdir)\" \
|
|
|
01018b |
-DLIBEXECDIR=\"$(libexecdir)\" \
|
|
|
01018b |
-DLOCALSTATEDIR=\"$(localstatedir)\" \
|
|
|
01018b |
-DLOGDIR=\"$(logdir)\" \
|
|
|
01018b |
-DSBINDIR=\"$(sbindir)\" \
|
|
|
01018b |
-DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
|
|
|
01018b |
-DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \
|
|
|
01018b |
-DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \
|
|
|
01018b |
-DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\" \
|
|
|
01018b |
-DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\" \
|
|
|
01018b |
- -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \
|
|
|
01018b |
-DCONSOLEKIT_DIR=\"$(CONSOLEKIT_DIR)\" \
|
|
|
01018b |
$(DISABLE_DEPRECATED_CFLAGS) \
|
|
|
01018b |
$(DAEMON_CFLAGS) \
|
|
|
01018b |
$(XLIB_CFLAGS) \
|
|
|
01018b |
$(WARN_CFLAGS) \
|
|
|
01018b |
$(DEBUG_CFLAGS) \
|
|
|
01018b |
$(SYSTEMD_CFLAGS) \
|
|
|
01018b |
$(JOURNALD_CFLAGS) \
|
|
|
01018b |
$(LIBSELINUX_CFLAGS) \
|
|
|
01018b |
-DLANG_CONFIG_FILE=\"$(LANG_CONFIG_FILE)\" \
|
|
|
01018b |
$(NULL)
|
|
|
01018b |
|
|
|
01018b |
BUILT_SOURCES = \
|
|
|
01018b |
gdm-slave-glue.h \
|
|
|
01018b |
gdm-xdmcp-chooser-slave-glue.h \
|
|
|
01018b |
gdm-display-glue.h \
|
|
|
01018b |
gdm-xdmcp-display-glue.h \
|
|
|
01018b |
gdm-manager-glue.h \
|
|
|
01018b |
gdm-static-display-glue.h \
|
|
|
01018b |
gdm-transient-display-glue.h \
|
|
|
01018b |
gdm-local-display-factory-glue.h \
|
|
|
01018b |
gdm-session-glue.h \
|
|
|
01018b |
gdm-session-worker-glue.h \
|
|
|
01018b |
gdm-session-enum-types.h \
|
|
|
01018b |
$(NULL)
|
|
|
01018b |
|
|
|
01018b |
gdm-session-enum-types.h: gdm-session-enum-types.h.in gdm-session.h
|
|
|
01018b |
$(AM_V_GEN) glib-mkenums --template $^ > $@
|
|
|
01018b |
|
|
|
01018b |
gdm-session-enum-types.c: gdm-session-enum-types.c.in gdm-session.h
|
|
|
01018b |
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
|
|
|
01018b |
index eb81450..fe64804 100644
|
|
|
01018b |
--- a/daemon/gdm-session-worker.c
|
|
|
01018b |
+++ b/daemon/gdm-session-worker.c
|
|
|
01018b |
@@ -59,64 +59,60 @@
|
|
|
01018b |
#endif /* HAVE_SELINUX */
|
|
|
01018b |
|
|
|
01018b |
#include "gdm-common.h"
|
|
|
01018b |
#include "gdm-log.h"
|
|
|
01018b |
#include "gdm-session-worker.h"
|
|
|
01018b |
#include "gdm-session-glue.h"
|
|
|
01018b |
#include "gdm-session.h"
|
|
|
01018b |
|
|
|
01018b |
#if defined (HAVE_ADT)
|
|
|
01018b |
#include "gdm-session-solaris-auditor.h"
|
|
|
01018b |
#elif defined (HAVE_LIBAUDIT)
|
|
|
01018b |
#include "gdm-session-linux-auditor.h"
|
|
|
01018b |
#else
|
|
|
01018b |
#include "gdm-session-auditor.h"
|
|
|
01018b |
#endif
|
|
|
01018b |
|
|
|
01018b |
#include "gdm-session-settings.h"
|
|
|
01018b |
|
|
|
01018b |
#define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate))
|
|
|
01018b |
|
|
|
01018b |
#define GDM_SESSION_DBUS_PATH "/org/gnome/DisplayManager/Session"
|
|
|
01018b |
#define GDM_SESSION_DBUS_NAME "org.gnome.DisplayManager.Session"
|
|
|
01018b |
#define GDM_SESSION_DBUS_ERROR_CANCEL "org.gnome.DisplayManager.Session.Error.Cancel"
|
|
|
01018b |
|
|
|
01018b |
#define GDM_WORKER_DBUS_PATH "/org/gnome/DisplayManager/Worker"
|
|
|
01018b |
|
|
|
01018b |
#ifndef GDM_PASSWD_AUXILLARY_BUFFER_SIZE
|
|
|
01018b |
#define GDM_PASSWD_AUXILLARY_BUFFER_SIZE 1024
|
|
|
01018b |
#endif
|
|
|
01018b |
|
|
|
01018b |
-#ifndef GDM_SESSION_DEFAULT_PATH
|
|
|
01018b |
-#define GDM_SESSION_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin"
|
|
|
01018b |
-#endif
|
|
|
01018b |
-
|
|
|
01018b |
#ifndef GDM_SESSION_ROOT_UID
|
|
|
01018b |
#define GDM_SESSION_ROOT_UID 0
|
|
|
01018b |
#endif
|
|
|
01018b |
|
|
|
01018b |
#ifndef GDM_SESSION_LOG_FILENAME
|
|
|
01018b |
#define GDM_SESSION_LOG_FILENAME "session.log"
|
|
|
01018b |
#endif
|
|
|
01018b |
|
|
|
01018b |
#define MAX_FILE_SIZE 65536
|
|
|
01018b |
#define MAX_LOGS 5
|
|
|
01018b |
|
|
|
01018b |
enum {
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_NONE = 0,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_SETUP_COMPLETE,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_AUTHENTICATED,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_AUTHORIZED,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_ACCREDITED,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_SESSION_OPENED,
|
|
|
01018b |
GDM_SESSION_WORKER_STATE_SESSION_STARTED
|
|
|
01018b |
};
|
|
|
01018b |
|
|
|
01018b |
typedef struct
|
|
|
01018b |
{
|
|
|
01018b |
GdmSessionWorker *worker;
|
|
|
01018b |
GdmSession *session;
|
|
|
01018b |
GPid pid_of_caller;
|
|
|
01018b |
uid_t uid_of_caller;
|
|
|
01018b |
|
|
|
01018b |
} ReauthenticationRequest;
|
|
|
01018b |
@@ -1467,67 +1463,64 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker,
|
|
|
01018b |
_("no user account available"));
|
|
|
01018b |
goto out;
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
uid = 0;
|
|
|
01018b |
gid = 0;
|
|
|
01018b |
res = _lookup_passwd_info (worker->priv->username,
|
|
|
01018b |
&uid,
|
|
|
01018b |
&gid,
|
|
|
01018b |
&home,
|
|
|
01018b |
&shell);
|
|
|
01018b |
if (! res) {
|
|
|
01018b |
g_debug ("GdmSessionWorker: Unable to lookup account info");
|
|
|
01018b |
error_code = PAM_AUTHINFO_UNAVAIL;
|
|
|
01018b |
g_set_error (error,
|
|
|
01018b |
GDM_SESSION_WORKER_ERROR,
|
|
|
01018b |
GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,
|
|
|
01018b |
_("no user account available"));
|
|
|
01018b |
goto out;
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
gdm_session_worker_update_environment_from_passwd_info (worker,
|
|
|
01018b |
uid,
|
|
|
01018b |
gid,
|
|
|
01018b |
home,
|
|
|
01018b |
shell);
|
|
|
01018b |
|
|
|
01018b |
/* Let's give the user a default PATH if he doesn't already have one
|
|
|
01018b |
*/
|
|
|
01018b |
if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) {
|
|
|
01018b |
- if (strcmp (BINDIR, "/usr/bin") == 0) {
|
|
|
01018b |
- gdm_session_worker_set_environment_variable (worker, "PATH",
|
|
|
01018b |
- GDM_SESSION_DEFAULT_PATH);
|
|
|
01018b |
- } else {
|
|
|
01018b |
- gdm_session_worker_set_environment_variable (worker, "PATH",
|
|
|
01018b |
- BINDIR ":" GDM_SESSION_DEFAULT_PATH);
|
|
|
01018b |
- }
|
|
|
01018b |
+ const char *path;
|
|
|
01018b |
+
|
|
|
01018b |
+ path = g_getenv ("PATH");
|
|
|
01018b |
+ gdm_session_worker_set_environment_variable (worker, "PATH", path);
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
if (! _change_user (worker, uid, gid)) {
|
|
|
01018b |
g_debug ("GdmSessionWorker: Unable to change to user");
|
|
|
01018b |
error_code = PAM_SYSTEM_ERR;
|
|
|
01018b |
g_set_error (error, GDM_SESSION_WORKER_ERROR,
|
|
|
01018b |
GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,
|
|
|
01018b |
"%s", _("Unable to change to user"));
|
|
|
01018b |
goto out;
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
error_code = pam_setcred (worker->priv->pam_handle, worker->priv->cred_flags);
|
|
|
01018b |
|
|
|
01018b |
/* If the user is reauthenticating and they've made it this far, then there
|
|
|
01018b |
* is no reason we should lock them out of their session. They've already
|
|
|
01018b |
* proved they are they same person who logged in, and that's all we care
|
|
|
01018b |
* about.
|
|
|
01018b |
*/
|
|
|
01018b |
if (worker->priv->is_reauth_session) {
|
|
|
01018b |
error_code = PAM_SUCCESS;
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
if (error_code != PAM_SUCCESS) {
|
|
|
01018b |
g_set_error (error,
|
|
|
01018b |
GDM_SESSION_WORKER_ERROR,
|
|
|
01018b |
GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,
|
|
|
01018b |
"%s",
|
|
|
01018b |
pam_strerror (worker->priv->pam_handle, error_code));
|
|
|
01018b |
goto out;
|
|
|
01018b |
}
|
|
|
01018b |
diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c
|
|
|
01018b |
index 44b2ffe..52d16e5 100644
|
|
|
01018b |
--- a/daemon/gdm-slave.c
|
|
|
01018b |
+++ b/daemon/gdm-slave.c
|
|
|
01018b |
@@ -230,61 +230,61 @@ get_script_environment (GdmSlave *slave,
|
|
|
01018b |
g_strdup (pwent->pw_dir));
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("SHELL"),
|
|
|
01018b |
g_strdup (pwent->pw_shell));
|
|
|
01018b |
}
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
#if 0
|
|
|
01018b |
if (display_is_parented) {
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("GDM_PARENT_DISPLAY"), g_strdup (parent_display_name));
|
|
|
01018b |
|
|
|
01018b |
/*g_hash_table_insert (hash, "GDM_PARENT_XAUTHORITY"), slave->priv->parent_temp_auth_file));*/
|
|
|
01018b |
}
|
|
|
01018b |
#endif
|
|
|
01018b |
|
|
|
01018b |
/* some env for use with the Pre and Post scripts */
|
|
|
01018b |
temp = g_strconcat (slave->priv->display_name, ".Xservers", NULL);
|
|
|
01018b |
x_servers_file = g_build_filename (AUTHDIR, temp, NULL);
|
|
|
01018b |
g_free (temp);
|
|
|
01018b |
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("X_SERVERS"), x_servers_file);
|
|
|
01018b |
|
|
|
01018b |
if (! slave->priv->display_is_local) {
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("REMOTE_HOST"), g_strdup (slave->priv->display_hostname));
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
/* Runs as root */
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (slave->priv->display_x11_authority_file));
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (slave->priv->display_name));
|
|
|
01018b |
- g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (GDM_SESSION_DEFAULT_PATH));
|
|
|
01018b |
+ g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (g_getenv ("PATH")));
|
|
|
01018b |
g_hash_table_insert (hash, g_strdup ("RUNNING_UNDER_GDM"), g_strdup ("true"));
|
|
|
01018b |
|
|
|
01018b |
g_hash_table_remove (hash, "MAIL");
|
|
|
01018b |
|
|
|
01018b |
|
|
|
01018b |
g_hash_table_foreach (hash, (GHFunc)listify_hash, env);
|
|
|
01018b |
g_hash_table_destroy (hash);
|
|
|
01018b |
|
|
|
01018b |
g_ptr_array_add (env, NULL);
|
|
|
01018b |
|
|
|
01018b |
return env;
|
|
|
01018b |
}
|
|
|
01018b |
|
|
|
01018b |
gboolean
|
|
|
01018b |
gdm_slave_run_script (GdmSlave *slave,
|
|
|
01018b |
const char *dir,
|
|
|
01018b |
const char *login)
|
|
|
01018b |
{
|
|
|
01018b |
char *script;
|
|
|
01018b |
char **argv;
|
|
|
01018b |
gint status;
|
|
|
01018b |
GError *error;
|
|
|
01018b |
GPtrArray *env;
|
|
|
01018b |
gboolean res;
|
|
|
01018b |
gboolean ret;
|
|
|
01018b |
|
|
|
01018b |
ret = FALSE;
|
|
|
01018b |
|
|
|
01018b |
g_assert (dir != NULL);
|
|
|
01018b |
g_assert (login != NULL);
|
|
|
01018b |
--
|
|
|
01018b |
1.9.0
|
|
|
01018b |
|