external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-12 11:12:18 +00:00
Code Issues Releases Wiki Activity

dtlogin: use sessreg to manage utmp/wtmp.

Browse source
This commit is contained in:
hyousatsu 2023-03-27 08:25:29 +00:00
parent 28277ce88e
commit 760d36bfe9
23 changed files with 452 additions and 1177 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
cde/configure.ac
View file

@ -177,11 +177,6 @@ AC_SUBST(LIBMMDB, '$(top_builddir)/lib/DtMmdb/libDtMmdb.la')
AC_SUBST(LIBHELP, '$(top_builddir)/lib/DtHelp/libDtHelp.la')
AC_SUBST(LIBCSA, '$(top_builddir)/lib/csa/libcsa.la')
AC_SUBST(LIBPAMSVC, '$(top_builddir)/lib/DtPamSvc/libDtPamSvc.la')
dnl we do not inclue the DtPamSvc library here as it is not needed
dnl for everything.
AC_SUBST(DTCLIENTLIBS, '$(LIBPRINT) $(LIBHELP) $(LIBWIDGET) $(LIBSVC) \
$(LIBTT) $(LIBXIN)')
@ -245,6 +240,48 @@ AC_ARG_ENABLE([xrender],
[disable_xrender="yes"], [disable_xrender=""]
)
dnl copied from xdm...
AC_ARG_WITH(utmp_file,
AS_HELP_STRING([--with-utmp-file=<pathname>],
[specify file to pass to sessreg -u for current logins])
AS_HELP_STRING([--without-utmp-file],
[specify passing "none" to sessreg -u to not record logins in utmp]),
[UTMP_FILE="$withval"])
if test "x$UTMP_FILE" = "xyes" ; then
UTMP_FILE=""
elif test "x$UTMP_FILE" = "xno" ; then
UTMP_FILE="none"
fi
AC_MSG_CHECKING([for path to file listing current logins for sessreg])
if test "x$UTMP_FILE" = "x" ; then
AC_MSG_RESULT([use sessreg default])
else
AC_MSG_RESULT([$UTMP_FILE])
fi
AM_CONDITIONAL(SET_UTMP_FILE, test x$UTMP_FILE != x)
AC_SUBST(UTMP_FILE)
AC_ARG_WITH(wtmp_file,
AS_HELP_STRING([--with-wtmp-file=<pathname>],
[specify file to pass to sessreg -w for login history])
AS_HELP_STRING([--without-wtmp-file],
[specify passing "none" to sessreg -w to not record logins in wtmp]),
[WTMP_FILE="$withval"])
if test "x$WTMP_FILE" = "xyes" ; then
WTMP_FILE=""
elif test "x$WTMP_FILE" = "xno" ; then
WTMP_FILE="none"
fi
AC_MSG_CHECKING([for path to file listing login history for sessreg])
if test "x$WTMP_FILE" = "x" ; then
AC_MSG_RESULT([use sessreg default])
else
AC_MSG_RESULT([$WTMP_FILE])
fi
AM_CONDITIONAL(SET_WTMP_FILE, test x$WTMP_FILE != x)
AC_SUBST(WTMP_FILE)
dnl hmmm...
RM="rm -f"
AC_SUBST(RM)
@ -396,6 +433,10 @@ AC_CHECK_PROGS(ONSGMLS, onsgmls)
if test -z "$ac_cv_prog_ONSGMLS"; then
MISSING_PROGS="ONSGMLS ${MISSING_PROGS}"
fi
AC_CHECK_PROGS(SESSREG, sessreg)
if test -z "$ac_cv_prog_SESSREG"; then
MISSING_PROGS="SESSREG ${MISSING_PROGS}"
fi
dnl Used to check if program 'tic' is available to install terminfo files
AC_CHECK_PROGS(TIC, tic, :)
@ -494,7 +535,9 @@ dnl Right now this only works on linux and netbsd (9.2 tested)
if test "$supports_pam" = "yes"
then
AC_CHECK_LIB(pam, pam_start,
[SOURCE_CPP_DEFINES="${SOURCE_CPP_DEFINES} -DHAS_PAM_LIBRARY"])
[SOURCE_CPP_DEFINES="${SOURCE_CPP_DEFINES} -DHAS_PAM_LIBRARY";
PAMLIB="-lpam"])
AC_SUBST(PAMLIB)
else
AC_CHECK_LIB(pam, NOTSUPPORTED)
fi
@ -565,8 +608,6 @@ lib/tt/bin/ttsession/Makefile
lib/DtSvc/Makefile
lib/DtPamSvc/Makefile
lib/DtSearch/Makefile
lib/DtSearch/raima/Makefile

58
cde/include/Dt/PamSvc.h
View file

@ -1,58 +0,0 @@
/*
* CDE - Common Desktop Environment
*
* Copyright (c) 1993-2012, The Open Group. All rights reserved.
*
* These libraries and programs are free software; you can
* redistribute them and/or modify them under the terms of the GNU
* Lesser General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* These libraries and programs are distributed in the hope that
* they will be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
/* $XConsortium: pam_svc.h /main/3 1996/10/30 11:13:40 drk $ */
/*******************************************************************************
**
** "@(#)pam_svc.h 1.4 95/09/12
**
** Copyright 1993, 1994, 1995 Sun Microsystems, Inc. All rights reserved.
**
** This file contains header info related to use of PAM
** (Pluggable Authentication Module) library.
**
*******************************************************************************/
/* *
* (c) Copyright 1993, 1994 Hewlett-Packard Company *
* (c) Copyright 1993, 1994 International Business Machines Corp. *
* (c) Copyright 1993, 1994, 1995 Sun Microsystems, Inc. *
* (c) Copyright 1993, 1994 Novell, Inc. *
*/
#ifndef _DT_PAM_SVC_H
#define _DT_PAM_SVC_H
#include <sys/types.h>
#define DT_BAD_GID 29 /* Invalid Group ID */
#define DT_INITGROUP_FAIL 30 /* group IDs init failed */
#define DT_BAD_UID 31 /* Invaid User ID */
/*
* External procedure declarations
*/
extern int _DtAuthentication(char*, char*, char*, char*, char*);
extern int _DtAccounting(char*, char*, char[], char*, char*, pid_t, int, int);
extern int _DtSetCred(char*, char *, uid_t, gid_t);
#endif /* _DT_PAM_SVC_H */

36
cde/include/Dt/SvcPam.h Normal file
View file

@ -0,0 +1,36 @@
/*
* CDE - Common Desktop Environment
*
* Copyright (c) 1993-2012, The Open Group. All rights reserved.
*
* These libraries and programs are free software; you can
* redistribute them and/or modify them under the terms of the GNU
* Lesser General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* These libraries and programs are distributed in the hope that
* they will be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
#ifndef _DT_SVC_PAM_H
#define _DT_SVC_PAM_H
int _DtSvcPamAuthenticate(const char *service_name, const char *user,
const char *display_name, const char *user_passwd);
int _DtSvcPamOpenSession(const char *service_name, const char *user,
const char *display_name);
int _DtSvcPamCloseSession(const char *service_name, const char *user,
const char *display_name);
int _DtSvcPamSetcred(const char *service_name, const char *user,
const char *display_name);
#endif

5
cde/include/Makefile.am
View file

@ -28,7 +28,4 @@ nobase_include_HEADERS = Dt/Editor.h \
Dt/Search.h \
Dt/Mmdb.h \
Dt/DtXinerama.h \
Dt/PamSvc.h
Dt/SvcPam.h

17
cde/lib/DtPamSvc/Makefile.am
View file

@ -1,17 +0,0 @@
MAINTAINERCLEANFILES = Makefile.in
lib_LTLIBRARIES = libDtPamSvc.la
# the PamSvc.h header file is located in include/Dt/
libDtPamSvc_la_SOURCES = PamSvc.c ${top_srcdir}/include/Dt/PamSvc.h
libDtPamSvc_la_LIBADD = -lpam
# in order to try to keep lib versions the same across platforms, (2.1.0)
if BSD
libDtPamSvc_la_LDFLAGS = -version-info 2:1:0
else
libDtPamSvc_la_LDFLAGS = -version-info 3:0:1
endif

310
cde/lib/DtPamSvc/PamSvc.c
View file

@ -1,310 +0,0 @@
/*
* CDE - Common Desktop Environment
*
* Copyright (c) 1993-2012, The Open Group. All rights reserved.
*
* These libraries and programs are free software; you can
* redistribute them and/or modify them under the terms of the GNU
* Lesser General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* These libraries and programs are distributed in the hope that
* they will be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
/* $TOG: pam_svc.c /main/5 1997/06/04 16:30:21 samborn $ */
/*******************************************************************************
**
** pam_svc.c 1.10 95/11/25
**
** Copyright 1993, 1994, 1995 Sun Microsystems, Inc. All rights reserved.
**
** This file contains procedures specific to use of
** PAM (Pluggable Authentication Module) security library.
**
*******************************************************************************/
/* *
* (c) Copyright 1993, 1994 Hewlett-Packard Company *
* (c) Copyright 1993, 1994 International Business Machines Corp. *
* (c) Copyright 1993, 1994, 1995 Sun Microsystems, Inc. *
* (c) Copyright 1993, 1994 Novell, Inc. *
*/
/*
* Header Files
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <dirent.h>
#include <sys/param.h>
#include <security/pam_appl.h>
#include <utmpx.h>
#include <unistd.h>
#if defined(__linux__)
#include <grp.h>
#endif
#include <Dt/PamSvc.h>
/*
* Local function declarations
*/
static int login_conv(int num_msg, const struct pam_message **msg,
struct pam_response **response, void *appdata_ptr);
static char* create_devname(char* short_devname);
/*
* Local structures and variables
*/
static struct pam_conv pam_conv = {login_conv, NULL};
static char *saved_user_passwd;
static pam_handle_t *pamh = NULL;
/****************************************************************************
* PamInit
*
* Initialize or Update PAM datastructures.
*
****************************************************************************/
static int PamInit(char* prog_name,
char* user,
char* line_dev,
char* display_name)
{
int status=PAM_SUCCESS;
if (!pamh) {
/* Open PAM (Plugable Authentication module ) connection */
status = pam_start( prog_name, user, &pam_conv, &pamh );
if (status != PAM_SUCCESS) pamh = NULL;
} else {
if (prog_name) pam_set_item(pamh, PAM_SERVICE, prog_name);
if (user) pam_set_item(pamh, PAM_USER, user);
}
if (status == PAM_SUCCESS) {
if (line_dev) pam_set_item(pamh, PAM_TTY, line_dev);
if (display_name) pam_set_item(pamh, PAM_RHOST, display_name);
}
return(status);
}
/****************************************************************************
* _DtAuthentication
*
* Authenticate that user / password combination is legal for this system
*
****************************************************************************/
int _DtAuthentication ( char* prog_name,
char* display_name,
char* user_passwd,
char* user,
char* line )
{
int status;
char* line_str = line ? line : "NULL";
char* line_dev = create_devname(line_str);
if (!user_passwd)
/* Password challenge required for dtlogin authentication */
return(PAM_AUTH_ERR);
status = PamInit(prog_name, user, line_dev, display_name);
if (status == PAM_SUCCESS) {
saved_user_passwd = user_passwd;
status = pam_authenticate( pamh, 0 );
};
if (status != PAM_SUCCESS) {
if (pamh) {
pam_end(pamh, PAM_ABORT);
pamh=NULL;
}
}
return(status);
}
/****************************************************************************
* _DtAccounting
*
* Work related to open and close of user sessions
****************************************************************************/
int _DtAccounting( char* prog_name,
char* display_name,
char* entry_id,
char* user,
char* line,
pid_t pid,
int entry_type,
int exitcode )
{
int session_type, status;
char *line_str = line ? line : "NULL";
char *line_dev = create_devname(line_str);
/* Open PAM (Plugable Authentication module ) connection */
status = PamInit(prog_name, user, line_dev, display_name);
/* Session accounting */
if (status == PAM_SUCCESS) switch(entry_type) {
case DEAD_PROCESS:
status = pam_close_session(pamh, 0);
break;
case USER_PROCESS:
case LOGIN_PROCESS:
default:
status = pam_open_session(pamh, 0);
break;
}
free(line_dev);
return(status);
}
/****************************************************************************
* _DtSetCred
*
* Set Users login credentials: uid, gid, and group lists
****************************************************************************/
int _DtSetCred(char* prog_name, char* user, uid_t uid, gid_t gid)
{
int cred_type, status;
status = PamInit(prog_name, user, NULL, NULL);
/* Set users credentials */
if (status == PAM_SUCCESS && setgid(gid) == -1)
status = DT_BAD_GID;
if ((status == PAM_SUCCESS &&
!user) || (initgroups(user, gid) == -1))
status = DT_INITGROUP_FAIL;
if (status == PAM_SUCCESS)
status = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (status == PAM_SUCCESS && (setuid(uid) == -1))
status = DT_BAD_UID;
return(status);
}
/***************************************************************************
* create_devname
*
* A utility function. Takes short device name like "console" and returns
* a long device name like "/dev/console"
***************************************************************************/
static char* create_devname(char* short_devname)
{
char* long_devname;
if (short_devname == NULL)
short_devname = "";
long_devname = (char *) malloc (strlen(short_devname) + 5);
if (long_devname == NULL)
return(NULL);
strcpy(long_devname,"/dev/");
strcat(long_devname, short_devname);
return(long_devname);
}
/*****************************************************************************
* login_conv():
*
* This is a conv (conversation) function called from the PAM
* authentication scheme. It returns the user's password when requested by
* internal PAM authentication modules and also logs any internal PAM error
* messages.
*****************************************************************************/
static int login_conv(int num_msg, const struct pam_message **msg,
struct pam_response **response, void *appdata_ptr)
{
const struct pam_message *m;
struct pam_response *r;
char *temp;
int k;
#ifdef lint
conv_id = conv_id;
#endif
if (num_msg <= 0)
return (PAM_CONV_ERR);
*response = (struct pam_response*)
calloc(num_msg, sizeof (struct pam_response));
if (*response == NULL)
return (PAM_CONV_ERR);
(void) memset(*response, 0, sizeof (struct pam_response));
k = num_msg;
m = *msg;
r = *response;
while (k--) {
switch (m->msg_style) {
case PAM_PROMPT_ECHO_OFF:
if (saved_user_passwd != NULL) {
r->resp = (char *) malloc(strlen(saved_user_passwd)+1);
if (r->resp == NULL) {
/* __pam_free_resp(num_msg, *response); */
*response = NULL;
return (PAM_CONV_ERR);
}
(void) strcpy(r->resp, saved_user_passwd);
r->resp_retcode=0;
}
m++;
r++;
break;
case PAM_ERROR_MSG:
m++;
r++;
break;
case PAM_TEXT_INFO:
m++;
r++;
break;
default:
break;
}
}
return (PAM_SUCCESS);
}

243
cde/lib/DtSvc/DtUtil2/SvcPam.c Normal file
View file

@ -0,0 +1,243 @@
/*
* CDE - Common Desktop Environment
*
* Copyright (c) 1993-2012, The Open Group. All rights reserved.
*
* These libraries and programs are free software; you can
* redistribute them and/or modify them under the terms of the GNU
* Lesser General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* These libraries and programs are distributed in the hope that
* they will be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
/*
* Header Files
*/
#include <stdlib.h>
#include <string.h>
#include <security/pam_appl.h>
/*
* Local function declarations
*/
static int login_conv(int num_msg, const struct pam_message **msg,
struct pam_response **response, void *appdata_ptr);
/*
* Local structures and variables
*/
static struct pam_conv pam_conv = {login_conv, NULL};
static char *saved_user_passwd;
static pam_handle_t *pamh;
static int PamStart(const char *service_name, const char *user,
const char *display_name)
{
int status;
char *colon, *hostname;
if (pamh) {
if (service_name)
status = pam_set_item(pamh, PAM_SERVICE, service_name);
if (status != PAM_SUCCESS && user) pam_set_item(pamh, PAM_USER, user);
}
else {
status = pam_start(service_name, user, &pam_conv, &pamh);
}
if (status != PAM_SUCCESS) goto done;
if (!display_name) goto done;
if (display_name[0] == ':') {
status = pam_set_item(pamh, PAM_TTY, display_name);
goto done;
}
if (!(hostname = strdup(display_name))) {
status = PAM_BUF_ERR;
goto done;
}
if (colon = strrchr(hostname, ':')) *colon = '\0';
status = pam_set_item(pamh, PAM_RHOST, hostname);
free(hostname);
done:
if (status != PAM_SUCCESS && pamh && pam_end(pamh, status) == PAM_SUCCESS)
pamh = NULL;
return status;
}
/**
* @brief Authenticate that user / password combination is legal for this
* system.
*
* @param service_name
* @param user
* @param display_name
* @param user_passwd
*
* @return See pam_authenticate.
*/
int _DtSvcPamAuthenticate(const char *service_name, const char *user,
const char *display_name, const char *user_passwd)
{
int status;
if (!user_passwd) return PAM_AUTH_ERR;
if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
return status;
saved_user_passwd = (char *) user_passwd;
return pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
}
/**
* @brief Start PAM session management.
*
* @param service_name
* @param user
* @param display_name
*
* @return See pam_open_session.
*/
int _DtSvcPamOpenSession(const char *service_name, const char *user,
const char *display_name)
{
int status;
if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
return status;
return pam_open_session(pamh, 0);
}
/**
* @brief Terminate PAM session management.
*
* @param service_name
* @param user
* @param display_name
*
* @return See pam_close_session.
*/
int _DtSvcPamCloseSession(const char *service_name, const char *user,
const char *display_name)
{
int status;
if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
return status;
return pam_close_session(pamh, 0);
}
/**
* @brief Set Users login credentials.
*
* @param service_name
* @param user
* @param display_name
*
* @return See pam_setcred.
*/
int _DtSvcPamSetcred(const char *service_name, const char *user,
const char *display_name)
{
int status;
if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
return status;
return pam_setcred(pamh, PAM_ESTABLISH_CRED);
}
/*****************************************************************************
* login_conv():
*
* This is a conv (conversation) function called from the PAM
* authentication scheme. It returns the user's password when requested by
* internal PAM authentication modules and also logs any internal PAM error
* messages.
*****************************************************************************/
static int login_conv(int num_msg, const struct pam_message **msg,
struct pam_response **response, void *appdata_ptr)
{
const struct pam_message *m;
struct pam_response *r;
char *temp;
int k;
#ifdef lint
conv_id = conv_id;
#endif
if (num_msg <= 0)
return (PAM_CONV_ERR);
*response = (struct pam_response*)
calloc(num_msg, sizeof (struct pam_response));
if (*response == NULL)
return (PAM_BUF_ERR);
k = num_msg;
m = *msg;
r = *response;
while (k--) {
switch (m->msg_style) {
case PAM_PROMPT_ECHO_OFF:
if (saved_user_passwd != NULL) {
r->resp = (char *) malloc(strlen(saved_user_passwd)+1);
if (r->resp == NULL) {
/* __pam_free_resp(num_msg, *response); */
*response = NULL;
return (PAM_BUF_ERR);
}
(void) strcpy(r->resp, saved_user_passwd);
r->resp_retcode=0;
}
m++;
r++;
break;
case PAM_ERROR_MSG:
m++;
r++;
break;
case PAM_TEXT_INFO:
m++;
r++;
break;
default:
break;
}
}
return (PAM_SUCCESS);
}

5
cde/lib/DtSvc/Makefile.am
View file

@ -172,3 +172,8 @@ libDtSvc_la_SOURCES = DtCodelibs/buf.C \
DtUtil2/Utility.c \
DtUtil2/XlationSvc.c \
DtUtil2/XmWrap.c
if HAS_PAM_LIBRARY
libDtSvc_la_SOURCES += DtUtil2/SvcPam.c
libDtSvc_la_LIBADD = $(PAMLIB)
endif

4
cde/lib/Makefile.am
View file

@ -2,7 +2,3 @@ MAINTAINERCLEANFILES = Makefile.in
SUBDIRS = DtXinerama tt DtSvc DtSearch DtWidget DtHelp DtPrint DtTerm \
DtMrm csa DtMmdb
if HAS_PAM_LIBRARY
SUBDIRS += DtPamSvc
endif

14
cde/programs/dtlogin/Makefile.am
View file

@ -2,14 +2,6 @@ SUBDIRS = config
bin_PROGRAMS = dtlogin dtgreet dtchooser
if HAS_PAM_LIBRARY
PAM_LIB = -lpam
DTPAMSVCLIB = $(LIBPAMSVC)
else
PAM_LIB =
DTPAMSVCLIB =
endif
XDMDIR = $(CDE_LOGFILES_TOP)
DEF_SERVER = $(XBINDIR)/X
@ -26,11 +18,11 @@ AM_CFLAGS = -DCDE_CONFIGURATION_TOP=\"$(CDE_CONFIGURATION_TOP)\" \
-DXDMDIR=\"$(XDMDIR)\" \
-DKORNSHELL=$(KSH) -DUNIXCONN -DTCPCONN -DXDMCP
dtlogin_SOURCES = access.c account.c auth.c genauth.c daemon.c dm.c \
dtlogin_SOURCES = access.c auth.c genauth.c daemon.c dm.c \
dpylist.c error.c file.c mitauth.c protodpy.c policy.c \
reset.c server.c session.c socket.c util.c \
verify.c sysauth.c fontpath.c qualify.c choose.c netaddr.c \
xdmcp.c $(PAM_SRCS)
xdmcp.c
# We play a game here with resources.o (dtlogin). It needs special options.
noinst_LIBRARIES = libresource.a
@ -57,7 +49,7 @@ dtchooser_SOURCES = chooser.c dtchooser.c vglogo.c vgutil.c vgcallback.c \
vglang.c
dtlogin_LDADD = libresource.a $(DTCLIENTLIBS) $(XDMCPLIB) \
$(XTOOLLIB) $(TIRPCLIB) $(DTPAMSVCLIB) $(PAM_LIB)
$(XTOOLLIB) $(TIRPCLIB)
dtgreet_LDADD = $(DTCLIENTLIBS) $(XTOOLLIB)

510
cde/programs/dtlogin/account.c
View file

@ -1,510 +0,0 @@
/*
* CDE - Common Desktop Environment
*
* Copyright (c) 1993-2012, The Open Group. All rights reserved.
*
* These libraries and programs are free software; you can
* redistribute them and/or modify them under the terms of the GNU
* Lesser General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* These libraries and programs are distributed in the hope that
* they will be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with these libraries and programs; if not, write
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
* Floor, Boston, MA 02110-1301 USA
*/
/* $XConsortium: account.c /main/6 1996/10/30 11:12:13 drk $ */
/* *
* (c) Copyright 1993, 1994 Hewlett-Packard Company *
* (c) Copyright 1993, 1994 International Business Machines Corp. *
* (c) Copyright 1993, 1994 Sun Microsystems, Inc. *
* (c) Copyright 1993, 1994 Novell, Inc. *
*/
/*
* account.c
*
* routines for handling accounting
*
* ex. utmp/wtmp/btmp, user-license restrictions,
*
*/
/***************************************************************************
*
* Includes
*
***************************************************************************/
#include <sys/types.h>
#include <sys/stat.h>
#ifdef AIXV3
#include <usersec.h>
#endif
#include <fcntl.h>
#if defined (__FreeBSD__) || defined(HAS_PAM_LIBRARY)
#include <utmpx.h>
#else
#include <utmp.h>
#endif
#include <time.h>
#include "dm.h"
#ifdef __PASSWD_ETC
#include "rgy_base.h"
#endif
#if defined(HAS_PAM_LIBRARY)
# include <pam_svc.h>
#endif
/***************************************************************************
*
* External declarations
*
***************************************************************************/
#if defined(AIXV3) && !defined(_POWER)
extern void
GetLoginInfo(struct display *d, int *loginType, char *ttyName, char **hostname);
#endif
/***************************************************************************
*
* Procedure declarations
*
***************************************************************************/
#if defined(AIXV3) && !defined(_POWER)
void dt_lastlogin ( char * user, struct lastlogin * llogin);
#endif
/***************************************************************************
*
* Global variables
*
***************************************************************************/
#ifdef __PASSWD_ETC
struct rtmp {
char rt_line[8]; /* tty name */
rgy_$login_name_t rt_name; /* user id (full SID) */
char rt_host[16]; /* hostname, if remote */
long rt_time; /* time on */
};
#endif
#ifdef AIXV3
struct lastlogin {
time_t ftime;
time_t stime;
int fcount;
char user[32];
char *stty;
char *ftty;
char *shost;
char *fhost;
};
static struct lastlogin last_login;
#endif
/***************************************************************************
*
* Account
*
* update utmp/wtmp files.
***************************************************************************/
void
Account( struct display *d, char *user, char *line, pid_t pid,
#if NeedWidePrototypes
int type,
#else
short type,
#endif /* NeedWidePrototypes */
waitType exitcode )
{
#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY)
#ifdef HAS_PAM_LIBRARY
struct utmpx utmp; /* local struct for new entry */
struct utmpx *u; /* pointer to entry in utmp file */
#else
struct utmp utmp; /* local struct for new entry */
struct utmp *u; /* pointer to entry in utmp file */
#endif
int fd;
char buf[32];
char* user_str = user ? user : "NULL";
char* line_str = line ? line : "NULL";
#ifdef __PASSWD_ETC
struct rtmp rtmp;
struct rtmp *r;
int tty_slot;
int rtmp_fd;
#endif
if (d->utmpId == NULL) return;
switch (type) {
case INIT_PROCESS: strcpy(buf, "INIT_PROCESS"); break;
case LOGIN_PROCESS: strcpy(buf, "LOGIN_PROCESS"); break;
case USER_PROCESS: strcpy(buf, "USER_PROCESS"); break;
case DEAD_PROCESS: strcpy(buf, "DEAD_PROCESS"); break;
default: strcpy(buf, "UNKNOWN"); break;
}
Debug("Account: id=%s, user=%s, line=%s, pid=%d, type=%s\n",
d->utmpId, user_str, line_str, pid, buf);
#ifdef PAM
PamAccounting("dtlogin", d->name, d->utmpId, user,
line, pid, type, exitcode);
#elif defined(HAS_PAM_LIBRARY)
_DtAccounting("dtlogin", d->name, d->utmpId, user,
line, pid, type, exitcode);
#else
# ifdef SUNAUTH
solaris_accounting("dtlogin", d->name, d->utmpId, user,
line, pid, type, exitcode);
# endif
#endif
#ifdef sun
return;
#else
#ifdef HAS_PAM_LIBRARY
bzero(&utmp, sizeof(struct utmpx));
#else
bzero(&utmp, sizeof(struct utmp));
#endif
strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id) - 1);
utmp.ut_type = LOGIN_PROCESS;
#ifdef HAS_PAM_LIBRARY
setutxent();
if ( (u = getutxid(&utmp)) == NULL ) u = &utmp;
#else
setutent();
if ( (u = getutid(&utmp)) == NULL ) u = &utmp;
#endif
/*
* make sure process ID's match if this is DEAD_PROCESS...
* don't update an already DEAD_PROCESS...
*/
if ((type == DEAD_PROCESS && pid != 0 && u->ut_pid != pid) ||
(type == DEAD_PROCESS && u->ut_type == DEAD_PROCESS) ) {
#ifdef HAS_PAM_LIBRARY
endutxent();
#else
endutent();
#endif
return;
}
/*
* fill in required fields of utmp structure...
*
* Note: for USER_PRCESS the "e_exit" field is overloaded to contain
* the method for counting this user. This is used later to
* determine if restricted user licenses have been exceeded.
* Currently, an unlimited number of foreign displays can log in.
*/
if (user) snprintf(u->ut_user, sizeof(u->ut_user), "%s", user);
if (line) {
#ifdef _AIX
/*
For AIX the Init process writes the exact mapped device name for console
to the utmp file (like hft/0), if a getty on /dev/console record exists
in the Inittab file.Hitherto, we need to have a similar logic to make
sure for having the correct entry in the utmp file in order for the correct
operation of the GettyRunning function. It should be noted that by having
the correct value in the d->gettyLine field, the utmp file eventuallly
updated by the Account function in dm.c will have the right value. And
thus the GettyRunning function returns the appropriate value. So, it
is important that the following logic be included here for AIX platform
only.
Raghu Krovvidi 07.06.93
*/
if (!strcmp(line,"console")) {
char *ttynm;
int fd=0;
fd = open("/dev/console",O_RDONLY);
ttynm = ttyname(fd);
ttynm += 5;
strcpy(u->ut_line,ttynm);
close(fd);
}
else
snprintf(u->ut_line, sizeof(u->ut_line), "%s", line);
#else
snprintf(u->ut_line, sizeof(u->ut_line), "%s", line);
#endif
}
if (pid ) u->ut_pid = pid;
if (type) {
u->ut_type = type;
if (type == DEAD_PROCESS) {
#ifndef HAS_PAM_LIBRARY
u->ut_exit.e_termination = waitSig(exitcode);
u->ut_exit.e_exit = waitCode(exitcode);
#endif
#ifndef SVR4
(void) memset((char *) u->ut_host, '\0', sizeof(u->ut_host));
#endif
}
if (type == LOGIN_PROCESS && d->displayType.location != Local ) {
#ifndef SVR4
snprintf(u->ut_host, sizeof(u->ut_host), "%s", d->name);
#endif
}
#ifndef HAS_PAM_LIBRARY
if (type == USER_PROCESS)
u->ut_exit.e_exit = (d->displayType.location == Local ? 1 : 0 );
#endif
}
#ifdef HAS_PAM_LIBRARY
{
struct timeval tmp_tv;
(void) gettimeofday(&tmp_tv, NULL);
u->ut_tv.tv_sec = (int32_t)tmp_tv.tv_sec;
u->ut_tv.tv_usec = (int32_t)tmp_tv.tv_usec;
}
#else
(void) time(&u->ut_time);
#endif
/*
* write to utmp...
*
* (Do not close utmp yet. If "u" points to the static structure, it is
* cleared upon close. This does not bode well for the following write
* to wtmp!)
*/
#ifdef HAS_PAM_LIBRARY
pututxline(u);
#else
pututline(u);
#endif
#ifndef HAS_PAM_LIBRARY
/*
* write the same entry to wtmp...
*/
if ((fd = open(WTMP_FILE, O_WRONLY | O_APPEND)) >= 0) {
if(-1 == write(fd, u, sizeof(utmp))) {
perror(strerror(errno));
}
close(fd);
}
/*
* close utmp...
*/
endutent();
#else
endutxent();
#endif
#ifdef __PASSWD_ETC
/* Now fill in the "rgy utmp" struct */
if (line) strncpy(rtmp.rt_line, u->ut_line, sizeof(u->ut_line));
bzero(rtmp.rt_host, sizeof(rtmp.rt_host));
rtmp.rt_time = u->ut_time;
r = &rtmp;
/* Write entry to rtmp */
tty_slot = ttyslot();
if (tty_slot > 0 && (rtmp_fd = open("/etc/rtmp", O_WRONLY|O_CREAT, 0644)) >= 0) {
lseek(rtmp_fd, (long) (tty_slot * sizeof(struct rtmp)), 0);
write(rtmp_fd, (char *) r, sizeof(struct rtmp));
close(rtmp_fd);
}
#endif
#if defined(AIXV3) && !defined(_POWER)
/* Log the lastlogin data .. RK 09.13.93 */
/** in AIX 4.1 this is taken care of during authentication **/
if(type == USER_PROCESS) {
int loginType;
char tempTtyName[128];
char *hostname;
GetLoginInfo(d, &loginType, tempTtyName, &hostname);
time(&last_login.stime);
if(line) {
Debug("tty_last_login is (line=%s)\n",line);
last_login.stty = (char *)malloc(strlen(line) + 1);
strcpy(last_login.stty,line);
} else {
last_login.stty = (char *)malloc(strlen(tempTtyName) + 1);
strcpy(last_login.stty,tempTtyName);
}
last_login.shost = (char *) malloc (MAXHOSTNAMELEN);
if (hostname == NULL) {
gethostname (last_login.shost , MAXHOSTNAMELEN);
} else {
strncpy(last_login.shost, hostname, MAXHOSTNAMELEN);
last_login.shost[MAXHOSTNAMELEN -1] = '\0';
}
Debug("logging lastlogin entry (user=%s)\n",user);
dt_lastlogin(user,&last_login);
free(last_login.stty);
free(last_login.shost);
}
#endif
#endif /* !sun */
#endif /* !CSRG_BASED */
}
/***************************************************************************
*
* UtmpIdOpen
*
* see if a particular utmp ID is available
*
* return codes: 0 = ID is in use
* 1 = ID is open
***************************************************************************/
int
UtmpIdOpen( char *utmpId )
{
int status = 1; /* return code */
#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY)
#ifdef HAS_PAM_LIBRARY
struct utmpx *u; /* pointer to entry in utmp file */
while ( (u = getutxent()) != NULL ) {
#else
struct utmp *u; /* pointer to entry in utmp file */
while ( (u = getutent()) != NULL ) {
#endif
if ( (strncmp(u->ut_id, utmpId, 4) == 0 ) &&
u->ut_type != DEAD_PROCESS ) {
status = 0;
break;
}
}
#ifdef HAS_PAM_LIBRARY
endutxent();
#else
endutent();
#endif
#endif
return (status);
}
#if defined(AIXV3) && !defined(_POWER)
void dt_lastlogin ( user, llogin)
char * user;
struct lastlogin * llogin;
{
char *tmp_char;
char *tmp_int;
/*
* We are loading all the lastlogin info into a struct and then dealing
* with that so if the technique of storing the values is redone it
* will be easy
*/
/* set id back to root */
seteuid(0);
/*
* Open up the user data base
*/
setuserdb(S_READ | S_WRITE);
/*
* setting new unsuccessful login attempts times
*/
if (llogin->ftime) {
/*
* Get the old Failure count and increment it
*/
if (getuserattr(user, S_ULOGCNT, &tmp_int, SEC_INT) != 0)
llogin->fcount = 0;
else
llogin->fcount = (int)tmp_int;
/*
* put all the new data
*/
putuserattr(user, S_ULASTTTY, llogin->ftty, SEC_CHAR);
llogin->fcount++;
putuserattr(user, S_ULOGCNT, (void *)llogin->fcount,
SEC_INT);
putuserattr(user, S_ULASTTIME, (void *)llogin->ftime,
SEC_INT);
putuserattr(user, S_ULASTHOST, llogin->fhost, SEC_CHAR);
putuserattr(user, NULL, NULL, SEC_COMMIT);
/*
* Close data base and zero out indicator fields
*/
llogin->ftime = 0;
llogin->fcount = 0;
}
/*
* New Successful login data
*/
if (llogin->stime) {
putuserattr(user, S_LASTTIME, (void *)llogin->stime,
SEC_INT);
putuserattr(user, S_LASTTTY, llogin->stty, SEC_CHAR);
Debug("hostname logged is %s\n",llogin->shost);
putuserattr(user, S_LASTHOST, llogin->shost, SEC_CHAR);
putuserattr(user, S_ULOGCNT, 0, SEC_INT);
putuserattr(user, NULL, NULL, SEC_COMMIT);
}
enduserdb();
}
#endif

17
cde/programs/dtlogin/config/Makefile.am
View file

@ -16,8 +16,8 @@ CPP_TARGETS = 0060.dtsysenv Dtlogin Xaccess Xconfig Xconfig.con \
if HAS_PAM_LIBRARY
CPP_TARGETS += pam/dtlogin
dist_pam_DATA = pam/dtlogin
CPP_TARGETS += dtlogin
dist_pam_DATA = dtlogin
if FREEBSD
pamdir = /usr/local/etc/pam.d
PAM_AUTHENTICATION_MODULE = /usr/local/lib/security/pam_pwauth_suid.so
@ -55,6 +55,16 @@ if BSD
AM_CPPFLAGS += -DCSRG_BASED
endif
AM_CPPFLAGS += -DSESSREG=$(SESSREG)
if SET_UTMP_FILE
AM_CPPFLAGS += -DUTMP_FLAG="-u\ $(UTMP_FILE)"
endif
if SET_WTMP_FILE
AM_CPPFLAGS += -DWTMP_FLAG="-w\ $(WTMP_FILE)"
endif
BUILT_SOURCES = $(CPP_TARGETS)
CLEANFILES = $(CPP_TARGETS)
@ -168,7 +178,6 @@ home.session: home.session.src
$(RM) $@
$(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@
pam/dtlogin: pam/dtlogin.src
dtlogin: dtlogin.src
$(RM) $@
$(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@

14
cde/programs/dtlogin/config/Xreset.src
View file

@ -74,3 +74,17 @@ then
/bin/rm -f $DTDBFILE
fi
fi
#ifdef WTMP_FLAG
wtmp_flag=WTMP_FLAG
#else
wtmp_flag=''
#endif
#ifdef UTMP_FLAG
utmp_flag=UTMP_FLAG
#else
utmp_flag=''
#endif
SESSREG -d $wtmp_flag $utmp_flag -l $DISPLAY $USER

13
cde/programs/dtlogin/config/Xstartup.src
View file

@ -66,5 +66,16 @@ then
fi
fi
#ifdef WTMP_FLAG
wtmp_flag=WTMP_FLAG
#else
wtmp_flag=''
#endif
#ifdef UTMP_FLAG
utmp_flag=UTMP_FLAG
#else
utmp_flag=''
#endif
exec SESSREG -a $wtmp_flag $utmp_flag -l $DISPLAY $USER

0
cde/programs/dtlogin/config/pam/dtlogin.src → cde/programs/dtlogin/config/dtlogin.src
View file

237
cde/programs/dtlogin/dm.c
View file

@ -54,11 +54,6 @@
# include <sys/types.h>
# include <sys/signal.h>
# include <sys/stat.h>
#if defined(__FreeBSD__)
# include <utmpx.h>
#else
# include <utmp.h>
#endif
# include <signal.h>
# include <time.h>
# include <utime.h>
@ -123,7 +118,7 @@ struct passwd puser; /* pseudo-user password entry */
int Rescan;
static long ServersModTime, ConfigModTime, AccessFileModTime;
int wakeupTime = -1;
char *progName;
char *progPath, *progName;
char DisplayName[32]="main";
@ -147,6 +142,7 @@ void RunChooser(struct display *d); // RunChooser.c
int
main( int argc, char **argv )
{
char *str;
long oldpid;
mode_t oldumask;
struct passwd *p; /* pointer to passwd structure (pwd.h) */
@ -166,11 +162,29 @@ main( int argc, char **argv )
/*
* save program name and path...
*/
if ( (progName = malloc(strlen(argv[0]) + 1)) != NULL )
strcpy(progName, argv[0]);
progPath = strdup(argv[0]);
if (str = strrchr(progPath, '/'))
{
if (strlen(str) < 2)
{
fprintf(stderr, (char *)
ReadCatalog(MC_ERROR_SET, MC_NO_MEMORY, MC_DEF_NO_MEMORY),
argv[0]);
exit (1);
}
progName = strdup(++str);
*str = '\0';
}
else
{
progName = progPath;
progPath = strdup("./");
}
/*
* Step 1 - load configuration parameters
*/
@ -579,14 +593,6 @@ ProcessChildDeath( int pid, waitType status )
if ( (d = FindDisplayByPid (pid)) != 0 ) {
d->pid = -1;
/*
* do process accounting...
*/
#if !defined(CSRG_BASED)
Account(d, NULL, NULL, pid, DEAD_PROCESS, status);
#endif
/*
* make sure authorization file is deleted...
@ -714,14 +720,6 @@ ProcessChildDeath( int pid, waitType status )
{
d->serverPid = -1;
/*
* do process accounting...
*/
#if !defined(CSRG_BASED)
Account(d, NULL, NULL, pid, DEAD_PROCESS, status);
#endif
switch (d->status)
{
case zombie:
@ -894,43 +892,6 @@ StartDisplay(
kill (d->serverPid, d->resetSignal);
}
/*
* initialize d->utmpId. Check to see if anyone else is using
* the requested ID. Always allow the first request for "dt" to
* succeed as utmp may have become corrupted.
*/
if (d->utmpId == NULL) {
static int firsttime = 1;
static char letters[] = "0123456789abcdefghijklmnopqrstuvwxyzz";
char *t;
d->utmpId = malloc(5);
strcpy(d->utmpId, UTMPREC_PREFIX);
d->utmpId[4] = '\0';
t = letters;
do {
if ( firsttime || UtmpIdOpen(d->utmpId)) {
firsttime = 0;
break;
}
else {
strncpy(&(d->utmpId[strlen(d->utmpId)]), t++, 1);
}
} while (*t != '\0');
if (*t == '\0') {
Debug ("All DT utmp IDs already in use. Removing display %s\n",
d->name);
LogError ((unsigned char *)"All DT utmp IDs already in use. Removing display %s\n",
d->name);
RemoveDisplay(d);
return 0;
}
}
/*
* set d->gettyLine to "console" for display ":0" if it is not
* already set...
@ -1009,46 +970,6 @@ StartDisplay(
/* this will only happen when using XDMCP */
if (d->authorizations)
SaveServerAuthorizations (d, d->authorizations, d->authNum);
/*
* Generate a utmp ID address for a foreign display. Use the last
* four characters of the DISPLAY name, shifting left if they
* are already in use...
*/
#if !defined(CSRG_BASED)
if (d->utmpId == NULL) {
int i;
char *p, *q;
struct utmp *u;
d->utmpId = malloc(sizeof(u->ut_id) +1);
i = strlen (d->name);
if (i >= sizeof (u->ut_id))
i -= sizeof (u->ut_id);
else
i = 0;
for ( p = d->name, q = d->name + i; p <= q; q-- ) {
(void) strncpy (d->utmpId, q, sizeof (u->ut_id));
d->utmpId[sizeof(u->ut_id)] = '\0';
if (UtmpIdOpen(d->utmpId))
break;
}
#ifdef DEF_NETWORK_DEV
/*
* If "networkDev" does not start with "/dev/" then foreign
* accounting is turned off. Return utmpId to NULL.
*/
if (networkDev && strncmp(networkDev,"/dev/",5) !=0 ) {
free(d->utmpId);
d->utmpId = NULL;
}
#endif
}
#endif
}
if (NULL == d->authFile)
@ -1137,9 +1058,6 @@ StartDisplay(
devname,line);
}
}
#endif
#if !defined(CSRG_BASED)
Account(d, "LOGIN", line, getpid(), LOGIN_PROCESS, status);
#endif
}
@ -1234,10 +1152,6 @@ StopDisplay( struct display *d )
}
else
if ((d->displayType.location == Local) || !dt_shutdown ) {
/* don't remove the console */
#if !defined(CSRG_BASED)
Account(d, NULL, NULL, 0, DEAD_PROCESS, status);
#endif
RemoveDisplay (d);
}
}
@ -1505,13 +1419,6 @@ StartGetty( struct display *d )
case 0:
CleanUpChild ();
/*
* do process accounting...
*/
#if !defined(CSRG_BASED)
Account(d, "LOGIN", NULL, getpid(), LOGIN_PROCESS, status);
#endif
#ifdef _AIX
/* The tty argument for getty on AIX must be of the form "/dev/any tty"
@ -1646,101 +1553,7 @@ GettyMessage( struct display *d, int msgnum )
int
GettyRunning( struct display *d )
{
#if defined(__FreeBSD__)
struct utmpx utmp; /* local struct for new entry */
struct utmpx *u; /* pointer to entry in utmp file */
#else
struct utmp utmp; /* local struct for new entry */
struct utmp *u; /* pointer to entry in utmp file */
#endif
int rvalue; /* return value (TRUE or FALSE) */
char buf[32];
d->gettyState = DM_GETTY_NONE;
/*
* check to see if we have a valid device (at least a non-null name)...
*/
if ( d->gettyLine &&
(strlen(d->gettyLine) > 0) &&
(strcmp(d->gettyLine,"??") != 0) )
;
else
return FALSE;
#if defined(__FreeBSD__)
bzero(&utmp, sizeof(struct utmpx));
#else
bzero(&utmp, sizeof(struct utmp));
#endif
#ifdef _AIX
if (!strcmp(d->gettyLine,"console")) {
char *ttynm;
int fd=0;
fd = open("/dev/console",O_RDONLY);
ttynm = ttyname(fd);
ttynm += 5;
strcpy(utmp.ut_line,ttynm);
close(fd);
}
else
{
strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1);
utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0;
}
#else
strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1);
utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0;
#endif
Debug("Checking for a getty on line %s.\n", utmp.ut_line);
#if !defined(CSRG_BASED)
setutent();
rvalue = FALSE;
while ( (u = getutent()) != NULL ) {
if ((strncmp(u->ut_line, utmp.ut_line, sizeof(u->ut_line)) != 0) ||
(strncmp(u->ut_id, d->utmpId, sizeof(u->ut_id)) == 0) )
continue;
switch (u->ut_type) {
case INIT_PROCESS: strcpy(buf, "INIT_PROCESS"); break;
case LOGIN_PROCESS: strcpy(buf, "LOGIN_PROCESS"); break;
case USER_PROCESS: strcpy(buf, "USER_PROCESS"); break;
case DEAD_PROCESS: strcpy(buf, "DEAD_PROCESS"); break;
default: strcpy(buf, "UNKNOWN"); break;
}
Debug("Utmp info: id=%.4s, user=%s, line=%s, pid=%d, type=%s\n",
u->ut_id, u->ut_user, u->ut_line, u->ut_pid, buf);
if ( u->ut_type == INIT_PROCESS || u->ut_type == LOGIN_PROCESS) {
d->gettyState = DM_GETTY_LOGIN;
}
else if (wakeupTime <= 0 && u->ut_type == USER_PROCESS) {
d->gettyState = DM_GETTY_USER;
}
if (d->gettyState != DM_GETTY_NONE)
{
rvalue = TRUE;
break;
}
}
endutent();
#endif /* !CSRG_BASED */
return rvalue;
return FALSE;
}

5
cde/programs/dtlogin/fontpath.c
View file

@ -39,11 +39,6 @@
# include <signal.h>
# include <X11/Xatom.h>
# include <X11/Xmu/Error.h>
#if defined(__FreeBSD__)
# include <utmpx.h>
#else
# include <utmp.h>
#endif
# include "vgproto.h"
/*

60
cde/programs/dtlogin/session.c
View file

@ -67,11 +67,6 @@
# include <X11/Xatom.h>
# include <X11/Xmu/Error.h>
# include <setjmp.h>
#if defined(__FreeBSD__) || defined(HAS_PAM_LIBRARY)
# include <utmpx.h>
#else
# include <utmp.h>
#endif
#include <unistd.h>
#include <pwd.h>
#include <dirent.h>
@ -104,7 +99,8 @@
#endif
#ifdef HAS_PAM_LIBRARY
#include <Dt/PamSvc.h>
#include <security/pam_appl.h>
#include <Dt/SvcPam.h>
#endif
int ApplyFontPathMods(struct display *d, Display *dpy); // fontpath.c
@ -170,7 +166,8 @@ struct greet_state {
};
char *globalDisplayName;
extern char *progName; /* Global argv[0]; dtlogin name and path */
extern char *progPath; /* dtlogin path */
extern char *progName; /* dtlogin name */
/***************************************************************************
*
@ -314,9 +311,10 @@ SessionPingFailed( struct display *d )
#endif
#if !defined(sun) && defined(HAS_PAM_LIBRARY)
Account(d, user, NULL, clientPid, DEAD_PROCESS, 0);
_DtSvcPamCloseSession(progName, user, d->name);
#endif
}
SessionExit (d, RESERVER_DISPLAY);
}
@ -639,7 +637,7 @@ ManageSession( struct display *d )
#endif
#if !defined(sun) && defined(HAS_PAM_LIBRARY)
Account(d, user, NULL, clientPid, DEAD_PROCESS, 0);
_DtSvcPamCloseSession(progName, user, d->name);
#endif
SessionExit (d, OBEYSESS_DISPLAY);
@ -1186,6 +1184,8 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp )
long ngroups, groups[NGROUPS];
#endif /* __AFS */
gid_t gid;
if (verify->argv) {
Debug ("StartSession %s: ", verify->argv[0]);
for (f = verify->argv; *f; f++) {
@ -1267,8 +1267,8 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp )
}
#endif
#if !defined(sun) && (!defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY))
Account(d, user, NULL, getpid(), USER_PROCESS, 0);
#if !defined(sun) && defined(HAS_PAM_LIBRARY)
_DtSvcPamOpenSession(progName, user, d->name);
#endif
#ifdef AIXV3
@ -1350,16 +1350,32 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp )
return(0);
}
#elif defined(HAS_PAM_LIBRARY)
char *prog_name = strrchr(progName, '/');
if (!prog_name || _DtSetCred(prog_name + 1, user, verify->uid,
#ifdef NGROUPS
verify->groups[0]
gid = verify->groups[0];
#else
verify->gid
gid = verify->gid;
#endif
) > 0 ) {
Debug("Can't set User's Credentials (user=%s)\n",user);
return(0);
if (setgid(gid) == -1) {
Debug("setgid %d (user \"%s\") failed: %s\n",
gid, user, strerror(errno));
return 0;
}
if (initgroups(user, gid) == -1) {
Debug("initgroups for \"%s\" failed: %s\n", user, strerror(errno));
return 0;
}
if (setuid(verify->uid) == -1) {
Debug("setuid %d (user \"%s\") failed: %s\n",
verify->uid, user, strerror(errno));
return 0;
}
if (_DtSvcPamSetcred(progName, user, d->name) != PAM_SUCCESS) {
Debug("Can't set User's Credentials (user=%s)\n",user);
return 0;
}
#endif
@ -2010,13 +2026,7 @@ RunGreeter( struct display *d, struct greet_info *greet,
* figure out path to dtgreet...
*/
snprintf(msg, sizeof(msg), "%s", progName);
if ((p = (char *) strrchr(msg, '/')) == NULL)
strcpy(msg,"./");
else
*(++p) = '\0';
snprintf(msg, sizeof(msg), "%s", progPath);
strcat(msg,"dtgreet");
execle(msg, "dtgreet", "-display", d->name, (char *)0, env);

12
cde/programs/dtlogin/sysauth.c
View file

@ -79,7 +79,11 @@
#if defined(PAM) || defined(HAS_PAM_LIBRARY)
#include <security/pam_appl.h>
#ifdef PAM
#include "pam_svc.h"
#else
#include <Dt/SvcPam.h>
#endif
#endif
#ifdef _AIX
@ -175,6 +179,8 @@ Audit( struct passwd *p, char *msg, int errnum )
int
Authenticate( struct display *d, char *name, char *passwd, char **msg )
{
extern char *progName;
int status;
char* ttyLine = d->gettyLine;
@ -208,13 +214,11 @@ Authenticate( struct display *d, char *name, char *passwd, char **msg )
*/
#if defined(PAM) || defined(HAS_PAM_LIBRARY)
status =
#ifdef PAM
PamAuthenticate
status = PamAuthenticate("dtlogin", d->name, passwd, name, ttyLine);
#else
_DtAuthentication
status = _DtSvcPamAuthenticate(progName, name, d->name, passwd);
#endif
("dtlogin", d->name, passwd, name, ttyLine);
switch(status) {
case PAM_SUCCESS:

2
cde/programs/dtlogin/vgmain.c
View file

@ -1903,6 +1903,7 @@ if ( session_menu != NULL ) {
}
#if 0
/*
* [ No Windows ] menu pane...
*/
@ -1920,6 +1921,7 @@ if ( session_menu != NULL ) {
if (getenv(LOCATION) == NULL || strcmp(getenv(LOCATION), "local") != 0 )
XtSetSensitive(options_item[j], False);
j++;
#endif
/*

6
cde/programs/dtsession/SmLock.c
View file

@ -86,7 +86,8 @@
#endif
#ifdef HAS_PAM_LIBRARY
#include <Dt/PamSvc.h>
#include <security/pam_appl.h>
#include <Dt/SvcPam.h>
#endif
#include "Sm.h"
@ -1622,7 +1623,8 @@ localAuthenticate(
if (!(service = strrchr(smGD.programName, '/'))) return False;
return !_DtAuthentication(service + 1, NULL, passwd, pwent->pw_name, NULL);
return _DtSvcPamAuthenticate(service + 1, pwent->pw_name, NULL, passwd) ==
PAM_SUCCESS;
}
#elif defined(SIA)

4
cde/programs/dtsession/config/Makefile.am
View file

@ -1,7 +1,7 @@
MAINTAINERCLEANFILES = Makefile.in
if HAS_PAM_LIBRARY
CPP_TARGET = pam/dtsession
CPP_TARGET = dtsession
dist_pam_DATA = $(CPP_TARGET)
if FREEBSD
pamdir = /usr/local/etc/pam.d
@ -19,6 +19,6 @@ endif
BUILT_SOURCES = $(CPP_TARGET)
CLEANFILES = $(CPP_TARGET)
pam/dtsession: pam/dtsession.src
dtsession: dtsession.src
$(RM) $@
$(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@

0
cde/programs/dtsession/config/pam/dtsession.src → cde/programs/dtsession/config/dtsession.src
View file