[X2Go-Commits] libpam-x2go.git - x2gosession (branch) updated: d9da9b90a2be88825b3219f21b5865872591bbdb

X2Go dev team git-admin at x2go.org
Wed Apr 24 18:47:24 CEST 2013 

The branch, x2gosession has been updated
  discards  626a5ed1cc6421c00f103fa769ac19f867e7ed1f (commit)
       via  d9da9b90a2be88825b3219f21b5865872591bbdb (commit)
       via  6e7601e14089a79aec2accfa800c259049449b8e (commit)
       via  817ff829b60891959d4b947fbd79c7bd3e2e67dd (commit)
       via  645af42abcb4b3ac922705751d134d31d8959912 (commit)
       via  edbe36fbccacebc2de6d15d0bfa3d480dd69a135 (commit)
       via  48df96792e41ff14f101fbb9829a059b0cdd3879 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (626a5ed1cc6421c00f103fa769ac19f867e7ed1f)
            \
             N -- N -- N (d9da9b90a2be88825b3219f21b5865872591bbdb)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 src/pam-freerdp.c |   52 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 37 insertions(+), 15 deletions(-)

The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 2261a20..8129787 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -23,7 +23,7 @@
 #include <sys/wait.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/stat.h>
+#include <sys/mman.h>
 #include <sys/un.h>
 #include <pwd.h>
 
@@ -33,6 +33,13 @@
 
 #define PAM_TYPE_DOMAIN  1234
 
+static char * global_domain = NULL;
+/* FIXME? This is a work around to the fact that PAM seems to be clearing
+   the auth token between authorize and open_session.  Which then requires
+   us to save it.  Seems like we're the wrong people to do it, but we have
+   no choice */
+static char * global_password = NULL;
+
 /* Either grab a value or prompt for it */
 static char *
 get_item (pam_handle_t * pamh, int type)
@@ -44,6 +51,13 @@ get_item (pam_handle_t * pamh, int type)
 		if (pam_get_item(pamh, type, (const void **)&value) == PAM_SUCCESS && value != NULL) {
 			return strdup(value);
 		}
+		if (type == PAM_AUTHTOK && global_password != NULL) {
+			return strdup(global_password);
+		}
+	} else {
+		if (global_domain != NULL) {
+			return strdup(global_domain);
+		}
 	}
 	/* Now we need to prompt */
 
@@ -81,7 +95,7 @@ get_item (pam_handle_t * pamh, int type)
 	}
 
 	struct pam_response * responses = NULL;
-	if (conv->conv(1, &pmessage, &responses, conv->appdata_ptr) != PAM_SUCCESS) {
+	if (conv->conv(1, &pmessage, &responses, conv->appdata_ptr) != PAM_SUCCESS || responses == NULL) {
 		return NULL;
 	}
 
@@ -104,6 +118,26 @@ get_item (pam_handle_t * pamh, int type)
 		}
 	}
 
+	if (retval != NULL) { /* Can't believe it really would be at this point, but let's be sure */
+		if (type != PAM_TYPE_DOMAIN) {
+			pam_set_item(pamh, type, (const void *)retval);
+		} else {
+			if (global_domain != NULL) {
+				free(global_domain);
+			}
+			global_domain = strdup(retval);
+		}
+		if (type == PAM_AUTHTOK) {
+			if (global_password != NULL) {
+				memset(global_password, 0, strlen(global_password));
+				munlock(global_password, strlen(global_password));
+				free(global_password);
+			}
+			global_password = strdup(retval);
+			mlock(global_password, strlen(global_password));
+		}
+	}
+
 	return retval;
 }
 
@@ -113,9 +147,6 @@ get_item (pam_handle_t * pamh, int type)
 		goto done; \
 	}
 
-/* TODO: Make this a build thing */
-#define XFREERDP "/usr/bin/xfreerdp"
-
 /* Authenticate.  We need to make sure we have a user account, that
    there are remote accounts and then verify them with FreeRDP */
 PAM_EXTERN int
@@ -252,7 +283,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 	memset(&socket_addr, 0, sizeof(struct sockaddr_un));
 	socket_addr.sun_family = AF_UNIX;
 	strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
-	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", sizeof(socket_addr.sun_path) - 1);
+	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
 
 	/* We bind the socket before forking so that we ensure that
 	   there isn't a race condition to get to it.  Things will block
@@ -263,15 +294,6 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 		goto done;
 	}
 
-	/* Set the socket file permissions to be 600 and the user and group
-	   to be the guest user.  NOTE: This won't protect on BSD */
-	if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
-			chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
-		close(socketfd);
-		retval = PAM_SYSTEM_ERR;
-		goto done;
-	}
-
 	/* Build this up as a buffer so we can just write it and see that
 	   very, very clearly */
 	int buffer_len = 0;


hooks/post-receive
-- 
libpam-x2go.git (Remote login session via X2Go (PAM module))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).

More information about the x2go-commits mailing list