[X2Go-Commits] libpam-x2go.git - build-main (branch) updated: d2358d6e2b75eb26f7dd61172a77331bfc5ea5f8
X2Go dev team
git-admin at x2go.org
Sat Apr 27 13:45:34 CEST 2013
The branch, build-main has been updated
via d2358d6e2b75eb26f7dd61172a77331bfc5ea5f8 (commit)
from c5207337b01bc9f0836ee0a82d611549b963245c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
src/pam-freerdp.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index b271834..17b5996 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -37,6 +37,8 @@
#define PAM_TYPE_DOMAIN 1234
#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n"
+static int unpriveleged_kill (struct passwd * pwdent);
+
static char * global_domain = NULL;
/* FIXME? This is a work around to the fact that PAM seems to be clearing
the auth token between authorize and open_session. Which then requires
@@ -523,6 +525,20 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
goto done;
}
+ retval = unpriveleged_kill(pwdent);
+
+done:
+ return retval;
+}
+
+/* Drop privs and try to kill the process with the PID of session_pid.
+ This ensures that we don't kill something important if there is PID wrap
+ around. */
+static int
+unpriveleged_kill (struct passwd * pwdent)
+{
+ int retval = PAM_SUCCESS;
+
pid_t pid = fork();
if (pid == 0) {
/* Setting groups, but allowing EPERM as if we're not 100% root
@@ -566,7 +582,6 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
want to try again. We'll just return the error for this time. */
session_pid = 0;
-done:
return retval;
}
hooks/post-receive
--
libpam-x2go.git (Remote login session via X2Go (PAM module))
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).
More information about the x2go-commits
mailing list