The branch, build-main has been updated via d2358d6e2b75eb26f7dd61172a77331bfc5ea5f8 (commit) from c5207337b01bc9f0836ee0a82d611549b963245c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: src/pam-freerdp.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) The diff of changes is: diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index b271834..17b5996 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -37,6 +37,8 @@ #define PAM_TYPE_DOMAIN 1234 #define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n" +static int unpriveleged_kill (struct passwd * pwdent); + static char * global_domain = NULL; /* FIXME? This is a work around to the fact that PAM seems to be clearing the auth token between authorize and open_session. Which then requires @@ -523,6 +525,20 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv goto done; } + retval = unpriveleged_kill(pwdent); + +done: + return retval; +} + +/* Drop privs and try to kill the process with the PID of session_pid. + This ensures that we don't kill something important if there is PID wrap + around. */ +static int +unpriveleged_kill (struct passwd * pwdent) +{ + int retval = PAM_SUCCESS; + pid_t pid = fork(); if (pid == 0) { /* Setting groups, but allowing EPERM as if we're not 100% root @@ -566,7 +582,6 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv want to try again. We'll just return the error for this time. */ session_pid = 0; -done: return retval; } hooks/post-receive -- libpam-x2go.git (Remote login session via X2Go (PAM module)) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).