[X2Go-Commits] libpam-x2go.git - x2gosession (branch) updated: 5c90b12afe82afce6c09624e684da3dca687028e

X2Go dev team git-admin at x2go.org
Wed Apr 24 18:47:25 CEST 2013


The branch, x2gosession has been updated
       via  5c90b12afe82afce6c09624e684da3dca687028e (commit)
      from  adc34c5dfa6a012b868c3b368dad325074a0f61a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 src/pam-freerdp.c |   80 ++++++++++++++++++++++++++---------------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 4e43ec4..1aab5dd 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -250,17 +250,45 @@ done:
 }
 
 static int
-session_socket_handler (const char * buffer, int buffer_len, struct passwd * pwdent, int socketfd)
+session_socket_handler (const char * buffer, int buffer_len, struct passwd * pwdent)
 {
-	/* Locks to carry over */
-	mlock(buffer, buffer_len);
-
 	if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
 			setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
 		return EXIT_FAILURE;
 	}
 
+	/* Make our socket and bind it */
+	int socketfd;
+	struct sockaddr_un socket_addr;
+
+	socketfd = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (socketfd < 0) {
+		return EXIT_FAILURE;
+	}
+
+	memset(&socket_addr, 0, sizeof(struct sockaddr_un));
+	socket_addr.sun_family = AF_UNIX;
+	strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
+	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
+
+	/* We bind the socket before forking so that we ensure that
+	   there isn't a race condition to get to it.  Things will block
+	   otherwise. */
+	if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) {
+		close(socketfd);
+		return EXIT_FAILURE;
+	}
+
+	/* Set the socket file permissions to be 600 and the user and group
+	   to be the guest user.  NOTE: This won't protect on BSD */
+	if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
+			chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
+		close(socketfd);
+		return EXIT_FAILURE;
+	}
+
 	if (listen(socketfd, 1) < 0) {
+		close(socketfd);
 		return EXIT_FAILURE;
 	}
 
@@ -271,12 +299,14 @@ session_socket_handler (const char * buffer, int buffer_len, struct passwd * pwd
 	connected_addr_size = sizeof(struct sockaddr_un);
 	connectfd = accept(socketfd, (struct sockaddr *)&connected_addr, &connected_addr_size);
 	if (connectfd < 0) {
+		close(socketfd);
 		return EXIT_FAILURE;
 	}
 
 	int writedata;
 	writedata = write(connectfd, buffer, buffer_len);
 
+	close(socketfd);
 	close(connectfd);
 
 	if (writedata == buffer_len) {
@@ -319,39 +349,6 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 		goto done;
 	}
 	
-	/* Make our socket and bind it */
-	int socketfd;
-	struct sockaddr_un socket_addr;
-
-	socketfd = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (socketfd < 0) {
-		retval = PAM_SYSTEM_ERR;
-		goto done;
-	}
-
-	memset(&socket_addr, 0, sizeof(struct sockaddr_un));
-	socket_addr.sun_family = AF_UNIX;
-	strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
-	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
-
-	/* We bind the socket before forking so that we ensure that
-	   there isn't a race condition to get to it.  Things will block
-	   otherwise. */
-	if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) {
-		close(socketfd);
-		retval = PAM_SYSTEM_ERR;
-		goto done;
-	}
-
-	/* Set the socket file permissions to be 600 and the user and group
-	   to be the guest user.  NOTE: This won't protect on BSD */
-	if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
-			chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
-		close(socketfd);
-		retval = PAM_SYSTEM_ERR;
-		goto done;
-	}
-
 	/* Build this up as a buffer so we can just write it and see that
 	   very, very clearly */
 	int buffer_len = 0;
@@ -369,15 +366,18 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 	if (pid == 0) {
 		int retval = 0;
 
-		retval = session_socket_handler(buffer, buffer_len, pwdent, socketfd);
+		/* Locks to carry over */
+		mlock(buffer, buffer_len);
 
-		close(socketfd);
+		retval = session_socket_handler(buffer, buffer_len, pwdent);
+
+		munlock(buffer, buffer_len);
+		memset(buffer, 0, buffer_len);
 		free(buffer);
 
 		_exit(retval);
 	} else if (pid < 0) {
 		retval = PAM_SYSTEM_ERR;
-		close(socketfd);
 	} else {
 		session_pid = pid;
 	}


hooks/post-receive
-- 
libpam-x2go.git (Remote login session via X2Go (PAM module))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).




More information about the x2go-commits mailing list