[X2Go-Commits] libpam-x2go.git - build-main (branch) updated: 50c56f5a1e20d5d08bff7a1a8b1a824e42b40c5e
X2Go dev team
git-admin at x2go.org
Sat Apr 27 13:45:34 CEST 2013
The branch, build-main has been updated
via 50c56f5a1e20d5d08bff7a1a8b1a824e42b40c5e (commit)
from 71845510b58df938ac0a64e47a789c166ad6deb5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
src/pam-freerdp.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 24a55d0..b271834 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -28,6 +28,7 @@
#include <sys/un.h>
#include <pwd.h>
#include <grp.h>
+#include <errno.h>
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
@@ -234,6 +235,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
_exit(EXIT_FAILURE);
}
+ /* Setting groups, but allowing EPERM as if we're not 100% root
+ we might not be able to do this */
+ if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+ _exit(EXIT_FAILURE);
+ }
+
if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
_exit(EXIT_FAILURE);
@@ -304,6 +311,12 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse
/* Track ready writing */
int readywrite = 0;
+ /* Setting groups, but allowing EPERM as if we're not 100% root
+ we might not be able to do this */
+ if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+ _exit(EXIT_FAILURE);
+ }
+
if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
/* Don't need to clean up yet */
@@ -512,6 +525,12 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
pid_t pid = fork();
if (pid == 0) {
+ /* Setting groups, but allowing EPERM as if we're not 100% root
+ we might not be able to do this */
+ if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+ _exit(EXIT_FAILURE);
+ }
+
if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
_exit(EXIT_FAILURE);
hooks/post-receive
--
libpam-x2go.git (Remote login session via X2Go (PAM module))
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).
More information about the x2go-commits
mailing list