[X2Go-Commits] libpam-x2go.git - build-main (branch) updated: 50c56f5a1e20d5d08bff7a1a8b1a824e42b40c5e

[X2Go dev team]

The branch, build-main has been updated
       via  50c56f5a1e20d5d08bff7a1a8b1a824e42b40c5e (commit)
      from  71845510b58df938ac0a64e47a789c166ad6deb5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 src/pam-freerdp.c |   19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 24a55d0..b271834 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -28,6 +28,7 @@
 #include <sys/un.h>
 #include <pwd.h>
 #include <grp.h>
+#include <errno.h>
 
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
@@ -234,6 +235,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
 			_exit(EXIT_FAILURE);
 		}
 
+		/* Setting groups, but allowing EPERM as if we're not 100% root
+		   we might not be able to do this */
+		if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+			_exit(EXIT_FAILURE);
+		}
+
 		if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
 				setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
 			_exit(EXIT_FAILURE);
@@ -304,6 +311,12 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse
 	/* Track ready writing */
 	int readywrite = 0;
 
+	/* Setting groups, but allowing EPERM as if we're not 100% root
+	   we might not be able to do this */
+	if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+		_exit(EXIT_FAILURE);
+	}
+
 	if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
 			setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
 		/* Don't need to clean up yet */
@@ -512,6 +525,12 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
 
 	pid_t pid = fork();
 	if (pid == 0) {
+		/* Setting groups, but allowing EPERM as if we're not 100% root
+		   we might not be able to do this */
+		if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+			_exit(EXIT_FAILURE);
+		}
+
 		if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
 				setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
 			_exit(EXIT_FAILURE);


hooks/post-receive
-- 
libpam-x2go.git (Remote login session via X2Go (PAM module))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).