Hi Matthieu, I've further improved the pam_setcred() patch to use PAM's own error reporting function (and made the C style consistent to boot).
I did also remove that %\"s format string and replace it with ordinary %s. The \" qualifier is not documented in any manpage or the GNU info documentation for glibc, which gives me serious doubts as to its portability. I have MIME-attached the updated session.c patch against xf-4_3-branch. -- G. Branden Robinson | We either learn from history or, Debian GNU/Linux | uh, well, something bad will [EMAIL PROTECTED] | happen. http://people.debian.org/~branden/ | -- Bob Church
--- xc/programs/xdm/session.c~ 2003-09-25 00:19:35.000000000 -0500
+++ xc/programs/xdm/session.c 2003-09-25 00:29:10.000000000 -0500
@@ -61,17 +61,17 @@
#endif
#ifndef GREET_USER_STATIC
-#include <dlfcn.h>
-#ifndef RTLD_NOW
-#define RTLD_NOW 1
-#endif
+# include <dlfcn.h>
+# ifndef RTLD_NOW
+# define RTLD_NOW 1
+# endif
#endif
static int runAndWait (char **args, char **environ);
-#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) ||
defined(__QNXNTO__) || defined(sun)
-#include <sys/types.h>
-#include <grp.h>
+#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) ||
defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__)
+# include <sys/types.h>
+# include <grp.h>
#else
/* should be in <grp.h> */
extern void setgrent(void);
@@ -87,28 +87,34 @@
extern void endspent(void);
#endif
#endif
-#if defined(CSRG_BASED)
-#include <pwd.h>
-#include <unistd.h>
+
+#if defined(CSRG_BASED) || defined(__GLIBC__)
+# include <pwd.h>
+# include <unistd.h>
#else
extern struct passwd *getpwnam(GETPWNAM_ARGS);
-#ifdef linux
+# ifdef linux
extern void endpwent(void);
-#endif
+# endif
+# ifndef __GLIBC__
extern char *crypt(CRYPT_ARGS);
+# endif
#endif
+
#ifdef USE_PAM
-pam_handle_t **thepamhp()
+pam_handle_t **
+thepamhp ()
{
static pam_handle_t *pamh = NULL;
return &pamh;
}
-pam_handle_t *thepamh()
+pam_handle_t *
+thepamh ()
{
pam_handle_t **pamhp;
- pamhp = thepamhp();
+ pamhp = thepamhp ();
if (pamhp)
return *pamhp;
else
@@ -141,12 +147,12 @@
endgrent,
#ifdef USESHADOW
getspnam,
-#ifndef QNX4
+# ifndef QNX4
endspent,
-#endif /* QNX4 doesn't use endspent */
+# endif /* QNX4 doesn't use endspent */
#endif
getpwnam,
-#ifdef linux
+#if defined(linux) || defined(__GLIBC__)
endpwent,
#endif
crypt,
@@ -194,7 +200,7 @@
}
#if defined(_POSIX_SOURCE) || defined(SYSV) || defined(SVR4)
-#define killpg(pgrp, sig) kill(-(pgrp), sig)
+# define killpg(pgrp, sig) kill(-(pgrp), sig)
#endif
static void
@@ -251,7 +257,7 @@
static int
IOErrorHandler (Display *dpy)
{
- LogError("fatal IO error %d (%s)\n", errno, _SysErrorMsg(errno));
+ LogError ("fatal IO error %d (%s)\n", errno, _SysErrorMsg(errno));
exit(RESERVER_DISPLAY);
/*NOTREACHED*/
return 0;
@@ -260,7 +266,7 @@
static int
ErrorHandler(Display *dpy, XErrorEvent *event)
{
- LogError("X error\n");
+ LogError ("X error\n");
if (XmuPrintDefaultErrorMessage (dpy, event, stderr) == 0) return 0;
exit(UNMANAGE_DISPLAY);
/*NOTREACHED*/
@@ -293,13 +299,13 @@
#ifdef GREET_USER_STATIC
greet_user_proc = GreetUser;
#else
- Debug("ManageSession: loading greeter library %s\n", greeterLib);
+ Debug ("ManageSession: loading greeter library %s\n", greeterLib);
greet_lib_handle = dlopen(greeterLib, RTLD_NOW);
if (greet_lib_handle != NULL)
greet_user_proc = (GreetUserProc)dlsym(greet_lib_handle, "GreetUser");
if (greet_user_proc == NULL)
{
- LogError("%s while loading %s\n", dlerror(), greeterLib);
+ LogError ("%s while loading %s\n", dlerror (), greeterLib);
exit(UNMANAGE_DISPLAY);
}
#endif
@@ -321,7 +327,7 @@
* setting up environment and running the session
*/
if (StartClient (&verify, d, &clientPid, greet.name, greet.password)) {
- Debug ("Client Started\n");
+ Debug ("client started\n");
#ifndef GREET_USER_STATIC
/* Save memory; close library */
@@ -369,7 +375,7 @@
/*
* run system-wide reset file
*/
- Debug ("Source reset program %s\n", d->reset);
+ Debug ("source reset program %s\n", d->reset);
source (verify.systemEnviron, d->reset);
SessionExit (d, OBEYSESS_DISPLAY, TRUE);
}
@@ -384,7 +390,7 @@
env = systemEnv (d, (char *) 0, (char *) 0);
args = parseArgs ((char **) 0, d->xrdb);
args = parseArgs (args, d->resources);
- Debug ("Loading resource file: %s\n", d->resources);
+ Debug ("loading resource file: %s\n", d->resources);
(void) runAndWait (args, env);
freeArgs (args);
freeEnv (env);
@@ -438,7 +444,7 @@
SessionExit (d, RESERVER_DISPLAY, FALSE);
}
(void) alarm ((unsigned) d->grabTimeout);
- Debug ("Before XGrabServer %s\n", d->name);
+ Debug ("before XGrabServer %s\n", d->name);
XGrabServer (dpy);
if (XGrabKeyboard (dpy, DefaultRootWindow (dpy), True, GrabModeAsync,
GrabModeAsync, CurrentTime) != GrabSuccess)
@@ -505,16 +511,16 @@
code = Krb5DisplayCCache(d->name, &ccache);
if (code)
- LogError("%s while getting Krb5 ccache to destroy\n",
- error_message(code));
+ LogError ("%s while getting Krb5 ccache to destroy\n",
+ error_message(code));
else {
code = krb5_cc_destroy(ccache);
if (code) {
if (code == KRB5_FCC_NOFILE) {
- Debug ("No Kerberos ccache file found to destroy\n");
+ Debug ("no Kerberos ccache file found to destroy\n");
} else
- LogError("%s while destroying Krb5 credentials cache\n",
- error_message(code));
+ LogError ("%s while destroying Krb5 credentials"
+ " cache\n", error_message(code));
} else
Debug ("Kerberos ccache destroyed\n");
krb5_cc_close(ccache);
@@ -522,7 +528,7 @@
}
#endif /* K5AUTH */
}
- Debug ("Display %s exiting with status %d\n", d->name, status);
+ Debug ("display %s exiting with status %d\n", d->name, status);
exit (status);
}
@@ -540,8 +546,9 @@
#ifdef HAS_SETUSERCONTEXT
struct passwd* pwd;
#endif
-#ifdef USE_PAM
+#ifdef USE_PAM
pam_handle_t *pamh = thepamh();
+ int pam_error;
#endif
if (verify->argv) {
@@ -582,39 +589,38 @@
#ifndef AIXV3
#ifndef HAS_SETUSERCONTEXT
- if (setgid(verify->gid) < 0)
- {
- LogError("setgid %d (user \"%s\") failed, errno=%d\n",
- verify->gid, name, errno);
+ if (setgid (verify->gid) < 0) {
+ LogError ("setgid %d (user \"%s\") failed: %s\n",
+ verify->gid, name, _SysErrorMsg (errno));
return (0);
}
#if defined(BSD) && (BSD >= 199103)
- if (setlogin(name) < 0)
- {
- LogError("setlogin for \"%s\" failed, errno=%d", name, errno);
- return(0);
+ if (setlogin (name) < 0) {
+ LogError ("setlogin for \"%s\" failed: %s\n", name,
+ _SysErrorMsg (errno));
+ return (0);
}
#endif
#ifndef QNX4
- if (initgroups(name, verify->gid) < 0)
- {
- LogError("initgroups for \"%s\" failed, errno=%d\n", name, errno);
+ if (initgroups (name, verify->gid) < 0) {
+ LogError ("initgroups for \"%s\" failed: %s\n", name,
+ _SysErrorMsg (errno));
return (0);
}
#endif /* QNX4 doesn't support multi-groups, no initgroups() */
#ifdef USE_PAM
- if (thepamh()) {
- if (pam_setcred(thepamh(), PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
- LogError("pam_setcred for %\"s failed, errno=%d\n",
- name, errno);
- return(0);
+ if (thepamh ()) {
+ pam_error = pam_setcred (thepamh (), PAM_ESTABLISH_CRED);
+ if (pam_error != PAM_SUCCESS) {
+ LogError ("pam_setcred for \"%s\" failed: %s\n", name,
+ pam_strerror (pam_error));
+ return (0);
}
}
#endif
- if (setuid(verify->uid) < 0)
- {
- LogError("setuid %d (user \"%s\") failed, errno=%d\n",
- verify->uid, name, errno);
+ if (setuid (verify->uid) < 0) {
+ LogError ("setuid %d (user \"%s\") failed: %s\n",
+ verify->uid, name, _SysErrorMsg (errno));
return (0);
}
#else /* HAS_SETUSERCONTEXT */
@@ -622,20 +628,17 @@
* Set the user's credentials: uid, gid, groups,
* environment variables, resource limits, and umask.
*/
- pwd = getpwnam(name);
- if (pwd)
- {
- if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0)
- {
- LogError("setusercontext for \"%s\" failed, errno=%d\n", name,
- errno);
+ pwd = getpwnam (name);
+ if (pwd) {
+ if (setusercontext (NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
+ LogError ("setusercontext for \"%s\" failed: %s\n", name,
+ _SysErrorMsg (errno));
return (0);
}
- endpwent();
- }
- else
- {
- LogError("getpwnam for \"%s\" failed, errno=%d\n", name, errno);
+ endpwent ();
+ } else {
+ LogError ("getpwnam for \"%s\" failed: %s\n", name,
+ _SysErrorMsg (errno));
return (0);
}
#endif /* HAS_SETUSERCONTEXT */
@@ -644,9 +647,9 @@
* Set the user's credentials: uid, gid, groups,
* audit classes, user limits, and umask.
*/
- if (setpcred(name, NULL) == -1)
- {
- LogError("setpcred for \"%s\" failed, errno=%d\n", name, errno);
+ if (setpcred (name, NULL) == -1) {
+ LogError ("setpcred for \"%s\" failed: %s\n", name,
+ _SysErrorMsg (errno));
return (0);
}
#endif /* AIXV3 */
@@ -665,7 +668,7 @@
int key_set_ok = 0;
nameret = getnetname (netname);
- Debug ("User netname: %s\n", netname);
+ Debug ("user netname: %s\n", netname);
len = strlen (passwd);
if (len > 8)
bzero (passwd + 8, len - 8);
@@ -676,7 +679,7 @@
netst.st_netname = strdup(netname);
memset(netst.st_pub_key, 0, HEXKEYBYTES);
if (key_setnet(&netst) < 0) {
- Debug("Could not set secret key.\n");
+ Debug ("could not set secret key\n");
}
free(netst.st_netname);
/* is there a key, and do we have the right password? */
@@ -759,22 +762,22 @@
if (verify->argv) {
Debug ("executing session %s\n", verify->argv[0]);
execute (verify->argv, verify->userEnviron);
- LogError ("Session \"%s\" execution failed (err %d)\n",
verify->argv[0], errno);
+ LogError ("session \"%s\" execution failed (err %d)\n",
verify->argv[0], errno);
} else {
- LogError ("Session has no command/arguments\n");
+ LogError ("session has no command/arguments\n");
}
failsafeArgv[0] = d->failsafeClient;
failsafeArgv[1] = 0;
execute (failsafeArgv, verify->userEnviron);
exit (1);
case -1:
- bzero(passwd, strlen(passwd));
+ bzero (passwd, strlen (passwd));
Debug ("StartSession, fork failed\n");
- LogError ("can't start session on \"%s\", fork failed, errno=%d\n",
- d->name, errno);
+ LogError ("can't start session on \"%s\", fork failed: %s\n",
+ d->name, _SysErrorMsg (errno));
return 0;
default:
- bzero(passwd, strlen(passwd));
+ bzero (passwd, strlen (passwd));
Debug ("StartSession, fork succeeded %d\n", pid);
*pidp = pid;
return 1;
@@ -885,7 +888,7 @@
p = "/bin/sh";
optarg = 0;
}
- Debug ("Shell script execution: %s (optarg %s)\n",
+ Debug ("shell script execution: %s (optarg %s)\n",
p, optarg ? optarg : "(null)");
for (av = argv, argc = 0; *av; av++, argc++)
/* SUPPRESS 530 */
@@ -941,9 +944,10 @@
return env;
}
-#if (defined(Lynx) && !defined(HAS_CRYPT)) || defined(SCO) && !defined(SCO_USA) &&
!defined(_SCO_DS)
-char *crypt(char *s1, char *s2)
+#if (defined(Lynx) && !defined(HAS_CRYPT)) || (defined(SCO) && !defined(SCO_USA) &&
!defined(_SCO_DS))
+char *
+crypt (char *s1, char *s2)
{
- return(s2);
+ return (s2);
}
#endif
signature.asc
Description: Digital signature
