diff --git a/cde/configure.ac b/cde/configure.ac index 6919a5b53..929ad26b2 100644 --- a/cde/configure.ac +++ b/cde/configure.ac @@ -177,11 +177,6 @@ AC_SUBST(LIBMMDB, '$(top_builddir)/lib/DtMmdb/libDtMmdb.la') AC_SUBST(LIBHELP, '$(top_builddir)/lib/DtHelp/libDtHelp.la') AC_SUBST(LIBCSA, '$(top_builddir)/lib/csa/libcsa.la') -AC_SUBST(LIBPAMSVC, '$(top_builddir)/lib/DtPamSvc/libDtPamSvc.la') - -dnl we do not inclue the DtPamSvc library here as it is not needed -dnl for everything. - AC_SUBST(DTCLIENTLIBS, '$(LIBPRINT) $(LIBHELP) $(LIBWIDGET) $(LIBSVC) \ $(LIBTT) $(LIBXIN)') @@ -245,6 +240,48 @@ AC_ARG_ENABLE([xrender], [disable_xrender="yes"], [disable_xrender=""] ) +dnl copied from xdm... + +AC_ARG_WITH(utmp_file, + AS_HELP_STRING([--with-utmp-file=], + [specify file to pass to sessreg -u for current logins]) +AS_HELP_STRING([--without-utmp-file], + [specify passing "none" to sessreg -u to not record logins in utmp]), + [UTMP_FILE="$withval"]) +if test "x$UTMP_FILE" = "xyes" ; then + UTMP_FILE="" +elif test "x$UTMP_FILE" = "xno" ; then + UTMP_FILE="none" +fi +AC_MSG_CHECKING([for path to file listing current logins for sessreg]) +if test "x$UTMP_FILE" = "x" ; then + AC_MSG_RESULT([use sessreg default]) +else + AC_MSG_RESULT([$UTMP_FILE]) +fi +AM_CONDITIONAL(SET_UTMP_FILE, test x$UTMP_FILE != x) +AC_SUBST(UTMP_FILE) + +AC_ARG_WITH(wtmp_file, + AS_HELP_STRING([--with-wtmp-file=], + [specify file to pass to sessreg -w for login history]) +AS_HELP_STRING([--without-wtmp-file], + [specify passing "none" to sessreg -w to not record logins in wtmp]), + [WTMP_FILE="$withval"]) +if test "x$WTMP_FILE" = "xyes" ; then + WTMP_FILE="" +elif test "x$WTMP_FILE" = "xno" ; then + WTMP_FILE="none" +fi +AC_MSG_CHECKING([for path to file listing login history for sessreg]) +if test "x$WTMP_FILE" = "x" ; then + AC_MSG_RESULT([use sessreg default]) +else + AC_MSG_RESULT([$WTMP_FILE]) +fi +AM_CONDITIONAL(SET_WTMP_FILE, test x$WTMP_FILE != x) +AC_SUBST(WTMP_FILE) + dnl hmmm... RM="rm -f" AC_SUBST(RM) @@ -396,6 +433,10 @@ AC_CHECK_PROGS(ONSGMLS, onsgmls) if test -z "$ac_cv_prog_ONSGMLS"; then MISSING_PROGS="ONSGMLS ${MISSING_PROGS}" fi +AC_CHECK_PROGS(SESSREG, sessreg) +if test -z "$ac_cv_prog_SESSREG"; then + MISSING_PROGS="SESSREG ${MISSING_PROGS}" +fi dnl Used to check if program 'tic' is available to install terminfo files AC_CHECK_PROGS(TIC, tic, :) @@ -494,7 +535,9 @@ dnl Right now this only works on linux and netbsd (9.2 tested) if test "$supports_pam" = "yes" then AC_CHECK_LIB(pam, pam_start, - [SOURCE_CPP_DEFINES="${SOURCE_CPP_DEFINES} -DHAS_PAM_LIBRARY"]) + [SOURCE_CPP_DEFINES="${SOURCE_CPP_DEFINES} -DHAS_PAM_LIBRARY"; + PAMLIB="-lpam"]) + AC_SUBST(PAMLIB) else AC_CHECK_LIB(pam, NOTSUPPORTED) fi @@ -565,8 +608,6 @@ lib/tt/bin/ttsession/Makefile lib/DtSvc/Makefile -lib/DtPamSvc/Makefile - lib/DtSearch/Makefile lib/DtSearch/raima/Makefile diff --git a/cde/include/Dt/PamSvc.h b/cde/include/Dt/PamSvc.h deleted file mode 100644 index d76ff3e33..000000000 --- a/cde/include/Dt/PamSvc.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * CDE - Common Desktop Environment - * - * Copyright (c) 1993-2012, The Open Group. All rights reserved. - * - * These libraries and programs are free software; you can - * redistribute them and/or modify them under the terms of the GNU - * Lesser General Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * These libraries and programs are distributed in the hope that - * they will be useful, but WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU Lesser General Public License for more - * details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with these libraries and programs; if not, write - * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth - * Floor, Boston, MA 02110-1301 USA - */ -/* $XConsortium: pam_svc.h /main/3 1996/10/30 11:13:40 drk $ */ -/******************************************************************************* -** -** "@(#)pam_svc.h 1.4 95/09/12 -** -** Copyright 1993, 1994, 1995 Sun Microsystems, Inc. All rights reserved. -** -** This file contains header info related to use of PAM -** (Pluggable Authentication Module) library. -** -*******************************************************************************/ -/* * - * (c) Copyright 1993, 1994 Hewlett-Packard Company * - * (c) Copyright 1993, 1994 International Business Machines Corp. * - * (c) Copyright 1993, 1994, 1995 Sun Microsystems, Inc. * - * (c) Copyright 1993, 1994 Novell, Inc. * - */ - -#ifndef _DT_PAM_SVC_H -#define _DT_PAM_SVC_H - -#include - -#define DT_BAD_GID 29 /* Invalid Group ID */ -#define DT_INITGROUP_FAIL 30 /* group IDs init failed */ -#define DT_BAD_UID 31 /* Invaid User ID */ - -/* - * External procedure declarations - */ - -extern int _DtAuthentication(char*, char*, char*, char*, char*); -extern int _DtAccounting(char*, char*, char[], char*, char*, pid_t, int, int); -extern int _DtSetCred(char*, char *, uid_t, gid_t); - -#endif /* _DT_PAM_SVC_H */ diff --git a/cde/include/Dt/SvcPam.h b/cde/include/Dt/SvcPam.h new file mode 100644 index 000000000..eeb282885 --- /dev/null +++ b/cde/include/Dt/SvcPam.h @@ -0,0 +1,36 @@ +/* + * CDE - Common Desktop Environment + * + * Copyright (c) 1993-2012, The Open Group. All rights reserved. + * + * These libraries and programs are free software; you can + * redistribute them and/or modify them under the terms of the GNU + * Lesser General Public License as published by the Free Software + * Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * These libraries and programs are distributed in the hope that + * they will be useful, but WITHOUT ANY WARRANTY; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with these libraries and programs; if not, write + * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth + * Floor, Boston, MA 02110-1301 USA + */ + +#ifndef _DT_SVC_PAM_H +#define _DT_SVC_PAM_H + +int _DtSvcPamAuthenticate(const char *service_name, const char *user, + const char *display_name, const char *user_passwd); +int _DtSvcPamOpenSession(const char *service_name, const char *user, + const char *display_name); +int _DtSvcPamCloseSession(const char *service_name, const char *user, + const char *display_name); +int _DtSvcPamSetcred(const char *service_name, const char *user, + const char *display_name); + +#endif diff --git a/cde/include/Makefile.am b/cde/include/Makefile.am index 5db7f3a8b..0a1022c5f 100644 --- a/cde/include/Makefile.am +++ b/cde/include/Makefile.am @@ -28,7 +28,4 @@ nobase_include_HEADERS = Dt/Editor.h \ Dt/Search.h \ Dt/Mmdb.h \ Dt/DtXinerama.h \ - Dt/PamSvc.h - - - + Dt/SvcPam.h diff --git a/cde/lib/DtPamSvc/Makefile.am b/cde/lib/DtPamSvc/Makefile.am deleted file mode 100644 index 7c21e8d8f..000000000 --- a/cde/lib/DtPamSvc/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ -MAINTAINERCLEANFILES = Makefile.in - -lib_LTLIBRARIES = libDtPamSvc.la - -# the PamSvc.h header file is located in include/Dt/ -libDtPamSvc_la_SOURCES = PamSvc.c ${top_srcdir}/include/Dt/PamSvc.h - -libDtPamSvc_la_LIBADD = -lpam - -# in order to try to keep lib versions the same across platforms, (2.1.0) -if BSD -libDtPamSvc_la_LDFLAGS = -version-info 2:1:0 -else -libDtPamSvc_la_LDFLAGS = -version-info 3:0:1 -endif - - diff --git a/cde/lib/DtPamSvc/PamSvc.c b/cde/lib/DtPamSvc/PamSvc.c deleted file mode 100644 index 8addc6d62..000000000 --- a/cde/lib/DtPamSvc/PamSvc.c +++ /dev/null @@ -1,310 +0,0 @@ -/* - * CDE - Common Desktop Environment - * - * Copyright (c) 1993-2012, The Open Group. All rights reserved. - * - * These libraries and programs are free software; you can - * redistribute them and/or modify them under the terms of the GNU - * Lesser General Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * These libraries and programs are distributed in the hope that - * they will be useful, but WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU Lesser General Public License for more - * details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with these libraries and programs; if not, write - * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth - * Floor, Boston, MA 02110-1301 USA - */ -/* $TOG: pam_svc.c /main/5 1997/06/04 16:30:21 samborn $ */ -/******************************************************************************* - ** - ** pam_svc.c 1.10 95/11/25 - ** - ** Copyright 1993, 1994, 1995 Sun Microsystems, Inc. All rights reserved. - ** - ** This file contains procedures specific to use of - ** PAM (Pluggable Authentication Module) security library. - ** - *******************************************************************************/ -/* * - * (c) Copyright 1993, 1994 Hewlett-Packard Company * - * (c) Copyright 1993, 1994 International Business Machines Corp. * - * (c) Copyright 1993, 1994, 1995 Sun Microsystems, Inc. * - * (c) Copyright 1993, 1994 Novell, Inc. * - */ - -/* - * Header Files - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(__linux__) -#include -#endif -#include
- -/* - * Local function declarations - */ - -static int login_conv(int num_msg, const struct pam_message **msg, - struct pam_response **response, void *appdata_ptr); - -static char* create_devname(char* short_devname); - -/* - * Local structures and variables - */ - -static struct pam_conv pam_conv = {login_conv, NULL}; -static char *saved_user_passwd; -static pam_handle_t *pamh = NULL; - -/**************************************************************************** - * PamInit - * - * Initialize or Update PAM datastructures. - * - ****************************************************************************/ - -static int PamInit(char* prog_name, - char* user, - char* line_dev, - char* display_name) -{ - int status=PAM_SUCCESS; - - if (!pamh) { - /* Open PAM (Plugable Authentication module ) connection */ - status = pam_start( prog_name, user, &pam_conv, &pamh ); - if (status != PAM_SUCCESS) pamh = NULL; - } else { - if (prog_name) pam_set_item(pamh, PAM_SERVICE, prog_name); - if (user) pam_set_item(pamh, PAM_USER, user); - } - - if (status == PAM_SUCCESS) { - if (line_dev) pam_set_item(pamh, PAM_TTY, line_dev); - if (display_name) pam_set_item(pamh, PAM_RHOST, display_name); - } - - return(status); -} - -/**************************************************************************** - * _DtAuthentication - * - * Authenticate that user / password combination is legal for this system - * - ****************************************************************************/ - -int _DtAuthentication ( char* prog_name, - char* display_name, - char* user_passwd, - char* user, - char* line ) -{ - int status; - char* line_str = line ? line : "NULL"; - char* line_dev = create_devname(line_str); - - if (!user_passwd) - /* Password challenge required for dtlogin authentication */ - return(PAM_AUTH_ERR); - - status = PamInit(prog_name, user, line_dev, display_name); - - if (status == PAM_SUCCESS) { - saved_user_passwd = user_passwd; - status = pam_authenticate( pamh, 0 ); - }; - - if (status != PAM_SUCCESS) { - if (pamh) { - pam_end(pamh, PAM_ABORT); - pamh=NULL; - } - } - - return(status); -} - -/**************************************************************************** - * _DtAccounting - * - * Work related to open and close of user sessions - ****************************************************************************/ - -int _DtAccounting( char* prog_name, - char* display_name, - char* entry_id, - char* user, - char* line, - pid_t pid, - int entry_type, - int exitcode ) -{ - int session_type, status; - char *line_str = line ? line : "NULL"; - char *line_dev = create_devname(line_str); - - /* Open PAM (Plugable Authentication module ) connection */ - - status = PamInit(prog_name, user, line_dev, display_name); - - /* Session accounting */ - - if (status == PAM_SUCCESS) switch(entry_type) { - case DEAD_PROCESS: - status = pam_close_session(pamh, 0); - break; - - case USER_PROCESS: - case LOGIN_PROCESS: - default: - status = pam_open_session(pamh, 0); - break; - } - - free(line_dev); - return(status); -} - -/**************************************************************************** - * _DtSetCred - * - * Set Users login credentials: uid, gid, and group lists - ****************************************************************************/ - -int _DtSetCred(char* prog_name, char* user, uid_t uid, gid_t gid) -{ - int cred_type, status; - - status = PamInit(prog_name, user, NULL, NULL); - - /* Set users credentials */ - - if (status == PAM_SUCCESS && setgid(gid) == -1) - status = DT_BAD_GID; - - if ((status == PAM_SUCCESS && - !user) || (initgroups(user, gid) == -1)) - status = DT_INITGROUP_FAIL; - - if (status == PAM_SUCCESS) - status = pam_setcred(pamh, PAM_ESTABLISH_CRED); - - if (status == PAM_SUCCESS && (setuid(uid) == -1)) - status = DT_BAD_UID; - - return(status); -} - -/*************************************************************************** - * create_devname - * - * A utility function. Takes short device name like "console" and returns - * a long device name like "/dev/console" - ***************************************************************************/ - -static char* create_devname(char* short_devname) -{ - char* long_devname; - - if (short_devname == NULL) - short_devname = ""; - - long_devname = (char *) malloc (strlen(short_devname) + 5); - - if (long_devname == NULL) - return(NULL); - - strcpy(long_devname,"/dev/"); - strcat(long_devname, short_devname); - - return(long_devname); -} - -/***************************************************************************** - * login_conv(): - * - * This is a conv (conversation) function called from the PAM - * authentication scheme. It returns the user's password when requested by - * internal PAM authentication modules and also logs any internal PAM error - * messages. - *****************************************************************************/ - -static int login_conv(int num_msg, const struct pam_message **msg, - struct pam_response **response, void *appdata_ptr) -{ - const struct pam_message *m; - struct pam_response *r; - char *temp; - int k; - -#ifdef lint - conv_id = conv_id; -#endif - if (num_msg <= 0) - return (PAM_CONV_ERR); - - *response = (struct pam_response*) - calloc(num_msg, sizeof (struct pam_response)); - if (*response == NULL) - return (PAM_CONV_ERR); - - (void) memset(*response, 0, sizeof (struct pam_response)); - - k = num_msg; - m = *msg; - r = *response; - while (k--) { - - switch (m->msg_style) { - - case PAM_PROMPT_ECHO_OFF: - if (saved_user_passwd != NULL) { - r->resp = (char *) malloc(strlen(saved_user_passwd)+1); - if (r->resp == NULL) { - /* __pam_free_resp(num_msg, *response); */ - *response = NULL; - return (PAM_CONV_ERR); - } - (void) strcpy(r->resp, saved_user_passwd); - r->resp_retcode=0; - } - - m++; - r++; - break; - - case PAM_ERROR_MSG: - m++; - r++; - break; - - case PAM_TEXT_INFO: - m++; - r++; - break; - - default: - break; - } - } - - return (PAM_SUCCESS); -} diff --git a/cde/lib/DtSvc/DtUtil2/SvcPam.c b/cde/lib/DtSvc/DtUtil2/SvcPam.c new file mode 100644 index 000000000..a2bc76bb5 --- /dev/null +++ b/cde/lib/DtSvc/DtUtil2/SvcPam.c @@ -0,0 +1,243 @@ +/* + * CDE - Common Desktop Environment + * + * Copyright (c) 1993-2012, The Open Group. All rights reserved. + * + * These libraries and programs are free software; you can + * redistribute them and/or modify them under the terms of the GNU + * Lesser General Public License as published by the Free Software + * Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * These libraries and programs are distributed in the hope that + * they will be useful, but WITHOUT ANY WARRANTY; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with these libraries and programs; if not, write + * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth + * Floor, Boston, MA 02110-1301 USA + */ + +/* + * Header Files + */ + +#include +#include +#include + +/* + * Local function declarations + */ + +static int login_conv(int num_msg, const struct pam_message **msg, + struct pam_response **response, void *appdata_ptr); + +/* + * Local structures and variables + */ + +static struct pam_conv pam_conv = {login_conv, NULL}; +static char *saved_user_passwd; +static pam_handle_t *pamh; + +static int PamStart(const char *service_name, const char *user, + const char *display_name) +{ + int status; + char *colon, *hostname; + + if (pamh) { + if (service_name) + status = pam_set_item(pamh, PAM_SERVICE, service_name); + + if (status != PAM_SUCCESS && user) pam_set_item(pamh, PAM_USER, user); + } + else { + status = pam_start(service_name, user, &pam_conv, &pamh); + } + + if (status != PAM_SUCCESS) goto done; + + if (!display_name) goto done; + + if (display_name[0] == ':') { + status = pam_set_item(pamh, PAM_TTY, display_name); + goto done; + } + + if (!(hostname = strdup(display_name))) { + status = PAM_BUF_ERR; + goto done; + } + + if (colon = strrchr(hostname, ':')) *colon = '\0'; + + status = pam_set_item(pamh, PAM_RHOST, hostname); + + free(hostname); + +done: + if (status != PAM_SUCCESS && pamh && pam_end(pamh, status) == PAM_SUCCESS) + pamh = NULL; + + return status; +} + +/** + * @brief Authenticate that user / password combination is legal for this + * system. + * + * @param service_name + * @param user + * @param display_name + * @param user_passwd + * + * @return See pam_authenticate. + */ +int _DtSvcPamAuthenticate(const char *service_name, const char *user, + const char *display_name, const char *user_passwd) +{ + int status; + + if (!user_passwd) return PAM_AUTH_ERR; + + if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS) + return status; + + saved_user_passwd = (char *) user_passwd; + + return pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK); +} + +/** + * @brief Start PAM session management. + * + * @param service_name + * @param user + * @param display_name + * + * @return See pam_open_session. + */ +int _DtSvcPamOpenSession(const char *service_name, const char *user, + const char *display_name) +{ + int status; + + if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS) + return status; + + return pam_open_session(pamh, 0); +} + +/** + * @brief Terminate PAM session management. + * + * @param service_name + * @param user + * @param display_name + * + * @return See pam_close_session. + */ +int _DtSvcPamCloseSession(const char *service_name, const char *user, + const char *display_name) +{ + int status; + + if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS) + return status; + + return pam_close_session(pamh, 0); +} + +/** + * @brief Set Users login credentials. + * + * @param service_name + * @param user + * @param display_name + * + * @return See pam_setcred. + */ +int _DtSvcPamSetcred(const char *service_name, const char *user, + const char *display_name) +{ + int status; + + if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS) + return status; + + return pam_setcred(pamh, PAM_ESTABLISH_CRED); +} + +/***************************************************************************** + * login_conv(): + * + * This is a conv (conversation) function called from the PAM + * authentication scheme. It returns the user's password when requested by + * internal PAM authentication modules and also logs any internal PAM error + * messages. + *****************************************************************************/ + +static int login_conv(int num_msg, const struct pam_message **msg, + struct pam_response **response, void *appdata_ptr) +{ + const struct pam_message *m; + struct pam_response *r; + char *temp; + int k; + +#ifdef lint + conv_id = conv_id; +#endif + if (num_msg <= 0) + return (PAM_CONV_ERR); + + *response = (struct pam_response*) + calloc(num_msg, sizeof (struct pam_response)); + if (*response == NULL) + return (PAM_BUF_ERR); + + k = num_msg; + m = *msg; + r = *response; + while (k--) { + + switch (m->msg_style) { + + case PAM_PROMPT_ECHO_OFF: + if (saved_user_passwd != NULL) { + r->resp = (char *) malloc(strlen(saved_user_passwd)+1); + if (r->resp == NULL) { + /* __pam_free_resp(num_msg, *response); */ + *response = NULL; + return (PAM_BUF_ERR); + } + (void) strcpy(r->resp, saved_user_passwd); + r->resp_retcode=0; + } + + m++; + r++; + break; + + case PAM_ERROR_MSG: + m++; + r++; + break; + + case PAM_TEXT_INFO: + m++; + r++; + break; + + default: + break; + } + } + + return (PAM_SUCCESS); +} diff --git a/cde/lib/DtSvc/Makefile.am b/cde/lib/DtSvc/Makefile.am index 90aa72c73..f603a781e 100644 --- a/cde/lib/DtSvc/Makefile.am +++ b/cde/lib/DtSvc/Makefile.am @@ -172,3 +172,8 @@ libDtSvc_la_SOURCES = DtCodelibs/buf.C \ DtUtil2/Utility.c \ DtUtil2/XlationSvc.c \ DtUtil2/XmWrap.c + +if HAS_PAM_LIBRARY +libDtSvc_la_SOURCES += DtUtil2/SvcPam.c +libDtSvc_la_LIBADD = $(PAMLIB) +endif diff --git a/cde/lib/Makefile.am b/cde/lib/Makefile.am index 43ff6d236..c6890ecce 100644 --- a/cde/lib/Makefile.am +++ b/cde/lib/Makefile.am @@ -2,7 +2,3 @@ MAINTAINERCLEANFILES = Makefile.in SUBDIRS = DtXinerama tt DtSvc DtSearch DtWidget DtHelp DtPrint DtTerm \ DtMrm csa DtMmdb - -if HAS_PAM_LIBRARY -SUBDIRS += DtPamSvc -endif diff --git a/cde/programs/dtlogin/Makefile.am b/cde/programs/dtlogin/Makefile.am index d4ad631f9..b6f9ae587 100644 --- a/cde/programs/dtlogin/Makefile.am +++ b/cde/programs/dtlogin/Makefile.am @@ -2,14 +2,6 @@ SUBDIRS = config bin_PROGRAMS = dtlogin dtgreet dtchooser -if HAS_PAM_LIBRARY -PAM_LIB = -lpam -DTPAMSVCLIB = $(LIBPAMSVC) -else -PAM_LIB = -DTPAMSVCLIB = -endif - XDMDIR = $(CDE_LOGFILES_TOP) DEF_SERVER = $(XBINDIR)/X @@ -26,11 +18,11 @@ AM_CFLAGS = -DCDE_CONFIGURATION_TOP=\"$(CDE_CONFIGURATION_TOP)\" \ -DXDMDIR=\"$(XDMDIR)\" \ -DKORNSHELL=$(KSH) -DUNIXCONN -DTCPCONN -DXDMCP -dtlogin_SOURCES = access.c account.c auth.c genauth.c daemon.c dm.c \ +dtlogin_SOURCES = access.c auth.c genauth.c daemon.c dm.c \ dpylist.c error.c file.c mitauth.c protodpy.c policy.c \ reset.c server.c session.c socket.c util.c \ verify.c sysauth.c fontpath.c qualify.c choose.c netaddr.c \ - xdmcp.c $(PAM_SRCS) + xdmcp.c # We play a game here with resources.o (dtlogin). It needs special options. noinst_LIBRARIES = libresource.a @@ -57,7 +49,7 @@ dtchooser_SOURCES = chooser.c dtchooser.c vglogo.c vgutil.c vgcallback.c \ vglang.c dtlogin_LDADD = libresource.a $(DTCLIENTLIBS) $(XDMCPLIB) \ - $(XTOOLLIB) $(TIRPCLIB) $(DTPAMSVCLIB) $(PAM_LIB) + $(XTOOLLIB) $(TIRPCLIB) dtgreet_LDADD = $(DTCLIENTLIBS) $(XTOOLLIB) diff --git a/cde/programs/dtlogin/account.c b/cde/programs/dtlogin/account.c deleted file mode 100644 index 6014333e6..000000000 --- a/cde/programs/dtlogin/account.c +++ /dev/null @@ -1,510 +0,0 @@ -/* - * CDE - Common Desktop Environment - * - * Copyright (c) 1993-2012, The Open Group. All rights reserved. - * - * These libraries and programs are free software; you can - * redistribute them and/or modify them under the terms of the GNU - * Lesser General Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * These libraries and programs are distributed in the hope that - * they will be useful, but WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU Lesser General Public License for more - * details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with these libraries and programs; if not, write - * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth - * Floor, Boston, MA 02110-1301 USA - */ -/* $XConsortium: account.c /main/6 1996/10/30 11:12:13 drk $ */ -/* * - * (c) Copyright 1993, 1994 Hewlett-Packard Company * - * (c) Copyright 1993, 1994 International Business Machines Corp. * - * (c) Copyright 1993, 1994 Sun Microsystems, Inc. * - * (c) Copyright 1993, 1994 Novell, Inc. * - */ -/* - * account.c - * - * routines for handling accounting - * - * ex. utmp/wtmp/btmp, user-license restrictions, - * - */ - - -/*************************************************************************** - * - * Includes - * - ***************************************************************************/ - -#include -#include - -#ifdef AIXV3 -#include -#endif - -#include -#if defined (__FreeBSD__) || defined(HAS_PAM_LIBRARY) -#include -#else -#include -#endif - -#include -#include "dm.h" - -#ifdef __PASSWD_ETC -#include "rgy_base.h" -#endif - -#if defined(HAS_PAM_LIBRARY) -# include -#endif - -/*************************************************************************** - * - * External declarations - * - ***************************************************************************/ -#if defined(AIXV3) && !defined(_POWER) -extern void -GetLoginInfo(struct display *d, int *loginType, char *ttyName, char **hostname); -#endif - - - -/*************************************************************************** - * - * Procedure declarations - * - ***************************************************************************/ -#if defined(AIXV3) && !defined(_POWER) -void dt_lastlogin ( char * user, struct lastlogin * llogin); -#endif - - - - -/*************************************************************************** - * - * Global variables - * - ***************************************************************************/ - -#ifdef __PASSWD_ETC -struct rtmp { - char rt_line[8]; /* tty name */ - rgy_$login_name_t rt_name; /* user id (full SID) */ - char rt_host[16]; /* hostname, if remote */ - long rt_time; /* time on */ -}; -#endif - -#ifdef AIXV3 -struct lastlogin { - time_t ftime; - time_t stime; - int fcount; - char user[32]; - char *stty; - char *ftty; - char *shost; - char *fhost; -}; - - -static struct lastlogin last_login; -#endif - - - -/*************************************************************************** - * - * Account - * - * update utmp/wtmp files. - ***************************************************************************/ -void -Account( struct display *d, char *user, char *line, pid_t pid, -#if NeedWidePrototypes - int type, -#else - short type, -#endif /* NeedWidePrototypes */ - waitType exitcode ) -{ -#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY) -#ifdef HAS_PAM_LIBRARY - struct utmpx utmp; /* local struct for new entry */ - struct utmpx *u; /* pointer to entry in utmp file */ -#else - struct utmp utmp; /* local struct for new entry */ - struct utmp *u; /* pointer to entry in utmp file */ -#endif - int fd; - char buf[32]; - char* user_str = user ? user : "NULL"; - char* line_str = line ? line : "NULL"; - -#ifdef __PASSWD_ETC - struct rtmp rtmp; - struct rtmp *r; - int tty_slot; - int rtmp_fd; -#endif - - if (d->utmpId == NULL) return; - - switch (type) { - - case INIT_PROCESS: strcpy(buf, "INIT_PROCESS"); break; - case LOGIN_PROCESS: strcpy(buf, "LOGIN_PROCESS"); break; - case USER_PROCESS: strcpy(buf, "USER_PROCESS"); break; - case DEAD_PROCESS: strcpy(buf, "DEAD_PROCESS"); break; - default: strcpy(buf, "UNKNOWN"); break; - } - - Debug("Account: id=%s, user=%s, line=%s, pid=%d, type=%s\n", - d->utmpId, user_str, line_str, pid, buf); - -#ifdef PAM - PamAccounting("dtlogin", d->name, d->utmpId, user, - line, pid, type, exitcode); -#elif defined(HAS_PAM_LIBRARY) - _DtAccounting("dtlogin", d->name, d->utmpId, user, - line, pid, type, exitcode); -#else -# ifdef SUNAUTH - solaris_accounting("dtlogin", d->name, d->utmpId, user, - line, pid, type, exitcode); -# endif -#endif - -#ifdef sun - return; -#else -#ifdef HAS_PAM_LIBRARY - bzero(&utmp, sizeof(struct utmpx)); -#else - bzero(&utmp, sizeof(struct utmp)); -#endif - - strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id) - 1); - utmp.ut_type = LOGIN_PROCESS; - -#ifdef HAS_PAM_LIBRARY - setutxent(); - if ( (u = getutxid(&utmp)) == NULL ) u = &utmp; -#else - setutent(); - if ( (u = getutid(&utmp)) == NULL ) u = &utmp; -#endif - - /* - * make sure process ID's match if this is DEAD_PROCESS... - * don't update an already DEAD_PROCESS... - */ - - if ((type == DEAD_PROCESS && pid != 0 && u->ut_pid != pid) || - (type == DEAD_PROCESS && u->ut_type == DEAD_PROCESS) ) { - -#ifdef HAS_PAM_LIBRARY - endutxent(); -#else - endutent(); -#endif - return; - } - - - /* - * fill in required fields of utmp structure... - * - * Note: for USER_PRCESS the "e_exit" field is overloaded to contain - * the method for counting this user. This is used later to - * determine if restricted user licenses have been exceeded. - * Currently, an unlimited number of foreign displays can log in. - */ - - if (user) snprintf(u->ut_user, sizeof(u->ut_user), "%s", user); - if (line) { -#ifdef _AIX -/* - For AIX the Init process writes the exact mapped device name for console - to the utmp file (like hft/0), if a getty on /dev/console record exists - in the Inittab file.Hitherto, we need to have a similar logic to make - sure for having the correct entry in the utmp file in order for the correct - operation of the GettyRunning function. It should be noted that by having - the correct value in the d->gettyLine field, the utmp file eventuallly - updated by the Account function in dm.c will have the right value. And - thus the GettyRunning function returns the appropriate value. So, it - is important that the following logic be included here for AIX platform - only. - Raghu Krovvidi 07.06.93 - */ - - if (!strcmp(line,"console")) { - char *ttynm; - int fd=0; - - fd = open("/dev/console",O_RDONLY); - ttynm = ttyname(fd); - ttynm += 5; - strcpy(u->ut_line,ttynm); - close(fd); - } - else - snprintf(u->ut_line, sizeof(u->ut_line), "%s", line); - -#else - snprintf(u->ut_line, sizeof(u->ut_line), "%s", line); -#endif - } - if (pid ) u->ut_pid = pid; - if (type) { - u->ut_type = type; - if (type == DEAD_PROCESS) { -#ifndef HAS_PAM_LIBRARY - u->ut_exit.e_termination = waitSig(exitcode); - u->ut_exit.e_exit = waitCode(exitcode); -#endif -#ifndef SVR4 - (void) memset((char *) u->ut_host, '\0', sizeof(u->ut_host)); -#endif - } - - if (type == LOGIN_PROCESS && d->displayType.location != Local ) { -#ifndef SVR4 - snprintf(u->ut_host, sizeof(u->ut_host), "%s", d->name); -#endif - } - -#ifndef HAS_PAM_LIBRARY - if (type == USER_PROCESS) - u->ut_exit.e_exit = (d->displayType.location == Local ? 1 : 0 ); -#endif - } - -#ifdef HAS_PAM_LIBRARY - { - struct timeval tmp_tv; - (void) gettimeofday(&tmp_tv, NULL); - u->ut_tv.tv_sec = (int32_t)tmp_tv.tv_sec; - u->ut_tv.tv_usec = (int32_t)tmp_tv.tv_usec; - } -#else - (void) time(&u->ut_time); -#endif - - /* - * write to utmp... - * - * (Do not close utmp yet. If "u" points to the static structure, it is - * cleared upon close. This does not bode well for the following write - * to wtmp!) - */ - -#ifdef HAS_PAM_LIBRARY - pututxline(u); -#else - pututline(u); -#endif - - -#ifndef HAS_PAM_LIBRARY - /* - * write the same entry to wtmp... - */ - - if ((fd = open(WTMP_FILE, O_WRONLY | O_APPEND)) >= 0) { - if(-1 == write(fd, u, sizeof(utmp))) { - perror(strerror(errno)); - } - close(fd); - } - - - /* - * close utmp... - */ - - endutent(); -#else - endutxent(); -#endif - -#ifdef __PASSWD_ETC - /* Now fill in the "rgy utmp" struct */ - if (line) strncpy(rtmp.rt_line, u->ut_line, sizeof(u->ut_line)); - bzero(rtmp.rt_host, sizeof(rtmp.rt_host)); - rtmp.rt_time = u->ut_time; - r = &rtmp; - - /* Write entry to rtmp */ - tty_slot = ttyslot(); - - if (tty_slot > 0 && (rtmp_fd = open("/etc/rtmp", O_WRONLY|O_CREAT, 0644)) >= 0) { - lseek(rtmp_fd, (long) (tty_slot * sizeof(struct rtmp)), 0); - write(rtmp_fd, (char *) r, sizeof(struct rtmp)); - close(rtmp_fd); - } -#endif -#if defined(AIXV3) && !defined(_POWER) - /* Log the lastlogin data .. RK 09.13.93 */ - /** in AIX 4.1 this is taken care of during authentication **/ - if(type == USER_PROCESS) { - int loginType; - char tempTtyName[128]; - char *hostname; - - GetLoginInfo(d, &loginType, tempTtyName, &hostname); - time(&last_login.stime); - - if(line) { - Debug("tty_last_login is (line=%s)\n",line); - last_login.stty = (char *)malloc(strlen(line) + 1); - strcpy(last_login.stty,line); - } else { - last_login.stty = (char *)malloc(strlen(tempTtyName) + 1); - strcpy(last_login.stty,tempTtyName); - } - - last_login.shost = (char *) malloc (MAXHOSTNAMELEN); - if (hostname == NULL) { - gethostname (last_login.shost , MAXHOSTNAMELEN); - } else { - strncpy(last_login.shost, hostname, MAXHOSTNAMELEN); - last_login.shost[MAXHOSTNAMELEN -1] = '\0'; - } - - Debug("logging lastlogin entry (user=%s)\n",user); - dt_lastlogin(user,&last_login); - free(last_login.stty); - free(last_login.shost); - } -#endif - -#endif /* !sun */ -#endif /* !CSRG_BASED */ -} - - - - -/*************************************************************************** - * - * UtmpIdOpen - * - * see if a particular utmp ID is available - * - * return codes: 0 = ID is in use - * 1 = ID is open - ***************************************************************************/ - -int -UtmpIdOpen( char *utmpId ) -{ - int status = 1; /* return code */ - -#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY) -#ifdef HAS_PAM_LIBRARY - struct utmpx *u; /* pointer to entry in utmp file */ - - while ( (u = getutxent()) != NULL ) { -#else - struct utmp *u; /* pointer to entry in utmp file */ - - while ( (u = getutent()) != NULL ) { -#endif - - if ( (strncmp(u->ut_id, utmpId, 4) == 0 ) && - u->ut_type != DEAD_PROCESS ) { - - status = 0; - break; - } - } - -#ifdef HAS_PAM_LIBRARY - endutxent(); -#else - endutent(); -#endif -#endif - return (status); -} - - - -#if defined(AIXV3) && !defined(_POWER) -void dt_lastlogin ( user, llogin) -char * user; -struct lastlogin * llogin; -{ - char *tmp_char; - char *tmp_int; - /* - * We are loading all the lastlogin info into a struct and then dealing - * with that so if the technique of storing the values is redone it - * will be easy - */ - /* set id back to root */ - seteuid(0); - /* - * Open up the user data base - */ - setuserdb(S_READ | S_WRITE); - - /* - * setting new unsuccessful login attempts times - */ - if (llogin->ftime) { - /* - * Get the old Failure count and increment it - */ - if (getuserattr(user, S_ULOGCNT, &tmp_int, SEC_INT) != 0) - llogin->fcount = 0; - else - llogin->fcount = (int)tmp_int; - - /* - * put all the new data - */ - putuserattr(user, S_ULASTTTY, llogin->ftty, SEC_CHAR); - llogin->fcount++; - putuserattr(user, S_ULOGCNT, (void *)llogin->fcount, - SEC_INT); - putuserattr(user, S_ULASTTIME, (void *)llogin->ftime, - SEC_INT); - putuserattr(user, S_ULASTHOST, llogin->fhost, SEC_CHAR); - putuserattr(user, NULL, NULL, SEC_COMMIT); - - /* - * Close data base and zero out indicator fields - */ - llogin->ftime = 0; - llogin->fcount = 0; - } - - /* - * New Successful login data - */ - if (llogin->stime) { - putuserattr(user, S_LASTTIME, (void *)llogin->stime, - SEC_INT); - putuserattr(user, S_LASTTTY, llogin->stty, SEC_CHAR); - Debug("hostname logged is %s\n",llogin->shost); - putuserattr(user, S_LASTHOST, llogin->shost, SEC_CHAR); - putuserattr(user, S_ULOGCNT, 0, SEC_INT); - putuserattr(user, NULL, NULL, SEC_COMMIT); - } - enduserdb(); -} -#endif diff --git a/cde/programs/dtlogin/config/Makefile.am b/cde/programs/dtlogin/config/Makefile.am index dd52791c3..d13e09161 100644 --- a/cde/programs/dtlogin/config/Makefile.am +++ b/cde/programs/dtlogin/config/Makefile.am @@ -16,8 +16,8 @@ CPP_TARGETS = 0060.dtsysenv Dtlogin Xaccess Xconfig Xconfig.con \ if HAS_PAM_LIBRARY -CPP_TARGETS += pam/dtlogin -dist_pam_DATA = pam/dtlogin +CPP_TARGETS += dtlogin +dist_pam_DATA = dtlogin if FREEBSD pamdir = /usr/local/etc/pam.d PAM_AUTHENTICATION_MODULE = /usr/local/lib/security/pam_pwauth_suid.so @@ -55,6 +55,16 @@ if BSD AM_CPPFLAGS += -DCSRG_BASED endif +AM_CPPFLAGS += -DSESSREG=$(SESSREG) + +if SET_UTMP_FILE +AM_CPPFLAGS += -DUTMP_FLAG="-u\ $(UTMP_FILE)" +endif + +if SET_WTMP_FILE +AM_CPPFLAGS += -DWTMP_FLAG="-w\ $(WTMP_FILE)" +endif + BUILT_SOURCES = $(CPP_TARGETS) CLEANFILES = $(CPP_TARGETS) @@ -168,7 +178,6 @@ home.session: home.session.src $(RM) $@ $(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@ -pam/dtlogin: pam/dtlogin.src +dtlogin: dtlogin.src $(RM) $@ $(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@ - diff --git a/cde/programs/dtlogin/config/Xreset.src b/cde/programs/dtlogin/config/Xreset.src index c8e1bb6ae..f39c2e723 100644 --- a/cde/programs/dtlogin/config/Xreset.src +++ b/cde/programs/dtlogin/config/Xreset.src @@ -74,3 +74,17 @@ then /bin/rm -f $DTDBFILE fi fi + +#ifdef WTMP_FLAG +wtmp_flag=WTMP_FLAG +#else +wtmp_flag='' +#endif + +#ifdef UTMP_FLAG +utmp_flag=UTMP_FLAG +#else +utmp_flag='' +#endif + +SESSREG -d $wtmp_flag $utmp_flag -l $DISPLAY $USER diff --git a/cde/programs/dtlogin/config/Xstartup.src b/cde/programs/dtlogin/config/Xstartup.src index 3953fc94b..60fc0c36d 100644 --- a/cde/programs/dtlogin/config/Xstartup.src +++ b/cde/programs/dtlogin/config/Xstartup.src @@ -66,5 +66,16 @@ then fi fi +#ifdef WTMP_FLAG +wtmp_flag=WTMP_FLAG +#else +wtmp_flag='' +#endif - +#ifdef UTMP_FLAG +utmp_flag=UTMP_FLAG +#else +utmp_flag='' +#endif + +exec SESSREG -a $wtmp_flag $utmp_flag -l $DISPLAY $USER diff --git a/cde/programs/dtlogin/config/pam/dtlogin.src b/cde/programs/dtlogin/config/dtlogin.src similarity index 100% rename from cde/programs/dtlogin/config/pam/dtlogin.src rename to cde/programs/dtlogin/config/dtlogin.src diff --git a/cde/programs/dtlogin/dm.c b/cde/programs/dtlogin/dm.c index 45e228c3e..7e6d86eab 100644 --- a/cde/programs/dtlogin/dm.c +++ b/cde/programs/dtlogin/dm.c @@ -54,11 +54,6 @@ # include # include # include -#if defined(__FreeBSD__) -# include -#else -# include -#endif # include # include # include @@ -123,7 +118,7 @@ struct passwd puser; /* pseudo-user password entry */ int Rescan; static long ServersModTime, ConfigModTime, AccessFileModTime; int wakeupTime = -1; -char *progName; +char *progPath, *progName; char DisplayName[32]="main"; @@ -147,6 +142,7 @@ void RunChooser(struct display *d); // RunChooser.c int main( int argc, char **argv ) { + char *str; long oldpid; mode_t oldumask; struct passwd *p; /* pointer to passwd structure (pwd.h) */ @@ -166,11 +162,29 @@ main( int argc, char **argv ) /* * save program name and path... */ - - if ( (progName = malloc(strlen(argv[0]) + 1)) != NULL ) - strcpy(progName, argv[0]); - + progPath = strdup(argv[0]); + + if (str = strrchr(progPath, '/')) + { + if (strlen(str) < 2) + { + fprintf(stderr, (char *) + ReadCatalog(MC_ERROR_SET, MC_NO_MEMORY, MC_DEF_NO_MEMORY), + argv[0]); + exit (1); + } + + progName = strdup(++str); + *str = '\0'; + } + else + { + progName = progPath; + progPath = strdup("./"); + } + + /* * Step 1 - load configuration parameters */ @@ -579,14 +593,6 @@ ProcessChildDeath( int pid, waitType status ) if ( (d = FindDisplayByPid (pid)) != 0 ) { d->pid = -1; - /* - * do process accounting... - */ - -#if !defined(CSRG_BASED) - Account(d, NULL, NULL, pid, DEAD_PROCESS, status); -#endif - /* * make sure authorization file is deleted... @@ -714,14 +720,6 @@ ProcessChildDeath( int pid, waitType status ) { d->serverPid = -1; - /* - * do process accounting... - */ - -#if !defined(CSRG_BASED) - Account(d, NULL, NULL, pid, DEAD_PROCESS, status); -#endif - switch (d->status) { case zombie: @@ -894,43 +892,6 @@ StartDisplay( kill (d->serverPid, d->resetSignal); } - /* - * initialize d->utmpId. Check to see if anyone else is using - * the requested ID. Always allow the first request for "dt" to - * succeed as utmp may have become corrupted. - */ - - if (d->utmpId == NULL) { - static int firsttime = 1; - static char letters[] = "0123456789abcdefghijklmnopqrstuvwxyzz"; - char *t; - - d->utmpId = malloc(5); - strcpy(d->utmpId, UTMPREC_PREFIX); - d->utmpId[4] = '\0'; - - t = letters; - - do { - if ( firsttime || UtmpIdOpen(d->utmpId)) { - firsttime = 0; - break; - } - else { - strncpy(&(d->utmpId[strlen(d->utmpId)]), t++, 1); - } - } while (*t != '\0'); - - if (*t == '\0') { - Debug ("All DT utmp IDs already in use. Removing display %s\n", - d->name); - LogError ((unsigned char *)"All DT utmp IDs already in use. Removing display %s\n", - d->name); - RemoveDisplay(d); - return 0; - } - } - /* * set d->gettyLine to "console" for display ":0" if it is not * already set... @@ -1009,46 +970,6 @@ StartDisplay( /* this will only happen when using XDMCP */ if (d->authorizations) SaveServerAuthorizations (d, d->authorizations, d->authNum); - - /* - * Generate a utmp ID address for a foreign display. Use the last - * four characters of the DISPLAY name, shifting left if they - * are already in use... - */ - -#if !defined(CSRG_BASED) - if (d->utmpId == NULL) { - int i; - char *p, *q; - struct utmp *u; - - d->utmpId = malloc(sizeof(u->ut_id) +1); - - i = strlen (d->name); - if (i >= sizeof (u->ut_id)) - i -= sizeof (u->ut_id); - else - i = 0; - - for ( p = d->name, q = d->name + i; p <= q; q-- ) { - (void) strncpy (d->utmpId, q, sizeof (u->ut_id)); - d->utmpId[sizeof(u->ut_id)] = '\0'; - if (UtmpIdOpen(d->utmpId)) - break; - } - -#ifdef DEF_NETWORK_DEV - /* - * If "networkDev" does not start with "/dev/" then foreign - * accounting is turned off. Return utmpId to NULL. - */ - if (networkDev && strncmp(networkDev,"/dev/",5) !=0 ) { - free(d->utmpId); - d->utmpId = NULL; - } -#endif - } -#endif } if (NULL == d->authFile) @@ -1137,9 +1058,6 @@ StartDisplay( devname,line); } } -#endif -#if !defined(CSRG_BASED) - Account(d, "LOGIN", line, getpid(), LOGIN_PROCESS, status); #endif } @@ -1234,10 +1152,6 @@ StopDisplay( struct display *d ) } else if ((d->displayType.location == Local) || !dt_shutdown ) { - /* don't remove the console */ -#if !defined(CSRG_BASED) - Account(d, NULL, NULL, 0, DEAD_PROCESS, status); -#endif RemoveDisplay (d); } } @@ -1505,13 +1419,6 @@ StartGetty( struct display *d ) case 0: CleanUpChild (); - /* - * do process accounting... - */ -#if !defined(CSRG_BASED) - Account(d, "LOGIN", NULL, getpid(), LOGIN_PROCESS, status); -#endif - #ifdef _AIX /* The tty argument for getty on AIX must be of the form "/dev/any tty" @@ -1646,101 +1553,7 @@ GettyMessage( struct display *d, int msgnum ) int GettyRunning( struct display *d ) { -#if defined(__FreeBSD__) - struct utmpx utmp; /* local struct for new entry */ - struct utmpx *u; /* pointer to entry in utmp file */ -#else - struct utmp utmp; /* local struct for new entry */ - struct utmp *u; /* pointer to entry in utmp file */ -#endif - - int rvalue; /* return value (TRUE or FALSE) */ - char buf[32]; - - d->gettyState = DM_GETTY_NONE; - - /* - * check to see if we have a valid device (at least a non-null name)... - */ - - if ( d->gettyLine && - (strlen(d->gettyLine) > 0) && - (strcmp(d->gettyLine,"??") != 0) ) - ; - else - return FALSE; - - -#if defined(__FreeBSD__) - bzero(&utmp, sizeof(struct utmpx)); -#else - bzero(&utmp, sizeof(struct utmp)); -#endif - -#ifdef _AIX - if (!strcmp(d->gettyLine,"console")) { - char *ttynm; - int fd=0; - - fd = open("/dev/console",O_RDONLY); - ttynm = ttyname(fd); - ttynm += 5; - strcpy(utmp.ut_line,ttynm); - close(fd); - } - else - { - strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1); - utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0; - } - -#else - strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1); - utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0; -#endif - - Debug("Checking for a getty on line %s.\n", utmp.ut_line); - -#if !defined(CSRG_BASED) - setutent(); - - rvalue = FALSE; - - while ( (u = getutent()) != NULL ) { - - if ((strncmp(u->ut_line, utmp.ut_line, sizeof(u->ut_line)) != 0) || - (strncmp(u->ut_id, d->utmpId, sizeof(u->ut_id)) == 0) ) - continue; - - switch (u->ut_type) { - - case INIT_PROCESS: strcpy(buf, "INIT_PROCESS"); break; - case LOGIN_PROCESS: strcpy(buf, "LOGIN_PROCESS"); break; - case USER_PROCESS: strcpy(buf, "USER_PROCESS"); break; - case DEAD_PROCESS: strcpy(buf, "DEAD_PROCESS"); break; - default: strcpy(buf, "UNKNOWN"); break; - } - - Debug("Utmp info: id=%.4s, user=%s, line=%s, pid=%d, type=%s\n", - u->ut_id, u->ut_user, u->ut_line, u->ut_pid, buf); - - if ( u->ut_type == INIT_PROCESS || u->ut_type == LOGIN_PROCESS) { - d->gettyState = DM_GETTY_LOGIN; - } - else if (wakeupTime <= 0 && u->ut_type == USER_PROCESS) { - d->gettyState = DM_GETTY_USER; - } - - if (d->gettyState != DM_GETTY_NONE) - { - rvalue = TRUE; - break; - } - } - - endutent(); -#endif /* !CSRG_BASED */ - return rvalue; + return FALSE; } diff --git a/cde/programs/dtlogin/fontpath.c b/cde/programs/dtlogin/fontpath.c index 591c7fe6d..5be455023 100644 --- a/cde/programs/dtlogin/fontpath.c +++ b/cde/programs/dtlogin/fontpath.c @@ -39,11 +39,6 @@ # include # include # include -#if defined(__FreeBSD__) -# include -#else -# include -#endif # include "vgproto.h" /* diff --git a/cde/programs/dtlogin/session.c b/cde/programs/dtlogin/session.c index c7bb5fb4b..4dc3b7da1 100644 --- a/cde/programs/dtlogin/session.c +++ b/cde/programs/dtlogin/session.c @@ -67,11 +67,6 @@ # include # include # include -#if defined(__FreeBSD__) || defined(HAS_PAM_LIBRARY) -# include -#else -# include -#endif #include #include #include @@ -104,7 +99,8 @@ #endif #ifdef HAS_PAM_LIBRARY -#include
+#include +#include
#endif int ApplyFontPathMods(struct display *d, Display *dpy); // fontpath.c @@ -170,7 +166,8 @@ struct greet_state { }; char *globalDisplayName; -extern char *progName; /* Global argv[0]; dtlogin name and path */ +extern char *progPath; /* dtlogin path */ +extern char *progName; /* dtlogin name */ /*************************************************************************** * @@ -314,9 +311,10 @@ SessionPingFailed( struct display *d ) #endif #if !defined(sun) && defined(HAS_PAM_LIBRARY) - Account(d, user, NULL, clientPid, DEAD_PROCESS, 0); + _DtSvcPamCloseSession(progName, user, d->name); #endif } + SessionExit (d, RESERVER_DISPLAY); } @@ -639,7 +637,7 @@ ManageSession( struct display *d ) #endif #if !defined(sun) && defined(HAS_PAM_LIBRARY) - Account(d, user, NULL, clientPid, DEAD_PROCESS, 0); + _DtSvcPamCloseSession(progName, user, d->name); #endif SessionExit (d, OBEYSESS_DISPLAY); @@ -1186,6 +1184,8 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp ) long ngroups, groups[NGROUPS]; #endif /* __AFS */ + gid_t gid; + if (verify->argv) { Debug ("StartSession %s: ", verify->argv[0]); for (f = verify->argv; *f; f++) { @@ -1267,8 +1267,8 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp ) } #endif -#if !defined(sun) && (!defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY)) - Account(d, user, NULL, getpid(), USER_PROCESS, 0); +#if !defined(sun) && defined(HAS_PAM_LIBRARY) + _DtSvcPamOpenSession(progName, user, d->name); #endif #ifdef AIXV3 @@ -1350,16 +1350,32 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp ) return(0); } #elif defined(HAS_PAM_LIBRARY) - char *prog_name = strrchr(progName, '/'); - if (!prog_name || _DtSetCred(prog_name + 1, user, verify->uid, #ifdef NGROUPS - verify->groups[0] + gid = verify->groups[0]; #else - verify->gid + gid = verify->gid; #endif - ) > 0 ) { - Debug("Can't set User's Credentials (user=%s)\n",user); - return(0); + + if (setgid(gid) == -1) { + Debug("setgid %d (user \"%s\") failed: %s\n", + gid, user, strerror(errno)); + return 0; + } + + if (initgroups(user, gid) == -1) { + Debug("initgroups for \"%s\" failed: %s\n", user, strerror(errno)); + return 0; + } + + if (setuid(verify->uid) == -1) { + Debug("setuid %d (user \"%s\") failed: %s\n", + verify->uid, user, strerror(errno)); + return 0; + } + + if (_DtSvcPamSetcred(progName, user, d->name) != PAM_SUCCESS) { + Debug("Can't set User's Credentials (user=%s)\n",user); + return 0; } #endif @@ -2010,13 +2026,7 @@ RunGreeter( struct display *d, struct greet_info *greet, * figure out path to dtgreet... */ - snprintf(msg, sizeof(msg), "%s", progName); - - if ((p = (char *) strrchr(msg, '/')) == NULL) - strcpy(msg,"./"); - else - *(++p) = '\0'; - + snprintf(msg, sizeof(msg), "%s", progPath); strcat(msg,"dtgreet"); execle(msg, "dtgreet", "-display", d->name, (char *)0, env); diff --git a/cde/programs/dtlogin/sysauth.c b/cde/programs/dtlogin/sysauth.c index 59c476a70..749a84a89 100644 --- a/cde/programs/dtlogin/sysauth.c +++ b/cde/programs/dtlogin/sysauth.c @@ -79,7 +79,11 @@ #if defined(PAM) || defined(HAS_PAM_LIBRARY) #include +#ifdef PAM #include "pam_svc.h" +#else +#include
+#endif #endif #ifdef _AIX @@ -175,6 +179,8 @@ Audit( struct passwd *p, char *msg, int errnum ) int Authenticate( struct display *d, char *name, char *passwd, char **msg ) { + extern char *progName; + int status; char* ttyLine = d->gettyLine; @@ -208,13 +214,11 @@ Authenticate( struct display *d, char *name, char *passwd, char **msg ) */ #if defined(PAM) || defined(HAS_PAM_LIBRARY) - status = #ifdef PAM - PamAuthenticate + status = PamAuthenticate("dtlogin", d->name, passwd, name, ttyLine); #else - _DtAuthentication + status = _DtSvcPamAuthenticate(progName, name, d->name, passwd); #endif - ("dtlogin", d->name, passwd, name, ttyLine); switch(status) { case PAM_SUCCESS: diff --git a/cde/programs/dtlogin/vgmain.c b/cde/programs/dtlogin/vgmain.c index 53b26a017..0998fc113 100644 --- a/cde/programs/dtlogin/vgmain.c +++ b/cde/programs/dtlogin/vgmain.c @@ -1903,6 +1903,7 @@ if ( session_menu != NULL ) { } +#if 0 /* * [ No Windows ] menu pane... */ @@ -1920,6 +1921,7 @@ if ( session_menu != NULL ) { if (getenv(LOCATION) == NULL || strcmp(getenv(LOCATION), "local") != 0 ) XtSetSensitive(options_item[j], False); j++; +#endif /* diff --git a/cde/programs/dtsession/SmLock.c b/cde/programs/dtsession/SmLock.c index a8c476fe5..c644f153c 100644 --- a/cde/programs/dtsession/SmLock.c +++ b/cde/programs/dtsession/SmLock.c @@ -86,7 +86,8 @@ #endif #ifdef HAS_PAM_LIBRARY -#include
+#include +#include
#endif #include "Sm.h" @@ -1622,7 +1623,8 @@ localAuthenticate( if (!(service = strrchr(smGD.programName, '/'))) return False; - return !_DtAuthentication(service + 1, NULL, passwd, pwent->pw_name, NULL); + return _DtSvcPamAuthenticate(service + 1, pwent->pw_name, NULL, passwd) == + PAM_SUCCESS; } #elif defined(SIA) diff --git a/cde/programs/dtsession/config/Makefile.am b/cde/programs/dtsession/config/Makefile.am index 392a60547..dc597d585 100644 --- a/cde/programs/dtsession/config/Makefile.am +++ b/cde/programs/dtsession/config/Makefile.am @@ -1,7 +1,7 @@ MAINTAINERCLEANFILES = Makefile.in if HAS_PAM_LIBRARY -CPP_TARGET = pam/dtsession +CPP_TARGET = dtsession dist_pam_DATA = $(CPP_TARGET) if FREEBSD pamdir = /usr/local/etc/pam.d @@ -19,6 +19,6 @@ endif BUILT_SOURCES = $(CPP_TARGET) CLEANFILES = $(CPP_TARGET) -pam/dtsession: pam/dtsession.src +dtsession: dtsession.src $(RM) $@ $(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@ diff --git a/cde/programs/dtsession/config/pam/dtsession.src b/cde/programs/dtsession/config/dtsession.src similarity index 100% rename from cde/programs/dtsession/config/pam/dtsession.src rename to cde/programs/dtsession/config/dtsession.src