search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rebuild geeqie
[oi-userland.git] / components / desktop / lightdm / patches / 20-sdtlogin.patch
blob3627adbd2206ad1faa39085b1030957185596b4d
1 Use /var/dt/sdtlogin pipe, created by xorg server, to send user ids,
2 so that server could drop privileges.
3
4 --- lightdm-1.19.3/src/session-child.c.~8~ 2017-10-25 09:04:02.187093081 +0000
5 +++ lightdm-1.19.3/src/session-child.c 2017-10-25 09:09:14.198153389 +0000
6 @@ -216,6 +216,116 @@
7 g_free(save_dir);
8 }
9
10 +static void
11 +solaris_xserver_cred (const char *username, uid_t uid, gid_t gid, const char *home_dir,
12 + const char *xdisplay)
13 +{
14 + static FILE *fp;
15 + struct stat statbuf;
16 + gid_t groups[NGROUPS_UMAX];
17 + char *tmp, *p, pipe[MAXPATHLEN], info[MAXPATHLEN];
18 + int display_number = 0;
19 + int fd, i;
20 + int ngroups;
21 +
22 + if (fp == NULL) { /* Open & setup fp on first access */
23 + /*
24 + * Handshake with server. Make sure it created a pipe.
25 + * Open and write.
26 + */
27 + if ((tmp = strstr (xdisplay, ":")) != NULL) {
28 + tmp++;
29 + display_number = g_ascii_strtod (tmp, &p);
30 +
31 + if (errno != 0) {
32 + g_warning ("solaris_xserver_cred: problem"
33 + " getting display number\n");
34 + return;
35 + }
36 + }
37 +
38 + if (stat (SDTLOGIN_DIR, &statbuf) == 0) {
39 + if (! S_ISDIR(statbuf.st_mode)) {
40 + g_warning ("solaris_xserver_cred: %s is not"
41 + " a directory\n", SDTLOGIN_DIR);
42 + return;
43 + }
44 + } else {
45 + g_warning ("solaris_xserver_cred: %s: %s\n",
46 + SDTLOGIN_DIR, g_strerror(errno));
47 + return;
48 + }
49 +
50 + snprintf (pipe, sizeof(pipe), "%s/%d",
51 + SDTLOGIN_DIR, display_number);
52 + fd = open (pipe, O_RDWR | O_CLOEXEC | O_NOFOLLOW);
53 +
54 + if (fd < 0) {
55 + g_warning ("solaris_xserver_cred: could not open"
56 + " %s: %s\n", pipe, g_strerror(errno));
57 + return;
58 + }
59 + if (fstat (fd, &statbuf) == 0 ) {
60 + if (! S_ISFIFO(statbuf.st_mode)) {
61 + close (fd);
62 + g_warning ("solaris_xserver_cred: %s is not"
63 + " a pipe\n", pipe);
64 + return;
65 + }
66 + } else {
67 + close (fd);
68 + g_warning ("solaris_xserver_cred: %s: %s\n",
69 + pipe, g_strerror(errno));
70 + return;
71 + }
72 + fp = fdopen (fd, "w");
73 + if (fp == NULL) {
74 + close (fd);
75 + g_warning ("solaris_xserver_cred: could not fdopen"
76 + " %s: %s\n", pipe, g_strerror(errno));
77 + return;
78 + }
79 + }
80 +
81 + snprintf (info, sizeof(info), "GID=\"%d\"; ", gid);
82 + fputs (info, fp);
83 + g_debug ("solaris_xserver_cred: %s\n", info);
84 +
85 + if (initgroups (username, gid) == -1) {
86 + ngroups = 0;
87 + } else {
88 + ngroups = getgroups (NGROUPS_UMAX, groups);
89 + }
90 +
91 + for (i=0; i < ngroups; i++) {
92 + snprintf (info, sizeof(info), "G_LIST_ID=\"%u\" ", groups[i]);
93 + fputs (info, fp);
94 + g_debug ("solaris_xserver_cred: %s\n", info);
95 + }
96 +
97 + if (ngroups > 0) {
98 + fputc (';', fp);
99 + }
100 +
101 + snprintf (info, sizeof(info), " HOME=\"%s\" ", home_dir);
102 + fputs (info, fp);
103 + g_debug ("solaris_xserver_cred: %s\n", info);
104 +
105 + snprintf (info, sizeof(info), " UID=\"%d\" EOF=\"\";",
106 + uid);
107 + fputs (info, fp);
108 + g_debug ("solaris_xserver_cred: %s\n", info);
109 +
110 + /*
111 + * Handshake with server. Make sure it read the pipe.
112 + *
113 + * Do not close file descriptor, but leave it open for further use.
114 + */
115 + fflush (fp);
116 +
117 + return;
118 +}
119 +
120 static gchar *
121 read_string (void)
122 {
123 @@ -813,6 +813,13 @@ session_child_run (int argc, char **argv
124 uid_t uid = user_get_uid (user);
125 gid_t gid = user_get_gid (user);
126 const gchar *home_directory = user_get_home_directory (user);
127 +
128 +#ifdef __sun
129 + if (xdisplay) { /* Should always be true */
130 + solaris_xserver_cred (username, uid, gid, home_directory, xdisplay);
131 + }
132 +#endif
133 +
134 child_pid = fork ();
135 if (child_pid == 0)
136 {
137 --- lightdm-1.19.3/common/configuration.h.1 2017-10-25 08:43:04.689998057 +0000
138 +++ lightdm-1.19.3/common/configuration.h 2017-10-25 08:44:56.582620720 +0000
139 @@ -12,6 +12,15 @@
140 #ifndef CONFIGURATION_H_
141 #define CONFIGURATION_H_
142
143 +/*
144 + * Perhaps, it's not the best place for it, but it's the only common header
145 + * of lightdm.c and sesion-child.c
146 + */
147 +#ifdef __sun
148 +#define DT_DIR "/var/dt"
149 +#define SDTLOGIN_DIR "/var/dt/sdtlogin"
150 +#endif
151 +
152 #include <glib-object.h>
153
154 G_BEGIN_DECLS
155 --- lightdm-1.19.3/src/lightdm.c.~4~ 2017-10-25 09:12:24.672787804 +0000
156 +++ lightdm-1.19.3/src/lightdm.c 2017-10-25 11:05:49.884502470 +0000
157 @@ -16,6 +16,7 @@
158 #include <sys/stat.h>
159 #include <glib.h>
160 #include <glib/gi18n.h>
161 +#include <glib/gstdio.h>
162 #include <unistd.h>
163 #include <fcntl.h>
164 #include <sys/stat.h>
165 @@ -884,6 +884,23 @@
166 g_warning ("Failed to make cache directory %s: %s", dir, strerror (errno));
167 g_free (dir);
168
169 +#ifdef __sun
170 + {
171 + struct stat statbuf;
172 + int r;
173 +
174 + r = stat (DT_DIR, &statbuf);
175 + if (r < 0) {
176 + g_mkdir (DT_DIR, 0755);
177 + }
178 +
179 + r = stat (SDTLOGIN_DIR, &statbuf);
180 + if (r < 0) {
181 + g_mkdir (SDTLOGIN_DIR, 0700);
182 + }
183 + }
184 +#endif
185 +
186 log_init ();
187
188 /* Show queued messages once logging is complete */