'branches/KDE/3.5/kdebase/kdm/backend'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    branches/KDE/3.5/kdebase/kdm/backend
From:       Oswald Buddenhagen <ossi () kde ! org>
Date:       2006-11-01 22:54:25
Message-ID: 1162421665.306830.22985.nullmailer () svn ! kde ! org
[Download RAW message or body]

SVN commit 601065 by ossi:

backport: shuffle around the non-pam login restrictions code


 M  +105 -108  client.c  


--- branches/KDE/3.5/kdebase/kdm/backend/client.c #601064:601065
@@ -51,7 +51,6 @@
 #endif
 #ifdef HAVE_SETUSERCONTEXT
 # include <login_cap.h>
-# define USE_LOGIN_CAP 1
 #endif
 #ifdef USE_PAM
 # ifdef HAVE_PAM_PAM_APPL_H
@@ -101,6 +100,13 @@
 char *newdmrc;
 
 static struct passwd *p;
+#ifdef HAVE_SETUSERCONTEXT
+# ifdef HAVE_LOGIN_GETCLASS
+login_cap_t *lc;
+# else
+struct login_cap *lc;
+# endif
+#endif
 #ifdef USE_PAM
 static pam_handle_t *pamh;
 #elif defined(_AIX)
@@ -410,7 +416,7 @@
 	return 0;
 }
 
-#if !defined(USE_PAM) && !defined(_AIX) && defined(USE_LOGIN_CAP)
+#if !defined(USE_PAM) && !defined(_AIX) && defined(HAVE_SETUSERCONTEXT)
 # define LC_RET0 do { login_close(lc); return 0; } while(0)
 #else
 # define LC_RET0 return 0
@@ -438,13 +444,6 @@
 # if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
 	int tim, expir, warntime, quietlog;
 # endif
-# ifdef USE_LOGIN_CAP
-#  ifdef HAVE_LOGIN_GETCLASS
-	login_cap_t *lc;
-#  else
-	struct login_cap *lc;
-#  endif
-# endif
 #endif
 
 	Debug( "Verify ...\n" );
@@ -744,23 +743,11 @@
 	if (msg)
 		free( (void *)msg );
 
-#else /* USE_PAM || _AIX */
+#endif /* USE_PAM || _AIX */
 
-# ifdef HAVE_GETUSERSHELL
-	for (;;) {
-		if (!(s = getusershell())) {
-			Debug( "shell not in /etc/shells\n" );
-			endusershell();
-			V_RET_FAIL( "Your login shell is not listed in /etc/shells" );
-		}
-		if (!strcmp( s, p->pw_shell )) {
-			endusershell();
-			break;
-		}
-	}
-# endif
+#ifndef _AIX
 
-# ifdef USE_LOGIN_CAP
+# ifdef HAVE_SETUSERCONTEXT
 #  ifdef HAVE_LOGIN_GETCLASS
 	lc = login_getclass( p->pw_class );
 #  else
@@ -768,106 +755,45 @@
 #  endif
 	if (!lc)
 		V_RET_FAIL( 0 );
-# endif
 
-
-/* restrict_nologin */
-# ifndef _PATH_NOLOGIN
-#  define _PATH_NOLOGIN "/etc/nologin"
+	p->pw_shell = login_getcapstr( lc, "shell", p->pw_shell, p->pw_shell );
 # endif
 
-	if ((
-# ifdef USE_LOGIN_CAP
-	     /* Do we ignore a nologin file? */
-	     !login_getcapbool( lc, "ignorenologin", 0 )) &&
-	    (!stat( (nolg = login_getcapstr( lc, "nologin", "", NULL )), &st ) ||
-# endif
-		 !stat( (nolg = _PATH_NOLOGIN), &st )))
-	{
-		PrepErrorGreet();
-		GSendInt( V_MSG_ERR );
-		if (st.st_size && (fd = open( nolg, O_RDONLY )) >= 0) {
-			if ((buf = Malloc( st.st_size + 1 ))) {
-				if (read( fd, buf, st.st_size ) == st.st_size) {
-					buf[st.st_size] = 0;
-					GSendStr( buf );
-					free( buf );
-					close( fd );
-					GSendInt( V_FAIL );
-					LC_RET0;
-				}
-				free( buf );
-			}
-			close( fd );
-		}
-		GSendStr( "Logins are not allowed at the moment.\nTry again later" );
-		GSendInt( V_FAIL );
-		LC_RET0;
-	}
+# ifndef USE_PAM
 
+/* restrict_expired */
+#  if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
 
-/* restrict_nohome */
-# ifdef USE_LOGIN_CAP
-	if (login_getcapbool( lc, "requirehome", 0 )) {
-		struct stat st;
-		if (!*p->pw_dir || stat( p->pw_dir, &st ) || st.st_uid != p->pw_uid) {
-			PrepErrorGreet();
-			GSendInt( V_MSG_ERR );
-			GSendStr( "Home folder not available" );
-			GSendInt( V_FAIL );
-			LC_RET0;
-		}
-	}
-# endif
-
-
-/* restrict_time */
-# ifdef USE_LOGIN_CAP
-#  ifdef HAVE_AUTH_TIMEOK
-	if (!auth_timeok( lc, time( NULL ) )) {
-		PrepErrorGreet();
-		GSendInt( V_MSG_ERR );
-		GSendStr( "You are not allowed to login at the moment" );
-		GSendInt( V_FAIL );
-		LC_RET0;
-	}
-#  endif
-# endif
-
-
-/* restrict_expired; this MUST be the last one */
-# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
-
-#  if !defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || (!defined(USE_LOGIN_CAP) && defined(USESHADOW))
+#   if !defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || (!defined(HAVE_SETUSERCONTEXT) && defined(USESHADOW))
 	if (sp)
-#  endif
+#   endif
 	{
 
-#  define DEFAULT_WARN	(2L * 7L)  /* Two weeks */
+#   define DEFAULT_WARN	(2L * 7L)  /* Two weeks */
 
 		tim = time( NULL ) / 86400L;
 
-#  ifdef USE_LOGIN_CAP
+#   ifdef HAVE_SETUSERCONTEXT
 		quietlog = login_getcapbool( lc, "hushlogin", 0 );
 		warntime = login_getcaptime( lc, "warnexpire",
 		                             DEFAULT_WARN * 86400L,
 		                             DEFAULT_WARN * 86400L ) / 86400L;
-#  else
+#   else
 		quietlog = 0;
-#	ifdef USESHADOW
+#    ifdef USESHADOW
 		warntime = sp->sp_warn != -1 ? sp->sp_warn : DEFAULT_WARN;
-#	else
+#    else
 		warntime = DEFAULT_WARN;
-#	endif
-#  endif
+#    endif
+#   endif
 
-#  ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+#   ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
 		if (p->pw_expire) {
 			expir = p->pw_expire / 86400L;
-#  else
+#   else
 		if (sp->sp_expire != -1) {
 			expir = sp->sp_expire;
-#  endif
+#   endif
 			if (tim > expir) {
 				PrepErrorGreet();
 				GSendInt( V_MSG_ERR );
@@ -888,10 +814,10 @@
 			}
 		}
 
-#  ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+#   ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
 		if (p->pw_change) {
 			expir = p->pw_change / 86400L;
-#  else
+#   else
 		if (!sp->sp_lstchg) {
 			PrepErrorGreet();
 			GSendInt( V_MSG_ERR );
@@ -910,7 +836,7 @@
 				GSendInt( V_FAIL );
 				LC_RET0;
 			}
-#  endif
+#   endif
 			if (tim > expir) {
 				PrepErrorGreet();
 				GSendInt( V_MSG_ERR );
@@ -934,13 +860,84 @@
 
 	}
 
-# endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE || USESHADOW */
+#  endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE || USESHADOW */
 
-# ifdef USE_LOGIN_CAP
-	login_close( lc );
+/* restrict_nologin */
+#  ifndef _PATH_NOLOGIN
+#   define _PATH_NOLOGIN "/etc/nologin"
+#  endif
+
+	if ((
+#  ifdef HAVE_SETUSERCONTEXT
+	     /* Do we ignore a nologin file? */
+	     !login_getcapbool( lc, "ignorenologin", 0 )) &&
+	    (!stat( (nolg = login_getcapstr( lc, "nologin", "", NULL )), &st ) ||
+#  endif
+		 !stat( (nolg = _PATH_NOLOGIN), &st )))
+	{
+		PrepErrorGreet();
+		GSendInt( V_MSG_ERR );
+		if (st.st_size && (fd = open( nolg, O_RDONLY )) >= 0) {
+			if ((buf = Malloc( st.st_size + 1 ))) {
+				if (read( fd, buf, st.st_size ) == st.st_size) {
+					buf[st.st_size] = 0;
+					GSendStr( buf );
+					free( buf );
+					close( fd );
+					GSendInt( V_FAIL );
+					LC_RET0;
+				}
+				free( buf );
+			}
+			close( fd );
+		}
+		GSendStr( "Logins are not allowed at the moment.\nTry again later" );
+		GSendInt( V_FAIL );
+		LC_RET0;
+	}
+
+/* restrict_time */
+#  if defined(HAVE_SETUSERCONTEXT) && defined(HAVE_AUTH_TIMEOK)
+	if (!auth_timeok( lc, time( NULL ) )) {
+		PrepErrorGreet();
+		GSendInt( V_MSG_ERR );
+		GSendStr( "You are not allowed to login at the moment" );
+		GSendInt( V_FAIL );
+		LC_RET0;
+	}
+#  endif
+
+#  ifdef HAVE_GETUSERSHELL
+	for (;;) {
+		if (!(s = getusershell())) {
+			Debug( "shell not in /etc/shells\n" );
+			endusershell();
+			V_RET_FAIL( "Your login shell is not listed in /etc/shells" );
+		}
+		if (!strcmp( s, p->pw_shell )) {
+			endusershell();
+			break;
+		}
+	}
+#  endif
+
+# endif /* !USE_PAM */
+
+/* restrict_nohome */
+# ifdef HAVE_SETUSERCONTEXT
+	if (login_getcapbool( lc, "requirehome", 0 )) {
+		struct stat st;
+		if (!*p->pw_dir || stat( p->pw_dir, &st ) || st.st_uid != p->pw_uid) {
+			PrepErrorGreet();
+			GSendInt( V_MSG_ERR );
+			GSendStr( "Home folder not available" );
+			GSendInt( V_FAIL );
+			LC_RET0;
+		}
+	}
 # endif
 
-#endif /* USE_PAM || _AIX */
+#endif /* !_AIX */
 
 	return 1;
 
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic