[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: KDE/kdebase/workspace/kdm
From: Oswald Buddenhagen <ossi () kde ! org>
Date: 2010-02-28 20:38:38
Message-ID: 1267389518.063520.31681.nullmailer () svn ! kde ! org
[Download RAW message or body]
SVN commit 1097267 by ossi:
add ServerUID option
M +4 -0 ChangeLog
M +38 -0 backend/client.c
M +1 -0 backend/dm.h
M +4 -0 backend/server.c
M +9 -0 config.def
M +45 -21 kfrontend/genkdmconf.c
--- trunk/KDE/kdebase/workspace/kdm/ChangeLog #1097266:1097267
@@ -2,6 +2,10 @@
startup and packaging. Bug fixes are not listed, and feature changes only
if they affect the configuration.
+2010-02-28 Oswald Buddenhagen <ossi@kde.org>
+
+ * Made it possible to run X server as non-root. Option ServerUID.
+
2009-10-17 Oswald Buddenhagen <ossi@kde.org>
* Made input grabbing optional. Option GrabInput.
--- trunk/KDE/kdebase/workspace/kdm/backend/client.c #1097266:1097267
@@ -1115,6 +1115,44 @@
return False;
}
+int
+changeUser( const char *user, const char *authfile )
+{
+ struct passwd *pw;
+ char *ok;
+ int uid;
+
+ if (!*user)
+ return True;
+
+ if (!(pw = getpwnam( user ))) {
+ uid = strtol( user, &ok, 10 );
+ if (*ok || !(pw = getpwuid( uid ))) {
+ logError( "no user like %'s\n", user );
+ return False;
+ }
+ }
+
+ if (authfile && chown( authfile, pw->pw_uid, pw->pw_gid ))
+ logWarn( "chmod for %s failed: %m\n", authfile );
+
+#ifdef AIXV3
+ if (setpcred( user, NULL )) {
+ logError( "setusercontext for %s failed: %m\n", user );
+ return False;
+ }
+ return True;
+#elif defined(HAS_SETUSERCONTEXT)
+ if (setusercontext( NULL, pw, pw->pw_uid, LOGIN_SETALL )) {
+ logError( "setpcred for %s failed: %m\n", user );
+ return False;
+ }
+ return True;
+#else
+ return setUser( user, pw->pw_uid, pw->pw_gid );
+#endif
+}
+
#if defined(SECURE_RPC) || defined(K5AUTH)
static void
nukeAuth( int len, const char *name )
--- trunk/KDE/kdebase/workspace/kdm/backend/dm.h #1097266:1097267
@@ -507,6 +507,7 @@
void clientExited( void );
void sessionExit( int status ) ATTR_NORETURN;
int readDmrc( void );
+int changeUser( const char *user, const char *authfile );
extern char **userEnviron, **systemEnviron;
extern char *curuser, *curpass, *curtype, *newpass,
*dmrcuser, *curdmrc, *newdmrc;
--- trunk/KDE/kdebase/workspace/kdm/backend/server.c #1097266:1097267
@@ -65,6 +65,10 @@
sprintf( vtstr, "vt%d", d->serverVT ) )))
exit( 47 );
#endif
+
+ if (!changeUser( d->serverUID, d->authFile ))
+ exit( 49 );
+
return argv;
}
--- trunk/KDE/kdebase/workspace/kdm/config.def #1097266:1097267
@@ -1412,6 +1412,15 @@
<literal>/dev/</literal>) for activity. If the line is not used for some time,
&kdm; switches back to the X login.
+Key: ServerUID
+Type: string
+Default: ""
+User: core
+Instance: #:*/"_x11"
+Comment: &
+Description:
+ The user the &X-Server; should run as. Empty results in <systemitem class="username">root</systemitem>.
+
Key: PingInterval
Type: int
Default: 5
--- trunk/KDE/kdebase/workspace/kdm/kfrontend/genkdmconf.c #1097266:1097267
@@ -1109,8 +1109,6 @@
#endif
-/* TODO: handle solaris' local_uid specs */
-
static char *
readWord( File *file, int EOFatEOL )
{
@@ -1301,15 +1299,19 @@
return rs;
}
+typedef enum { InvalidDpy, LocalDpy, LocalUidDpy, ForeignDpy } DisplayMatchType;
+
static struct displayMatch {
const char *name;
- int len, local;
+ int len;
+ DisplayMatchType type;
} displayTypes[] = {
- { "local", 5, True },
- { "foreign", 7, False },
+ { "local", 5, LocalDpy },
+ { "local_uid", 9, LocalUidDpy },
+ { "foreign", 7, ForeignDpy },
};
-static int
+static DisplayMatchType
parseDisplayType( const char *string, const char **atPos )
{
struct displayMatch *d;
@@ -1321,19 +1323,32 @@
{
if (string[d->len] == '@' && string[d->len + 1])
*atPos = string + d->len + 1;
- return d->local;
+ return d->type;
}
}
- return -1;
+ return InvalidDpy;
}
typedef struct serverEntry {
struct serverEntry *next;
- const char *name, *class2, *console, *argvs, *arglvs;
+ const char *name, *class2, *console, *owner, *argvs, *arglvs;
StrList *argv, *arglv;
- int local, reserve, vt;
+ DisplayMatchType type;
+ int reserve, vt;
} ServerEntry;
+static int
+mstrcmp( const char *s1, const char *s2 )
+{
+ if (s1 == s2)
+ return 0;
+ if (!s1)
+ return -1;
+ if (!s2)
+ return 1;
+ return strcmp( s1, s2 );
+}
+
static void
absorbXservers( const char *sect ATTR_UNUSED, char **value )
{
@@ -1343,7 +1358,7 @@
StrList **argp, **arglp, *ap, *ap2;
File file;
int nldpys = 0, nrdpys = 0, dpymask = 0;
- int cpcmd, cpcmdl;
+ int cpuid, cpcmd, cpcmdl;
#ifdef HAVE_VTS
int dn, cpvt, mtty;
#endif
@@ -1367,23 +1382,26 @@
se->name = word;
if (!(word = readWord( &file, 1 )))
continue;
- se->local = parseDisplayType( word, &se->console );
- if (se->local < 0) {
+ se->type = parseDisplayType( word, &se->console );
+ if (se->type == InvalidDpy) {
se->class2 = word;
if (!(word = readWord( &file, 1 )))
continue;
- se->local = parseDisplayType( word, &se->console );
- if (se->local < 0) {
+ se->type = parseDisplayType( word, &se->console );
+ if (se->type == InvalidDpy) {
while (readWord( &file, 1 ));
continue;
}
}
+ if (se->type == LocalUidDpy)
+ if (!(se->owner = readWord( &file, 1 )))
+ continue;
word = readWord( &file, 1 );
if (word && !strcmp( word, "reserve" )) {
se->reserve = True;
word = readWord( &file, 1 );
}
- if (se->local != (word != 0))
+ if ((se->type != ForeignDpy) != (word != 0))
continue;
argp = &se->argv;
arglp = &se->arglv;
@@ -1422,7 +1440,7 @@
word = readWord( &file, 1 );
}
*argp = *arglp = 0;
- if (se->local) {
+ if (se->type != ForeignDpy) {
nldpys++;
dpymask |= 1 << atoi( se->name + 1 );
if (se->reserve)
@@ -1438,7 +1456,7 @@
cpvt = False;
getInitTab();
for (se = serverList, mtty = maxTTY; se; se = se->next)
- if (se->local) {
+ if (se->type != ForeignDpy) {
mtty++;
if (se->vt != mtty) {
cpvt = True;
@@ -1452,9 +1470,9 @@
se->arglvs = joinArgs( se->arglv );
}
- se1 = 0, cpcmd = cpcmdl = False;
+ se1 = 0, cpuid = cpcmd = cpcmdl = False;
for (se = serverList; se; se = se->next)
- if (se->local) {
+ if (se->type != ForeignDpy) {
if (!se1)
se1 = se;
else {
@@ -1462,13 +1480,17 @@
cpcmd = True;
if (strcmp( se1->arglvs, se->arglvs ))
cpcmdl = True;
+ if (mstrcmp( se1->owner, se->owner ))
+ cpuid = True;
}
}
if (se1) {
putFqVal( "X-:*-Core", "ServerCmd", se1->argvs );
+ if (se1->owner)
+ putFqVal( "X-:*-Core", "ServerUID", se1->owner );
putFqVal( "X-:*-Core", "ServerArgsLocal", se1->arglvs );
for (se = serverList; se; se = se->next)
- if (se->local) {
+ if (se->type != ForeignDpy) {
char sec[32];
sprintf( sec, "X-%s-Core", se->name );
if (cpcmd)
@@ -1485,6 +1507,8 @@
if (se->console)
putFqVal( sec, "ServerTTY", se->console );
#endif
+ if (cpuid && se->owner)
+ putFqVal( sec, "ServerUID", se->owner );
}
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic