On 05/28/2018 04:45 PM, Christopher Turkel wrote:
Its now suid root and still doesn't work.
In the future, more information other than "it doesn't work" would be
appreciated :)
That said, I've fixed the problem and pushed it to cde-next-3. The
issue was another POSIX __linux__/linux change that was missed, and some
issues with the coverity inspired changes to CanReAuthenticate().
I've attached a patch if you do not want to use the cde-next-3 branch.
-jon
On Mon, May 28, 2018 at 5:27 PM Matthew R. Trower <d...@blackshard.net
<mailto:d...@blackshard.net>> wrote:
Well, it must be owned by root, then 'chmod +S dtsession' or such
should do it.
*From: *Christopher Turkel‎
*Sent: *Monday, May 28, 2018 16:15
*To: *CDE development
*Subject: *Re: [cdesktopenv-devel] Screen locking On Debian
Oh ok. How do I do that?
On Mon, May 28, 2018 at 5:06 PM alx <a...@fastestcode.org
<mailto:a...@fastestcode.org>> wrote:
IIRC it did work on Linuxen. Just make sure dtsession is suid root.
On 05/28/18 21:50, Christopher Turkel wrote:
> I thought we had this working before, but locking the screen
on Debian
> doesn't work. Has it ever worked? Does it need an external
program?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
<mailto:cdesktopenv-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
--
Jon Trulson
"But when I'm in command, every mission's a suicide mission."
- Zapp Brannigan
>From 3064f6e57c337d91abfe4736c0b1fe847437dbd1 Mon Sep 17 00:00:00 2001
From: Jon Trulson <j...@radscan.com>
Date: Tue, 29 May 2018 12:28:21 -0600
Subject: [PATCH] dtsession: fix screen saver/locking on linux
The POSIX __linux__ commit broke the special detection on linux used
to determine whether a secure system was in use or not.
This commit reworks the logic a little bit to avoid special casing
linux in main().
It also reworks the logic in CanReAuthenticate() to fix up some issues
"fixed" to correct converity warnings. The logic in this case was
mostly ok, but still didn't account for the proper usage of this
function. Error detection improved somewhat as a result.
---
cde/programs/dtsession/SmLock.c | 16 +++++++++++-----
cde/programs/dtsession/SmMain.c | 42 ++++++++++++++---------------------------
2 files changed, 25 insertions(+), 33 deletions(-)
diff --git a/cde/programs/dtsession/SmLock.c b/cde/programs/dtsession/SmLock.c
index 711ad35..5c4a59b 100644
--- a/cde/programs/dtsession/SmLock.c
+++ b/cde/programs/dtsession/SmLock.c
@@ -153,14 +153,20 @@ static void BlinkCaret( XtPointer, XtIntervalId *) ;
static Boolean CanReAuthenticate(char *name, uid_t uid, char *passwd,
struct passwd **pwent, struct spwd **spent)
{
- Boolean fail = False;
+ if (!pwent)
+ return False;
+
+ *pwent = (name == NULL) ? getpwuid(uid) : getpwnam(name);
+ if (!*pwent)
+ return False;
- if (pwent)
- *pwent = (name == NULL) ? getpwuid(uid) : getpwnam(name);
- *spent = getspnam((*pwent)->pw_name);
+ *spent = getspnam((*pwent)->pw_name);
#ifdef JET_AUTHDEBUG
- fprintf(stderr, "CanReAuthenticate(): %s %s %s\n",
+ fprintf(stderr, "CanReAuthenticate(): uid: %d name: '%s' errno %d %s %s %s\n",
+ uid,
+ (name) ? name : "NULL",
+ errno,
(*pwent) ? "PWENT" : "NULL",
(*spent) ? "SPENT" : "NULL",
(name) ? name : "NULL");
diff --git a/cde/programs/dtsession/SmMain.c b/cde/programs/dtsession/SmMain.c
index 3d4f712..6176003 100644
--- a/cde/programs/dtsession/SmMain.c
+++ b/cde/programs/dtsession/SmMain.c
@@ -95,7 +95,7 @@ static int RegisterX11ScreenSaver(Display *display, int *ssEventType);
#ifdef _AIX
#define SECURE_SYS_PATH "/etc/security/passwd"
#endif
-#ifdef SVR4
+#if defined(SVR4) || defined(__linux__)
#define SECURE_SYS_PATH "/etc/shadow"
#endif
#ifdef CSRG_BASED
@@ -159,7 +159,7 @@ main (int argc, char **argv)
* prepended with <unknown program name> in the error log.
*/
DtProgName = SM_RESOURCE_NAME ;
-
+
#ifdef DEBUG
if(argc > 5)
{
@@ -183,17 +183,6 @@ main (int argc, char **argv)
*/
smGD.runningUID = getuid();
-#ifdef linux /* linux always needs to be setup as secure */
-
- /*
- * Save the root privilege to be restored when trying to unlock
- */
- smGD.unLockUID = geteuid();
- smGD.secureSystem = True;
- SM_SETEUID(smGD.runningUID);
-
-#else
-
# ifdef SECURE_SYS_PATH
status = stat(SECURE_SYS_PATH, &buf);
# else
@@ -219,8 +208,6 @@ main (int argc, char **argv)
SM_SETEUID(smGD.runningUID);
}
-#endif /* linux */
-
/*
* Initialize LANG if it isn't defined.
*/
@@ -260,7 +247,7 @@ main (int argc, char **argv)
stopvec.sa_handler = StopAll;
sigemptyset(&stopvec.sa_mask);
stopvec.sa_flags = 0;
-
+
smGD.childvec.sa_handler = WaitChildDeath;
sigemptyset(&smGD.childvec.sa_mask);
smGD.childvec.sa_flags = 0;
@@ -322,9 +309,9 @@ main (int argc, char **argv)
* Create one display connection for dtsession, and one for
* the color server. We cannot share a display connection since
* motif creates a display object for the color server's display during
- * color server initialization. Since the color server is not yet
+ * color server initialization. Since the color server is not yet
* operational, any dialogs (ie the dtsession logout confirmation
- * dialogs) created on that display do not get the color server colors.
+ * dialogs) created on that display do not get the color server colors.
* The dtsession display object is created after color server
* initialization is complete.
*/
@@ -335,7 +322,7 @@ main (int argc, char **argv)
*/
XtToolkitInitialize();
smGD.appCon = XtCreateApplicationContext();
- smGD.display = XtOpenDisplay(smGD.appCon, NULL, argv[0],
+ smGD.display = XtOpenDisplay(smGD.appCon, NULL, argv[0],
SM_RESOURCE_CLASS,
NULL, 0, &argc, argv);
}
@@ -344,7 +331,7 @@ main (int argc, char **argv)
NULL, 0, &argc, argv);
/*
- * Initialize XSMP
+ * Initialize XSMP
*/
if (!InitXSMP (argv[0]))
SM_EXIT(-1);
@@ -483,7 +470,7 @@ main (int argc, char **argv)
StartWM();
}
- /*
+ /*
* Run the user's startup script if there is one
*/
@@ -594,7 +581,7 @@ StopAll(int i)
*
* Description:
* -----------
- * Register with X11 screen saver server extension for screen saver events.
+ * Register with X11 screen saver server extension for screen saver events.
*
* Inputs:
* ------
@@ -642,11 +629,11 @@ RegisterX11ScreenSaver(
*/
screen = DefaultScreen(display);
root = DefaultRootWindow(display);
-
+
XGrabServer(display);
if (!XScreenSaverGetRegistered(display, screen, &xid, &type))
{
- /*
+ /*
* No other clients registered with this server so register this one.
*/
XScreenSaverRegister(display, screen, XtWindow(smGD.topLevelWid), XA_WINDOW);
@@ -658,10 +645,10 @@ RegisterX11ScreenSaver(
{
XSetWindowAttributes attr;
- /*
+ /*
* Registration successful.
*/
- XScreenSaverSelectInput(display, root,
+ XScreenSaverSelectInput(display, root,
ScreenSaverNotifyMask|ScreenSaverCycleMask);
/* Even though OverrideRedirect is the default attribute in this
@@ -674,7 +661,6 @@ RegisterX11ScreenSaver(
CopyFromParent, CopyFromParent, CWOverrideRedirect, &attr);
}
}
- return(result);
+ return(result);
}
#endif /* USE_X11SSEXT */
-
--
2.7.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
