Corey Donohoe wrote:
I'll see about tending to this when I get home this evening. Someone recently mentioned that the pam_close_session is being called to early, and should be called from entrance_login(which isn't possible).
Why isn't this possible? The documentation says that it should be possible to run pam_open_session and pam_close_session from two different processes.
Sebastian
Seems to work here. See the applied patch. pam_console expects PAM_USER and PAM_TTY to be set.
Sebastian
Index: AUTHORS
===================================================================
RCS file: /cvsroot/enlightenment/e17/apps/entrance/AUTHORS,v
retrieving revision 1.2
diff -u -r1.2 AUTHORS
--- AUTHORS 26 May 2003 05:59:43 -0000 1.2
+++ AUTHORS 11 Jan 2005 11:45:53 -0000
@@ -1,5 +1,6 @@
Ibukun Olumuyiwa <[EMAIL PROTECTED]>
Corey Donohoe <[EMAIL PROTECTED]>
Tilman Sauerbeck <[EMAIL PROTECTED]>
+Sebastian Dransfeld <[EMAIL PROTECTED]>
Credits to Chris Thomas for some of the original work on elogin.
Index: src/client/entrance_auth.c
===================================================================
RCS file: /cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_auth.c,v
retrieving revision 1.23
diff -u -r1.23 entrance_auth.c
--- src/client/entrance_auth.c 5 Jan 2005 23:10:28 -0000 1.23
+++ src/client/entrance_auth.c 11 Jan 2005 11:45:55 -0000
@@ -2,7 +2,7 @@
@file entrance_auth.c
@brief Variables and data relating to system authentication
*/
-#include"entrance_auth.h"
+#include "entrance_auth.h"
#include "util.h"
static char *
@@ -87,7 +87,7 @@
#if HAVE_PAM
if (e->pam.handle)
{
- pam_close_session(e->pam.handle, 0);
+ /*pam_close_session(e->pam.handle, 0);*/
pam_end(e->pam.handle, PAM_SUCCESS);
e->pam.handle = NULL;
}
Index: src/client/entrance_login.c
===================================================================
RCS file: /cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_login.c,v
retrieving revision 1.2
diff -u -r1.2 entrance_login.c
--- src/client/entrance_login.c 4 Feb 2004 20:59:35 -0000 1.2
+++ src/client/entrance_login.c 11 Jan 2005 11:45:55 -0000
@@ -4,16 +4,133 @@
#include <sys/types.h>
#include <sys/wait.h>
+#ifdef HAVE_CONFIG_H
+# include "../config.h"
+#endif
+
+#ifdef HAVE_PAM
+# include "entrance_auth.h"
+pam_handle_t *pamh;
+#endif
+
+#ifdef HAVE_PAM
+/* PAM Conversation function */
+int
+entrance_auth_pam_conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
+{
+ int replies = 0;
+ Entrance_Auth *e = appdata_ptr;
+ struct pam_response *reply = NULL;
+
+ reply =
+ (struct pam_response *) malloc(sizeof(struct pam_response) * num_msg);
+
+ if (!reply)
+ return PAM_CONV_ERR;
+
+ for (replies = 0; replies < num_msg; replies++)
+ {
+ switch (msg[replies]->msg_style)
+ {
+ case PAM_PROMPT_ECHO_ON:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = (char *) strdup(e->user);
+ break;
+ case PAM_PROMPT_ECHO_OFF:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = (char *) strdup(e->pass);
+ break;
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = NULL;
+ syslog(LOG_INFO, "PAM: %s.", msg[replies]->msg);
+ break;
+ default:
+ free(reply);
+ return (PAM_CONV_ERR);
+ }
+ }
+
+ *resp = reply;
+ return (PAM_SUCCESS);
+}
+
+int
+init_pam(const char *user, const char *display)
+{
+ int pamerr;
+ struct pam_conv conv;
+
+ conv.conv = entrance_auth_pam_conv;
+ conv.appdata_ptr = NULL;
+
+ /* We'll use our own pam file */
+ if ((pamerr =
+ pam_start("entrance", user, &conv,
+ &pamh)) != PAM_SUCCESS)
+ {
+ syslog(LOG_CRIT, "PAM: %s.", pam_strerror(pamh, pamerr));
+ return ERROR_NO_PAM_INIT;
+ }
+
+ /* Set TTY to DISPLAY */
+ if ((pamerr =
+ pam_set_item(pamh, PAM_TTY, display)) != PAM_SUCCESS)
+ {
+ syslog(LOG_CRIT, "Error: Unable to configure PAM_TTY.");
+ return ERROR_PAM_SET;
+ }
+
+ return E_SUCCESS;
+}
+
+int
+end_user_session(const char *user)
+{
+ int pamerr;
+
+ syslog(LOG_INFO, "Ending session for user \"%s\".", user);
+
+ if ((pamerr = pam_close_session(pamh, 0)) != PAM_SUCCESS)
+ {
+ syslog(LOG_CRIT, "PAM: %s.", pam_strerror(pamh, pamerr));
+ return ERROR_NO_PAM_INIT;
+ }
+
+ if ((pamerr = pam_end(pamh, 0)) != PAM_SUCCESS)
+ {
+ syslog(LOG_CRIT, "PAM: %s.", pam_strerror(pamh, pamerr));
+ return ERROR_NO_PAM_INIT;
+ }
+
+ return E_SUCCESS;
+}
+#endif
+
int
main(int argc, char **argv)
{
pid_t pid;
+ char *user;
+ char *display;
- if (argc != 2)
+ if (argc != 4)
return 0;
- pid = atoi(argv[1]);
- if (waitpid(pid, NULL, 0) == pid)
+ user = argv[1];
+ display = argv[2];
+ pid = atoi(argv[3]);
+
+#ifdef HAVE_PAM
+ init_pam(user, display);
+#endif
+ if (waitpid(pid, NULL, 0) == pid) {
+#ifdef HAVE_PAM
+ end_user_session(user);
+#endif
exit(0);
+ }
return -1;
}
Index: src/client/entrance_session.c
===================================================================
RCS file:
/cvsroot/enlightenment/e17/apps/entrance/src/client/entrance_session.c,v
retrieving revision 1.67
diff -u -r1.67 entrance_session.c
--- src/client/entrance_session.c 27 Dec 2004 06:45:14 -0000 1.67
+++ src/client/entrance_session.c 11 Jan 2005 11:45:56 -0000
@@ -357,6 +357,7 @@
pid_t pid;
char buf[PATH_MAX];
char *shell = NULL;
+ char *user, *display;
entrance_auth_setup_environment(e->auth, e->display);
if ((e->session) && (strlen(e->session) > 0))
@@ -428,14 +429,18 @@
break;
}
_entrance_session_user_list_fix(e);
+ user = strdup(e->auth->user);
+ display = strdup(e->display);
entrance_session_free(e);
/* this bypasses a race condition where entrance loses its x connection */
/* before the wm gets it and x goes and resets itself */
sleep(10);
/* replace this rpcoess with a clean small one that just waits for its */
/* child to exit.. passed on the cmd-line */
- snprintf(buf, sizeof(buf), "%s/entrance_login %i", PACKAGE_BIN_DIR,
- (int) pid);
+ snprintf(buf, sizeof(buf), "%s/entrance_login %s %s %i", PACKAGE_BIN_DIR,
+ user, display, (int) pid);
+ free(user);
+ free(display);
execl("/bin/sh", "/bin/sh", "-c", buf, NULL);
}
