From c9bebed00008724600aef6c401f21245f7678e45 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Tue, 22 Apr 2014 15:00:44 -0400 Subject: [PATCH 1/2] Revert "worker: get PATH from parent instead of #define" This reverts commit e546e4dc6649a4fdf9065322420a28fa7e666782. It's causing problems because bindir and sbindir are in the wrong order for a user session. --- common/Makefile.am | 1 + common/gdm-common.c | 2 +- configure.ac | 17 +++++++++++++++++ daemon/Makefile.am | 1 + daemon/gdm-session-worker.c | 15 +++++++++++---- 5 files changed, 31 insertions(+), 5 deletions(-) diff --git a/common/Makefile.am b/common/Makefile.am index ece167b..2e97090 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -1,52 +1,53 @@ ## Process this file with automake to produce Makefile.in NULL = AM_CPPFLAGS = \ -I. \ -I.. \ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ -DBINDIR=\"$(bindir)\" \ -DDATADIR=\"$(datadir)\" \ -DDMCONFDIR=\"$(dmconfdir)\" \ -DGDMCONFDIR=\"$(gdmconfdir)\" \ -DGDMLOCALEDIR=\"$(gdmlocaledir)\" \ -DLIBDIR=\"$(libdir)\" \ -DLIBEXECDIR=\"$(libexecdir)\" \ -DLOGDIR=\"$(logdir)\" \ -DPIXMAPDIR=\"$(pixmapdir)\" \ -DSBINDIR=\"$(sbindir)\" \ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ -DGDM_DEFAULTS_CONF=\"$(GDM_DEFAULTS_CONF)\" \ -DGDM_CUSTOM_CONF=\"$(GDM_CUSTOM_CONF)\" \ -DGDM_OLD_CONF=\"$(GDM_OLD_CONF)\" \ + -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \ $(COMMON_CFLAGS) \ $(NULL) noinst_LTLIBRARIES = \ libgdmcommon.la \ $(NULL) gdmdir = $(datadir)/gdm gdm_DATA = gdb-cmd if MKDTEMP_MISSING MKDTEMP_FILES = mkdtemp.c mkdtemp.h else MKDTEMP_FILES = endif libgdmcommon_la_SOURCES = \ gdm-address.h \ gdm-address.c \ gdm-common.h \ gdm-common.c \ gdm-profile.c \ gdm-profile.h \ gdm-settings.c \ gdm-settings.h \ gdm-settings-backend.c \ gdm-settings-backend.h \ gdm-settings-desktop-backend.c \ gdm-settings-desktop-backend.h \ gdm-settings-keys.h \ diff --git a/common/gdm-common.c b/common/gdm-common.c index aeb873b..4017313 100644 --- a/common/gdm-common.c +++ b/common/gdm-common.c @@ -882,61 +882,61 @@ gdm_get_script_environment (const char *username, if (username != NULL) { g_hash_table_insert (hash, g_strdup ("LOGNAME"), g_strdup (username)); g_hash_table_insert (hash, g_strdup ("USER"), g_strdup (username)); g_hash_table_insert (hash, g_strdup ("USERNAME"), g_strdup (username)); gdm_get_pwent_for_name (username, &pwent); if (pwent != NULL) { if (pwent->pw_dir != NULL && pwent->pw_dir[0] != '\0') { g_hash_table_insert (hash, g_strdup ("HOME"), g_strdup (pwent->pw_dir)); g_hash_table_insert (hash, g_strdup ("PWD"), g_strdup (pwent->pw_dir)); } g_hash_table_insert (hash, g_strdup ("SHELL"), g_strdup (pwent->pw_shell)); } } if (display_hostname) { g_hash_table_insert (hash, g_strdup ("REMOTE_HOST"), g_strdup (display_hostname)); } /* Runs as root */ g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (display_x11_authority_file)); g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (display_name)); - g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (g_getenv ("PATH"))); + g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (GDM_SESSION_DEFAULT_PATH)); g_hash_table_insert (hash, g_strdup ("RUNNING_UNDER_GDM"), g_strdup ("true")); g_hash_table_remove (hash, "MAIL"); g_hash_table_foreach (hash, (GHFunc)listify_hash, env); g_hash_table_destroy (hash); g_ptr_array_add (env, NULL); return env; } gboolean gdm_run_script (const char *dir, const char *username, const char *display_name, const char *display_hostname, const char *display_x11_authority_file) { char *script; char **argv; gint status; GError *error; GPtrArray *env; gboolean res; gboolean ret; ret = FALSE; g_assert (dir != NULL); diff --git a/configure.ac b/configure.ac index 242a969..aa0a13f 100644 --- a/configure.ac +++ b/configure.ac @@ -247,60 +247,77 @@ AC_ARG_WITH(systemd, AS_HELP_STRING([--with-systemd], [Add systemd support @<:@default=auto@:>@]), [with_systemd=$withval], [with_systemd=auto]) AC_ARG_WITH([systemdsystemunitdir], AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), [with_systemdsystemunitdir=$withval], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) AC_ARG_ENABLE(systemd-journal, AS_HELP_STRING([--enable-systemd-journal], [Add journald support @<:@default=auto@:>@]), [enable_systemd_journal=$enableval], [enable_systemd_journal=auto]) AC_ARG_ENABLE(wayland-support, AS_HELP_STRING([--enable-wayland-support], [Enable support for wayland sessions @<:@default=auto@:>@]), [enable_wayland_support=$enableval], [enable_wayland_support=auto]) AC_ARG_WITH(plymouth, AS_HELP_STRING([--with-plymouth], [Add plymouth support @<:@default=auto@:>@]), [with_plymouth=$withval], [with_plymouth=auto]) AC_ARG_WITH(at-spi-registryd-directory, AS_HELP_STRING([--with-at-spi-registryd-directory], [Specify the directory of at-spi-registryd @<:@default=libexecdir@:>@])],, [with_at_spi_registryd_directory="${libexecdir}"]) AT_SPI_REGISTRYD_DIR=$with_at_spi_registryd_directory AC_SUBST(AT_SPI_REGISTRYD_DIR) +# Allow configuration of default PATH +# +withval="" +AC_ARG_WITH(default-path, + AS_HELP_STRING([--with-default-path=], + [PATH GDM will use as the user's default PATH]), + [if test x$withval != x; then + AC_MSG_RESULT("PATH ${withval} will be the default PATH.") + fi]) + +if test x$withval != x; then + GDM_SESSION_DEFAULT_PATH="$withval" +else + GDM_SESSION_DEFAULT_PATH="/usr/local/bin:/usr/bin:/bin" +fi +AC_SUBST(GDM_SESSION_DEFAULT_PATH) + dnl dnl file that sets LANG dnl withval="" AC_ARG_WITH(lang-file, AS_HELP_STRING([--with-lang-file=], [file containing default language setting]), [if test x$withval != x; then AC_MSG_RESULT("System locale will be looked for in file ${withval}.") fi]) if test x$withval != x; then LANG_CONFIG_FILE="$withval" else LANG_CONFIG_FILE='$(sysconfdir)/locale.conf' fi AC_SUBST(LANG_CONFIG_FILE) # stropts has been removed from glibc # https://bugzilla.redhat.com/show_bug.cgi?id=436349 AC_CHECK_HEADERS(stropts.h) dnl socklen_t may be declared, but not in a "standard" C header location AC_CHECK_HEADERS(sys/socket.h) AC_CHECK_TYPE(socklen_t,, AC_DEFINE(socklen_t, size_t, [Compatibility type]), [AC_INCLUDES_DEFAULT] #ifdef HAVE_SYS_SOCKET_H #include #endif diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 6944baa..691c939 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -1,51 +1,52 @@ NULL = AM_CPPFLAGS = \ -I. \ -I.. \ -I$(top_srcdir)/common \ -I$(top_builddir)/common \ -DBINDIR=\"$(bindir)\" \ -DDATADIR=\"$(datadir)\" \ -DDMCONFDIR=\"$(dmconfdir)\" \ -DGDMCONFDIR=\"$(gdmconfdir)\" \ -DLIBDIR=\"$(libdir)\" \ -DLIBEXECDIR=\"$(libexecdir)\" \ -DLOCALSTATEDIR=\"$(localstatedir)\" \ -DLOGDIR=\"$(logdir)\" \ -DSBINDIR=\"$(sbindir)\" \ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ -DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \ -DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \ -DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\" \ -DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\" \ + -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \ -DCONSOLEKIT_DIR=\"$(CONSOLEKIT_DIR)\" \ $(DISABLE_DEPRECATED_CFLAGS) \ $(DAEMON_CFLAGS) \ $(XLIB_CFLAGS) \ $(WARN_CFLAGS) \ $(DEBUG_CFLAGS) \ $(SYSTEMD_CFLAGS) \ $(JOURNALD_CFLAGS) \ $(LIBSELINUX_CFLAGS) \ -DLANG_CONFIG_FILE=\"$(LANG_CONFIG_FILE)\" \ $(NULL) BUILT_SOURCES = \ gdm-display-glue.h \ gdm-manager-glue.h \ gdm-static-display-glue.h \ gdm-transient-display-glue.h \ gdm-local-display-factory-glue.h \ gdm-session-glue.h \ gdm-session-worker-glue.h \ gdm-session-enum-types.h \ $(NULL) gdm-session-enum-types.h: gdm-session-enum-types.h.in gdm-session.h $(AM_V_GEN) glib-mkenums --template $^ > $@ gdm-session-enum-types.c: gdm-session-enum-types.c.in gdm-session.h $(AM_V_GEN) glib-mkenums --template $^ > $@ gdm-display-glue.c gdm-display-glue.h: gdm-display.xml Makefile.am diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c index 5fc42c6..8493fbd 100644 --- a/daemon/gdm-session-worker.c +++ b/daemon/gdm-session-worker.c @@ -63,60 +63,64 @@ #endif /* HAVE_SELINUX */ #include "gdm-common.h" #include "gdm-log.h" #include "gdm-session-worker.h" #include "gdm-session-glue.h" #include "gdm-session.h" #if defined (HAVE_ADT) #include "gdm-session-solaris-auditor.h" #elif defined (HAVE_LIBAUDIT) #include "gdm-session-linux-auditor.h" #else #include "gdm-session-auditor.h" #endif #include "gdm-session-settings.h" #define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate)) #define GDM_SESSION_DBUS_PATH "/org/gnome/DisplayManager/Session" #define GDM_SESSION_DBUS_NAME "org.gnome.DisplayManager.Session" #define GDM_SESSION_DBUS_ERROR_CANCEL "org.gnome.DisplayManager.Session.Error.Cancel" #define GDM_WORKER_DBUS_PATH "/org/gnome/DisplayManager/Worker" #ifndef GDM_PASSWD_AUXILLARY_BUFFER_SIZE #define GDM_PASSWD_AUXILLARY_BUFFER_SIZE 1024 #endif +#ifndef GDM_SESSION_DEFAULT_PATH +#define GDM_SESSION_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin" +#endif + #ifndef GDM_SESSION_ROOT_UID #define GDM_SESSION_ROOT_UID 0 #endif #ifndef GDM_SESSION_LOG_FILENAME #define GDM_SESSION_LOG_FILENAME "session.log" #endif #define MAX_FILE_SIZE 65536 #define MAX_LOGS 5 enum { GDM_SESSION_WORKER_STATE_NONE = 0, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE, GDM_SESSION_WORKER_STATE_AUTHENTICATED, GDM_SESSION_WORKER_STATE_AUTHORIZED, GDM_SESSION_WORKER_STATE_ACCREDITED, GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED, GDM_SESSION_WORKER_STATE_SESSION_OPENED, GDM_SESSION_WORKER_STATE_SESSION_STARTED }; typedef struct { GdmSessionWorker *worker; GdmSession *session; GPid pid_of_caller; uid_t uid_of_caller; } ReauthenticationRequest; @@ -1476,64 +1480,67 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker, _("no user account available")); goto out; } uid = 0; gid = 0; res = _lookup_passwd_info (worker->priv->username, &uid, &gid, &home, &shell); if (! res) { g_debug ("GdmSessionWorker: Unable to lookup account info"); error_code = PAM_AUTHINFO_UNAVAIL; g_set_error (error, GDM_SESSION_WORKER_ERROR, GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS, _("no user account available")); goto out; } gdm_session_worker_update_environment_from_passwd_info (worker, uid, gid, home, shell); /* Let's give the user a default PATH if he doesn't already have one */ if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) { - const char *path; - - path = g_getenv ("PATH"); - gdm_session_worker_set_environment_variable (worker, "PATH", path); + if (strcmp (BINDIR, "/usr/bin") == 0) { + gdm_session_worker_set_environment_variable (worker, "PATH", + GDM_SESSION_DEFAULT_PATH); + } else { + gdm_session_worker_set_environment_variable (worker, "PATH", + BINDIR ":" GDM_SESSION_DEFAULT_PATH); + } } if (! _change_user (worker, uid, gid)) { g_debug ("GdmSessionWorker: Unable to change to user"); error_code = PAM_SYSTEM_ERR; g_set_error (error, GDM_SESSION_WORKER_ERROR, GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS, "%s", _("Unable to change to user")); goto out; } error_code = pam_setcred (worker->priv->pam_handle, worker->priv->cred_flags); /* If the user is reauthenticating and they've made it this far, then there * is no reason we should lock them out of their session. They've already * proved they are they same person who logged in, and that's all we care * about. */ if (worker->priv->is_reauth_session) { error_code = PAM_SUCCESS; } if (error_code != PAM_SUCCESS) { g_set_error (error, GDM_SESSION_WORKER_ERROR, GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS, "%s", pam_strerror (worker->priv->pam_handle, error_code)); goto out; } -- 1.9.0 From 1282e09a595b73ae530ccb4ed9f942947d1f3fba Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Tue, 22 Apr 2014 15:01:52 -0400 Subject: [PATCH 2/2] configure: change default PATH to include sbin --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index aa0a13f..26455f3 100644 --- a/configure.ac +++ b/configure.ac @@ -260,61 +260,61 @@ AC_ARG_ENABLE(wayland-support, [Enable support for wayland sessions @<:@default=auto@:>@]), [enable_wayland_support=$enableval], [enable_wayland_support=auto]) AC_ARG_WITH(plymouth, AS_HELP_STRING([--with-plymouth], [Add plymouth support @<:@default=auto@:>@]), [with_plymouth=$withval], [with_plymouth=auto]) AC_ARG_WITH(at-spi-registryd-directory, AS_HELP_STRING([--with-at-spi-registryd-directory], [Specify the directory of at-spi-registryd @<:@default=libexecdir@:>@])],, [with_at_spi_registryd_directory="${libexecdir}"]) AT_SPI_REGISTRYD_DIR=$with_at_spi_registryd_directory AC_SUBST(AT_SPI_REGISTRYD_DIR) # Allow configuration of default PATH # withval="" AC_ARG_WITH(default-path, AS_HELP_STRING([--with-default-path=], [PATH GDM will use as the user's default PATH]), [if test x$withval != x; then AC_MSG_RESULT("PATH ${withval} will be the default PATH.") fi]) if test x$withval != x; then GDM_SESSION_DEFAULT_PATH="$withval" else - GDM_SESSION_DEFAULT_PATH="/usr/local/bin:/usr/bin:/bin" + GDM_SESSION_DEFAULT_PATH="/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" fi AC_SUBST(GDM_SESSION_DEFAULT_PATH) dnl dnl file that sets LANG dnl withval="" AC_ARG_WITH(lang-file, AS_HELP_STRING([--with-lang-file=], [file containing default language setting]), [if test x$withval != x; then AC_MSG_RESULT("System locale will be looked for in file ${withval}.") fi]) if test x$withval != x; then LANG_CONFIG_FILE="$withval" else LANG_CONFIG_FILE='$(sysconfdir)/locale.conf' fi AC_SUBST(LANG_CONFIG_FILE) # stropts has been removed from glibc # https://bugzilla.redhat.com/show_bug.cgi?id=436349 AC_CHECK_HEADERS(stropts.h) dnl socklen_t may be declared, but not in a "standard" C header location AC_CHECK_HEADERS(sys/socket.h) AC_CHECK_TYPE(socklen_t,, AC_DEFINE(socklen_t, size_t, [Compatibility type]), [AC_INCLUDES_DEFAULT] -- 1.9.0