Bug 11655

Summary: xdm calls getpwnam earlier than it needs to
Product: [Retired] Red Hat Linux Reporter: Ben Harris <bjh21>
Component: XFree86Assignee: Mike A. Harris <mharris>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: high    
Version: 6.2CC: nalin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-06-04 20:45:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch against 4.0.3 which implements my request.
none
Arse! Wrong patch. _This_ is the patch that fixes this bug. none

Description Ben Harris 2000-05-25 12:51:26 UTC 
The version of xdm provided in XFree86-3.3.6-20 calls getpwnam before
it calls the various PAM functions associated with authenticating a user
(see Verify() in xc/programs/xdm/greeter/verify.c).  This seems pointless,
and has bad effects on systems (like the one I'm setting up) where the
user's account can only be set up after they've been authenticated.
The following patch fixes the problem for me by migrating the getpwnam
call until just before its results are actually needed:

--- XFree86-3.3.6/xc/programs/xdm/greeter/verify.c.orig	Wed Apr 19 15:05:51 2000
+++ XFree86-3.3.6/xc/programs/xdm/greeter/verify.c	Wed Apr 19 15:19:32 2000
@@ -173,6 +173,7 @@
 	char		**argv;

 	Debug ("Verify %s ...\n", greet->name);
+#ifndef USE_PAM
 	p = getpwnam (greet->name);
 	endpwent();

@@ -185,7 +186,6 @@
 	    user_pass = p->pw_passwd;
 #endif
 	}
-#ifndef USE_PAM
 #ifdef USESHADOW
 	errno = 0;
 	sp = getspnam(greet->name);
@@ -235,10 +235,11 @@

 #else /* USE_PAM */
 	#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+	   Debug ("%s", pam_strerror(pamh, pam_error)); \
 	   pam_end(pamh, 0); return 0; \
 	 }
 	PAM_password = greet->password;
-	pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+	pam_error = pam_start("xdm", greet->name, &PAM_conversation, &pamh);
 	PAM_BAIL;
 	pam_error = pam_set_item(pamh, PAM_TTY, d->name);
 	PAM_BAIL;
@@ -249,6 +250,13 @@
 	PAM_BAIL;
 	pam_error = pam_setcred(pamh, 0);
 	PAM_BAIL;
+	p = getpwnam (greet->name);
+	endpwent();
+
+	if (!p || strlen (greet->name) == 0) {
+		Debug ("getpwnam() failed.\n");
+		return 0;
+	}
 #endif /* USE_PAM */
 	Debug ("verify succeeded\n");
Comment 1 Ben Harris 2001-05-15 12:26:31 UTC 
FWIW, I'm working on updating the patch to XFree86 4.0.2.
Comment 2 Ben Harris 2001-05-15 14:41:43 UTC 
Created attachment 18430 [details]
Patch against 4.0.3 which implements my request.
Comment 3 Ben Harris 2001-05-15 14:43:36 UTC 
Created attachment 18431 [details]
Arse!  Wrong patch.  _This_ is the patch that fixes this bug.
Comment 4 Mike A. Harris 2001-05-25 14:51:30 UTC 
Nalin, can you look at this patch and see if it does the right thing with
PAM?  It seems ok to me at a glance.  If it is ok, we'll need to port it to
4.1.0.as well perhaps.
Comment 5 Mike A. Harris 2001-06-04 20:45:15 UTC 
Awaiting confirmation that this patch is ok, from someone familiar with
PAM and friends.
Comment 6 Mike A. Harris 2001-07-16 07:12:27 UTC 
If you think this patch is still necessary, which I am not convinced of,
please submit it upstream to XFree86 by mailing a description along with
the patch as a file attachment to fixes

I do not want to add such a patch unless it is made officially first.
Comment 7 Ben Harris 2001-07-16 16:57:40 UTC 
Done.