Bug 11655 - xdm calls getpwnam earlier than it needs to
Summary: xdm calls getpwnam earlier than it needs to
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86   
(Show other bugs)
Version: 6.2
Hardware: All Linux
high
low
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-05-25 12:51 UTC by Ben Harris
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-04 20:45:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch against 4.0.3 which implements my request. (437 bytes, patch)
2001-05-15 14:41 UTC, Ben Harris
no flags Details | Diff
Arse! Wrong patch. _This_ is the patch that fixes this bug. (1.85 KB, patch)
2001-05-15 14:43 UTC, Ben Harris
no flags Details | Diff

Description Ben Harris 2000-05-25 12:51:26 UTC
The version of xdm provided in XFree86-3.3.6-20 calls getpwnam before
it calls the various PAM functions associated with authenticating a user
(see Verify() in xc/programs/xdm/greeter/verify.c).  This seems pointless,
and has bad effects on systems (like the one I'm setting up) where the
user's account can only be set up after they've been authenticated.
The following patch fixes the problem for me by migrating the getpwnam
call until just before its results are actually needed:

--- XFree86-3.3.6/xc/programs/xdm/greeter/verify.c.orig	Wed Apr 19 15:05:51 2000
+++ XFree86-3.3.6/xc/programs/xdm/greeter/verify.c	Wed Apr 19 15:19:32 2000
@@ -173,6 +173,7 @@
 	char		**argv;

 	Debug ("Verify %s ...\n", greet->name);
+#ifndef USE_PAM
 	p = getpwnam (greet->name);
 	endpwent();

@@ -185,7 +186,6 @@
 	    user_pass = p->pw_passwd;
 #endif
 	}
-#ifndef USE_PAM
 #ifdef USESHADOW
 	errno = 0;
 	sp = getspnam(greet->name);
@@ -235,10 +235,11 @@

 #else /* USE_PAM */
 	#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+	   Debug ("%s", pam_strerror(pamh, pam_error)); \
 	   pam_end(pamh, 0); return 0; \
 	 }
 	PAM_password = greet->password;
-	pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+	pam_error = pam_start("xdm", greet->name, &PAM_conversation, &pamh);
 	PAM_BAIL;
 	pam_error = pam_set_item(pamh, PAM_TTY, d->name);
 	PAM_BAIL;
@@ -249,6 +250,13 @@
 	PAM_BAIL;
 	pam_error = pam_setcred(pamh, 0);
 	PAM_BAIL;
+	p = getpwnam (greet->name);
+	endpwent();
+
+	if (!p || strlen (greet->name) == 0) {
+		Debug ("getpwnam() failed.\n");
+		return 0;
+	}
 #endif /* USE_PAM */
 	Debug ("verify succeeded\n");

Comment 1 Ben Harris 2001-05-15 12:26:31 UTC
FWIW, I'm working on updating the patch to XFree86 4.0.2.


Comment 2 Ben Harris 2001-05-15 14:41:43 UTC
Created attachment 18430 [details]
Patch against 4.0.3 which implements my request.

Comment 3 Ben Harris 2001-05-15 14:43:36 UTC
Created attachment 18431 [details]
Arse!  Wrong patch.  _This_ is the patch that fixes this bug.

Comment 4 Mike A. Harris 2001-05-25 14:51:30 UTC
Nalin, can you look at this patch and see if it does the right thing with
PAM?  It seems ok to me at a glance.  If it is ok, we'll need to port it to
4.1.0.as well perhaps.

Comment 5 Mike A. Harris 2001-06-04 20:45:15 UTC
Awaiting confirmation that this patch is ok, from someone familiar with
PAM and friends.

Comment 6 Mike A. Harris 2001-07-16 07:12:27 UTC
If you think this patch is still necessary, which I am not convinced of,
please submit it upstream to XFree86 by mailing a description along with
the patch as a file attachment to fixes@XFree86.org

I do not want to add such a patch unless it is made officially first.

Comment 7 Ben Harris 2001-07-16 16:57:40 UTC
Done.



Note You need to log in before you can comment on or make changes to this bug.