Bug 11655 - xdm calls getpwnam earlier than it needs to
xdm calls getpwnam earlier than it needs to
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
6.2
All Linux
high Severity low
: ---
: ---
Assigned To: Mike A. Harris
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-05-25 08:51 EDT by Ben Harris
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-04 16:45:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch against 4.0.3 which implements my request. (437 bytes, patch)
2001-05-15 10:41 EDT, Ben Harris
no flags Details | Diff
Arse! Wrong patch. _This_ is the patch that fixes this bug. (1.85 KB, patch)
2001-05-15 10:43 EDT, Ben Harris
no flags Details | Diff

  None (edit)
Description Ben Harris 2000-05-25 08:51:26 EDT
The version of xdm provided in XFree86-3.3.6-20 calls getpwnam before
it calls the various PAM functions associated with authenticating a user
(see Verify() in xc/programs/xdm/greeter/verify.c).  This seems pointless,
and has bad effects on systems (like the one I'm setting up) where the
user's account can only be set up after they've been authenticated.
The following patch fixes the problem for me by migrating the getpwnam
call until just before its results are actually needed:

--- XFree86-3.3.6/xc/programs/xdm/greeter/verify.c.orig	Wed Apr 19 15:05:51 2000
+++ XFree86-3.3.6/xc/programs/xdm/greeter/verify.c	Wed Apr 19 15:19:32 2000
@@ -173,6 +173,7 @@
 	char		**argv;

 	Debug ("Verify %s ...\n", greet->name);
+#ifndef USE_PAM
 	p = getpwnam (greet->name);
 	endpwent();

@@ -185,7 +186,6 @@
 	    user_pass = p->pw_passwd;
 #endif
 	}
-#ifndef USE_PAM
 #ifdef USESHADOW
 	errno = 0;
 	sp = getspnam(greet->name);
@@ -235,10 +235,11 @@

 #else /* USE_PAM */
 	#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+	   Debug ("%s", pam_strerror(pamh, pam_error)); \
 	   pam_end(pamh, 0); return 0; \
 	 }
 	PAM_password = greet->password;
-	pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+	pam_error = pam_start("xdm", greet->name, &PAM_conversation, &pamh);
 	PAM_BAIL;
 	pam_error = pam_set_item(pamh, PAM_TTY, d->name);
 	PAM_BAIL;
@@ -249,6 +250,13 @@
 	PAM_BAIL;
 	pam_error = pam_setcred(pamh, 0);
 	PAM_BAIL;
+	p = getpwnam (greet->name);
+	endpwent();
+
+	if (!p || strlen (greet->name) == 0) {
+		Debug ("getpwnam() failed.\n");
+		return 0;
+	}
 #endif /* USE_PAM */
 	Debug ("verify succeeded\n");
Comment 1 Ben Harris 2001-05-15 08:26:31 EDT
FWIW, I'm working on updating the patch to XFree86 4.0.2.
Comment 2 Ben Harris 2001-05-15 10:41:43 EDT
Created attachment 18430 [details]
Patch against 4.0.3 which implements my request.
Comment 3 Ben Harris 2001-05-15 10:43:36 EDT
Created attachment 18431 [details]
Arse!  Wrong patch.  _This_ is the patch that fixes this bug.
Comment 4 Mike A. Harris 2001-05-25 10:51:30 EDT
Nalin, can you look at this patch and see if it does the right thing with
PAM?  It seems ok to me at a glance.  If it is ok, we'll need to port it to
4.1.0.as well perhaps.
Comment 5 Mike A. Harris 2001-06-04 16:45:15 EDT
Awaiting confirmation that this patch is ok, from someone familiar with
PAM and friends.
Comment 6 Mike A. Harris 2001-07-16 03:12:27 EDT
If you think this patch is still necessary, which I am not convinced of,
please submit it upstream to XFree86 by mailing a description along with
the patch as a file attachment to fixes@XFree86.org

I do not want to add such a patch unless it is made officially first.
Comment 7 Ben Harris 2001-07-16 12:57:40 EDT
Done.

Note You need to log in before you can comment on or make changes to this bug.