[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Anybody out there got an xlock that works with libpwdb.so?



"Andrew G. Morgan" wrote:
> Ted Garrett wrote:
> > Then I activated an xlock.  That was just fine, until I decided I
> > wanted to do something else.  Can't log in.  /var/log/messages gets a
> > line which reads :
> > 
> > tgrafix PAM_pwdb[2361]: get passwd; pwdb: request not recognized
> 
> This is most likely due to the fact that xlock cannot access your
> /etc/shadow file. [I really must finish the "helper binary" I started to do
> this..]

Helper binary?  What's wrong with just making xlock setgid root?  I hacked
up the xlock source a bit to handle this properly... the current version
gives up any privs at startup; all I did was to take back gid 0 before
the PAM calls and giving it up again after the PAM call.  This should
present no dangers... saved UIDs don't survive the fork/exec that starts
the xlock modules, and any xlock really only has root gid privs for the
duration of the PAM calls.  Here's the patch...

--- xlockmore-3.13.orig/passwd.c        Tue Jan 28 20:09:46 1997
+++ xlockmore-3.13/passwd.c     Thu Feb  6 13:08:23 1997
@@ -679,8 +679,11 @@
   int pam_error;
 
   #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
-     pam_end(pamh, 0); return 0; \
+     pam_end(pamh, 0); (void) setgid(getgid()); return 0; \
    }
+  
+  (void) setgid(0);
+
   PAM_password = buffer;
   pam_error = pam_start("xlock", user, &PAM_conversation, &pamh);
   PAM_BAIL;
@@ -699,6 +702,8 @@
   pam_end(pamh, PAM_SUCCESS);
   /* If this point is reached, the user has been authenticated. */
   done = True;
+
+  (void) setgid(getgid());
 
 #else /* !USE_PAM */
 #ifdef VMS

--
Jurgen Botz                    "Unix?  What's that?  Is that like Linux?"
jbotz@reference.com




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []