Attachment #150621 for bug #195759

Lines 1-5 Link Here

(-)./files/patch-CMakeLists.txt (-4 / +12 lines)
1	--- ./CMakeLists.txt.orig 2013-10-01 22:38:05.000000000 +0000	1	--- CMakeLists.txt.orig 2013-10-01 18:38:05.000000000 -0400
2	+++ ./CMakeLists.txt 2014-03-08 16:26:46.000000000 +0000	2	+++ CMakeLists.txt 2014-12-15 21:35:53.000000000 -0500
3	@@ -14,6 +14,7 @@	3	@@ -14,6 +14,7 @@
4	INCLUDE(CheckCCompilerFlag)	4	INCLUDE(CheckCCompilerFlag)
5	INCLUDE(CheckCXXCompilerFlag)	5	INCLUDE(CheckCXXCompilerFlag)
Lines 60-66 Link Here
60	include_directories(${PAM_INCLUDE_DIR})	60	include_directories(${PAM_INCLUDE_DIR})
61	else(PAM_FOUND)	61	else(PAM_FOUND)
62	message("\tPAM Not Found")	62	message("\tPAM Not Found")
63	@@ -221,7 +235,9 @@	63	@@ -195,6 +209,7 @@
		64	${FREETYPE_LIBRARY}
		65	${JPEG_LIBRARIES}
		66	${PNG_LIBRARIES}
		67	+ util
		68	libslim
		69	)
		70
		71	@@ -221,7 +236,9 @@
64	####### install	72	####### install
65	# slim	73	# slim
66	install(TARGETS slim RUNTIME DESTINATION bin)	74	install(TARGETS slim RUNTIME DESTINATION bin)
Lines 71-77 Link Here
71		79
72	if (BUILD_SHARED_LIBS)	80	if (BUILD_SHARED_LIBS)
73	set_target_properties(libslim PROPERTIES	81	set_target_properties(libslim PROPERTIES
74	@@ -236,9 +252,11 @@	82	@@ -236,9 +253,11 @@
75		83
76	# man file	84	# man file
77	install(FILES slim.1 DESTINATION ${MANDIR}/man1/)	85	install(FILES slim.1 DESTINATION ${MANDIR}/man1/)

Lines 7-13 Link Here

(-)./files/patch-slim.conf (-1 / +1 lines)
7	-default_xserver /usr/bin/X	7	-default_xserver /usr/bin/X
8	-#xserver_arguments -dpi 75	8	-#xserver_arguments -dpi 75
9	+# Use default path from /etc/login.conf	9	+# Use default path from /etc/login.conf
10	+default_path /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:%%LOCALBASE%%/sbin:%%LOCALBASE%%/bin:$HOME/bin	10	+default_path /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:%%LOCALBASE%%/sbin:%%LOCALBASE%%/bin
11	+default_xserver %%LOCALBASE%%/bin/X	11	+default_xserver %%LOCALBASE%%/bin/X
12	+# The X server needs to be started on an unused virtual terminal,	12	+# The X server needs to be started on an unused virtual terminal,
13	+# for FreeBSD in a default configuration, the first one of those is #09	13	+# for FreeBSD in a default configuration, the first one of those is #09




--- switchuser.cpp.orig	2013-10-01 18:38:05.000000000 -0400
+++ switchuser.cpp	2014-12-15 22:14:16.000000000 -0500
@@ -9,6 +9,9 @@
    (at your option) any later version.
 */
 
+#include <sys/types.h>
+#include <login_cap.h>
+
 #include <cstdio>
 #include "switchuser.h"
 #include "util.h"
@@ -35,13 +38,27 @@
 }
 
 void SwitchUser::SetUserId() {
-	if( (Pw == 0) ||
-			(initgroups(Pw->pw_name, Pw->pw_gid) != 0) ||
-			(setgid(Pw->pw_gid) != 0) ||
-			(setuid(Pw->pw_uid) != 0) ) {
-		logStream << APPNAME << ": could not switch user id" << endl;
-		exit(ERR_EXIT);
+	if ((Pw != 0) && (setsid() != -1)) {
+		// TODO: allow users to override settings with .login.conf
+		login_cap_t *lc = login_getpwclass(Pw);
+		if ((lc != NULL) &&
+				(setusercontext(lc, Pw, Pw->pw_uid, LOGIN_SETALL) == 0)) {
+			login_close(lc);
+			return;
+		}
+		login_close(lc);
+		logStream << APPNAME << ": fail to set user context" << endl;
+		// fallback to old method
+		if ((setlogin(Pw->pw_name) == 0) &&
+				(initgroups(Pw->pw_name, Pw->pw_gid) == 0) &&
+				(setgid(Pw->pw_gid) == 0) &&
+				(setuid(Pw->pw_uid) == 0) ) {
+			return;
+		}
 	}
+
+	logStream << APPNAME << ": could not switch user id" << endl;
+	exit(ERR_EXIT);
 }
 
 void SwitchUser::Execute(const char* cmd) {

Return to bug 195759

Lines 1-11 Link Here

(-)./files/patch-switchuser.cpp (-9 / +44 lines)
1	--- ./switchuser.cpp.orig 2012-12-31 07:03:42.000000000 -0600	1	--- switchuser.cpp.orig 2013-10-01 18:38:05.000000000 -0400
2	+++ ./switchuser.cpp 2013-03-23 14:10:35.000000000 -0500	2	+++ switchuser.cpp 2014-12-15 22:14:16.000000000 -0500
3	@@ -36,6 +36,8 @@	3	@@ -9,6 +9,9 @@
		4	(at your option) any later version.
		5	*/
		6
		7	+#include <sys/types.h>
		8	+#include <login_cap.h>
		9	+
		10	#include <cstdio>
		11	#include "switchuser.h"
		12	#include "util.h"
		13	@@ -35,13 +38,27 @@
		14	}
4		15
5	void SwitchUser::SetUserId() {	16	void SwitchUser::SetUserId() {
6	if( (Pw == 0) \|\|	17	- if( (Pw == 0) \|\|
7	+ (setsid() == -1) \|\|	18	- (initgroups(Pw->pw_name, Pw->pw_gid) != 0) \|\|
8	+ (setlogin(Pw->pw_name) != 0) \|\|	19	- (setgid(Pw->pw_gid) != 0) \|\|
9	(initgroups(Pw->pw_name, Pw->pw_gid) != 0) \|\|	20	- (setuid(Pw->pw_uid) != 0) ) {
10	(setgid(Pw->pw_gid) != 0) \|\|	21	- logStream << APPNAME << ": could not switch user id" << endl;
11	(setuid(Pw->pw_uid) != 0) ) {	22	- exit(ERR_EXIT);
		23	+ if ((Pw != 0) && (setsid() != -1)) {
		24	+ // TODO: allow users to override settings with .login.conf
		25	+ login_cap_t *lc = login_getpwclass(Pw);
		26	+ if ((lc != NULL) &&
		27	+ (setusercontext(lc, Pw, Pw->pw_uid, LOGIN_SETALL) == 0)) {
		28	+ login_close(lc);
		29	+ return;
		30	+ }
		31	+ login_close(lc);
		32	+ logStream << APPNAME << ": fail to set user context" << endl;
		33	+ // fallback to old method
		34	+ if ((setlogin(Pw->pw_name) == 0) &&
		35	+ (initgroups(Pw->pw_name, Pw->pw_gid) == 0) &&
		36	+ (setgid(Pw->pw_gid) == 0) &&
		37	+ (setuid(Pw->pw_uid) == 0) ) {
		38	+ return;
		39	+ }
		40	}
		41	+
		42	+ logStream << APPNAME << ": could not switch user id" << endl;
		43	+ exit(ERR_EXIT);
		44	}
		45
		46	void SwitchUser::Execute(const char* cmd) {