Changeset fb13c77


Ignore:
Timestamp:
05/08/14 09:27:43 (15 months ago)
Author:
Kris Moore <kris@…>
Branches:
master, enter/10, releng/10.0.2, releng/10.0.3, releng/10.1, releng/10.1.1, releng/10.1.2
Children:
02233b84
Parents:
3ff724e
Message:

Fix a bug with PCDM where the PAM session isn't closed fully at logout,
this fixes and issue with PEFS not removing homedir keys.

The file /usr/local/share/PCDM/pcdm-session is now used to drop priv
and execute the target desktop at login, leaving the parent PCDM
process running as root and able to do cleanup.

Location:
src-qt4/PCDM
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • src-qt4/PCDM/PCDM.pro

    r28c79ad rfb13c77  
    121121theme.extra=cp -r themes $(INSTALL_ROOT)/usr/local/share/PCDM/. 
    122122 
     123session.path=/usr/local/share/PCDM 
     124session.extra=cc -o pcdm-session src/pcdm-session.c && install -o root -g wheel -m 755 pcdm-session $(INSTALL_ROOT)/usr/local/share/PCDM/ 
     125 
    123126conf=pcdm.conf 
    124127conf.path=/usr/local/etc 
    125128conf.extra=cp pcdm.conf $(INSTALL_ROOT)/usr/local/etc/pcdm.conf.dist && chmod 600 $(INSTALL_ROOT)/usr/local/etc/pcdm.conf.dist 
    126129 
    127 INSTALLS += dotrans scripts rcd cleanthemes theme conf target 
     130INSTALLS += dotrans scripts rcd cleanthemes theme conf target session 
    128131 
    129132RESOURCES += PCDM.qrc 
  • src-qt4/PCDM/src/pcdm-xprocess.cpp

    r88d8a80 rfb13c77  
    1212#include <login_cap.h> 
    1313#include <QMessageBox> 
     14#include <QTemporaryFile> 
    1415 
    1516/* 
     
    116117  //And finally set the login user before dropping priv 
    117118  setlogin( xuser.toUtf8() ); 
    118   //QWidget *wid = new QWidget(); 
    119   if (setgid(pw->pw_gid) < 0) { 
    120       qDebug() << "setgid() failed!"; 
    121       return FALSE; 
    122   } 
    123  
    124   // Setup our other groups 
    125   if (initgroups(xuser.toLatin1(), pw->pw_gid) < 0) { 
    126       qDebug() << "initgroups() failed!"; 
    127       setgid(0); 
    128       return FALSE; 
    129   } 
    130  
    131   // Lets drop to user privs 
    132   if (setuid(pw->pw_uid) < 0) { 
    133       qDebug() << "setuid() failed!"; 
    134       return FALSE; 
    135   } 
     119 
    136120  //Startup the PAM session 
    137121  if( !pam_startSession() ){ pam_shutdown(); return FALSE; } 
    138122  pam_session_open = TRUE; //flag that pam has an open session 
     123 
    139124  QString cmd; 
    140   // Configure the DE startup command 
    141  
    142   //  - Add the DE startup command to the end 
    143   cmd.append("dbus-launch --exit-with-session "+xcmd); 
    144   //cmd.append(xcmd); 
    145  
    146   //Backend::log("Startup command: "+cmd); 
     125 
    147126  // Setup the process environment 
    148127  setupSessionEnvironment(); 
    149   //Log the DE startup outputs as well 
    150   this->setProcessChannelMode(QProcess::MergedChannels); 
    151   this->setStandardOutputFile(xhome+"/.pcdm-startup.log",QIODevice::Truncate); 
    152   //this->setStandardErrorFile(xhome+"/.pcdm-startup.err",QIODevice::Truncate); 
    153   // Startup the process(s) 
    154    //  - Setup to run the user's <home-dir>/.xprofile startup script 
    155   if(QFile::exists(xhome+"/.xprofile")){ 
    156     //Make sure the file is executable 
    157     QFile::setPermissions(xhome+"/.xprofile", QFile::permissions(xhome+"/.xprofile") | QFile::ExeOwner | QFile::ExeGroup | QFile::ExeOther ); 
    158     //Need to run a couple commands in sequence: so put them in a script file 
    159     QStringList contents; 
    160     contents << ". "+xhome+"/.xprofile"; 
    161     contents << cmd; //end with the actual command for the DE 
    162     contents << "exit $?"; //Make sure we return the DE return value 
    163     if( Backend::writeFile(xhome+"/.pcdmsessionstart", contents) ){ 
    164       //script created fine, change the command to just run it 
    165       cmd = "sh "+xhome+"/.pcdmsessionstart"; 
    166     }else{ 
    167       //Could not create script file, fallback on running them seperately 
    168       QString xpro = "sh "+xhome+"/.xprofile"; 
    169       this->start(xpro); 
    170       this->waitForFinished(3000); 
    171     } 
    172   } 
     128 
     129  // Create our startup script 
     130  tFile = new QTemporaryFile(); 
     131  if ( ! tFile->open() ) 
     132     return FALSE; 
     133 
     134  QTextStream tOut(tFile); 
     135 
     136  // Configure the DE startup command 
     137  cmd.append("dbus-launch --exit-with-session "+xcmd); 
     138 
     139  //  - Setup to run the user's <home-dir>/.xprofile startup script 
     140  QFile::setPermissions(xhome+"/.xprofile", QFile::permissions(xhome+"/.xprofile") | QFile::ExeOwner | QFile::ExeGroup | QFile::ExeOther ); 
     141 
     142  //Need to run a couple commands in sequence: so put them in a script file 
     143  tOut << "#!/bin/sh\n\n"; 
     144  tOut << "if [ -e '"+xhome+"/.xprofile' ] ; then\n"; 
     145  tOut << "  . "+xhome+"/.xprofile\n"; 
     146  tOut << "fi\n"; 
     147  tOut << cmd + "\n"; //+ " >" + xhome+ "/.pcdm-startup.log" + " 2>" + xhome + "/.pcdm-startup.log\n"; 
     148  tOut << "exit $?"; //Make sure we return the DE return value 
     149 
     150  QString tUid, tGid, logFile; 
     151  tUid.setNum(pw->pw_uid); 
     152  tGid.setNum(pw->pw_gid); 
     153  logFile=xhome + "/.pcdm-startup.log"; 
     154  cmd = "/usr/local/share/PCDM/pcdm-session "+xuser+" "+tUid+" "+tGid+" "+tFile->fileName()+" "+logFile; 
    173155  connect( this, SIGNAL(finished(int, QProcess::ExitStatus)), this, SLOT(slotCleanup()) ); 
     156  tFile->setPermissions(QFile::ReadOwner | QFile::WriteOwner |QFile::ReadGroup | QFile::ReadUser | QFile::ReadOther); 
     157  tFile->close(); 
     158 
     159  Backend::log("Starting session with:\n" + cmd ); 
    174160  this->start(cmd); 
    175161  return TRUE; 
  • src-qt4/PCDM/src/pcdm-xprocess.h

    r41d9f84 rfb13c77  
    1616#include <QProcess> 
    1717#include <QProcessEnvironment> 
     18#include <QTemporaryFile> 
    1819 
    1920#include <sys/types.h> 
     
    5859        void pam_logFailure(int); 
    5960        void pam_shutdown(); //cleanly close all the PAM stuff 
    60          
    6161   
     62        QTemporaryFile *tFile; 
     63 
    6264  private slots: 
    6365        void slotCleanup(); 
Note: See TracChangeset for help on using the changeset viewer.