diff options
| author | Ted Gould <ted@gould.cx> | 2012-08-28 15:11:07 -0500 |
|---|---|---|
| committer | Ted Gould <ted@gould.cx> | 2012-08-28 15:11:07 -0500 |
| commit | 68df6996f7643a3de42bd56017eace016c3743e2 (patch) | |
| tree | e8c82f86c9e712de4f697da7a76ca9740f525fee /src/pam-freerdp.c | |
| parent | d67a26ba2585bd8bc74fed85e3ba0f4bc48f6f35 (diff) | |
| download | libpam-freerdp2-68df6996f7643a3de42bd56017eace016c3743e2.tar.gz libpam-freerdp2-68df6996f7643a3de42bd56017eace016c3743e2.tar.bz2 libpam-freerdp2-68df6996f7643a3de42bd56017eace016c3743e2.zip | |
Set the permissions on the socket
Diffstat (limited to 'src/pam-freerdp.c')
| -rw-r--r-- | src/pam-freerdp.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index d1a6578..2261a20 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -23,6 +23,7 @@ #include <sys/wait.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/un.h> #include <pwd.h> @@ -262,6 +263,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv goto done; } + /* Set the socket file permissions to be 600 and the user and group + to be the guest user. NOTE: This won't protect on BSD */ + if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 || + chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) { + close(socketfd); + retval = PAM_SYSTEM_ERR; + goto done; + } + /* Build this up as a buffer so we can just write it and see that very, very clearly */ int buffer_len = 0; |