aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-08-20 14:44:42 -0500
committerTed Gould <ted@gould.cx>2012-08-20 14:44:42 -0500
commitc5889e2f6801c8454ce20d844f7e3f5b6c9543cb (patch)
tree80b696b8887e9086a8e140e7717b9806e24ea587
parent200ccab9283410f1ddf65cce7d0f1b77dc5dcbcf (diff)
downloadlibpam-x2go-c5889e2f6801c8454ce20d844f7e3f5b6c9543cb.tar.gz
libpam-x2go-c5889e2f6801c8454ce20d844f7e3f5b6c9543cb.tar.bz2
libpam-x2go-c5889e2f6801c8454ce20d844f7e3f5b6c9543cb.zip
Make sure we're running as the guest user before we execute the freerdp utility
-rw-r--r--src/pam-freerdp.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 7bd2657..189c82f 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -122,12 +122,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
struct passwd * pwdent = getpwnam(username);
if (pwdent == NULL) {
- _exit(-1);
+ _exit(EXIT_FAILURE);
+ }
+
+ if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
+ setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
+ _exit(EXIT_FAILURE);
}
setenv("HOME", pwdent->pw_dir, 1);
- /* TODO: Drop privs */
execvp(args[0], args);
_exit(EXIT_FAILURE);
break;