diff options
author | Ted Gould <ted@gould.cx> | 2012-08-29 07:54:37 +0000 |
---|---|---|
committer | Tarmac <> | 2012-08-29 07:54:37 +0000 |
commit | b027ad477e7a42e6cbe3a9485d41e2c2abc57365 (patch) | |
tree | b9fbc4e9de0258ae6cffa1f69a5ee7654e07973c | |
parent | e2dbf52d86c5c6e1734c7df1b17d8ced9589e82a (diff) | |
parent | 626a5ed1cc6421c00f103fa769ac19f867e7ed1f (diff) | |
download | libpam-x2go-b027ad477e7a42e6cbe3a9485d41e2c2abc57365.tar.gz libpam-x2go-b027ad477e7a42e6cbe3a9485d41e2c2abc57365.tar.bz2 libpam-x2go-b027ad477e7a42e6cbe3a9485d41e2c2abc57365.zip |
Set the permissions on the socket. Approved by Albert Astals Cid, jenkins.
-rw-r--r-- | src/pam-freerdp.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 9774bfb..df2f3c5 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -23,6 +23,7 @@ #include <sys/wait.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/un.h> #include <pwd.h> @@ -262,6 +263,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv goto done; } + /* Set the socket file permissions to be 600 and the user and group + to be the guest user. NOTE: This won't protect on BSD */ + if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 || + chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) { + close(socketfd); + retval = PAM_SYSTEM_ERR; + goto done; + } + /* Build this up as a buffer so we can just write it and see that very, very clearly */ int buffer_len = 0; |