aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-08-29 07:54:37 +0000
committerTarmac <>2012-08-29 07:54:37 +0000
commitb027ad477e7a42e6cbe3a9485d41e2c2abc57365 (patch)
treeb9fbc4e9de0258ae6cffa1f69a5ee7654e07973c
parente2dbf52d86c5c6e1734c7df1b17d8ced9589e82a (diff)
parent626a5ed1cc6421c00f103fa769ac19f867e7ed1f (diff)
downloadlibpam-x2go-b027ad477e7a42e6cbe3a9485d41e2c2abc57365.tar.gz
libpam-x2go-b027ad477e7a42e6cbe3a9485d41e2c2abc57365.tar.bz2
libpam-x2go-b027ad477e7a42e6cbe3a9485d41e2c2abc57365.zip
Set the permissions on the socket. Approved by Albert Astals Cid, jenkins.
-rw-r--r--src/pam-freerdp.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 9774bfb..df2f3c5 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -23,6 +23,7 @@
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <sys/un.h>
#include <pwd.h>
@@ -262,6 +263,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
goto done;
}
+ /* Set the socket file permissions to be 600 and the user and group
+ to be the guest user. NOTE: This won't protect on BSD */
+ if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
+ chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
+ close(socketfd);
+ retval = PAM_SYSTEM_ERR;
+ goto done;
+ }
+
/* Build this up as a buffer so we can just write it and see that
very, very clearly */
int buffer_len = 0;