diff options
| -rw-r--r-- | src/pam-freerdp.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 82704c5..02524fb 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -23,6 +23,7 @@ #include <sys/wait.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/mman.h> #include <sys/un.h> #include <pwd.h> @@ -294,6 +295,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv goto done; } + /* Set the socket file permissions to be 600 and the user and group + to be the guest user. NOTE: This won't protect on BSD */ + if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 || + chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) { + close(socketfd); + retval = PAM_SYSTEM_ERR; + goto done; + } + /* Build this up as a buffer so we can just write it and see that very, very clearly */ int buffer_len = 0; @@ -377,12 +387,20 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv return PAM_IGNORE; } +/* LightDM likes to have this function around, but we don't need it as we + don't have a token hanging around. */ +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv) +{ + return PAM_SUCCESS; +} + #ifdef PAM_STATIC struct pam_module _pam_freerdp_modstruct = { - "pam-freerdp", + "pam_freerdp", pam_sm_authenticate, - NULL, + pam_sm_setcred, NULL, pam_sm_open_session, pam_sm_close_session, |