aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/pam-freerdp.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 82704c5..02524fb 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -23,6 +23,7 @@
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <sys/mman.h>
#include <sys/un.h>
#include <pwd.h>
@@ -294,6 +295,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
goto done;
}
+ /* Set the socket file permissions to be 600 and the user and group
+ to be the guest user. NOTE: This won't protect on BSD */
+ if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
+ chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
+ close(socketfd);
+ retval = PAM_SYSTEM_ERR;
+ goto done;
+ }
+
/* Build this up as a buffer so we can just write it and see that
very, very clearly */
int buffer_len = 0;
@@ -377,12 +387,20 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
return PAM_IGNORE;
}
+/* LightDM likes to have this function around, but we don't need it as we
+ don't have a token hanging around. */
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv)
+{
+ return PAM_SUCCESS;
+}
+
#ifdef PAM_STATIC
struct pam_module _pam_freerdp_modstruct = {
- "pam-freerdp",
+ "pam_freerdp",
pam_sm_authenticate,
- NULL,
+ pam_sm_setcred,
NULL,
pam_sm_open_session,
pam_sm_close_session,