From 626a5ed1cc6421c00f103fa769ac19f867e7ed1f Mon Sep 17 00:00:00 2001
From: Ted Gould <ted@gould.cx>
Date: Tue, 28 Aug 2012 15:11:07 -0500
Subject: Set the permissions on the socket

---
 src/pam-freerdp.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index d1a6578..2261a20 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -23,6 +23,7 @@
 #include <sys/wait.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/un.h>
 #include <pwd.h>
 
@@ -262,6 +263,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 		goto done;
 	}
 
+	/* Set the socket file permissions to be 600 and the user and group
+	   to be the guest user.  NOTE: This won't protect on BSD */
+	if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
+			chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
+		close(socketfd);
+		retval = PAM_SYSTEM_ERR;
+		goto done;
+	}
+
 	/* Build this up as a buffer so we can just write it and see that
 	   very, very clearly */
 	int buffer_len = 0;
-- 
cgit v1.2.3