/*
* Figure out the fully qualified network name for the given uid.
* This is a private interface.
*/
int
__getnetnamebyuid(char name[MAXNETNAMELEN + 1], uid_t uid)
{
if (uid == 0)
return (host2netname(name, NULL, NULL));
return (user2netname(name, uid, NULL));
}
/*
* Figure out my fully qualified network name
*/
int
getnetname(char name[MAXNETNAMELEN + 1])
{
uid_t uid;
uid = geteuid();
if (uid == 0)
return (host2netname(name, NULL, NULL));
return (user2netname(name, uid, NULL));
}
/*
* Figure out my fully qualified network name
*/
int
getnetname(char name[MAXNETNAMELEN+1])
{
uid_t uid;
uid = geteuid();
if (uid == 0) {
return (host2netname(name, (char *) NULL, (char *) NULL));
} else {
return (user2netname(name, uid, (char *) NULL));
}
}
int
getnetname (char name[MAXNETNAMELEN + 1])
{
uid_t uid;
int dummy;
uid = __geteuid ();
if (uid == 0)
dummy = host2netname (name, NULL, NULL);
else
dummy = user2netname (name, uid, NULL);
return (dummy);
}
static int
change_host(Display *dpy, char *name, Bool add)
{
XHostAddress ha;
char *lname;
int namelen, i, family = FamilyWild;
#ifdef K5AUTH
krb5_principal princ;
krb5_data kbuf;
#endif
#ifdef NEEDSOCKETS
#ifndef AMTCPCONN
static struct in_addr addr; /* so we can point at it */
#if defined(IPv6) && defined(AF_INET6)
static struct in6_addr addr6; /* so we can point at it */
#else
struct hostent *hp;
#endif
#else
static ipaddr_t addr;
#endif
#endif
char *cp;
#ifdef DNETCONN
struct dn_naddr *dnaddrp;
struct nodeent *np;
static struct dn_naddr dnaddr;
#endif /* DNETCONN */
static char *add_msg = "being added to access control list";
static char *remove_msg = "being removed from access control list";
namelen = strlen(name);
if ((lname = (char *)malloc(namelen+1)) == NULL) {
fprintf (stderr, "%s: malloc bombed in change_host\n", ProgramName);
exit (1);
}
for (i = 0; i < namelen; i++) {
lname[i] = tolower(name[i]);
}
lname[namelen] = '\0';
if (!strncmp("inet:", lname, 5)) {
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(AMTCPCONN)
family = FamilyInternet;
name += 5;
#else
fprintf (stderr, "%s: not compiled for TCP/IP\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("inet6:", lname, 6)) {
#if (defined(TCPCONN) || defined(STREAMSCONN)) && \
defined(IPv6) && defined(AF_INET6)
family = FamilyInternet6;
name += 6;
#else
fprintf (stderr, "%s: not compiled for IPv6\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("dnet:", lname, 5)) {
#ifdef DNETCONN
family = FamilyDECnet;
name += 5;
#else
fprintf (stderr, "%s: not compiled for DECnet\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("nis:", lname, 4)) {
#ifdef SECURE_RPC
family = FamilyNetname;
name += 4;
#else
fprintf (stderr, "%s: not compiled for Secure RPC\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("krb:", lname, 4)) {
#ifdef K5AUTH
family = FamilyKrb5Principal;
name +=4;
#else
fprintf (stderr, "%s: not compiled for Kerberos 5\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("local:", lname, 6)) {
family = FamilyLocalHost;
}
if (family == FamilyWild && (cp = strchr(lname, ':'))) {
*cp = '\0';
fprintf (stderr, "%s: unknown address family \"%s\"\n",
ProgramName, lname);
return 0;
}
free(lname);
#ifdef DNETCONN
if (family == FamilyDECnet ||
(cp = strchr(name, ':')) && (*(cp + 1) == ':') &&
!(*cp = '\0')) {
ha.family = FamilyDECnet;
if (dnaddrp = dnet_addr(name)) {
dnaddr = *dnaddrp;
} else {
if ((np = getnodebyname (name)) == NULL) {
fprintf (stderr, "%s: unable to get node name for \"%s::\"\n",
ProgramName, name);
return 0;
}
dnaddr.a_len = np->n_length;
memmove( dnaddr.a_addr, np->n_addr, np->n_length);
}
ha.length = sizeof(struct dn_naddr);
ha.address = (char *)&dnaddr;
if (add) {
XAddHost (dpy, &ha);
printf ("%s:: %s\n", name, add_msg);
} else {
XRemoveHost (dpy, &ha);
printf ("%s:: %s\n", name, remove_msg);
}
return 1;
}
#endif /* DNETCONN */
#ifdef K5AUTH
if (family == FamilyKrb5Principal) {
krb5_error_code retval;
retval = krb5_parse_name(name, &princ);
if (retval) {
krb5_init_ets(); /* init krb errs for error_message() */
fprintf(stderr, "%s: cannot parse Kerberos name: %s\n",
ProgramName, error_message(retval));
return 0;
}
XauKrb5Encode(princ, &kbuf);
ha.length = kbuf.length;
ha.address = kbuf.data;
ha.family = family;
if (add)
XAddHost(dpy, &ha);
else
XRemoveHost(dpy, &ha);
krb5_free_principal(princ);
free(kbuf.data);
printf( "%s %s\n", name, add ? add_msg : remove_msg);
return 1;
}
#endif
if (family == FamilyLocalHost) {
ha.length = 0;
ha.address = "";
ha.family = family;
if (add)
XAddHost(dpy, &ha);
else
XRemoveHost(dpy, &ha);
printf( "non-network local connections %s\n", add ? add_msg : remove_msg);
return 1;
}
/*
* If it has an '@', it's a netname
*/
if ((family == FamilyNetname && (cp = strchr(name, '@'))) ||
(cp = strchr(name, '@'))) {
char *netname = name;
#ifdef SECURE_RPC
static char username[MAXNETNAMELEN];
if (!cp[1]) {
struct passwd *pwd;
static char domainname[128];
*cp = '\0';
pwd = getpwnam(name);
if (!pwd) {
fprintf(stderr, "no such user \"%s\"\n", name);
return 0;
}
getdomainname(domainname, sizeof(domainname));
if (!user2netname(username, pwd->pw_uid, domainname)) {
fprintf(stderr, "failed to get netname for \"%s\"\n", name);
return 0;
}
netname = username;
}
#endif
ha.family = FamilyNetname;
ha.length = strlen(netname);
ha.address = netname;
if (add)
XAddHost (dpy, &ha);
else
XRemoveHost (dpy, &ha);
if (netname != name)
printf ("%s@ (%s) %s\n", name, netname, add ? add_msg : remove_msg);
else
printf ("%s %s\n", netname, add ? add_msg : remove_msg);
return 1;
}
#ifdef NEEDSOCKETS
/*
* First see if inet_addr() can grok the name; if so, then use it.
*/
#ifndef AMTCPCONN
if (((family == FamilyWild) || (family == FamilyInternet)) &&
((addr.s_addr = inet_addr(name)) != -1)) {
#else
if (((family == FamilyWild) || (family == FamilyInternet)) &&
((addr = inet_addr(name)) != -1)) {
#endif
ha.family = FamilyInternet;
ha.length = 4; /* but for Cray would be sizeof(addr.s_addr) */
ha.address = (char *)&addr; /* but for Cray would be &addr.s_addr */
if (add) {
XAddHost (dpy, &ha);
printf ("%s %s\n", name, add_msg);
} else {
XRemoveHost (dpy, &ha);
printf ("%s %s\n", name, remove_msg);
}
return 1;
}
#if defined(IPv6) && defined(AF_INET6)
/*
* Check to see if inet_pton() can grok it as an IPv6 address
*/
else if (((family == FamilyWild) || (family == FamilyInternet6)) &&
(inet_pton(AF_INET6, name, &addr6.s6_addr) == 1)) {
ha.family = FamilyInternet6;
ha.length = sizeof(addr6.s6_addr);
ha.address = (char *) &addr6.s6_addr;
if (add) {
XAddHost (dpy, &ha);
printf ("%s %s\n", name, add_msg);
} else {
XRemoveHost (dpy, &ha);
printf ("%s %s\n", name, remove_msg);
}
return 1;
} else {
/*
* Is it in the namespace?
*
* If no family was specified, use both Internet v4 & v6 addresses.
* Otherwise, use only addresses matching specified family.
*/
struct addrinfo *addresses;
struct addrinfo *a;
Bool didit = False;
if (getaddrinfo(name, NULL, NULL, &addresses) != 0)
return 0;
for (a = addresses; a != NULL; a = a->ai_next) {
if ( ((a->ai_family == AF_INET) && (family != FamilyInternet6))
|| ((a->ai_family == AF_INET6) && (family != FamilyInternet)) ) {
char ad[INET6_ADDRSTRLEN];
ha.family = XFamily(a->ai_family);
if (a->ai_family == AF_INET6) {
ha.address = (char *)
&((struct sockaddr_in6 *) a->ai_addr)->sin6_addr;
ha.length =
sizeof (((struct sockaddr_in6 *) a->ai_addr)->sin6_addr);
} else {
ha.address = (char *)
&((struct sockaddr_in *) a->ai_addr)->sin_addr;
ha.length =
sizeof (((struct sockaddr_in *) a->ai_addr)->sin_addr);
}
inet_ntop(a->ai_family, ha.address, ad, sizeof(ad));
/* printf("Family: %d\nLength: %d\n", a->ai_family, ha.length); */
/* printf("Address: %s\n", ad); */
if (add) {
XAddHost (dpy, &ha);
} else {
XRemoveHost (dpy, &ha);
}
didit = True;
}
}
if (didit == True) {
printf ("%s %s\n", name, add ? add_msg : remove_msg);
} else {
const char *familyMsg = "";
if (family == FamilyInternet6) {
familyMsg = "inet6 ";
} else if (family == FamilyInternet) {
familyMsg = "inet ";
}
fprintf(stderr, "%s: unable to get %saddress for \"%s\"\n",
ProgramName, familyMsg, name);
}
freeaddrinfo(addresses);
return 1;
}
#else /* !IPv6 */
/*
* Is it in the namespace?
*/
else if (((hp = gethostbyname(name)) == (struct hostent *)NULL)
|| hp->h_addrtype != AF_INET) {
return 0;
} else {
ha.family = XFamily(hp->h_addrtype);
ha.length = hp->h_length;
#ifdef h_addr /* new 4.3bsd version of gethostent */
{
char **list;
/* iterate over the hosts */
for (list = hp->h_addr_list; *list; list++) {
ha.address = *list;
if (add) {
XAddHost (dpy, &ha);
} else {
XRemoveHost (dpy, &ha);
}
}
}
#else
ha.address = hp->h_addr;
if (add) {
XAddHost (dpy, &ha);
} else {
XRemoveHost (dpy, &ha);
}
#endif
printf ("%s %s\n", name, add ? add_msg : remove_msg);
return 1;
}
#endif /* IPv6 */
#else /* NEEDSOCKETS */
return 0;
#endif /* NEEDSOCKETS */
}
int
main(int argc, char **argv)
{
char name[MAXNETNAMELEN+1];
char public[HEXKEYBYTES + 1];
char secret[HEXKEYBYTES + 1];
char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
int status;
char *pass;
struct passwd *pw;
uid_t uid;
int force = 0;
int ch;
#ifdef YP
char *master;
#endif
while ((ch = getopt(argc, argv, "f")) != -1)
switch(ch) {
case 'f':
force = 1;
break;
default:
usage();
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
#ifdef YP
yp_get_default_domain(&domain);
if (yp_master(domain, PKMAP, &master) != 0)
errx(1, "can't find master of publickey database");
#endif
uid = getuid() /*geteuid()*/;
if (uid == 0) {
if (host2netname(name, NULL, NULL) == 0)
errx(1, "cannot convert hostname to netname");
} else {
if (user2netname(name, uid, NULL) == 0)
errx(1, "cannot convert username to netname");
}
printf("Generating new key for %s.\n", name);
if (!force) {
if (uid != 0) {
#ifdef YPPASSWD
pw = ypgetpwuid(uid);
#else
pw = getpwuid(uid);
#endif
if (pw == NULL) {
#ifdef YPPASSWD
errx(1,
"no NIS password entry found: can't change key");
#else
errx(1,
"no password entry found: can't change key");
#endif
}
} else {
pw = getpwuid(0);
if (pw == NULL)
errx(1, "no password entry found: can't change key");
}
}
pass = getpass("Password:"******"invalid password");
}
#else
force = 1; /* Make this mandatory */
#endif
genkeys(public, secret, pass);
memcpy(crypt1, secret, HEXKEYBYTES);
memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
xencrypt(crypt1, pass);
if (force) {
memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
xdecrypt(crypt2, getpass("Retype password:"******"password incorrect");
}
#ifdef YP
printf("Sending key change request to %s...\n", master);
#endif
status = setpublicmap(name, public, crypt1);
if (status != 0) {
#ifdef YP
errx(1, "unable to update NIS database (%u): %s",
status, yperr_string(status));
#else
errx(1, "unable to update publickey database");
#endif
}
if (uid == 0) {
/*
* Root users store their key in /etc/$ROOTKEY so
* that they can auto reboot without having to be
* around to type a password. Storing this in a file
* is rather dubious: it should really be in the EEPROM
* so it does not go over the net.
*/
int fd;
fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
if (fd < 0) {
warn("%s", ROOTKEY);
} else {
char newline = '\n';
if (write(fd, secret, strlen(secret)) < 0 ||
write(fd, &newline, sizeof(newline)) < 0)
warn("%s: write", ROOTKEY);
}
}
if (key_setsecret(secret) < 0)
errx(1, "unable to login with new secret key");
printf("Done.\n");
exit(0);
/* NOTREACHED */
}
int
startClient( volatile int *pid )
{
const char *home, *sessargs, *desksess;
char **env, *xma;
char **argv, *fname, *str;
#ifdef USE_PAM
char ** volatile pam_env;
# ifndef HAVE_PAM_GETENVLIST
char **saved_env;
# endif
int pretc;
#else
# ifdef _AIX
char *msg;
char **theenv;
extern char **newenv; /* from libs.a, this is set up by setpenv */
# endif
#endif
#ifdef HAVE_SETUSERCONTEXT
extern char **environ;
#endif
char *failsafeArgv[2];
char *buf, *buf2;
int i;
if (strCmp( dmrcuser, curuser )) {
if (curdmrc) { free( curdmrc ); curdmrc = 0; }
if (dmrcuser) { free( dmrcuser ); dmrcuser = 0; }
}
#if defined(USE_PAM) || defined(_AIX)
if (!(p = getpwnam( curuser ))) {
logError( "getpwnam(%s) failed.\n", curuser );
pError:
displayStr( V_MSG_ERR, 0 );
return 0;
}
#endif
#ifndef USE_PAM
# ifdef _AIX
msg = NULL;
loginsuccess( curuser, hostname, tty, &msg );
if (msg) {
debug( "loginsuccess() - %s\n", msg );
free( (void *)msg );
}
# else /* _AIX */
# if defined(KERBEROS) && defined(AFS)
if (krbtkfile[0] != '\0') {
if (k_hasafs()) {
int fail = 0;
if (k_setpag() == -1) {
logError( "setpag() for %s failed\n", curuser );
fail = 1;
}
if ((ret = k_afsklog( NULL, NULL )) != KSUCCESS) {
logError( "AFS Warning: %s\n", krb_get_err_text( ret ) );
fail = 1;
}
if (fail)
displayMsg( V_MSG_ERR,
"Warning: Problems during Kerberos4/AFS setup." );
}
}
# endif /* KERBEROS && AFS */
# endif /* _AIX */
#endif /* !PAM */
curuid = p->pw_uid;
curgid = p->pw_gid;
env = baseEnv( curuser );
xma = 0;
strApp( &xma, "method=", curtype, (char *)0 );
if (td_setup)
strApp( &xma, ",auto", (char *)0 );
if (xma) {
env = setEnv( env, "XDM_MANAGED", xma );
free( xma );
}
if (td->autoLock && cursource == PWSRC_AUTOLOGIN)
env = setEnv( env, "DESKTOP_LOCKED", "true" );
env = setEnv( env, "PATH", curuid ? td->userPath : td->systemPath );
env = setEnv( env, "SHELL", p->pw_shell );
env = setEnv( env, "HOME", p->pw_dir );
#if !defined(USE_PAM) && !defined(_AIX) && defined(KERBEROS)
if (krbtkfile[0] != '\0')
env = setEnv( env, "KRBTKFILE", krbtkfile );
#endif
userEnviron = inheritEnv( env, envvars );
env = systemEnv( curuser );
systemEnviron = setEnv( env, "HOME", p->pw_dir );
debug( "user environment:\n%[|''>'\n's"
"system environment:\n%[|''>'\n's"
"end of environments\n",
userEnviron,
systemEnviron );
/*
* for user-based authorization schemes,
* add the user to the server's allowed "hosts" list.
*/
for (i = 0; i < td->authNum; i++) {
#ifdef SECURE_RPC
if (td->authorizations[i]->name_length == 9 &&
!memcmp( td->authorizations[i]->name, "SUN-DES-1", 9 ))
{
XHostAddress addr;
char netname[MAXNETNAMELEN+1];
char domainname[MAXNETNAMELEN+1];
getdomainname( domainname, sizeof(domainname) );
user2netname( netname, curuid, domainname );
addr.family = FamilyNetname;
addr.length = strlen( netname );
addr.address = netname;
XAddHost( dpy, &addr );
}
#endif
#ifdef K5AUTH
if (td->authorizations[i]->name_length == 14 &&
!memcmp( td->authorizations[i]->name, "MIT-KERBEROS-5", 14 ))
{
/* Update server's auth file with user-specific info.
* Don't need to AddHost because X server will do that
* automatically when it reads the cache we are about
* to point it at.
*/
XauDisposeAuth( td->authorizations[i] );
td->authorizations[i] =
krb5GetAuthFor( 14, "MIT-KERBEROS-5", td->name );
saveServerAuthorizations( td, td->authorizations, td->authNum );
}
#endif
}
if (*dmrcDir)
mergeSessionArgs( TRUE );
debug( "now starting the session\n" );
#ifdef USE_PAM
# ifdef HAVE_SETUSERCONTEXT
if (setusercontext( lc, p, p->pw_uid, LOGIN_SETGROUP )) {
logError( "setusercontext(groups) for %s failed: %m\n",
curuser );
goto pError;
}
# else
if (!setGid( curuser, curgid ))
goto pError;
# endif
# ifndef HAVE_PAM_GETENVLIST
if (!(pam_env = initStrArr( 0 ))) {
resetGids();
goto pError;
}
saved_env = environ;
environ = pam_env;
# endif
removeCreds = 1; /* set it first - i don't trust PAM's rollback */
pretc = pam_setcred( pamh, 0 );
reInitErrorLog();
# ifndef HAVE_PAM_GETENVLIST
pam_env = environ;
environ = saved_env;
# endif
# ifdef HAVE_INITGROUPS
/* This seems to be a strange place for it, but do it:
- after the initial groups are set
- after pam_setcred might have set something, even in the error case
- before pam_setcred(DELETE_CRED) might need it
*/
if (!saveGids())
goto pError;
# endif
if (pretc != PAM_SUCCESS) {
logError( "pam_setcred() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
resetGids();
return 0;
}
removeSession = 1; /* set it first - same as above */
pretc = pam_open_session( pamh, 0 );
reInitErrorLog();
if (pretc != PAM_SUCCESS) {
logError( "pam_open_session() for %s failed: %s\n",
curuser, pam_strerror( pamh, pretc ) );
resetGids();
return 0;
}
/* we don't want sessreg and the startup/reset scripts run with user
credentials. unfortunately, we can reset only the gids. */
resetGids();
# define D_LOGIN_SETGROUP LOGIN_SETGROUP
#else /* USE_PAM */
# define D_LOGIN_SETGROUP 0
#endif /* USE_PAM */
removeAuth = 1;
chownCtrl( &td->ctrl, curuid );
endpwent();
#if !defined(USE_PAM) && defined(USESHADOW) && !defined(_AIX)
endspent();
#endif
ctltalk.pipe = &ctlpipe;
ASPrintf( &buf, "sub-daemon for display %s", td->name );
ASPrintf( &buf2, "client for display %s", td->name );
switch (gFork( &ctlpipe, buf, buf2, 0, 0, mstrtalk.pipe, pid )) {
case 0:
gCloseOnExec( ctltalk.pipe );
if (Setjmp( ctltalk.errjmp ))
exit( 1 );
gCloseOnExec( mstrtalk.pipe );
if (Setjmp( mstrtalk.errjmp ))
goto cError;
#ifndef NOXDMTITLE
setproctitle( "%s'", td->name );
#endif
strApp( &prog, " '", (char *)0 );
reInitErrorLog();
setsid();
sessreg( td, getpid(), curuser, curuid );
/* We do this here, as we want to have the session as parent. */
switch (source( systemEnviron, td->startup, td_setup )) {
case 0:
break;
case wcCompose( 0, 0, 127 ):
goto cError;
default: /* Explicit failure => message already displayed. */
logError( "Startup script returned non-zero exit code\n" );
exit( 1 );
}
/* Memory leaks are ok here as we exec() soon. */
#if defined(USE_PAM) || !defined(_AIX)
# ifdef USE_PAM
/* pass in environment variables set by libpam and modules it called */
# ifdef HAVE_PAM_GETENVLIST
pam_env = pam_getenvlist( pamh );
reInitErrorLog();
# endif
if (pam_env)
for (; *pam_env; pam_env++)
userEnviron = putEnv( *pam_env, userEnviron );
# endif
# ifdef HAVE_SETLOGIN
if (setlogin( curuser ) < 0) {
logError( "setlogin for %s failed: %m\n", curuser );
goto cError;
}
# define D_LOGIN_SETLOGIN LOGIN_SETLOGIN
# else
# define D_LOGIN_SETLOGIN 0
# endif
# if defined(USE_PAM) && defined(HAVE_INITGROUPS)
if (!restoreGids())
goto cError;
# endif
# ifndef HAVE_SETUSERCONTEXT
# ifdef USE_PAM
if (!setUid( curuser, curuid ))
goto cError;
# else
if (!setUser( curuser, curuid, curgid ))
goto cError;
# endif
# else /* !HAVE_SETUSERCONTEXT */
/*
* Destroy environment.
* We need to do this before setusercontext() because that may
* set or reset some environment variables.
*/
if (!(environ = initStrArr( 0 )))
goto cError;
/*
* Set the user's credentials: uid, gid, groups,
* environment variables, resource limits, and umask.
*/
if (setusercontext( lc, p, p->pw_uid,
LOGIN_SETALL & ~(D_LOGIN_SETGROUP|D_LOGIN_SETLOGIN) ) < 0)
{
logError( "setusercontext for %s failed: %m\n", curuser );
goto cError;
}
for (i = 0; environ[i]; i++)
userEnviron = putEnv( environ[i], userEnviron );
# endif /* !HAVE_SETUSERCONTEXT */
#else /* PAM || !_AIX */
/*
* Set the user's credentials: uid, gid, groups,
* audit classes, user limits, and umask.
*/
if (setpcred( curuser, NULL ) == -1) {
logError( "setpcred for %s failed: %m\n", curuser );
goto cError;
}
/*
* Set the users process environment. Store protected variables and
* obtain updated user environment list. This call will initialize
* global 'newenv'.
*/
if (setpenv( curuser, PENV_INIT | PENV_ARGV | PENV_NOEXEC,
userEnviron, NULL ) != 0)
{
logError( "Cannot set %s's process environment\n", curuser );
goto cError;
}
userEnviron = newenv;
#endif /* _AIX */
/*
* for user-based authorization schemes,
* use the password to get the user's credentials.
*/
#ifdef SECURE_RPC
/* do like "keylogin" program */
if (!curpass[0])
logInfo( "No password for NIS provided.\n" );
else {
char netname[MAXNETNAMELEN+1], secretkey[HEXKEYBYTES+1];
int nameret, keyret;
int len;
int key_set_ok = 0;
struct key_netstarg netst;
nameret = getnetname( netname );
debug( "user netname: %s\n", netname );
len = strlen( curpass );
if (len > 8)
bzero( curpass + 8, len - 8 );
keyret = getsecretkey( netname, secretkey, curpass );
debug( "getsecretkey returns %d, key length %d\n",
keyret, strlen( secretkey ) );
netst.st_netname = netname;
memcpy( netst.st_priv_key, secretkey, HEXKEYBYTES );
memset( netst.st_pub_key, 0, HEXKEYBYTES );
if (key_setnet( &netst ) < 0)
debug( "Could not set secret key.\n" );
/* is there a key, and do we have the right password? */
if (keyret == 1) {
if (*secretkey) {
keyret = key_setsecret( secretkey );
debug( "key_setsecret returns %d\n", keyret );
if (keyret == -1)
logError( "Failed to set NIS secret key\n" );
else
key_set_ok = 1;
} else {
/* found a key, but couldn't interpret it */
logError( "Password incorrect for NIS principal %s\n",
nameret ? netname : curuser );
}
}
if (!key_set_ok)
nukeAuth( 9, "SUN-DES-1" );
bzero( secretkey, strlen( secretkey ) );
}
#endif
#ifdef K5AUTH
/* do like "kinit" program */
if (!curpass[0])
logInfo( "No password for Kerberos5 provided.\n" );
else
if ((str = krb5Init( curuser, curpass, td->name )))
userEnviron = setEnv( userEnviron, "KRB5CCNAME", str );
else
nukeAuth( 14, "MIT-KERBEROS-5" );
#endif /* K5AUTH */
if (td->autoReLogin) {
gSet( &mstrtalk );
gSendInt( D_ReLogin );
gSendStr( curuser );
gSendStr( curpass );
gSendStr( newdmrc );
}
if (curpass)
bzero( curpass, strlen( curpass ) );
setUserAuthorization( td );
home = getEnv( userEnviron, "HOME" );
if (home && chdir( home ) < 0) {
logError( "Cannot chdir to %s's home %s: %m\n", curuser, home );
sendStr( V_MSG_ERR, "Cannot enter home directory. Using /.\n" );
chdir( "/" );
userEnviron = setEnv( userEnviron, "HOME", "/" );
home = 0;
}
if (home || td->clientLogFile[0] == '/') {
if (!createClientLog( td->clientLogFile )) {
logWarn( "Session log file according to %s cannot be created: %m\n",
td->clientLogFile );
goto tmperr;
}
} else {
tmperr:
if (!createClientLog( td->clientLogFallback ))
logError( "Fallback session log file according to %s cannot be created: %m\n",
td->clientLogFallback );
/* Could inform the user, but I guess this is only confusing. */
}
if (!*dmrcDir)
mergeSessionArgs( home != 0 );
if (!(desksess = iniEntry( curdmrc, "Desktop", "Session", 0 )))
desksess = "failsafe"; /* only due to OOM */
gSet( &mstrtalk );
gSendInt( D_User );
gSendInt( curuid );
gSendStr( curuser );
gSendStr( desksess );
close( mstrtalk.pipe->fd.w );
userEnviron = setEnv( userEnviron, "DESKTOP_SESSION", desksess );
for (i = 0; td->sessionsDirs[i]; i++) {
fname = 0;
if (strApp( &fname, td->sessionsDirs[i], "/", desksess, ".desktop", (char *)0 )) {
if ((str = iniLoad( fname ))) {
if (!strCmp( iniEntry( str, "Desktop Entry", "Hidden", 0 ), "true" ) ||
!(sessargs = iniEntry( str, "Desktop Entry", "Exec", 0 )))
sessargs = "";
free( str );
free( fname );
goto gotit;
}
free( fname );
}
}
if (!strcmp( desksess, "failsafe" ) ||
!strcmp( desksess, "default" ) ||
!strcmp( desksess, "custom" ))
sessargs = desksess;
else
sessargs = "";
gotit:
if (!(argv = parseArgs( (char **)0, td->session )) ||
!(argv = addStrArr( argv, sessargs, -1 )))
exit( 1 );
if (argv[0] && *argv[0]) {
debug( "executing session %\"[s\n", argv );
execute( argv, userEnviron );
logError( "Session %\"s execution failed: %m\n", argv[0] );
} else
logError( "Session has no command/arguments\n" );
failsafeArgv[0] = td->failsafeClient;
failsafeArgv[1] = 0;
execute( failsafeArgv, userEnviron );
logError( "Failsafe client %\"s execution failed: %m\n",
failsafeArgv[0] );
cError:
sendStr( V_MSG_ERR, 0 );
exit( 1 );
case -1:
free( buf );
return 0;
}
debug( "StartSession, fork succeeded %d\n", *pid );
free( buf );
gSet( &ctltalk );
if (!Setjmp( ctltalk.errjmp ))
while (gRecvCmd( &i )) {
buf = gRecvStr();
displayStr( i, buf );
free( buf );
gSet( &ctltalk );
gSendInt( 0 );
}
gClosen( ctltalk.pipe );
finishGreet();
return 1;
}
