[PATCH:xdm] Check for allowRootLogin on PAM and non-OpenBSD passwd authentication backends
Julien Cristau
jcristau at debian.org
Wed Mar 17 18:08:29 PDT 2010
On Tue, Mar 16, 2010 at 17:01:22 -0700, Alan Coopersmith wrote:
> diff --git a/greeter/verify.c b/greeter/verify.c
> index 73493ca..6e3f14b 100644
> --- a/greeter/verify.c
> +++ b/greeter/verify.c
> @@ -350,6 +350,16 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
> return 0;
> }
>
> + /*
> + * Only accept root logins if allowRootLogin resource is not false
> + */
> + if ((p->pw_uid == 0) && !greet->allow_root_login) {
> + Debug("root logins not allowed\n");
> + if (greet->password != NULL)
> + bzero(greet->password, strlen(greet->password));
> + return 0;
> + }
> +
I guess there's no way to avoid having that code twice in Verify()?
On a related note, the /etc/shells check is also restricted to OpenBSD,
although it looks like it makes sense for more than that. Likewise for
the expired password check, I guess. Then again, PAM can check that for
me, so meh.
Cheers,
Julien
More information about the xorg-devel
mailing list