Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
gdm.17417
gdm-remote-root-login-setting.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gdm-remote-root-login-setting.patch of Package gdm.17417
diff -Npur gdm-3.10.0.1-old//common/gdm-settings-keys.h gdm-3.10.0.1/common/gdm-settings-keys.h --- gdm-3.10.0.1-old//common/gdm-settings-keys.h 2015-06-16 16:58:55.000000000 +0800 +++ gdm-3.10.0.1/common/gdm-settings-keys.h 2015-06-16 17:00:56.000000000 +0800 @@ -42,6 +42,8 @@ G_BEGIN_DECLS #define GDM_KEY_INCLUDE_ALL "greeter/IncludeAll" #define GDM_KEY_DISALLOW_TCP "security/DisallowTCP" +#define GDM_KEY_ALLOW_ROOT "security/AllowRoot" +#define GDM_KEY_ALLOW_REMOTE_ROOT "security/AllowRemoteRoot" #define GDM_KEY_XDMCP_ENABLE "xdmcp/Enable" #define GDM_KEY_SHOW_LOCAL_GREETER "xdmcp/ShowLocalGreeter" diff -Npur gdm-3.10.0.1-old//common/gdm-settings-system-backend.c gdm-3.10.0.1/common/gdm-settings-system-backend.c --- gdm-3.10.0.1-old//common/gdm-settings-system-backend.c 2015-06-16 16:58:55.000000000 +0800 +++ gdm-3.10.0.1/common/gdm-settings-system-backend.c 2015-06-16 17:02:43.000000000 +0800 @@ -45,6 +45,7 @@ #define SYSCONFIG_XDMCP_KEY "DISPLAYMANAGER_REMOTE_ACCESS" #define SYSCONFIG_STARTS_XSERVER_KEY "DISPLAYMANAGER_STARTS_XSERVER" #define SYSCONFIG_PASSWORDLESS_KEY "DISPLAYMANAGER_PASSWORD_LESS_LOGIN" +#define SYSCONFIG_XDMCP_ROOT_ENABLE_KEY "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" /* Keys from sysconfig that have no equivalent in GDM: * - DISPLAYMANAGER_ROOT_LOGIN_REMOTE @@ -134,6 +135,18 @@ gdm_settings_system_backend_get_value (G val = g_strdup (tcp_open ? "false" : "true"); } } + } else if (!strcasecmp (key, GDM_KEY_ALLOW_REMOTE_ROOT)) { + const gchar *new_val; + + val = gdm_sysconfig_get_value ((const gchar **) priv->lines, SYSCONFIG_XDMCP_ROOT_ENABLE_KEY); + + if (val && !strcasecmp (val, "yes")) + new_val = "true"; + else + new_val = "false"; + + g_free (val); + val = g_strdup (new_val); } else if (!strcasecmp (key, GDM_KEY_XDMCP_ENABLE)) { if (priv->dirty_xdmcp) { val = g_strdup (priv->set_xdmcp ? "true" : "false"); diff -Npur gdm-3.10.0.1-old//daemon/gdm-session-worker.c gdm-3.10.0.1/daemon/gdm-session-worker.c --- gdm-3.10.0.1-old//daemon/gdm-session-worker.c 2015-06-16 16:58:55.000000000 +0800 +++ gdm-3.10.0.1/daemon/gdm-session-worker.c 2015-06-16 17:00:02.000000000 +0800 @@ -72,6 +72,7 @@ #include "gdm-session-auditor.h" #endif +#include "gdm-settings-keys.h" #include "gdm-session-settings.h" #define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate)) @@ -1248,10 +1249,45 @@ gdm_session_worker_authorize_user (GdmSe { int error_code; int authentication_flags; + char *username; + struct passwd *pwent = NULL; g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session", password_is_required); + gdm_session_worker_get_username (worker, &username); + if (username) { + pwent = getpwnam (username); + g_free (username); + } + + if (pwent && (pwent->pw_uid == GDM_SESSION_ROOT_UID)) { + gboolean allow_root; + + gdm_settings_direct_get_boolean (GDM_KEY_ALLOW_ROOT, &allow_root); + if (!allow_root) { + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_AUTHORIZING, + "%s", _("System administrator is not allowed to login.")); + gdm_session_worker_uninitialize_pam (worker, PAM_PERM_DENIED); + return FALSE; + } + if (!worker->priv->display_is_local) { + gboolean allow_remote_root; + + gdm_settings_direct_get_boolean (GDM_KEY_ALLOW_REMOTE_ROOT, &allow_remote_root); + if (!allow_remote_root) { + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_AUTHORIZING, + "%s", _("System administrator is not allowed to remote login.")); + gdm_session_worker_uninitialize_pam (worker, PAM_PERM_DENIED); + return FALSE; + } + } + } + authentication_flags = 0; if (password_is_required) { diff -Npur gdm-3.10.0.1-old//data/gdm.schemas.in.in gdm-3.10.0.1/data/gdm.schemas.in.in --- gdm-3.10.0.1-old//data/gdm.schemas.in.in 2015-06-16 16:58:55.000000000 +0800 +++ gdm-3.10.0.1/data/gdm.schemas.in.in 2015-06-16 17:00:02.000000000 +0800 @@ -70,6 +70,19 @@ <signature>b</signature> <default>true</default> </schema> + + <schema> + <key>security/AllowRoot</key> + <signature>b</signature> + <default>true</default> + </schema> + + <schema> + <key>security/AllowRemoteRoot</key> + <signature>b</signature> + <default>false</default> + </schema> + <schema> <key>xdmcp/Enable</key> <signature>b</signature>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor