From: Vladislav Zavjalov <slazav@altlinux.org>
To: devel@lists.altlinux.org
Subject: Re: [devel] ConsoleKit и DM policy
Date: Wed, 16 Dec 2009 14:56:39 +0300
Message-ID: <4B28CAF7.30402@altlinux.org> (raw)
In-Reply-To: <a4ab440f0912160319j62102062j4780e11e20ee168@mail.gmail.com>
On 12/16/09 14:19, Mykola S. Grechukh wrote:
> 16 декабря 2009 г. 11:14 пользователь Michael Shigorin<> написал:
>> On Mon, Dec 14, 2009 at 03:57:08PM +0200, Igor Vlasenko wrote:
>>> Уважаемые коллеги, смотрел
>>> https://bugzilla.altlinux.org/show_bug.cgi?id=22447
>>> по поводу регистрирации сессий в Console Kit.
>>> Если сервисы начинают предоставляться в зависимости
>>> от Console Kit, то втихую этого нельзя делать.
>>
>> И кстати, не только dm -- на 5.1/branch пойманы проблемы
>> с флэшками в KDE3, запущенном при помощи startx.
>
> Именно поэтому в федорке вызовы ck-init засунуты прямо в скриты
> xinitrc. У нас pam_ck_connector, но он не помогает для startx.
Хорошо бы, наверное, все сделать через pam_ck_connector...
Для startx есть /etc/pam.d/xserver, но он у нас отключен.
xorg-server/os/utils.c:
...
/*
* CheckUserAuthorization: check if the user is allowed to start the
* X server. This usually means some sort of PAM checking, and it is
* usually only done for setuid servers (uid != euid).
*/
#ifdef USE_PAM
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <pwd.h>
#endif /* USE_PAM */
void
CheckUserAuthorization(void)
{
#ifdef USE_PAM
static struct pam_conv conv = {
misc_conv,
NULL
};
pam_handle_t *pamh = NULL;
struct passwd *pw;
int retval;
if (getuid() != geteuid()) {
pw = getpwuid(getuid());
if (pw == NULL)
FatalError("getpwuid() failed for uid %d\n", getuid());
retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
if (retval != PAM_SUCCESS)
FatalError("pam_start() failed.\n"
"\tMissing or mangled PAM config file or
module?\n");
retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end(pamh, retval);
FatalError("PAM authentication failed, cannot start X
server.\n"
"\tPerhaps you do not have console ownership?\n");
}
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end(pamh, retval);
FatalError("PAM authentication failed, cannot start X
server.\n"
"\tPerhaps you do not have console ownership?\n");
}
/* this is not a session, so do not do session management */
pam_end(pamh, PAM_SUCCESS);
}
#endif
}
...
next prev parent reply other threads:[~2009-12-16 11:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-14 13:57 Igor Vlasenko
2009-12-16 11:14 ` Michael Shigorin
2009-12-16 11:19 ` Mykola S. Grechukh
2009-12-16 11:56 ` Vladislav Zavjalov [this message]
2009-12-16 12:08 ` Sergey V Turchin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B28CAF7.30402@altlinux.org \
--to=slazav@altlinux.org \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git