Date: Fri, 28 Apr 2006 02:55:50 +0400 From: "Boris B. Samorodov" <bsam@ipt.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/96436: [patch] x11/xorg-clients: logging on xdm with pam_krb does not create a ticket file Message-ID: <E1FZFOo-000Jt5-Qz@srv.sem.ipt.ru> Resent-Message-ID: <200604272300.k3RN0YXr087197@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 96436 >Category: ports >Synopsis: [patch] x11/xorg-clients: logging on xdm with pam_krb does not create a ticket file >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Apr 27 23:00:34 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Boris B. Samorodov >Release: FreeBSD 6.1-RC i386 >Organization: InPharmTech, Co. http://www.ipt.ru >Environment: System: FreeBSD srv.sem.ipt.ru 6.1-RC FreeBSD 6.1-RC #1: Fri Apr 14 18:29:53 MSD 2006 bsam@srv.sem.ipt.ru:/usr/obj/usr/src/sys/SRV i386 >Description: Current xdm code doesn't create a ticket file when logging on xdm using pam_krb5. You are authenticated by kerberos, get the GUI. But not the ticket file. The function pam_setcred() at xdm/session.c is never reached. Note: I can't say that it is a good solution -- just to copy the code which is never reached to a new place. But it works for me. >How-To-Repeat: 1. Install x11/xorg-clients. 2. Create a kerberos account at KDC. 3. Uncomment next line at /etc/pam.d/xdm: auth sufficient pam_krb5.so try_first_pass 4. Load xdm. 5. Login on xdm with kerberos account. 6. Run klist. (No ticket file) >Fix: The patch is relative to the port: # cd ports/x11 # patch -p0 < _the_patch_ <delete xorg-clients/*.orig, xorg-clients/files/*.orig> ===== the patch begins here ===== diff -ruN xorg-clients.orig/Makefile xorg-clients/Makefile --- xorg-clients.orig/Makefile Fri Apr 28 02:28:18 2006 +++ xorg-clients/Makefile Fri Apr 28 02:29:30 2006 @@ -7,7 +7,7 @@ PORTNAME= xorg-clients PORTVERSION= 6.9.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_XORG} MASTER_SITE_SUBDIR= X11R${PORTVERSION}/src diff -ruN xorg-clients.orig/files/patch-xdm_session.c xorg-clients/files/patch-xdm_session.c --- xorg-clients.orig/files/patch-xdm_session.c Fri Apr 28 02:28:18 2006 +++ xorg-clients/files/patch-xdm_session.c Fri Apr 28 01:46:29 2006 @@ -8,7 +8,7 @@ #endif #ifdef K5AUTH # include <krb5/krb5.h> -@@ -529,6 +528,7 @@ +@@ -533,6 +532,7 @@ int pid; #ifdef HAS_SETUSERCONTEXT struct passwd* pwd; @@ -16,7 +16,20 @@ #endif #ifdef USE_PAM pam_handle_t *pamh = thepamh (); -@@ -610,6 +610,8 @@ +@@ -576,6 +576,12 @@ + for(i = 0; pam_env && pam_env[i]; i++) { + verify->userEnviron = putEnv(pam_env[i], verify->userEnviron); + } ++ pam_error = pam_setcred (pamh, PAM_ESTABLISH_CRED); ++ if (pam_error != PAM_SUCCESS) { ++ LogError ("pam_setcred for \"%s\" failed: %s\n", ++ name, pam_strerror(pamh, pam_error)); ++ return(0); ++ } + } + #endif + +@@ -648,6 +654,8 @@ * Set the user's credentials: uid, gid, groups, * environment variables, resource limits, and umask. */ @@ -25,7 +38,7 @@ pwd = getpwnam(name); if (pwd) { if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) { -@@ -617,6 +619,7 @@ +@@ -655,6 +663,7 @@ errno); return (0); } ===== the patch ends here ===== WBR -- bsam >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1FZFOo-000Jt5-Qz>