Group :: Rede/Acesso Remoto
RPM: freerdp
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: freerdp-alt-pam-check.patch
Download
Download
diff --git a/server/shadow/X11/x11_shadow.c b/server/shadow/X11/x11_shadow.c
index e6a67b15d..924a8f415 100644
--- a/server/shadow/X11/x11_shadow.c
+++ b/server/shadow/X11/x11_shadow.c
@@ -23,6 +23,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <grp.h>
#include <sys/ipc.h>
#include <sys/shm.h>
@@ -158,6 +159,8 @@ static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowC
SHADOW_PAM_AUTH_INFO info = { 0 };
WINPR_UNUSED(subsystem);
WINPR_UNUSED(client);
+ struct group *eff_group;
+ int real_gid, init_eff_gid, re;
if (!x11_shadow_pam_get_service_name(&info))
return -1;
@@ -175,21 +178,26 @@ static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowC
return -1;
}
+ /* setegid with group chkpwd to check passwords by pam_tcb */
+ real_gid = getgid();
+ eff_group = getgrnam("chkpwd");
+ if (eff_group != NULL) {
+ init_eff_gid = eff_group->gr_gid;
+ re = setegid(init_eff_gid);
+ if (re == -1)
+ WLog_ERR(TAG, "pam_authenticate setegid(%d) failed", init_eff_gid);
+ }
+
pam_status = pam_authenticate(info.handle, 0);
if (pam_status != PAM_SUCCESS)
{
+ setegid(real_gid);
WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info.handle, pam_status));
return -1;
}
- pam_status = pam_acct_mgmt(info.handle, 0);
-
- if (pam_status != PAM_SUCCESS)
- {
- WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info.handle, pam_status));
- return -1;
- }
+ setegid(real_gid);
return 1;
}