Merge lp:~kees/gdm/system-uid into lp:~ubuntu-desktop/gdm/ubuntu
- system-uid
- Merge into ubuntu
Proposed by
Kees Cook
Status: | Merged |
---|---|
Merged at revision: | not available |
Proposed branch: | lp:~kees/gdm/system-uid |
Merge into: | lp:~ubuntu-desktop/gdm/ubuntu |
Diff against target: |
419 lines (+334/-70) 2 files modified
debian/changelog (+7/-0) debian/patches/24_system_uid.patch (+327/-70) |
To merge this branch: | bzr merge lp:~kees/gdm/system-uid |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Sebastien Bacher | Approve | ||
Review via email: mp+16091@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Revision history for this message
Kees Cook (kees) wrote : | # |
Revision history for this message
Sebastien Bacher (seb128) wrote : | # |
Looks good, feel free to commit and upload to lucid!
review:
Approve
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'debian/changelog' |
2 | --- debian/changelog 2009-12-12 21:55:27 +0000 |
3 | +++ debian/changelog 2009-12-13 09:58:09 +0000 |
4 | @@ -1,3 +1,10 @@ |
5 | +gdm (2.29.1-0ubuntu6) UNRELEASED; urgency=low |
6 | + |
7 | + * debian/patches/24_system_uid.patch: use configured system UID |
8 | + minimum instead of hard-coded value (LP: #459199). |
9 | + |
10 | + -- Kees Cook <kees@ubuntu.com> Sun, 13 Dec 2009 01:51:34 -0800 |
11 | + |
12 | gdm (2.29.1-0ubuntu5) lucid; urgency=low |
13 | |
14 | * debian/patches/15_default_session.patch: (LP: #403291) |
15 | |
16 | === modified file 'debian/patches/24_system_uid.patch' |
17 | --- debian/patches/24_system_uid.patch 2009-10-14 07:50:09 +0000 |
18 | +++ debian/patches/24_system_uid.patch 2009-12-13 09:58:09 +0000 |
19 | @@ -1,73 +1,330 @@ |
20 | # |
21 | -# Description: Ignore users with UID < 1000 |
22 | +# Description: Ignore users with UID below system configured minimum. |
23 | # Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/427462 |
24 | +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/459199 |
25 | # |
26 | -diff -Nur -x '*.orig' -x '*~' gdm-2.28.0/daemon/gdm-user-manager.c gdm-2.28.0.new/daemon/gdm-user-manager.c |
27 | ---- gdm-2.28.0/daemon/gdm-user-manager.c 2009-10-14 18:31:35.000000000 +1100 |
28 | -+++ gdm-2.28.0.new/daemon/gdm-user-manager.c 2009-10-14 18:34:59.000000000 +1100 |
29 | -@@ -66,7 +66,7 @@ |
30 | - #ifdef __sun |
31 | - #define DEFAULT_MINIMAL_UID 100 |
32 | - #else |
33 | --#define DEFAULT_MINIMAL_UID 500 |
34 | -+#define DEFAULT_MINIMAL_UID 1000 |
35 | - #endif |
36 | - |
37 | - #ifndef _PATH_SHELLS |
38 | -@@ -539,6 +539,10 @@ |
39 | - return; |
40 | - } |
41 | - |
42 | -+ if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
43 | -+ return; |
44 | -+ } |
45 | -+ |
46 | - /* check exclusions up front */ |
47 | - if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) { |
48 | - g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name); |
49 | -diff -Nur -x '*.orig' -x '*~' gdm-2.28.0/gui/gdmsetup/gdm-user-manager.c gdm-2.28.0.new/gui/gdmsetup/gdm-user-manager.c |
50 | ---- gdm-2.28.0/gui/gdmsetup/gdm-user-manager.c 2009-10-14 18:31:34.000000000 +1100 |
51 | -+++ gdm-2.28.0.new/gui/gdmsetup/gdm-user-manager.c 2009-10-14 18:33:38.000000000 +1100 |
52 | -@@ -66,7 +66,7 @@ |
53 | - #ifdef __sun |
54 | - #define DEFAULT_MINIMAL_UID 100 |
55 | - #else |
56 | --#define DEFAULT_MINIMAL_UID 500 |
57 | -+#define DEFAULT_MINIMAL_UID 1000 |
58 | - #endif |
59 | - |
60 | - #ifndef _PATH_SHELLS |
61 | -@@ -835,6 +835,10 @@ |
62 | - return; |
63 | - } |
64 | - |
65 | -+ if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
66 | -+ return; |
67 | -+ } |
68 | -+ |
69 | - /* check exclusions up front */ |
70 | - if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) { |
71 | - g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name); |
72 | -diff -Nur -x '*.orig' -x '*~' gdm-2.28.0/gui/simple-greeter/gdm-user-manager.c gdm-2.28.0.new/gui/simple-greeter/gdm-user-manager.c |
73 | ---- gdm-2.28.0/gui/simple-greeter/gdm-user-manager.c 2009-10-14 18:31:35.000000000 +1100 |
74 | -+++ gdm-2.28.0.new/gui/simple-greeter/gdm-user-manager.c 2009-10-14 18:34:14.000000000 +1100 |
75 | -@@ -66,7 +66,7 @@ |
76 | - #ifdef __sun |
77 | - #define DEFAULT_MINIMAL_UID 100 |
78 | - #else |
79 | --#define DEFAULT_MINIMAL_UID 500 |
80 | -+#define DEFAULT_MINIMAL_UID 1000 |
81 | - #endif |
82 | - |
83 | - #ifndef _PATH_SHELLS |
84 | -@@ -909,6 +909,10 @@ |
85 | - return; |
86 | - } |
87 | - |
88 | -+ if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
89 | -+ return; |
90 | -+ } |
91 | -+ |
92 | - /* check exclusions up front */ |
93 | - if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) { |
94 | - g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name); |
95 | +diff -Nur -x '*.orig' -x '*~' gdm-2.29.1/daemon/gdm-user-manager.c gdm-2.29.1.new/daemon/gdm-user-manager.c |
96 | +--- gdm-2.29.1/daemon/gdm-user-manager.c 2009-12-13 01:44:20.000000000 -0800 |
97 | ++++ gdm-2.29.1.new/daemon/gdm-user-manager.c 2009-12-13 01:46:53.000000000 -0800 |
98 | +@@ -29,6 +29,7 @@ |
99 | + #include <errno.h> |
100 | + #include <sys/stat.h> |
101 | + #include <sys/types.h> |
102 | ++#include <ctype.h> |
103 | + |
104 | + #ifdef HAVE_PATHS_H |
105 | + #include <paths.h> |
106 | +@@ -66,7 +67,7 @@ |
107 | + #ifdef __sun |
108 | + #define DEFAULT_MINIMAL_UID 100 |
109 | + #else |
110 | +-#define DEFAULT_MINIMAL_UID 500 |
111 | ++#define DEFAULT_MINIMAL_UID 1000 |
112 | + #endif |
113 | + |
114 | + #ifndef _PATH_SHELLS |
115 | +@@ -114,6 +115,7 @@ |
116 | + |
117 | + guint reload_id; |
118 | + guint ck_history_id; |
119 | ++ guint minimal_uid; |
120 | + |
121 | + guint8 loaded_passwd : 1; |
122 | + guint8 loaded_cache : 1; |
123 | +@@ -539,6 +541,10 @@ |
124 | + return; |
125 | + } |
126 | + |
127 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
128 | ++ return; |
129 | ++ } |
130 | ++ |
131 | + /* check exclusions up front */ |
132 | + if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) { |
133 | + g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name); |
134 | +@@ -857,7 +863,7 @@ |
135 | + g_warning ("Unable to lookup user name %s: %s", username, g_strerror (errno)); |
136 | + return; |
137 | + } |
138 | +- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
139 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
140 | + g_debug ("GdmUserManager: excluding user '%s'", username); |
141 | + return; |
142 | + } |
143 | +@@ -1010,6 +1016,7 @@ |
144 | + g_free (command); |
145 | + } |
146 | + |
147 | ++ |
148 | + static void |
149 | + reload_passwd (GdmUserManager *manager) |
150 | + { |
151 | +@@ -1046,7 +1053,7 @@ |
152 | + user = NULL; |
153 | + |
154 | + /* Skip users below MinimalUID... */ |
155 | +- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
156 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
157 | + continue; |
158 | + } |
159 | + |
160 | +@@ -1266,6 +1273,39 @@ |
161 | + dbus_g_object_type_install_info (GDM_TYPE_USER_MANAGER, &dbus_glib_gdm_user_manager_object_info); |
162 | + } |
163 | + |
164 | ++ |
165 | ++static guint |
166 | ++system_minimal_uid (void) |
167 | ++{ |
168 | ++ guint uid = DEFAULT_MINIMAL_UID; |
169 | ++#ifndef __sun |
170 | ++ char *defspath = "/etc/login.defs"; |
171 | ++ FILE *fp; |
172 | ++ char line[128]; |
173 | ++ |
174 | ++ errno = 0; |
175 | ++ fp = fopen (defspath, "r"); |
176 | ++ if (fp == NULL) { |
177 | ++ g_warning ("Unable to open %s: %s", defspath, g_strerror (errno)); |
178 | ++ goto out; |
179 | ++ } |
180 | ++ while (fgets (line, sizeof(line), fp)) { |
181 | ++ if (strncmp (line, "UID_MIN", 7) == 0) { |
182 | ++ char *ptr = line + 7; |
183 | ++ int value; |
184 | ++ while (*ptr && isblank (*ptr)) { ptr++; } |
185 | ++ value = atoi (ptr); |
186 | ++ if (value) uid = value; |
187 | ++ break; |
188 | ++ } |
189 | ++ } |
190 | ++ fclose (fp); |
191 | ++#endif |
192 | ++out: |
193 | ++ return uid; |
194 | ++} |
195 | ++ |
196 | ++ |
197 | + static void |
198 | + gdm_user_manager_init (GdmUserManager *manager) |
199 | + { |
200 | +@@ -1276,6 +1316,8 @@ |
201 | + |
202 | + manager->priv = GDM_USER_MANAGER_GET_PRIVATE (manager); |
203 | + |
204 | ++ manager->priv->minimal_uid = system_minimal_uid (); |
205 | ++ |
206 | + /* sessions */ |
207 | + manager->priv->sessions = g_hash_table_new_full (g_str_hash, |
208 | + g_str_equal, |
209 | +diff -Nur -x '*.orig' -x '*~' gdm-2.29.1/gui/gdmsetup/gdm-user-manager.c gdm-2.29.1.new/gui/gdmsetup/gdm-user-manager.c |
210 | +--- gdm-2.29.1/gui/gdmsetup/gdm-user-manager.c 2009-12-13 01:44:20.000000000 -0800 |
211 | ++++ gdm-2.29.1.new/gui/gdmsetup/gdm-user-manager.c 2009-12-13 01:47:05.000000000 -0800 |
212 | +@@ -29,6 +29,7 @@ |
213 | + #include <errno.h> |
214 | + #include <sys/stat.h> |
215 | + #include <sys/types.h> |
216 | ++#include <ctype.h> |
217 | + |
218 | + #ifdef HAVE_PATHS_H |
219 | + #include <paths.h> |
220 | +@@ -66,7 +67,7 @@ |
221 | + #ifdef __sun |
222 | + #define DEFAULT_MINIMAL_UID 100 |
223 | + #else |
224 | +-#define DEFAULT_MINIMAL_UID 500 |
225 | ++#define DEFAULT_MINIMAL_UID 1000 |
226 | + #endif |
227 | + |
228 | + #ifndef _PATH_SHELLS |
229 | +@@ -112,6 +113,7 @@ |
230 | + |
231 | + guint reload_id; |
232 | + guint ck_history_id; |
233 | ++ guint minimal_uid; |
234 | + |
235 | + guint8 users_dirty : 1; |
236 | + }; |
237 | +@@ -835,6 +837,10 @@ |
238 | + return; |
239 | + } |
240 | + |
241 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
242 | ++ return; |
243 | ++ } |
244 | ++ |
245 | + /* check exclusions up front */ |
246 | + if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) { |
247 | + g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name); |
248 | +@@ -1154,7 +1160,7 @@ |
249 | + g_warning ("Unable to lookup user name %s: %s", username, g_strerror (errno)); |
250 | + return; |
251 | + } |
252 | +- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
253 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
254 | + g_debug ("GdmUserManager: excluding user '%s'", username); |
255 | + return; |
256 | + } |
257 | +@@ -1317,7 +1323,7 @@ |
258 | + user = NULL; |
259 | + |
260 | + /* Skip users below MinimalUID... */ |
261 | +- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
262 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
263 | + continue; |
264 | + } |
265 | + |
266 | +@@ -1525,6 +1531,39 @@ |
267 | + g_type_class_add_private (klass, sizeof (GdmUserManagerPrivate)); |
268 | + } |
269 | + |
270 | ++ |
271 | ++static guint |
272 | ++system_minimal_uid (void) |
273 | ++{ |
274 | ++ guint uid = DEFAULT_MINIMAL_UID; |
275 | ++#ifndef __sun |
276 | ++ char *defspath = "/etc/login.defs"; |
277 | ++ FILE *fp; |
278 | ++ char line[128]; |
279 | ++ |
280 | ++ errno = 0; |
281 | ++ fp = fopen (defspath, "r"); |
282 | ++ if (fp == NULL) { |
283 | ++ g_warning ("Unable to open %s: %s", defspath, g_strerror (errno)); |
284 | ++ goto out; |
285 | ++ } |
286 | ++ while (fgets (line, sizeof(line), fp)) { |
287 | ++ if (strncmp (line, "UID_MIN", 7) == 0) { |
288 | ++ char *ptr = line + 7; |
289 | ++ int value; |
290 | ++ while (*ptr && isblank (*ptr)) { ptr++; } |
291 | ++ value = atoi (ptr); |
292 | ++ if (value) uid = value; |
293 | ++ break; |
294 | ++ } |
295 | ++ } |
296 | ++ fclose (fp); |
297 | ++#endif |
298 | ++out: |
299 | ++ return uid; |
300 | ++} |
301 | ++ |
302 | ++ |
303 | + static void |
304 | + gdm_user_manager_init (GdmUserManager *manager) |
305 | + { |
306 | +@@ -1535,6 +1574,8 @@ |
307 | + |
308 | + manager->priv = GDM_USER_MANAGER_GET_PRIVATE (manager); |
309 | + |
310 | ++ manager->priv->minimal_uid = system_minimal_uid (); |
311 | ++ |
312 | + /* sessions */ |
313 | + manager->priv->sessions = g_hash_table_new_full (g_str_hash, |
314 | + g_str_equal, |
315 | +diff -Nur -x '*.orig' -x '*~' gdm-2.29.1/gui/simple-greeter/gdm-user-manager.c gdm-2.29.1.new/gui/simple-greeter/gdm-user-manager.c |
316 | +--- gdm-2.29.1/gui/simple-greeter/gdm-user-manager.c 2009-12-13 01:44:20.000000000 -0800 |
317 | ++++ gdm-2.29.1.new/gui/simple-greeter/gdm-user-manager.c 2009-12-13 01:45:26.000000000 -0800 |
318 | +@@ -29,6 +29,7 @@ |
319 | + #include <errno.h> |
320 | + #include <sys/stat.h> |
321 | + #include <sys/types.h> |
322 | ++#include <ctype.h> |
323 | + |
324 | + #ifdef HAVE_PATHS_H |
325 | + #include <paths.h> |
326 | +@@ -67,7 +68,7 @@ |
327 | + #ifdef __sun |
328 | + #define DEFAULT_MINIMAL_UID 100 |
329 | + #else |
330 | +-#define DEFAULT_MINIMAL_UID 500 |
331 | ++#define DEFAULT_MINIMAL_UID 1000 |
332 | + #endif |
333 | + |
334 | + #ifndef _PATH_SHELLS |
335 | +@@ -98,6 +99,7 @@ |
336 | + |
337 | + guint reload_id; |
338 | + guint ck_history_id; |
339 | ++ guint minimal_uid; |
340 | + |
341 | + guint8 users_dirty : 1; |
342 | + guint8 loaded_cache : 1; |
343 | +@@ -928,6 +930,10 @@ |
344 | + return; |
345 | + } |
346 | + |
347 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
348 | ++ return; |
349 | ++ } |
350 | ++ |
351 | + /* check exclusions up front */ |
352 | + if (user_in_exclude_list (manager, pwent->pw_name)) { |
353 | + g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name); |
354 | +@@ -1259,7 +1265,7 @@ |
355 | + g_warning ("Unable to lookup user name %s: %s", username, g_strerror (errno)); |
356 | + return; |
357 | + } |
358 | +- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
359 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
360 | + g_debug ("GdmUserManager: excluding user '%s'", username); |
361 | + return; |
362 | + } |
363 | +@@ -1491,7 +1497,7 @@ |
364 | + user = NULL; |
365 | + |
366 | + /* Skip users below MinimalUID... */ |
367 | +- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) { |
368 | ++ if (pwent->pw_uid < manager->priv->minimal_uid) { |
369 | + continue; |
370 | + } |
371 | + |
372 | +@@ -1765,6 +1771,38 @@ |
373 | + } |
374 | + |
375 | + |
376 | ++static guint |
377 | ++system_minimal_uid (void) |
378 | ++{ |
379 | ++ guint uid = DEFAULT_MINIMAL_UID; |
380 | ++#ifndef __sun |
381 | ++ char *defspath = "/etc/login.defs"; |
382 | ++ FILE *fp; |
383 | ++ char line[128]; |
384 | ++ |
385 | ++ errno = 0; |
386 | ++ fp = fopen (defspath, "r"); |
387 | ++ if (fp == NULL) { |
388 | ++ g_warning ("Unable to open %s: %s", defspath, g_strerror (errno)); |
389 | ++ goto out; |
390 | ++ } |
391 | ++ while (fgets (line, sizeof(line), fp)) { |
392 | ++ if (strncmp (line, "UID_MIN", 7) == 0) { |
393 | ++ char *ptr = line + 7; |
394 | ++ int value; |
395 | ++ while (*ptr && isblank (*ptr)) { ptr++; } |
396 | ++ value = atoi (ptr); |
397 | ++ if (value) uid = value; |
398 | ++ break; |
399 | ++ } |
400 | ++ } |
401 | ++ fclose (fp); |
402 | ++#endif |
403 | ++out: |
404 | ++ return uid; |
405 | ++} |
406 | ++ |
407 | ++ |
408 | + static void |
409 | + gdm_user_manager_init (GdmUserManager *manager) |
410 | + { |
411 | +@@ -1776,6 +1814,8 @@ |
412 | + |
413 | + manager->priv = GDM_USER_MANAGER_GET_PRIVATE (manager); |
414 | + |
415 | ++ manager->priv->minimal_uid = system_minimal_uid (); |
416 | ++ |
417 | + /* exclude/include */ |
418 | + g_debug ("Setting users to include:"); |
419 | + res = gdm_settings_client_get_string (GDM_KEY_INCLUDE, |
Fixes bug 459199.