diff options
Diffstat (limited to 'x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch')
-rw-r--r-- | x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch b/x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch deleted file mode 100644 index f14ff7670c88..000000000000 --- a/x11-misc/sddm/files/sddm-0.18.1-revert-honor-PAM-supplemental-groups.patch +++ /dev/null @@ -1,87 +0,0 @@ -From d3953e88a94ec25a87d3c5136517b3d1009cb1fd Mon Sep 17 00:00:00 2001 -From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de> -Date: Wed, 8 May 2019 18:58:53 +0200 -Subject: [PATCH] Revert "Honor PAM's ambient supplemental groups. (#834)" - -This reverts commit 1bc813d08b8130e458a6550ec47fb2bfbe6de080, which -misuses PAM and leads to pulling in all of root's supplemental groups -during session initialization instead of only adding PAM's extra -groups. The problem was masked due to the root user not having any -supplemental groups in some common contexts, like running sddm from a -systemd unit. ---- - src/helper/UserSession.cpp | 57 -------------------------------------- - 1 file changed, 57 deletions(-) - -diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp -index b3aec356..f71fd358 100644 ---- a/src/helper/UserSession.cpp -+++ b/src/helper/UserSession.cpp -@@ -150,67 +150,10 @@ namespace SDDM { - qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; - exit(Auth::HELPER_OTHER_ERROR); - } -- --#ifdef USE_PAM -- -- // fetch ambient groups from PAM's environment; -- // these are set by modules such as pam_groups.so -- int n_pam_groups = getgroups(0, NULL); -- gid_t *pam_groups = NULL; -- if (n_pam_groups > 0) { -- pam_groups = new gid_t[n_pam_groups]; -- if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) { -- qCritical() << "getgroups() failed to fetch supplemental" -- << "PAM groups for user:" << username; -- exit(Auth::HELPER_OTHER_ERROR); -- } -- } else { -- n_pam_groups = 0; -- } -- -- // fetch session's user's groups -- int n_user_groups = 0; -- gid_t *user_groups = NULL; -- if (-1 == getgrouplist(username.constData(), pw.pw_gid, -- NULL, &n_user_groups)) { -- user_groups = new gid_t[n_user_groups]; -- if ((n_user_groups = getgrouplist(username.constData(), -- pw.pw_gid, user_groups, -- &n_user_groups)) == -1 ) { -- qCritical() << "getgrouplist(" << username << ", " << pw.pw_gid -- << ") failed"; -- exit(Auth::HELPER_OTHER_ERROR); -- } -- } -- -- // set groups to concatenation of PAM's ambient -- // groups and the session's user's groups -- int n_groups = n_pam_groups + n_user_groups; -- if (n_groups > 0) { -- gid_t *groups = new gid_t[n_groups]; -- memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t))); -- memcpy((groups + n_pam_groups), user_groups, -- (n_user_groups * sizeof(gid_t))); -- -- // setgroups(2) handles duplicate groups -- if (setgroups(n_groups, groups) != 0) { -- qCritical() << "setgroups() failed for user: " << username; -- exit (Auth::HELPER_OTHER_ERROR); -- } -- delete[] groups; -- } -- delete[] pam_groups; -- delete[] user_groups; -- --#else -- - if (initgroups(pw.pw_name, pw.pw_gid) != 0) { - qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username; - exit(Auth::HELPER_OTHER_ERROR); - } -- --#endif /* USE_PAM */ -- - if (setuid(pw.pw_uid) != 0) { - qCritical() << "setuid(" << pw.pw_uid << ") failed for user: " << username; - exit(Auth::HELPER_OTHER_ERROR); |