updated Debian patch to xc/programs/xdm/session.c

[Branden Robinson <branden@debian.org>]

Hi Matthieu,

I've further improved the pam_setcred() patch to use PAM's own error
reporting function (and made the C style consistent to boot).

I did also remove that %\"s format string and replace it with ordinary
%s.  The \" qualifier is not documented in any manpage or the GNU info
documentation for glibc, which gives me serious doubts as to its
portability.

I have MIME-attached the updated session.c patch against xf-4_3-branch.

-- 
G. Branden Robinson                |      We either learn from history or,
Debian GNU/Linux                   |      uh, well, something bad will
branden@debian.org                 |      happen.
http://people.debian.org/~branden/ |      -- Bob Church

--- xc/programs/xdm/session.c~	2003-09-25 00:19:35.000000000 -0500
+++ xc/programs/xdm/session.c	2003-09-25 00:29:10.000000000 -0500
@@ -61,17 +61,17 @@
 #endif
 
 #ifndef GREET_USER_STATIC
-#include <dlfcn.h>
-#ifndef RTLD_NOW
-#define RTLD_NOW 1
-#endif
+# include <dlfcn.h>
+# ifndef RTLD_NOW
+#  define RTLD_NOW 1
+# endif
 #endif
 
 static	int	runAndWait (char **args, char **environ);
 
-#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun)
-#include <sys/types.h>
-#include <grp.h>
+#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(sun) || defined(__GLIBC__)
+# include <sys/types.h>
+# include <grp.h>
 #else
 /* should be in <grp.h> */
 extern	void	setgrent(void);
@@ -87,28 +87,34 @@
 extern	void	endspent(void);
 #endif
 #endif
-#if defined(CSRG_BASED)
-#include <pwd.h>
-#include <unistd.h>
+
+#if defined(CSRG_BASED) || defined(__GLIBC__)
+# include <pwd.h>
+# include <unistd.h>
 #else
 extern	struct passwd	*getpwnam(GETPWNAM_ARGS);
-#ifdef linux
+# ifdef linux
 extern  void	endpwent(void);
-#endif
+# endif
+# ifndef __GLIBC__
 extern	char	*crypt(CRYPT_ARGS);
+# endif
 #endif
+
 #ifdef USE_PAM
-pam_handle_t **thepamhp()
+pam_handle_t **
+thepamhp ()
 {
 	static pam_handle_t *pamh = NULL;
 	return &pamh;
 }
 
-pam_handle_t *thepamh()
+pam_handle_t *
+thepamh ()
 {
 	pam_handle_t **pamhp;
 
-	pamhp = thepamhp();
+    pamhp = thepamhp ();
 	if (pamhp)
 		return *pamhp;
 	else
@@ -141,12 +147,12 @@
 	endgrent,
 #ifdef USESHADOW
 	getspnam,
-#ifndef QNX4
+# ifndef QNX4
 	endspent,
-#endif /* QNX4 doesn't use endspent */
+# endif /* QNX4 doesn't use endspent */
 #endif
 	getpwnam,
-#ifdef linux
+#if defined(linux) || defined(__GLIBC__)
 	endpwent,
 #endif
 	crypt,
@@ -194,7 +200,7 @@
 }
 
 #if defined(_POSIX_SOURCE) || defined(SYSV) || defined(SVR4)
-#define killpg(pgrp, sig) kill(-(pgrp), sig)
+# define killpg(pgrp, sig) kill(-(pgrp), sig)
 #endif
 
 static void
@@ -251,7 +257,7 @@
 static int
 IOErrorHandler (Display *dpy)
 {
-    LogError("fatal IO error %d (%s)\n", errno, _SysErrorMsg(errno));
+    LogError ("fatal IO error %d (%s)\n", errno, _SysErrorMsg(errno));
     exit(RESERVER_DISPLAY);
     /*NOTREACHED*/
     return 0;
@@ -260,7 +266,7 @@
 static int
 ErrorHandler(Display *dpy, XErrorEvent *event)
 {
-    LogError("X error\n");
+    LogError ("X error\n");
     if (XmuPrintDefaultErrorMessage (dpy, event, stderr) == 0) return 0;
     exit(UNMANAGE_DISPLAY);
     /*NOTREACHED*/
@@ -293,13 +299,13 @@
 #ifdef GREET_USER_STATIC
     greet_user_proc = GreetUser;
 #else
-    Debug("ManageSession: loading greeter library %s\n", greeterLib);
+    Debug ("ManageSession: loading greeter library %s\n", greeterLib);
     greet_lib_handle = dlopen(greeterLib, RTLD_NOW);
     if (greet_lib_handle != NULL)
 	greet_user_proc = (GreetUserProc)dlsym(greet_lib_handle, "GreetUser");
     if (greet_user_proc == NULL)
 	{
-	LogError("%s while loading %s\n", dlerror(), greeterLib);
+	LogError ("%s while loading %s\n", dlerror (), greeterLib);
 	exit(UNMANAGE_DISPLAY);
 	}
 #endif
@@ -321,7 +327,7 @@
 	     *	   setting up environment and running the session
 	     */
 	    if (StartClient (&verify, d, &clientPid, greet.name, greet.password)) {
-		Debug ("Client Started\n");
+		Debug ("client started\n");
 
 #ifndef GREET_USER_STATIC
                 /* Save memory; close library */
@@ -369,7 +375,7 @@
     /*
      * run system-wide reset file
      */
-    Debug ("Source reset program %s\n", d->reset);
+    Debug ("source reset program %s\n", d->reset);
     source (verify.systemEnviron, d->reset);
     SessionExit (d, OBEYSESS_DISPLAY, TRUE);
 }
@@ -384,7 +390,7 @@
 	env = systemEnv (d, (char *) 0, (char *) 0);
 	args = parseArgs ((char **) 0, d->xrdb);
 	args = parseArgs (args, d->resources);
-	Debug ("Loading resource file: %s\n", d->resources);
+	Debug ("loading resource file: %s\n", d->resources);
 	(void) runAndWait (args, env);
 	freeArgs (args);
 	freeEnv (env);
@@ -438,7 +444,7 @@
 	SessionExit (d, RESERVER_DISPLAY, FALSE);
     }
     (void) alarm ((unsigned) d->grabTimeout);
-    Debug ("Before XGrabServer %s\n", d->name);
+    Debug ("before XGrabServer %s\n", d->name);
     XGrabServer (dpy);
     if (XGrabKeyboard (dpy, DefaultRootWindow (dpy), True, GrabModeAsync,
 		       GrabModeAsync, CurrentTime) != GrabSuccess)
@@ -505,16 +511,16 @@
 
 	    code = Krb5DisplayCCache(d->name, &ccache);
 	    if (code)
-		LogError("%s while getting Krb5 ccache to destroy\n",
-			 error_message(code));
+		LogError ("%s while getting Krb5 ccache to destroy\n",
+			  error_message(code));
 	    else {
 		code = krb5_cc_destroy(ccache);
 		if (code) {
 		    if (code == KRB5_FCC_NOFILE) {
-			Debug ("No Kerberos ccache file found to destroy\n");
+			Debug ("no Kerberos ccache file found to destroy\n");
 		    } else
-			LogError("%s while destroying Krb5 credentials cache\n",
-				 error_message(code));
+			LogError ("%s while destroying Krb5 credentials"
+				  " cache\n", error_message(code));
 		} else
 		    Debug ("Kerberos ccache destroyed\n");
 		krb5_cc_close(ccache);
@@ -522,7 +528,7 @@
 	}
 #endif /* K5AUTH */
     }
-    Debug ("Display %s exiting with status %d\n", d->name, status);
+    Debug ("display %s exiting with status %d\n", d->name, status);
     exit (status);
 }
 
@@ -540,8 +546,9 @@
 #ifdef HAS_SETUSERCONTEXT
     struct passwd* pwd;
 #endif
-#ifdef USE_PAM 
+#ifdef USE_PAM
     pam_handle_t *pamh = thepamh();
+    int pam_error;
 #endif
 
     if (verify->argv) {
@@ -582,39 +589,38 @@
 
 #ifndef AIXV3
 #ifndef HAS_SETUSERCONTEXT
-	if (setgid(verify->gid) < 0)
-	{
-	    LogError("setgid %d (user \"%s\") failed, errno=%d\n",
-		     verify->gid, name, errno);
+	if (setgid (verify->gid) < 0) {
+	    LogError ("setgid %d (user \"%s\") failed: %s\n",
+		      verify->gid, name, _SysErrorMsg (errno));
 	    return (0);
 	}
 #if defined(BSD) && (BSD >= 199103)
-	if (setlogin(name) < 0)
-	{
-	    LogError("setlogin for \"%s\" failed, errno=%d", name, errno);
-	    return(0);
+	if (setlogin (name) < 0) {
+	    LogError ("setlogin for \"%s\" failed: %s\n", name,
+		      _SysErrorMsg (errno));
+	    return (0);
 	}
 #endif
 #ifndef QNX4
-	if (initgroups(name, verify->gid) < 0)
-	{
-	    LogError("initgroups for \"%s\" failed, errno=%d\n", name, errno);
+	if (initgroups (name, verify->gid) < 0) {
+	    LogError ("initgroups for \"%s\" failed: %s\n", name,
+		     _SysErrorMsg (errno));
 	    return (0);
 	}
 #endif   /* QNX4 doesn't support multi-groups, no initgroups() */
 #ifdef USE_PAM
-	if (thepamh()) {
-	    if (pam_setcred(thepamh(), PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
-		LogError("pam_setcred for %\"s failed, errno=%d\n",
-			 name, errno);
-		return(0);
+	if (thepamh ()) {
+	    pam_error = pam_setcred (thepamh (), PAM_ESTABLISH_CRED);
+	    if (pam_error != PAM_SUCCESS) {
+		LogError ("pam_setcred for \"%s\" failed: %s\n", name,
+		          pam_strerror (pam_error));
+		return (0);
 	    }
 	}
 #endif
-	if (setuid(verify->uid) < 0)
-	{
-	    LogError("setuid %d (user \"%s\") failed, errno=%d\n",
-		     verify->uid, name, errno);
+	if (setuid (verify->uid) < 0) {
+	    LogError ("setuid %d (user \"%s\") failed: %s\n",
+		      verify->uid, name, _SysErrorMsg (errno));
 	    return (0);
 	}
 #else /* HAS_SETUSERCONTEXT */
@@ -622,20 +628,17 @@
 	 * Set the user's credentials: uid, gid, groups,
 	 * environment variables, resource limits, and umask.
 	 */
-	pwd = getpwnam(name);
-	if (pwd)
-	{
-	    if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0)
-	    {
-		LogError("setusercontext for \"%s\" failed, errno=%d\n", name,
-		    errno);
+	pwd = getpwnam (name);
+	if (pwd) {
+	    if (setusercontext (NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
+		LogError ("setusercontext for \"%s\" failed: %s\n", name,
+			  _SysErrorMsg (errno));
 		return (0);
 	    }
-	    endpwent();
-	}
-	else
-	{
-	    LogError("getpwnam for \"%s\" failed, errno=%d\n", name, errno);
+	    endpwent ();
+	} else {
+	    LogError ("getpwnam for \"%s\" failed: %s\n", name,
+		      _SysErrorMsg (errno));
 	    return (0);
 	}
 #endif /* HAS_SETUSERCONTEXT */
@@ -644,9 +647,9 @@
 	 * Set the user's credentials: uid, gid, groups,
 	 * audit classes, user limits, and umask.
 	 */
-	if (setpcred(name, NULL) == -1)
-	{
-	    LogError("setpcred for \"%s\" failed, errno=%d\n", name, errno);
+	if (setpcred (name, NULL) == -1) {
+	    LogError ("setpcred for \"%s\" failed: %s\n", name,
+		      _SysErrorMsg (errno));
 	    return (0);
 	}
 #endif /* AIXV3 */
@@ -665,7 +668,7 @@
 	    int     key_set_ok = 0;
 
 	    nameret = getnetname (netname);
-	    Debug ("User netname: %s\n", netname);
+	    Debug ("user netname: %s\n", netname);
 	    len = strlen (passwd);
 	    if (len > 8)
 		bzero (passwd + 8, len - 8);
@@ -676,7 +679,7 @@
 	    netst.st_netname = strdup(netname);
 	    memset(netst.st_pub_key, 0, HEXKEYBYTES);
             if (key_setnet(&netst) < 0) {
-		Debug("Could not set secret key.\n");
+		Debug ("could not set secret key\n");
             }
 	    free(netst.st_netname);	    
 	    /* is there a key, and do we have the right password? */
@@ -759,22 +762,22 @@
 	if (verify->argv) {
 		Debug ("executing session %s\n", verify->argv[0]);
 		execute (verify->argv, verify->userEnviron);
-		LogError ("Session \"%s\" execution failed (err %d)\n", verify->argv[0], errno);
+		LogError ("session \"%s\" execution failed (err %d)\n", verify->argv[0], errno);
 	} else {
-		LogError ("Session has no command/arguments\n");
+		LogError ("session has no command/arguments\n");
 	}
 	failsafeArgv[0] = d->failsafeClient;
 	failsafeArgv[1] = 0;
 	execute (failsafeArgv, verify->userEnviron);
 	exit (1);
     case -1:
-	bzero(passwd, strlen(passwd));
+	bzero (passwd, strlen (passwd));
 	Debug ("StartSession, fork failed\n");
-	LogError ("can't start session on \"%s\", fork failed, errno=%d\n",
-		  d->name, errno);
+	LogError ("can't start session on \"%s\", fork failed: %s\n",
+		  d->name, _SysErrorMsg (errno));
 	return 0;
     default:
-	bzero(passwd, strlen(passwd));
+	bzero (passwd, strlen (passwd));
 	Debug ("StartSession, fork succeeded %d\n", pid);
 	*pidp = pid;
 	return 1;
@@ -885,7 +888,7 @@
 	    p = "/bin/sh";
 	    optarg = 0;
 	}
-	Debug ("Shell script execution: %s (optarg %s)\n",
+	Debug ("shell script execution: %s (optarg %s)\n",
 		p, optarg ? optarg : "(null)");
 	for (av = argv, argc = 0; *av; av++, argc++)
 	    /* SUPPRESS 530 */
@@ -941,9 +944,10 @@
     return env;
 }
 
-#if (defined(Lynx) && !defined(HAS_CRYPT)) || defined(SCO) && !defined(SCO_USA) && !defined(_SCO_DS)
-char *crypt(char *s1, char *s2)
+#if (defined(Lynx) && !defined(HAS_CRYPT)) || (defined(SCO) && !defined(SCO_USA) && !defined(_SCO_DS))
+char *
+crypt (char *s1, char *s2)
 {
-	return(s2);
+    return (s2);
 }
 #endif

Attachment: signature.asc
Description: Digital signature