[gdm] Fix PATH
Ray Strode
rstrode at fedoraproject.org
Thu May 8 19:14:17 UTC 2014
commit 1e99f58161f0be610b3615c51dc487f4ce49b8eb
Author: Ray Strode <rstrode at redhat.com>
Date: Thu May 8 15:13:17 2014 -0400
Fix PATH
Resolves: #1095344
fix-path.patch | 505 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
gdm.spec | 8 +-
2 files changed, 512 insertions(+), 1 deletions(-)
---
diff --git a/fix-path.patch b/fix-path.patch
new file mode 100644
index 0000000..7c6cfdf
--- /dev/null
+++ b/fix-path.patch
@@ -0,0 +1,505 @@
+From c9bebed00008724600aef6c401f21245f7678e45 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Tue, 22 Apr 2014 15:00:44 -0400
+Subject: [PATCH 1/2] Revert "worker: get PATH from parent instead of #define"
+
+This reverts commit e546e4dc6649a4fdf9065322420a28fa7e666782.
+
+It's causing problems because bindir and sbindir are in the wrong
+order for a user session.
+---
+ common/Makefile.am | 1 +
+ common/gdm-common.c | 2 +-
+ configure.ac | 17 +++++++++++++++++
+ daemon/Makefile.am | 1 +
+ daemon/gdm-session-worker.c | 15 +++++++++++----
+ 5 files changed, 31 insertions(+), 5 deletions(-)
+
+diff --git a/common/Makefile.am b/common/Makefile.am
+index ece167b..2e97090 100644
+--- a/common/Makefile.am
++++ b/common/Makefile.am
+@@ -1,52 +1,53 @@
+ ## Process this file with automake to produce Makefile.in
+
+ NULL =
+
+ AM_CPPFLAGS = \
+ -I. \
+ -I.. \
+ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
+ -DBINDIR=\"$(bindir)\" \
+ -DDATADIR=\"$(datadir)\" \
+ -DDMCONFDIR=\"$(dmconfdir)\" \
+ -DGDMCONFDIR=\"$(gdmconfdir)\" \
+ -DGDMLOCALEDIR=\"$(gdmlocaledir)\" \
+ -DLIBDIR=\"$(libdir)\" \
+ -DLIBEXECDIR=\"$(libexecdir)\" \
+ -DLOGDIR=\"$(logdir)\" \
+ -DPIXMAPDIR=\"$(pixmapdir)\" \
+ -DSBINDIR=\"$(sbindir)\" \
+ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
+ -DGDM_DEFAULTS_CONF=\"$(GDM_DEFAULTS_CONF)\" \
+ -DGDM_CUSTOM_CONF=\"$(GDM_CUSTOM_CONF)\" \
+ -DGDM_OLD_CONF=\"$(GDM_OLD_CONF)\" \
++ -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \
+ $(COMMON_CFLAGS) \
+ $(NULL)
+
+ noinst_LTLIBRARIES = \
+ libgdmcommon.la \
+ $(NULL)
+
+ gdmdir = $(datadir)/gdm
+ gdm_DATA = gdb-cmd
+
+ if MKDTEMP_MISSING
+ MKDTEMP_FILES = mkdtemp.c mkdtemp.h
+ else
+ MKDTEMP_FILES =
+ endif
+
+ libgdmcommon_la_SOURCES = \
+ gdm-address.h \
+ gdm-address.c \
+ gdm-common.h \
+ gdm-common.c \
+ gdm-profile.c \
+ gdm-profile.h \
+ gdm-settings.c \
+ gdm-settings.h \
+ gdm-settings-backend.c \
+ gdm-settings-backend.h \
+ gdm-settings-desktop-backend.c \
+ gdm-settings-desktop-backend.h \
+ gdm-settings-keys.h \
+diff --git a/common/gdm-common.c b/common/gdm-common.c
+index aeb873b..4017313 100644
+--- a/common/gdm-common.c
++++ b/common/gdm-common.c
+@@ -882,61 +882,61 @@ gdm_get_script_environment (const char *username,
+
+ if (username != NULL) {
+ g_hash_table_insert (hash, g_strdup ("LOGNAME"),
+ g_strdup (username));
+ g_hash_table_insert (hash, g_strdup ("USER"),
+ g_strdup (username));
+ g_hash_table_insert (hash, g_strdup ("USERNAME"),
+ g_strdup (username));
+
+ gdm_get_pwent_for_name (username, &pwent);
+ if (pwent != NULL) {
+ if (pwent->pw_dir != NULL && pwent->pw_dir[0] != '\0') {
+ g_hash_table_insert (hash, g_strdup ("HOME"),
+ g_strdup (pwent->pw_dir));
+ g_hash_table_insert (hash, g_strdup ("PWD"),
+ g_strdup (pwent->pw_dir));
+ }
+
+ g_hash_table_insert (hash, g_strdup ("SHELL"),
+ g_strdup (pwent->pw_shell));
+ }
+ }
+
+ if (display_hostname) {
+ g_hash_table_insert (hash, g_strdup ("REMOTE_HOST"), g_strdup (display_hostname));
+ }
+
+ /* Runs as root */
+ g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (display_x11_authority_file));
+ g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (display_name));
+- g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (g_getenv ("PATH")));
++ g_hash_table_insert (hash, g_strdup ("PATH"), g_strdup (GDM_SESSION_DEFAULT_PATH));
+ g_hash_table_insert (hash, g_strdup ("RUNNING_UNDER_GDM"), g_strdup ("true"));
+
+ g_hash_table_remove (hash, "MAIL");
+
+ g_hash_table_foreach (hash, (GHFunc)listify_hash, env);
+ g_hash_table_destroy (hash);
+
+ g_ptr_array_add (env, NULL);
+
+ return env;
+ }
+
+ gboolean
+ gdm_run_script (const char *dir,
+ const char *username,
+ const char *display_name,
+ const char *display_hostname,
+ const char *display_x11_authority_file)
+ {
+ char *script;
+ char **argv;
+ gint status;
+ GError *error;
+ GPtrArray *env;
+ gboolean res;
+ gboolean ret;
+
+ ret = FALSE;
+
+ g_assert (dir != NULL);
+diff --git a/configure.ac b/configure.ac
+index 242a969..aa0a13f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -247,60 +247,77 @@ AC_ARG_WITH(systemd,
+ AS_HELP_STRING([--with-systemd],
+ [Add systemd support @<:@default=auto@:>@]),
+ [with_systemd=$withval], [with_systemd=auto])
+ AC_ARG_WITH([systemdsystemunitdir],
+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR],
+ [Directory for systemd service files]),
+ [with_systemdsystemunitdir=$withval], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)])
+ AC_ARG_ENABLE(systemd-journal,
+ AS_HELP_STRING([--enable-systemd-journal],
+ [Add journald support @<:@default=auto@:>@]),
+ [enable_systemd_journal=$enableval], [enable_systemd_journal=auto])
+ AC_ARG_ENABLE(wayland-support,
+ AS_HELP_STRING([--enable-wayland-support],
+ [Enable support for wayland sessions @<:@default=auto@:>@]),
+ [enable_wayland_support=$enableval],
+ [enable_wayland_support=auto])
+
+ AC_ARG_WITH(plymouth,
+ AS_HELP_STRING([--with-plymouth],
+ [Add plymouth support @<:@default=auto@:>@]),
+ [with_plymouth=$withval], [with_plymouth=auto])
+
+ AC_ARG_WITH(at-spi-registryd-directory,
+ AS_HELP_STRING([--with-at-spi-registryd-directory],
+ [Specify the directory of at-spi-registryd @<:@default=libexecdir@:>@])],,
+ [with_at_spi_registryd_directory="${libexecdir}"])
+
+ AT_SPI_REGISTRYD_DIR=$with_at_spi_registryd_directory
+ AC_SUBST(AT_SPI_REGISTRYD_DIR)
+
++# Allow configuration of default PATH
++#
++withval=""
++AC_ARG_WITH(default-path,
++ AS_HELP_STRING([--with-default-path=<PATH>],
++ [PATH GDM will use as the user's default PATH]),
++ [if test x$withval != x; then
++ AC_MSG_RESULT("PATH ${withval} will be the default PATH.")
++ fi])
++
++if test x$withval != x; then
++ GDM_SESSION_DEFAULT_PATH="$withval"
++else
++ GDM_SESSION_DEFAULT_PATH="/usr/local/bin:/usr/bin:/bin"
++fi
++AC_SUBST(GDM_SESSION_DEFAULT_PATH)
++
+ dnl
+ dnl file that sets LANG
+ dnl
+ withval=""
+ AC_ARG_WITH(lang-file,
+ AS_HELP_STRING([--with-lang-file=<filename>],
+ [file containing default language setting]),
+ [if test x$withval != x; then
+ AC_MSG_RESULT("System locale will be looked for in file ${withval}.")
+ fi])
+
+ if test x$withval != x; then
+ LANG_CONFIG_FILE="$withval"
+ else
+ LANG_CONFIG_FILE='$(sysconfdir)/locale.conf'
+ fi
+ AC_SUBST(LANG_CONFIG_FILE)
+
+ # stropts has been removed from glibc
+ # https://bugzilla.redhat.com/show_bug.cgi?id=436349
+ AC_CHECK_HEADERS(stropts.h)
+
+ dnl socklen_t may be declared, but not in a "standard" C header location
+ AC_CHECK_HEADERS(sys/socket.h)
+ AC_CHECK_TYPE(socklen_t,,
+ AC_DEFINE(socklen_t, size_t, [Compatibility type]),
+ [AC_INCLUDES_DEFAULT]
+ #ifdef HAVE_SYS_SOCKET_H
+ #include <sys/socket.h>
+ #endif
+diff --git a/daemon/Makefile.am b/daemon/Makefile.am
+index 6944baa..691c939 100644
+--- a/daemon/Makefile.am
++++ b/daemon/Makefile.am
+@@ -1,51 +1,52 @@
+ NULL =
+
+ AM_CPPFLAGS = \
+ -I. \
+ -I.. \
+ -I$(top_srcdir)/common \
+ -I$(top_builddir)/common \
+ -DBINDIR=\"$(bindir)\" \
+ -DDATADIR=\"$(datadir)\" \
+ -DDMCONFDIR=\"$(dmconfdir)\" \
+ -DGDMCONFDIR=\"$(gdmconfdir)\" \
+ -DLIBDIR=\"$(libdir)\" \
+ -DLIBEXECDIR=\"$(libexecdir)\" \
+ -DLOCALSTATEDIR=\"$(localstatedir)\" \
+ -DLOGDIR=\"$(logdir)\" \
+ -DSBINDIR=\"$(sbindir)\" \
+ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
+ -DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \
+ -DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \
+ -DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\" \
+ -DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\" \
++ -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \
+ -DCONSOLEKIT_DIR=\"$(CONSOLEKIT_DIR)\" \
+ $(DISABLE_DEPRECATED_CFLAGS) \
+ $(DAEMON_CFLAGS) \
+ $(XLIB_CFLAGS) \
+ $(WARN_CFLAGS) \
+ $(DEBUG_CFLAGS) \
+ $(SYSTEMD_CFLAGS) \
+ $(JOURNALD_CFLAGS) \
+ $(LIBSELINUX_CFLAGS) \
+ -DLANG_CONFIG_FILE=\"$(LANG_CONFIG_FILE)\" \
+ $(NULL)
+
+ BUILT_SOURCES = \
+ gdm-display-glue.h \
+ gdm-manager-glue.h \
+ gdm-static-display-glue.h \
+ gdm-transient-display-glue.h \
+ gdm-local-display-factory-glue.h \
+ gdm-session-glue.h \
+ gdm-session-worker-glue.h \
+ gdm-session-enum-types.h \
+ $(NULL)
+
+ gdm-session-enum-types.h: gdm-session-enum-types.h.in gdm-session.h
+ $(AM_V_GEN) glib-mkenums --template $^ > $@
+
+ gdm-session-enum-types.c: gdm-session-enum-types.c.in gdm-session.h
+ $(AM_V_GEN) glib-mkenums --template $^ > $@
+
+ gdm-display-glue.c gdm-display-glue.h: gdm-display.xml Makefile.am
+diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
+index 5fc42c6..8493fbd 100644
+--- a/daemon/gdm-session-worker.c
++++ b/daemon/gdm-session-worker.c
+@@ -63,60 +63,64 @@
+ #endif /* HAVE_SELINUX */
+
+ #include "gdm-common.h"
+ #include "gdm-log.h"
+ #include "gdm-session-worker.h"
+ #include "gdm-session-glue.h"
+ #include "gdm-session.h"
+
+ #if defined (HAVE_ADT)
+ #include "gdm-session-solaris-auditor.h"
+ #elif defined (HAVE_LIBAUDIT)
+ #include "gdm-session-linux-auditor.h"
+ #else
+ #include "gdm-session-auditor.h"
+ #endif
+
+ #include "gdm-session-settings.h"
+
+ #define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate))
+
+ #define GDM_SESSION_DBUS_PATH "/org/gnome/DisplayManager/Session"
+ #define GDM_SESSION_DBUS_NAME "org.gnome.DisplayManager.Session"
+ #define GDM_SESSION_DBUS_ERROR_CANCEL "org.gnome.DisplayManager.Session.Error.Cancel"
+
+ #define GDM_WORKER_DBUS_PATH "/org/gnome/DisplayManager/Worker"
+
+ #ifndef GDM_PASSWD_AUXILLARY_BUFFER_SIZE
+ #define GDM_PASSWD_AUXILLARY_BUFFER_SIZE 1024
+ #endif
+
++#ifndef GDM_SESSION_DEFAULT_PATH
++#define GDM_SESSION_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin"
++#endif
++
+ #ifndef GDM_SESSION_ROOT_UID
+ #define GDM_SESSION_ROOT_UID 0
+ #endif
+
+ #ifndef GDM_SESSION_LOG_FILENAME
+ #define GDM_SESSION_LOG_FILENAME "session.log"
+ #endif
+
+ #define MAX_FILE_SIZE 65536
+ #define MAX_LOGS 5
+
+ enum {
+ GDM_SESSION_WORKER_STATE_NONE = 0,
+ GDM_SESSION_WORKER_STATE_SETUP_COMPLETE,
+ GDM_SESSION_WORKER_STATE_AUTHENTICATED,
+ GDM_SESSION_WORKER_STATE_AUTHORIZED,
+ GDM_SESSION_WORKER_STATE_ACCREDITED,
+ GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED,
+ GDM_SESSION_WORKER_STATE_SESSION_OPENED,
+ GDM_SESSION_WORKER_STATE_SESSION_STARTED
+ };
+
+ typedef struct
+ {
+ GdmSessionWorker *worker;
+ GdmSession *session;
+ GPid pid_of_caller;
+ uid_t uid_of_caller;
+
+ } ReauthenticationRequest;
+@@ -1476,64 +1480,67 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker,
+ _("no user account available"));
+ goto out;
+ }
+
+ uid = 0;
+ gid = 0;
+ res = _lookup_passwd_info (worker->priv->username,
+ &uid,
+ &gid,
+ &home,
+ &shell);
+ if (! res) {
+ g_debug ("GdmSessionWorker: Unable to lookup account info");
+ error_code = PAM_AUTHINFO_UNAVAIL;
+ g_set_error (error,
+ GDM_SESSION_WORKER_ERROR,
+ GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,
+ _("no user account available"));
+ goto out;
+ }
+
+ gdm_session_worker_update_environment_from_passwd_info (worker,
+ uid,
+ gid,
+ home,
+ shell);
+
+ /* Let's give the user a default PATH if he doesn't already have one
+ */
+ if (!gdm_session_worker_environment_variable_is_set (worker, "PATH")) {
+- const char *path;
+-
+- path = g_getenv ("PATH");
+- gdm_session_worker_set_environment_variable (worker, "PATH", path);
++ if (strcmp (BINDIR, "/usr/bin") == 0) {
++ gdm_session_worker_set_environment_variable (worker, "PATH",
++ GDM_SESSION_DEFAULT_PATH);
++ } else {
++ gdm_session_worker_set_environment_variable (worker, "PATH",
++ BINDIR ":" GDM_SESSION_DEFAULT_PATH);
++ }
+ }
+
+ if (! _change_user (worker, uid, gid)) {
+ g_debug ("GdmSessionWorker: Unable to change to user");
+ error_code = PAM_SYSTEM_ERR;
+ g_set_error (error, GDM_SESSION_WORKER_ERROR,
+ GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,
+ "%s", _("Unable to change to user"));
+ goto out;
+ }
+
+ error_code = pam_setcred (worker->priv->pam_handle, worker->priv->cred_flags);
+
+ /* If the user is reauthenticating and they've made it this far, then there
+ * is no reason we should lock them out of their session. They've already
+ * proved they are they same person who logged in, and that's all we care
+ * about.
+ */
+ if (worker->priv->is_reauth_session) {
+ error_code = PAM_SUCCESS;
+ }
+
+ if (error_code != PAM_SUCCESS) {
+ g_set_error (error,
+ GDM_SESSION_WORKER_ERROR,
+ GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS,
+ "%s",
+ pam_strerror (worker->priv->pam_handle, error_code));
+ goto out;
+ }
+--
+1.9.0
+
+
+From 1282e09a595b73ae530ccb4ed9f942947d1f3fba Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Tue, 22 Apr 2014 15:01:52 -0400
+Subject: [PATCH 2/2] configure: change default PATH to include sbin
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index aa0a13f..26455f3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -260,61 +260,61 @@ AC_ARG_ENABLE(wayland-support,
+ [Enable support for wayland sessions @<:@default=auto@:>@]),
+ [enable_wayland_support=$enableval],
+ [enable_wayland_support=auto])
+
+ AC_ARG_WITH(plymouth,
+ AS_HELP_STRING([--with-plymouth],
+ [Add plymouth support @<:@default=auto@:>@]),
+ [with_plymouth=$withval], [with_plymouth=auto])
+
+ AC_ARG_WITH(at-spi-registryd-directory,
+ AS_HELP_STRING([--with-at-spi-registryd-directory],
+ [Specify the directory of at-spi-registryd @<:@default=libexecdir@:>@])],,
+ [with_at_spi_registryd_directory="${libexecdir}"])
+
+ AT_SPI_REGISTRYD_DIR=$with_at_spi_registryd_directory
+ AC_SUBST(AT_SPI_REGISTRYD_DIR)
+
+ # Allow configuration of default PATH
+ #
+ withval=""
+ AC_ARG_WITH(default-path,
+ AS_HELP_STRING([--with-default-path=<PATH>],
+ [PATH GDM will use as the user's default PATH]),
+ [if test x$withval != x; then
+ AC_MSG_RESULT("PATH ${withval} will be the default PATH.")
+ fi])
+
+ if test x$withval != x; then
+ GDM_SESSION_DEFAULT_PATH="$withval"
+ else
+- GDM_SESSION_DEFAULT_PATH="/usr/local/bin:/usr/bin:/bin"
++ GDM_SESSION_DEFAULT_PATH="/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
+ fi
+ AC_SUBST(GDM_SESSION_DEFAULT_PATH)
+
+ dnl
+ dnl file that sets LANG
+ dnl
+ withval=""
+ AC_ARG_WITH(lang-file,
+ AS_HELP_STRING([--with-lang-file=<filename>],
+ [file containing default language setting]),
+ [if test x$withval != x; then
+ AC_MSG_RESULT("System locale will be looked for in file ${withval}.")
+ fi])
+
+ if test x$withval != x; then
+ LANG_CONFIG_FILE="$withval"
+ else
+ LANG_CONFIG_FILE='$(sysconfdir)/locale.conf'
+ fi
+ AC_SUBST(LANG_CONFIG_FILE)
+
+ # stropts has been removed from glibc
+ # https://bugzilla.redhat.com/show_bug.cgi?id=436349
+ AC_CHECK_HEADERS(stropts.h)
+
+ dnl socklen_t may be declared, but not in a "standard" C header location
+ AC_CHECK_HEADERS(sys/socket.h)
+ AC_CHECK_TYPE(socklen_t,,
+ AC_DEFINE(socklen_t, size_t, [Compatibility type]),
+ [AC_INCLUDES_DEFAULT]
+--
+1.9.0
+
diff --git a/gdm.spec b/gdm.spec
index bb2b965..155c8ec 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -12,7 +12,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 3.12.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -20,6 +20,7 @@ URL: http://download.gnome.org/sources/gdm
#VCS: git:git://git.gnome.org/gdm
Source: http://download.gnome.org/sources/gdm/3.12/gdm-%{version}.tar.xz
Source1: org.gnome.login-screen.gschema.override
+Patch0: fix-path.patch
BuildRequires: pkgconfig(libcanberra-gtk)
BuildRequires: pango-devel >= 0:%{pango_version}
@@ -109,6 +110,7 @@ Development files and headers for writing GDM greeters.
%prep
%setup -q
+%patch0 -p1 -b .fix-patch
autoreconf -i -f
intltoolize -f
@@ -303,6 +305,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
%{_libdir}/pkgconfig/gdm.pc
%changelog
+* Thu May 08 2014 Ray Strode <rstrode at redhat.com> - 1:3.12.1-3
+- Fix PATH
+ Resolves: #1095344
+
* Wed May 07 2014 Kalev Lember <kalevlember at gmail.com> - 1:3.12.1-2
- Drop gnome-icon-theme-symbolic dependency
More information about the scm-commits
mailing list