[pkg-fso-commits] [SCM] Automatic Display Manager branch, pamhelper, updated. debian/0.1-30-g0398daf
Enrico Zini
enrico at enricozini.org
Fri Feb 20 13:38:32 UTC 2009
The following commit has been merged in the pamhelper branch:
commit 4f58fd3c132601bfa0af4cebb837f81f37b7c1cb
Author: Enrico Zini <enrico at enricozini.org>
Date: Fri Feb 20 13:33:11 2009 +0000
Run a single command, via the shell
Since we only allow to be run by root, I do not see a security issue coming from tainted paths and mailicous shell aliases here
diff --git a/TODO b/TODO
index 4b29598..3eaf57c 100644
--- a/TODO
+++ b/TODO
@@ -5,7 +5,9 @@
+ log when the session is restarted
+ configure via preseeding
+ path is not good for root
- - split X options before passing them to xinit? Is it needed or xinit does it?
+ + split X options before passing them to xinit? Is it needed or xinit does it?
+ - don't block ^C and ^\ if run interactively
+ - set up the right environment, and cd to the right place
Preseed values for testing:
diff --git a/debian/nodm.config b/debian/nodm.config
index cb746a8..999560a 100644
--- a/debian/nodm.config
+++ b/debian/nodm.config
@@ -13,18 +13,12 @@ if [ -s /etc/default/nodm ] ; then
if [ -n "$NODM_USER" ] ; then
db_set nodm/user "$NODM_USER"
fi
- if [ -n "$NODM_X_OPTIONS" ] ; then
- db_set nodm/x_options "$NODM_X_OPTIONS"
+ if [ -n "$NODM_COMMAND" ] ; then
+ db_set nodm/command "$NODM_COMMAND"
fi
if [ -n "$NODM_MIN_SESSION_TIME" ]; then
db_set nodm/min_session_time "$NODM_MIN_SESSION_TIME"
fi
- if [ -n "$NODM_XINIT" ]; then
- db_set nodm/xinit "$NODM_XINIT"
- fi
- if [ -n "$NODM_XSESSION" ]; then
- db_set nodm/xsession "$NODM_XSESSION"
- fi
fi
db_input medium nodm/enabled || true
@@ -37,16 +31,10 @@ if [ "x$START" = "xtrue" ] ; then
db_input medium nodm/user || true
db_go
- db_input low nodm/x_options || true
+ db_input low nodm/command || true
db_go
db_input low nodm/min_session_time || true
db_go
-
- db_input low nodm/xinit || true
- db_go
-
- db_input low nodm/xsession || true
- db_go
fi
diff --git a/debian/nodm.postinst b/debian/nodm.postinst
index 88e4c30..cee468b 100644
--- a/debian/nodm.postinst
+++ b/debian/nodm.postinst
@@ -11,22 +11,16 @@ if [ "$1" = "configure" ] ; then
NODM_ENABLED="$RET"
db_get nodm/user
NODM_USER="$RET"
- db_get nodm/x_options
- NODM_X_OPTIONS="$RET"
+ db_get nodm/command
+ NODM_COMMAND="$RET"
db_get nodm/min_session_time
NODM_MIN_SESSION_TIME="$RET"
- db_get nodm/xinit
- NODM_XINIT="$RET"
- db_get nodm/xsession
- NODM_XSESSION="$RET"
if [ -s /etc/default/nodm ] ; then
sed -i -r -e "s,^NODM_ENABLED=.*,NODM_ENABLED=$NODM_ENABLED," \
-e "s,^NODM_USER=.*,NODM_USER=$NODM_USER," \
- -e "s,^NODM_X_OPTIONS=.*,NODM_X_OPTIONS='$NODM_X_OPTIONS'," \
+ -e "s,^NODM_COMMAND=.*,NODM_COMMAND='$NODM_COMMAND'," \
-e "s,^NODM_MIN_SESSION_TIME=.*,NODM_MIN_SESSION_TIME=$NODM_MIN_SESSION_TIME," \
- -e "s,^NODM_XINIT=.*,NODM_XINIT=$NODM_XINIT," \
- -e "s,^NODM_XSESSION=.*,NODM_XSESSION=$NODM_XSESSION," \
/etc/default/nodm
else
cat <<EOF > /etc/default/nodm
@@ -39,13 +33,7 @@ NODM_ENABLED=$NODM_ENABLED
NODM_USER=$NODM_USER
# xinit program
-NODM_XINIT=$NODM_XINIT
-
-# X session
-NODM_XSESSION=$NODM_XSESSION
-
-# Options for the X server
-NODM_X_OPTIONS='$NODM_X_OPTIONS'
+NODM_COMMAND='$NODM_COMMAND'
# If an X session will run for less than this time in seconds, nodm will wait an
# increasing bit of time before restarting the session.
diff --git a/debian/nodm.templates b/debian/nodm.templates
index 68a0f10..cb94d58 100644
--- a/debian/nodm.templates
+++ b/debian/nodm.templates
@@ -15,11 +15,14 @@ _Description: User to start a session for:
nodm starts an X session for a user without asking for authentication. What
user should be used for the session?
-Template: nodm/x_options
+Template: nodm/command
Type: string
-Default: vt7 -nolisten tcp
-_Description: Options for the X server:
- Options to pass to the X server when starting the session.
+Default: /usr/bin/xinit /etc/X11/Xsession -- vt7 -nolisten tcp
+_Description: Command to use to run the X session
+ This command is passed to the shell to start the X session.
+ .
+ Please do not use single quotes, as they are used as delimiters in
+ /etc/default/nodm
Template: nodm/min_session_time
Type: string
@@ -28,22 +31,3 @@ _Description: Minimum time (in seconds) for a session to be considered ok
If an X session will run for less than this time in seconds, nodm will wait an
amount of time before restarting the session. The waiting time will grow
until a session lasts longer than this amount.
-
-Template: nodm/xinit
-Type: string
-Default: /usr/bin/xinit
-_Description: xinit program to use
- You can change this to use a different xinit program.
- .
- nodm will start the X session with the command:
- $NODM_XINIT $NODM_XSESSION -- $NODM_X_OPTIONS
-
-Template: nodm/xsession
-Type: string
-Default: /etc/X11/Xsession
-_Description: X session to use
- You can change this to use a different X session script.
- .
- nodm will start the X session with the command:
- $NODM_XINIT $NODM_XSESSION -- $NODM_X_OPTIONS
-
diff --git a/nodm.c b/nodm.c
index 82c02d3..3289af4 100644
--- a/nodm.c
+++ b/nodm.c
@@ -205,18 +205,13 @@ static int run_shell (int* status)
sigset_t ourset;
struct sigaction action;
char* args[5];
- char* argv0 = getenv("NODM_XINIT");
- if (argv0 == NULL)
- argv0 = "/usr/bin/xinit";
- args[0] = argv0;
- args[1] = getenv("NODM_XSESSION");
- if (args[1] == NULL) args[1] = "/etc/X11/Xsession";
- args[2] = "--";
- args[3] = getenv("NODM_X_OPTIONS");
- args[4] = NULL;
+ args[0] = "/bin/sh";
+ args[1] = "-c";
+ args[2] = getenv("NODM_COMMAND");
+ args[3] = NULL;
- syslog (LOG_INFO, "Running %s %s %s '%s'", args[0], args[1], args[2], args[3]);
+ syslog (LOG_INFO, "Running %s %s '%s'", args[0], args[1], args[2]);
child = fork ();
if (child == 0) { /* child shell */
@@ -239,7 +234,7 @@ static int run_shell (int* status)
exit (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
} else if (child == -1) {
(void) fprintf (stderr, "%s: Cannot fork user shell\n", Prog);
- syslog (LOG_WARNING, "Cannot execute %s", argv0);
+ syslog (LOG_WARNING, "Cannot execute %s", args[0]);
closelog ();
return 1;
}
--
Automatic Display Manager
More information about the pkg-fso-commits
mailing list