Fix non-root-user display server startup failure

Transfer and clean up Kerberos ticket on login and logout
Remove spurious debugging messages
ulab-next
Timothy Pearson 12 years ago committed by Timothy Pearson
parent 271b92e052
commit 22b3a889d6

@ -1,5 +1,5 @@
#%PAM-1.0 #%PAM-1.0
@include common-auth @include common-auth
@include common-account @include common-account
@include common-session
@include common-password @include common-password
@include common-session

@ -83,10 +83,10 @@ void raptorsmiface_config_read_database(int file, struct list* param_n, struct l
int i; int i;
char* buf; char* buf;
char* temp_buf; char* temp_buf;
list_clear(param_v); list_clear(param_v);
list_clear(param_n); list_clear(param_n);
file_read_section(file, RAPTORSMIFACE_CFG_DATABASE, param_n, param_v); file_read_section(file, RAPTORSMIFACE_CFG_DATABASE, param_n, param_v);
for (i = 0; i < param_n->count; i++) { for (i = 0; i < param_n->count; i++) {
buf = (char*)list_get_item(param_n, i); buf = (char*)list_get_item(param_n, i);
@ -124,7 +124,7 @@ void read_ini_configuration() {
dprint("[ERROR] Unable to open configuration file [%s]", cfg_file); dprint("[ERROR] Unable to open configuration file [%s]", cfg_file);
return; return;
} }
sec = list_create(); sec = list_create();
sec->auto_free = 1; sec->auto_free = 1;
file_read_sections(fd, sec); file_read_sections(fd, sec);
@ -132,7 +132,7 @@ void read_ini_configuration() {
param_n->auto_free = 1; param_n->auto_free = 1;
param_v = list_create(); param_v = list_create();
param_v->auto_free = 1; param_v->auto_free = 1;
/* read database config */ /* read database config */
raptorsmiface_config_read_database(fd, param_n, param_v); raptorsmiface_config_read_database(fd, param_n, param_v);
@ -184,6 +184,26 @@ char* get_group_for_user(char* username) {
return strdup(primarygroup->gr_name); return strdup(primarygroup->gr_name);
} }
int raptor_sm_get_uid_for_user(char* username) {
struct passwd *pwd = calloc(1, sizeof(struct passwd));
if (pwd == NULL) {
return -1;
}
size_t buffer_len = sysconf(_SC_GETPW_R_SIZE_MAX) * sizeof(char);
char *buffer = malloc(buffer_len);
if (buffer == NULL) {
return -2;
}
getpwnam_r(username, pwd, buffer, buffer_len, &pwd);
if (pwd == NULL) {
return -3;
}
uid_t uid = pwd->pw_uid;
free(buffer);
free(pwd);
return uid;
}
char raptor_sm_deallocate_session(char* username) { char raptor_sm_deallocate_session(char* username) {
MYSQL_RES *res; MYSQL_RES *res;
MYSQL_ROW row; MYSQL_ROW row;
@ -227,6 +247,16 @@ char raptor_sm_deallocate_session(char* username) {
} }
} }
#ifndef RAPTOR_SM_DISABLE_KERBEROS
char* command_string;
char* ip = raptor_sm_get_ip_for_hostname(hostname, 0);
asprintf(&command_string, "ssh root@%s \'rm -f /tmp/krb5cc_%d\'", ip, raptor_sm_get_uid_for_user(username));
dprint("Running command %s...\n\r", command_string);
system(command_string);
free(command_string);
free(ip);
#endif
// Remove the user from the system // Remove the user from the system
char* safe_username = get_mysql_escaped_string(conn, username); char* safe_username = get_mysql_escaped_string(conn, username);
asprintf(&query, "DELETE FROM sessions WHERE username='%s'", safe_username); asprintf(&query, "DELETE FROM sessions WHERE username='%s'", safe_username);
@ -682,11 +712,26 @@ pid_t raptor_sm_run_remote_server(char* username, char *const argv[], char* dbfi
} }
char* origstr = command_string; char* origstr = command_string;
#ifndef RAPTOR_SM_DISABLE_KERBEROS
if (display >= 0) {
uid_t uid = raptor_sm_get_uid_for_user(username);
asprintf(&command_string, "rsync -a /tmp/krb5cc_%d root@%s:/tmp/krb5cc_%d", uid, ipaddr, uid);
dprint("Running command %s...\n\r", command_string);
system(command_string);
free(command_string);
asprintf(&command_string, "rm -f /tmp/krb5cc_%d", uid);
dprint("Running command %s...\n\r", command_string);
system(command_string);
free(command_string);
}
#endif
#ifndef RAPTOR_SM_DISABLE_PULSEAUDIO #ifndef RAPTOR_SM_DISABLE_PULSEAUDIO
if (display >= 0) { if (display >= 0) {
asprintf(&command_string, "ssh root@%s \"su %s -c \'export DISPLAY=:%d && export PULSE_SERVER=tcp:%s:%d && pulseaudio -D --load=\\\"module-native-protocol-tcp listen=0.0.0.0 auth-ip-acl=%s port=%d\\\"\' &> /dev/null\" &", ipaddr, username, display, ipaddr, (RAPTOR_SM_BASE_PULSEAUDIO_PORT+display), RAPTOR_SM_MANAGEMENT_SERVER_IP_NETRANGE, (RAPTOR_SM_BASE_PULSEAUDIO_PORT+display)); asprintf(&command_string, "ssh root@%s \"su %s -c \'export DISPLAY=:%d && export PULSE_SERVER=tcp:%s:%d && pulseaudio -D --load=\\\"module-native-protocol-tcp listen=0.0.0.0 auth-ip-acl=%s port=%d\\\"\' &> /dev/null\" &", ipaddr, username, display, ipaddr, (RAPTOR_SM_BASE_PULSEAUDIO_PORT+display), RAPTOR_SM_MANAGEMENT_SERVER_IP_NETRANGE, (RAPTOR_SM_BASE_PULSEAUDIO_PORT+display));
dprint("Running command %s...\n\r", command_string); dprint("Running command %s...\n\r", command_string);
system(command_string); system(command_string);
free(command_string);
} }
#endif #endif
@ -703,20 +748,20 @@ pid_t raptor_sm_run_remote_server(char* username, char *const argv[], char* dbfi
} }
dprint("Running command %s...\n\r", command_string); dprint("Running command %s...\n\r", command_string);
free(origstr); free(origstr);
FILE *fp; FILE *fp;
char output[1024]; char output[1024];
// Open the command for reading // Open the command for reading
fp = popen(command_string, "r"); fp = popen(command_string, "r");
if (fp == NULL) { if (fp == NULL) {
mysql_close(conn); mysql_close(conn);
return -1; return -1;
} }
// Read the output a line at a time // Read the output a line at a time
fgets(output, sizeof(output)-1, fp); fgets(output, sizeof(output)-1, fp);
// Close output // Close output
pclose(fp); pclose(fp);

@ -1401,7 +1401,7 @@ read_raw_audio_data(void *arg)
for upto one minute */ for upto one minute */
for (i = 0; i < 60; i++) for (i = 0; i < 60; i++)
{ {
// RAJA FIXME // FIXME
// How can I make this work with the distributed server system!?!? // How can I make this work with the distributed server system!?!?
// pa_simple_new can take a server as its first argument, but each server can have multiple sessions active at any given time... // pa_simple_new can take a server as its first argument, but each server can have multiple sessions active at any given time...
// This will involve reserving a range of ports (e.g. port 2000 and up), and setting PULSE_SERVER=tcp:<backend hostname>:<2000 + X11 display number> // This will involve reserving a range of ports (e.g. port 2000 and up), and setting PULSE_SERVER=tcp:<backend hostname>:<2000 + X11 display number>

@ -93,7 +93,7 @@ env_set_user(char *username, char *passwd_file, int display,
if (error == 0) if (error == 0)
{ {
uid = pw_uid; uid = pw_uid;
error = g_setuid(uid); // error = g_setuid(uid);
} }
g_mk_temp_dir(0); g_mk_temp_dir(0);

@ -471,7 +471,8 @@ xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b)
if ((g_strncmp(p, "globals", 255) == 0) if ((g_strncmp(p, "globals", 255) == 0)
|| (g_strncmp(p, "channels", 255) == 0) || (g_strncmp(p, "channels", 255) == 0)
|| (g_strncmp(p, "Logging", 255) == 0)) || (g_strncmp(p, "Logging", 255) == 0)
|| (g_strncmp(p, "Database", 255) == 0))
{ {
} }
else else

Loading…
Cancel
Save