diff options
author | Jonathan Bauer | 2016-09-08 17:11:57 +0200 |
---|---|---|
committer | Jonathan Bauer | 2016-09-08 17:11:57 +0200 |
commit | 413129de12028bd035faa6a9d812724257392951 (patch) | |
tree | a2f6f8bb95a0d4db76046e6c7ea0549301bc9e17 | |
parent | [pam-bwidm] Create idp request with valid timestamp, don't pass password as c... (diff) | |
download | tm-scripts-413129de12028bd035faa6a9d812724257392951.tar.gz tm-scripts-413129de12028bd035faa6a9d812724257392951.tar.xz tm-scripts-413129de12028bd035faa6a9d812724257392951.zip |
[pam] fix stupid lightdm recursive bug by ignoring sessions where PAM_SERVICE='.*greeter'
-rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close | 2 | ||||
-rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close index cd35a86b..e4a7c1b4 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close @@ -6,6 +6,8 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o # can only work if script is run as root [ "x$(whoami)" = "xroot" ] || exit 0 +[ "x${PAM_SERVICE%greeter}" != "x${PAM_SERVICE}" ] && exit 0 + # NSA needs to know if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then . /opt/openslx/config diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open index 8ab34708..b918278e 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open @@ -3,6 +3,9 @@ # Needed as pam_script clears PATH export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin" +# just exit for greeter sessions +[ "x${PAM_SERVICE%greeter}" != "x${PAM_SERVICE}" ] && exit 0 + # NSA needs to know if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then . /opt/openslx/config |