Add support for changing the home directory in PAM modules #323
Conversation
There was a problem hiding this comment.
This looks generally good. I think we'd want to return the home directory in the "Report authentication result" section in session-child.c so other code can access it (i.e. in the same way the username is returned).
It really should have a test in tests/, could you have a go at one?
PAM modules such as pam_mklocaluser may change or even create the home directory. Currently, LightDM assumes that the home directory will not change when opening the PAM session, the user's home directory is obtained via getpwent() after authentication but before opening the session. Fix this by trying to update the user's home directory from the HOME environment variable from PAM after opening the session. Furthermore, if the Xauthority file is not stored in a system directory, the daemon hardcodes its path to the user's home directory and passes it as an absolute path to the session child. Fix this by passing it as a relative path so that the actual path can be constructed after the PAM session has been opened and the home directory has potentially been updated.
…n child Return the home directory from the session child to the daemon which may have been changed by PAM. Use the returned home directory in the daemon when running script hooks.
OK, I'm now passing it back and storing in the Session object. I've also versioned the change, please check whether it is correct like this. I've also modified the script hooks running in the context of the user to use the home directory passed back to the daemon.
I have added a test case. |
|
@robert-ancell I checked the status of this PR today and noticed that a second review iteration is necessary. I'd really love to see this patch land in Debian soon, but for this we need upstream approval. Can you take a second look? Thanks! |
PAM modules such as pam_mklocaluser may change or even create the home directory. Currently, LightDM assumes that the home directory will not change when opening the PAM session, the user's home directory is obtained via getpwent() after authentication but before opening the session. Fix this by trying to update the user's home directory from the HOME environment variable from PAM after opening the session.
Furthermore, if the Xauthority file is not stored in a system directory, the daemon hardcodes its path to the user's home directory and passes it as an absolute path to the session child. Fix this by passing it as a relative path so that the actual path can be constructed after the PAM session has been opened and the home directory has potentially been updated.
This fixes #322.