--- autologin-1.0.0/src/autologin.c.fred 2000-07-19 22:43:59.000000000 +0200 +++ autologin-1.0.0/src/autologin.c 2006-08-17 00:26:16.000000000 +0200 @@ -9,13 +9,16 @@ #include <errno.h> #include <sys/types.h> #include <sys/stat.h> +#include <fcntl.h> #include <pwd.h> #define CONFIG "/etc/sysconfig/autologin" -#define DEFAULT "/usr/X11R6/bin/startx" +#define DEFAULT "/usr/bin/startx.autologin" +#define _PATH_DEFPATH "/usr/X11R6/bin:/usr/local/bin:/bin:/usr/bin" #ifdef HAVE_PAM #include <security/pam_appl.h> #include <sys/wait.h> +#include <signal.h> static int PAM_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { /* We use PAM to authenticate for pam_console only, we don't need @@ -27,6 +30,13 @@ &PAM_conv, NULL }; + +static pid_t child; + +static void sigterm_handler(int val) +{ + kill(child, SIGTERM); +} #endif char runthis[1024]; @@ -43,36 +53,36 @@ char *dir, *shell; char *user=NULL; char *cmd=NULL; + int outfd; #ifdef HAVE_PAM pam_handle_t *pamh; - pid_t child; int status; #endif runthis[0]=0; runthis[1023]=0; if(getuid()) { - puts("ERROR: This program needs to change user IDs; therefore, it must be run as root."); + puts("autologin ERROR: This program needs to change user IDs; therefore, it must be run as root."); return 1; } if(stat(CONFIG, &st)) { - perror("ERROR: Couldn't stat "CONFIG":"); + perror("autologin ERROR: Couldn't stat "CONFIG":"); return 1; } if(st.st_mode & S_IWGRP) { - puts("ERROR: "CONFIG" must not be group-writable!"); + puts("autologin ERROR: "CONFIG" must not be group-writable!"); return 1; } if(st.st_mode & S_IWOTH) { - puts("ERROR: "CONFIG" must not be world-writable!"); + puts("autologin ERROR: "CONFIG" must not be world-writable!"); return 1; } if(st.st_uid || st.st_gid) { - puts("ERROR: "CONFIG" must be owned by user root, group root!"); + puts("autologin ERROR: "CONFIG" must be owned by user root, group root!"); return 1; } f=fopen(CONFIG, "r"); if(!f) { - perror("ERROR: Couldn't open "CONFIG":"); + perror("autologin ERROR: Couldn't open "CONFIG":"); return 1; } cfg=(char *) malloc(st.st_size+1); @@ -107,10 +117,9 @@ fclose(f); free(cfg); if(user==NULL) { - puts("ERROR: Required variable USER= not found in "CONFIG"."); if(cmd) free(cmd); - return 1; + return 0; } if(cmd==NULL) /* Try a reasonable default... */ cmd=strdup(DEFAULT); @@ -126,7 +135,7 @@ dir=strdup(pw->pw_dir); shell=strdup(pw->pw_shell); } else { - printf("ERROR: No such user %s!\n", user); + printf("autologin ERROR: No such user %s!\n", user); return 1; } @@ -138,6 +147,16 @@ } #endif + outfd = open("/var/log/autologin.log", O_WRONLY | O_CREAT); + close(1); + close(2); + dup2(outfd, 1); + dup2(outfd, 2); + + setpgrp(); + setsid(); + initgroups(user, pw->pw_gid); + /* Take console ownership and satisfy PAM */ #ifdef HAVE_PAM pam_start("autologin", user, &PAM_conversation, &pamh); @@ -180,6 +199,7 @@ setenv("SHELL", shell, 1); setenv("USER", user, 1); setenv("LOGNAME", user, 1); + setenv("PATH", _PATH_DEFPATH, 1); chdir(dir); free(user); @@ -191,6 +211,7 @@ return 2; #ifdef HAVE_PAM } else { + signal(SIGTERM, sigterm_handler); waitpid(child, &status, 0); pam_close_session(pamh, 0); pam_end(pamh, PAM_SUCCESS); --- autologin-1.0.0/src/autologin.pam.fred 2000-07-19 20:57:49.000000000 +0200 +++ autologin-1.0.0/src/autologin.pam 2006-08-17 00:26:16.000000000 +0200 @@ -1,4 +1,4 @@ #%PAM-1.0 -account required /lib/security/pam_unix.so -session required /lib/security/pam_unix.so +account include system-auth +session include system-auth session optional /lib/security/pam_console.so --- autologin-1.0.0/README.fred 2000-06-04 02:00:00.000000000 +0200 +++ autologin-1.0.0/README 2006-08-17 00:28:24.000000000 +0200 @@ -31,9 +31,7 @@ specified above. If this setting is omitted, /usr/X11R6/bin/startx will be used. AUTOLOGIN={yes,no} - You can use this setting to turn off autologin even if it is - installed and the config file exists and is considered safe. - If this setting is omitted, "yes" is assumed. + If this setting is omitted, "no" is assumed. /etc/sysconfig/autologin must not be writable by anyone but root. If it is, it is detected as a possible cracking attempt and autologin will not run.