GNOME Bugzilla – Bug 677931
gdm ignores error status of PostLogin scripts and allows login
Last modified: 2012-09-05 02:01:52 UTC
According to the documentation (see http://library.gnome.org/admin/gdm/stable/configuration.html.en#scripting), logins should be aborted if a PostLogin script exits with a non-zero return code. However, at the moment it doesn't and proceeds with logging the user in.
Created attachment 216183 [details] [review] Fixes responding to non-zero return codes of PostLogin scripts This patch applies against GDM 3.0.4.
(In reply to comment #1) > This patch applies against GDM 3.0.4. Is this still an issue in a supported recent version? 3.0.4 is not supported anymore in upstream - you might want to offer that patch also to your distribution if they still support that version.
Yes, it is still an issue in the 3.4 versions. I plan to send an updated patch soon. Do note that the patch only addresses PostLogin exit values (the most important IMO), but not all scripts.
Review of attachment 216183 [details] [review]: Thanks for the patch. Do you mind getting it working against master? ::: gdm3-3.0.4.orig/daemon/gdm-simple-slave.c @@ +459,3 @@ } +static gboolean I don't think we'll need this in current head since stop_greeter finishes asynchronously, and that second half won't get queued up now if this fails. @@ +484,3 @@ + postlogin_script_ran = gdm_slave_run_script (GDM_SLAVE (slave), GDMCONFDIR "/PostLogin", username); + g_debug ("GdmSimpleSlave: PostLogin: %d", postlogin_script_ran); + if (postlogin_script_ran) { shouldn't this be if (!postlogin_script_ran) ?
Created attachment 217914 [details] [review] Updated patch to fix responding to non-zero return codes of PostLogin scripts We have updated the patch for 3.4.1 and master. We are running gdm3 3.4.1 under Debian with this patch applied and it works fine.
The only gripe I have with the patch, that if no PostLogin script exists, the call returns an error. So, at the moment I have renamed /etc/gdm3/PostLogin/Default.sample to Default, although it is empty.
The following fixes have been pushed: e9dd704 slave: respond to non-zero edit codes of PostLogin 63f4990 slave: fix run_script return value confusion
Created attachment 223492 [details] [review] slave: respond to non-zero edit codes of PostLogin According to the documentation (see http://library.gnome.org/admin/gdm/stable/configuration.html.en#scripting), logins should be aborted if a PostLogin script exits with a non-zero return code. However, at the moment it doesn't and proceeds with logging the user in.
Created attachment 223493 [details] [review] slave: fix run_script return value confusion run_script should return TRUE when succeeding and FALSE when failing.
Thanks for the work on this! appreciated.