[openembedded-core.git] /

From 8ff6ed03ec4079f32e9b34085414e57be4730e04 Mon Sep 17 00:00:00 2001
From: Tom Hochstein <tom.hochstein@nxp.com>
Date: Wed, 22 Feb 2017 15:53:30 +0200
Subject: [PATCH] weston-launch: Provide a default version that doesn't require
 PAM

weston-launch requires PAM for starting weston as a non-root user.

Since starting weston as root is a valid use case by itself, if
PAM is not available, provide a default version of weston-launch
without non-root-user support.

Upstream-Status: Pending

Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
 configure.ac              |  9 +++++++--
 libweston/weston-launch.c | 20 ++++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 46cb2c7..bb45f46 100644
--- a/configure.ac
+++ b/configure.ac
@@ -435,13 +435,17 @@ AC_ARG_ENABLE(resize-optimization,
 AS_IF([test "x$enable_resize_optimization" = "xyes"],
       [AC_DEFINE([USE_RESIZE_POOL], [1], [Use resize memory pool as a performance optimization])])
 
+AC_ARG_WITH(pam,
+            AS_HELP_STRING([--with-pam], [Use PAM]),
+            [use_pam=$withval], [use_pam=yes])
 AC_ARG_ENABLE(weston-launch, [  --enable-weston-launch],, enable_weston_launch=yes)
 AM_CONDITIONAL(BUILD_WESTON_LAUNCH, test x$enable_weston_launch = xyes)
-if test x$enable_weston_launch = xyes; then
+if test x$enable_weston_launch = xyes -a x$use_pam = xyes; then
   WESTON_SEARCH_LIBS([PAM], [pam], [pam_open_session], [have_pam=yes], [have_pam=no])
   if test x$have_pam = xno; then
-    AC_ERROR([weston-launch requires pam])
+    AC_ERROR([PAM support is explicitly requested, but libpam couldn't be found])
   fi
+  AC_DEFINE([HAVE_PAM], [1], [Define if PAM is available])
 fi
 
 AM_CONDITIONAL(HAVE_PANGO, test "x$have_pango" = "xyes")
@@ -701,6 +705,7 @@ AC_MSG_RESULT([
        Enable developer documentation  ${enable_devdocs}
 
        weston-launch utility           ${enable_weston_launch}
+       PAM support                     ${use_pam}
        systemd-login support           ${have_systemd_login}
        systemd notify support          ${enable_systemd_notify}
 
diff --git a/libweston/weston-launch.c b/libweston/weston-launch.c
index 0491896..07e7469 100644
--- a/libweston/weston-launch.c
+++ b/libweston/weston-launch.c
@@ -51,7 +51,9 @@
 
 #include <pwd.h>
 #include <grp.h>
+#ifdef HAVE_PAM
 #include <security/pam_appl.h>
+#endif
 
 #ifdef HAVE_SYSTEMD_LOGIN
 #include <systemd/sd-login.h>
@@ -93,8 +95,10 @@ drmSetMaster(int drm_fd)
 #endif
 
 struct weston_launch {
+#ifdef HAVE_PAM
        struct pam_conv pc;
        pam_handle_t *ph;
+#endif
        int tty;
        int ttynr;
        int sock[2];
@@ -181,6 +185,7 @@ weston_launch_allowed(struct weston_launch *wl)
        return false;
 }
 
+#ifdef HAVE_PAM
 static int
 pam_conversation_fn(int msg_count,
                    const struct pam_message **messages,
@@ -221,6 +226,7 @@ setup_pam(struct weston_launch *wl)
 
        return 0;
 }
+#endif
 
 static int
 setup_launcher_socket(struct weston_launch *wl)
@@ -414,6 +420,7 @@ quit(struct weston_launch *wl, int status)
        close(wl->signalfd);
        close(wl->sock[0]);
 
+#ifdef HAVE_PAM
        if (wl->new_user) {
                err = pam_close_session(wl->ph, 0);
                if (err)
@@ -421,6 +428,7 @@ quit(struct weston_launch *wl, int status)
                                err, pam_strerror(wl->ph, err));
                pam_end(wl->ph, err);
        }
+#endif
 
        if (ioctl(wl->tty, KDSKBMUTE, 0) &&
            ioctl(wl->tty, KDSKBMODE, wl->kb_mode))
@@ -600,6 +608,7 @@ setup_session(struct weston_launch *wl, char **child_argv)
        setenv("HOME", wl->pw->pw_dir, 1);
        setenv("SHELL", wl->pw->pw_shell, 1);
 
+#ifdef HAVE_PAM
        env = pam_getenvlist(wl->ph);
        if (env) {
                for (i = 0; env[i]; ++i) {
@@ -608,6 +617,7 @@ setup_session(struct weston_launch *wl, char **child_argv)
                }
                free(env);
        }
+#endif
 
        /*
         * We open a new session, so it makes sense
@@ -675,7 +685,9 @@ static void
 help(const char *name)
 {
        fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", name);
+#ifdef HAVE_PAM
        fprintf(stderr, "  -u, --user      Start session as specified username\n");
+#endif
        fprintf(stderr, "  -t, --tty       Start session on alternative tty\n");
        fprintf(stderr, "  -v, --verbose   Be verbose\n");
        fprintf(stderr, "  -h, --help      Display this help message\n");
@@ -688,7 +700,9 @@ main(int argc, char *argv[])
        int i, c;
        char *tty = NULL;
        struct option opts[] = {
+#ifdef HAVE_PAM
                { "user",    required_argument, NULL, 'u' },
+#endif
                { "tty",     required_argument, NULL, 't' },
                { "verbose", no_argument,       NULL, 'v' },
                { "help",    no_argument,       NULL, 'h' },
@@ -700,9 +714,13 @@ main(int argc, char *argv[])
        while ((c = getopt_long(argc, argv, "u:t::vh", opts, &i)) != -1) {
                switch (c) {
                case 'u':
+#ifdef HAVE_PAM
                        wl.new_user = optarg;
                        if (getuid() != 0)
                                error(1, 0, "Permission denied. -u allowed for root only");
+#else
+                       error(1, 0, "-u is unsupported in this weston-launch build");
+#endif
                        break;
                case 't':
                        tty = optarg;
@@ -740,8 +758,10 @@ main(int argc, char *argv[])
        if (setup_tty(&wl, tty) < 0)
                exit(EXIT_FAILURE);
 
+#ifdef HAVE_PAM
        if (wl.new_user && setup_pam(&wl) < 0)
                exit(EXIT_FAILURE);
+#endif
 
        if (setup_launcher_socket(&wl) < 0)
                exit(EXIT_FAILURE);
-- 
2.1.4