dtlogin: use sessreg to manage utmp/wtmp.

cde/configure.ac

@@ -177,11 +177,6 @@ AC_SUBST(LIBMMDB, '$(top_builddir)/lib/DtMmdb/libDtMmdb.la')
 AC_SUBST(LIBHELP, '$(top_builddir)/lib/DtHelp/libDtHelp.la')
 AC_SUBST(LIBCSA, '$(top_builddir)/lib/csa/libcsa.la')
 
-AC_SUBST(LIBPAMSVC, '$(top_builddir)/lib/DtPamSvc/libDtPamSvc.la')
-
-dnl we do not inclue the DtPamSvc library here as it is not needed
-dnl for everything.
-
 AC_SUBST(DTCLIENTLIBS, '$(LIBPRINT) $(LIBHELP) $(LIBWIDGET) $(LIBSVC) \
 $(LIBTT) $(LIBXIN)')
 
@@ -245,6 +240,48 @@ AC_ARG_ENABLE([xrender],
         [disable_xrender="yes"], [disable_xrender=""]
 )
 
+dnl copied from xdm...
+
+AC_ARG_WITH(utmp_file,
+  AS_HELP_STRING([--with-utmp-file=<pathname>],
+    [specify file to pass to sessreg -u for current logins])
+AS_HELP_STRING([--without-utmp-file],
+    [specify passing "none" to sessreg -u to not record logins in utmp]),
+  [UTMP_FILE="$withval"])
+if test "x$UTMP_FILE" = "xyes" ; then
+  UTMP_FILE=""
+elif test "x$UTMP_FILE" = "xno" ; then
+  UTMP_FILE="none"
+fi
+AC_MSG_CHECKING([for path to file listing current logins for sessreg])
+if test "x$UTMP_FILE" = "x" ; then
+  AC_MSG_RESULT([use sessreg default])
+else
+  AC_MSG_RESULT([$UTMP_FILE])
+fi
+AM_CONDITIONAL(SET_UTMP_FILE, test x$UTMP_FILE != x)
+AC_SUBST(UTMP_FILE)
+
+AC_ARG_WITH(wtmp_file,
+  AS_HELP_STRING([--with-wtmp-file=<pathname>],
+    [specify file to pass to sessreg -w for login history])
+AS_HELP_STRING([--without-wtmp-file],
+    [specify passing "none" to sessreg -w to not record logins in wtmp]),
+  [WTMP_FILE="$withval"])
+if test "x$WTMP_FILE" = "xyes" ; then
+  WTMP_FILE=""
+elif test "x$WTMP_FILE" = "xno" ; then
+  WTMP_FILE="none"
+fi
+AC_MSG_CHECKING([for path to file listing login history for sessreg])
+if test "x$WTMP_FILE" = "x" ; then
+  AC_MSG_RESULT([use sessreg default])
+else
+  AC_MSG_RESULT([$WTMP_FILE])
+fi
+AM_CONDITIONAL(SET_WTMP_FILE, test x$WTMP_FILE != x)
+AC_SUBST(WTMP_FILE)
+
 dnl hmmm...
 RM="rm -f"
 AC_SUBST(RM)
@@ -396,6 +433,10 @@ AC_CHECK_PROGS(ONSGMLS, onsgmls)
 if test -z "$ac_cv_prog_ONSGMLS"; then
    MISSING_PROGS="ONSGMLS ${MISSING_PROGS}"
 fi
+AC_CHECK_PROGS(SESSREG, sessreg)
+if test -z "$ac_cv_prog_SESSREG"; then
+   MISSING_PROGS="SESSREG ${MISSING_PROGS}"
+fi
 
 dnl Used to check if program 'tic' is available to install terminfo files
 AC_CHECK_PROGS(TIC, tic, :)
@@ -494,7 +535,9 @@ dnl Right now this only works on linux and netbsd (9.2 tested)
 if test "$supports_pam" = "yes"
 then
         AC_CHECK_LIB(pam, pam_start,
-             [SOURCE_CPP_DEFINES="${SOURCE_CPP_DEFINES} -DHAS_PAM_LIBRARY"])
+             [SOURCE_CPP_DEFINES="${SOURCE_CPP_DEFINES} -DHAS_PAM_LIBRARY";
+	      PAMLIB="-lpam"])
+        AC_SUBST(PAMLIB)
 else
         AC_CHECK_LIB(pam, NOTSUPPORTED)
 fi
@@ -565,8 +608,6 @@ lib/tt/bin/ttsession/Makefile
 
 lib/DtSvc/Makefile
 
-lib/DtPamSvc/Makefile
-
 lib/DtSearch/Makefile
 lib/DtSearch/raima/Makefile
 

cde/include/Dt/PamSvc.h

@@ -1,58 +0,0 @@
-/*
- * CDE - Common Desktop Environment
- *
- * Copyright (c) 1993-2012, The Open Group. All rights reserved.
- *
- * These libraries and programs are free software; you can
- * redistribute them and/or modify them under the terms of the GNU
- * Lesser General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * These libraries and programs are distributed in the hope that
- * they will be useful, but WITHOUT ANY WARRANTY; without even the
- * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- * PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with these libraries and programs; if not, write
- * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
- * Floor, Boston, MA 02110-1301 USA
- */
-/* $XConsortium: pam_svc.h /main/3 1996/10/30 11:13:40 drk $ */
-/*******************************************************************************
-**
-**  "@(#)pam_svc.h 1.4 95/09/12
-**
-**  Copyright 1993, 1994, 1995 Sun Microsystems, Inc.  All rights reserved.
-**
-**  This file contains header info related to use of PAM
-**  (Pluggable Authentication Module) library.
-**
-*******************************************************************************/
-/*                                                                      *
- * (c) Copyright 1993, 1994 Hewlett-Packard Company                     *
- * (c) Copyright 1993, 1994 International Business Machines Corp.       *
- * (c) Copyright 1993, 1994, 1995 Sun Microsystems, Inc.                *
- * (c) Copyright 1993, 1994 Novell, Inc.                                *
- */
-
-#ifndef _DT_PAM_SVC_H
-#define _DT_PAM_SVC_H
-
-#include <sys/types.h>
-
-#define DT_BAD_GID 29 /* Invalid Group ID */
-#define DT_INITGROUP_FAIL 30 /* group IDs init failed */
-#define DT_BAD_UID 31 /* Invaid User ID */
-
-/*
- *	External procedure declarations
- */
-
-extern int _DtAuthentication(char*, char*, char*, char*, char*);
-extern int _DtAccounting(char*, char*, char[], char*, char*, pid_t, int, int);
-extern int _DtSetCred(char*, char *, uid_t, gid_t);
-
-#endif /* _DT_PAM_SVC_H */

cde/include/Dt/SvcPam.h

@@ -0,0 +1,36 @@
+/*
+ * CDE - Common Desktop Environment
+ *
+ * Copyright (c) 1993-2012, The Open Group. All rights reserved.
+ *
+ * These libraries and programs are free software; you can
+ * redistribute them and/or modify them under the terms of the GNU
+ * Lesser General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * These libraries and programs are distributed in the hope that
+ * they will be useful, but WITHOUT ANY WARRANTY; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with these libraries and programs; if not, write
+ * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
+ * Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _DT_SVC_PAM_H
+#define _DT_SVC_PAM_H
+
+int _DtSvcPamAuthenticate(const char *service_name, const char *user,
+			  const char *display_name, const char *user_passwd);
+int _DtSvcPamOpenSession(const char *service_name, const char *user,
+			 const char *display_name);
+int _DtSvcPamCloseSession(const char *service_name, const char *user,
+			  const char *display_name);
+int _DtSvcPamSetcred(const char *service_name, const char *user,
+		     const char *display_name);
+
+#endif

cde/include/Makefile.am

@@ -28,7 +28,4 @@ nobase_include_HEADERS = Dt/Editor.h \
 	Dt/Search.h \
 	Dt/Mmdb.h \
 	Dt/DtXinerama.h \
-	Dt/PamSvc.h
-
-
-
+	Dt/SvcPam.h

cde/lib/DtPamSvc/Makefile.am

@@ -1,17 +0,0 @@
-MAINTAINERCLEANFILES = Makefile.in
-
-lib_LTLIBRARIES = libDtPamSvc.la
-
-# the PamSvc.h header file is located in include/Dt/
-libDtPamSvc_la_SOURCES = PamSvc.c ${top_srcdir}/include/Dt/PamSvc.h
-
-libDtPamSvc_la_LIBADD = -lpam
-
-# in order to try to keep lib versions the same across platforms, (2.1.0)
-if BSD
-libDtPamSvc_la_LDFLAGS = -version-info 2:1:0
-else
-libDtPamSvc_la_LDFLAGS = -version-info 3:0:1
-endif
-
-

cde/lib/DtPamSvc/PamSvc.c

@@ -1,310 +0,0 @@
-/*
- * CDE - Common Desktop Environment
- *
- * Copyright (c) 1993-2012, The Open Group. All rights reserved.
- *
- * These libraries and programs are free software; you can
- * redistribute them and/or modify them under the terms of the GNU
- * Lesser General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * These libraries and programs are distributed in the hope that
- * they will be useful, but WITHOUT ANY WARRANTY; without even the
- * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- * PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with these libraries and programs; if not, write
- * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
- * Floor, Boston, MA 02110-1301 USA
- */
-/* $TOG: pam_svc.c /main/5 1997/06/04 16:30:21 samborn $ */
-/*******************************************************************************
- **
- **  pam_svc.c 1.10 95/11/25
- **
- **  Copyright 1993, 1994, 1995 Sun Microsystems, Inc.  All rights reserved.
- **
- **  This file contains procedures specific to use of
- **  PAM (Pluggable Authentication Module) security library.
- **
- *******************************************************************************/
-/*                                                                      *
- * (c) Copyright 1993, 1994 Hewlett-Packard Company                     *
- * (c) Copyright 1993, 1994 International Business Machines Corp.       *
- * (c) Copyright 1993, 1994, 1995 Sun Microsystems, Inc.               	*
- * (c) Copyright 1993, 1994 Novell, Inc.                                *
- */
-
-/*
- * Header Files
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <dirent.h>
-#include <sys/param.h>
-#include <security/pam_appl.h>
-#include <utmpx.h>
-#include <unistd.h>
-#if defined(__linux__)
-#include <grp.h>
-#endif
-#include <Dt/PamSvc.h>
-
-/*
- * Local function declarations
- */
-
-static int login_conv(int num_msg, const struct pam_message **msg,
-        struct pam_response **response, void *appdata_ptr);
-
-static char* create_devname(char* short_devname);
-
-/*
- * Local structures and variables
- */
-
-static struct pam_conv pam_conv = {login_conv, NULL};
-static char *saved_user_passwd;
-static pam_handle_t *pamh = NULL;
-
-/****************************************************************************
- * PamInit
- *
- * Initialize or Update PAM datastructures.
- *
- ****************************************************************************/
-
-static int PamInit(char* prog_name,
-        char* user,
-        char* line_dev,
-        char* display_name)
-{
-    int status=PAM_SUCCESS;
-
-    if (!pamh) {
-        /* Open PAM (Plugable Authentication module ) connection */
-        status = pam_start( prog_name, user, &pam_conv, &pamh );
-        if (status != PAM_SUCCESS) pamh = NULL;
-    } else {
-        if (prog_name) pam_set_item(pamh, PAM_SERVICE, prog_name);
-        if (user) pam_set_item(pamh, PAM_USER, user);
-    }
-
-    if (status == PAM_SUCCESS) {
-        if (line_dev) pam_set_item(pamh, PAM_TTY, line_dev);
-        if (display_name) pam_set_item(pamh, PAM_RHOST, display_name);
-    }
-
-    return(status);
-}
-
-/****************************************************************************
- * _DtAuthentication
- *
- * Authenticate that user / password combination is legal for this system
- *
- ****************************************************************************/
-
-int _DtAuthentication ( char*   prog_name,
-        char*   display_name,
-        char*   user_passwd,
-        char*   user,
-        char*   line )
-{
-    int status;
-    char* line_str = line ? line : "NULL";
-    char* line_dev = create_devname(line_str);
-
-    if (!user_passwd)
-        /* Password challenge required for dtlogin authentication */
-        return(PAM_AUTH_ERR);
-
-    status = PamInit(prog_name, user, line_dev, display_name);
-
-    if (status == PAM_SUCCESS) {
-        saved_user_passwd = user_passwd;
-        status = pam_authenticate( pamh, 0 );
-    };
-
-    if (status != PAM_SUCCESS) {
-        if (pamh) {
-            pam_end(pamh, PAM_ABORT);
-            pamh=NULL;
-        }
-    }
-
-    return(status);
-}
-
-/****************************************************************************
- * _DtAccounting
- *
- * Work related to open and close of user sessions
- ****************************************************************************/
-
-int _DtAccounting( char*   prog_name,
-        char*   display_name,
-        char*   entry_id,
-        char*   user,
-        char*   line,
-        pid_t   pid,
-        int     entry_type,
-        int     exitcode )
-{
-    int session_type, status;
-    char *line_str = line ? line : "NULL";
-    char *line_dev = create_devname(line_str);
-
-    /* Open PAM (Plugable Authentication module ) connection */
-
-    status = PamInit(prog_name, user, line_dev, display_name);
-
-    /* Session accounting */
-
-    if (status == PAM_SUCCESS) switch(entry_type) {
-        case DEAD_PROCESS:
-            status = pam_close_session(pamh, 0);
-            break;
-
-        case USER_PROCESS:
-        case LOGIN_PROCESS:
-        default:
-            status = pam_open_session(pamh, 0);
-            break;
-    }
-
-    free(line_dev);
-    return(status);
-}
-
-/****************************************************************************
- * _DtSetCred
- *
- * Set Users login credentials: uid, gid, and group lists
- ****************************************************************************/
-
-int _DtSetCred(char* prog_name, char* user, uid_t uid, gid_t gid)
-{
-    int cred_type, status;
-
-    status = PamInit(prog_name, user, NULL, NULL);
-
-    /* Set users credentials */
-
-    if (status == PAM_SUCCESS && setgid(gid) == -1)
-        status = DT_BAD_GID;
-
-    if ((status == PAM_SUCCESS &&
-            !user) || (initgroups(user, gid) == -1))
-        status = DT_INITGROUP_FAIL;
-
-    if (status == PAM_SUCCESS)
-        status = pam_setcred(pamh, PAM_ESTABLISH_CRED);
-
-    if (status == PAM_SUCCESS && (setuid(uid) == -1))
-        status = DT_BAD_UID;
-
-    return(status);
-}
-
-/***************************************************************************
- * create_devname
- *
- * A utility function.  Takes short device name like "console" and returns
- * a long device name like "/dev/console"
- ***************************************************************************/
-
-static char* create_devname(char* short_devname)
-{
-    char* long_devname;
-
-    if (short_devname == NULL)
-        short_devname = "";
-
-    long_devname = (char *) malloc (strlen(short_devname) + 5);
-
-    if (long_devname == NULL)
-        return(NULL);
-
-    strcpy(long_devname,"/dev/");
-    strcat(long_devname, short_devname);
-
-    return(long_devname);
-}
-
-/*****************************************************************************
- * login_conv():
- *
- * This is a conv (conversation) function called from the PAM
- * authentication scheme.  It returns the user's password when requested by
- * internal PAM authentication modules and also logs any internal PAM error
- * messages.
- *****************************************************************************/
-
-static int login_conv(int num_msg, const struct pam_message **msg,
-        struct pam_response **response, void *appdata_ptr)
-{
-    const struct pam_message	*m;
-    struct pam_response	*r;
-    char 			*temp;
-    int			k;
-
-#ifdef lint
-    conv_id = conv_id;
-#endif
-    if (num_msg <= 0)
-        return (PAM_CONV_ERR);
-
-    *response = (struct pam_response*)
-        calloc(num_msg, sizeof (struct pam_response));
-    if (*response == NULL)
-        return (PAM_CONV_ERR);
-
-    (void) memset(*response, 0, sizeof (struct pam_response));
-
-    k = num_msg;
-    m = *msg;
-    r = *response;
-    while (k--) {
-
-        switch (m->msg_style) {
-
-            case PAM_PROMPT_ECHO_OFF:
-                if (saved_user_passwd != NULL) {
-                    r->resp = (char *) malloc(strlen(saved_user_passwd)+1);
-                    if (r->resp == NULL) {
-                        /* __pam_free_resp(num_msg, *response); */
-                        *response = NULL;
-                        return (PAM_CONV_ERR);
-                    }
-                    (void) strcpy(r->resp, saved_user_passwd);
-                    r->resp_retcode=0;
-                }
-
-                m++;
-                r++;
-                break;
-
-            case PAM_ERROR_MSG:
-                m++;
-                r++;
-                break;
-
-            case PAM_TEXT_INFO:
-                m++;
-                r++;
-                break;
-
-            default:
-                break;
-        }
-    }
-
-    return (PAM_SUCCESS);
-}

cde/lib/DtSvc/DtUtil2/SvcPam.c

@@ -0,0 +1,243 @@
+/*
+ * CDE - Common Desktop Environment
+ *
+ * Copyright (c) 1993-2012, The Open Group. All rights reserved.
+ *
+ * These libraries and programs are free software; you can
+ * redistribute them and/or modify them under the terms of the GNU
+ * Lesser General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * These libraries and programs are distributed in the hope that
+ * they will be useful, but WITHOUT ANY WARRANTY; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with these libraries and programs; if not, write
+ * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
+ * Floor, Boston, MA 02110-1301 USA
+ */
+
+/*
+ * Header Files
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/*
+ * Local function declarations
+ */
+
+static int login_conv(int num_msg, const struct pam_message **msg,
+        struct pam_response **response, void *appdata_ptr);
+
+/*
+ * Local structures and variables
+ */
+
+static struct pam_conv pam_conv = {login_conv, NULL};
+static char *saved_user_passwd;
+static pam_handle_t *pamh;
+
+static int PamStart(const char *service_name, const char *user,
+		    const char *display_name)
+{
+    int status;
+    char *colon, *hostname;
+
+    if (pamh) {
+	if (service_name)
+	    status = pam_set_item(pamh, PAM_SERVICE, service_name);
+
+	if (status != PAM_SUCCESS && user) pam_set_item(pamh, PAM_USER, user);
+    }
+    else {
+	status = pam_start(service_name, user, &pam_conv, &pamh);
+    }
+
+    if (status != PAM_SUCCESS) goto done;
+
+    if (!display_name) goto done;
+
+    if (display_name[0] == ':') {
+	status = pam_set_item(pamh, PAM_TTY, display_name);
+	goto done;
+    }
+
+    if (!(hostname = strdup(display_name))) {
+	status = PAM_BUF_ERR;
+	goto done;
+    }
+
+    if (colon = strrchr(hostname, ':')) *colon = '\0';
+
+    status = pam_set_item(pamh, PAM_RHOST, hostname);
+
+    free(hostname);
+
+done:
+    if (status != PAM_SUCCESS && pamh && pam_end(pamh, status) == PAM_SUCCESS)
+	pamh = NULL;
+
+    return status;
+}
+
+/**
+ * @brief Authenticate that user / password combination is legal for this
+ *        system.
+ *
+ * @param service_name
+ * @param user
+ * @param display_name
+ * @param user_passwd
+ *
+ * @return See pam_authenticate.
+ */
+int _DtSvcPamAuthenticate(const char *service_name, const char *user,
+			  const char *display_name, const char *user_passwd)
+{
+    int status;
+
+    if (!user_passwd) return PAM_AUTH_ERR;
+
+    if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
+	return status;
+
+    saved_user_passwd = (char *) user_passwd;
+
+    return pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
+}
+
+/**
+ * @brief Start PAM session management.
+ *
+ * @param service_name
+ * @param user
+ * @param display_name
+ *
+ * @return See pam_open_session.
+ */
+int _DtSvcPamOpenSession(const char *service_name, const char *user,
+			 const char *display_name)
+{
+    int status;
+
+    if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
+	return status;
+
+    return pam_open_session(pamh, 0);
+}
+
+/**
+ * @brief Terminate PAM session management.
+ *
+ * @param service_name
+ * @param user
+ * @param display_name
+ *
+ * @return See pam_close_session.
+ */
+int _DtSvcPamCloseSession(const char *service_name, const char *user,
+			  const char *display_name)
+{
+    int status;
+
+    if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
+	return status;
+
+    return pam_close_session(pamh, 0);
+}
+
+/**
+ * @brief Set Users login credentials.
+ *
+ * @param service_name
+ * @param user
+ * @param display_name
+ *
+ * @return See pam_setcred.
+ */
+int _DtSvcPamSetcred(const char *service_name, const char *user,
+		     const char *display_name)
+{
+    int status;
+
+    if ((status = PamStart(service_name, user, display_name)) != PAM_SUCCESS)
+	return status;
+
+    return pam_setcred(pamh, PAM_ESTABLISH_CRED);
+}
+
+/*****************************************************************************
+ * login_conv():
+ *
+ * This is a conv (conversation) function called from the PAM
+ * authentication scheme.  It returns the user's password when requested by
+ * internal PAM authentication modules and also logs any internal PAM error
+ * messages.
+ *****************************************************************************/
+
+static int login_conv(int num_msg, const struct pam_message **msg,
+        struct pam_response **response, void *appdata_ptr)
+{
+    const struct pam_message	*m;
+    struct pam_response	*r;
+    char 			*temp;
+    int			k;
+
+#ifdef lint
+    conv_id = conv_id;
+#endif
+    if (num_msg <= 0)
+        return (PAM_CONV_ERR);
+
+    *response = (struct pam_response*)
+        calloc(num_msg, sizeof (struct pam_response));
+    if (*response == NULL)
+        return (PAM_BUF_ERR);
+
+    k = num_msg;
+    m = *msg;
+    r = *response;
+    while (k--) {
+
+        switch (m->msg_style) {
+
+            case PAM_PROMPT_ECHO_OFF:
+                if (saved_user_passwd != NULL) {
+                    r->resp = (char *) malloc(strlen(saved_user_passwd)+1);
+                    if (r->resp == NULL) {
+                        /* __pam_free_resp(num_msg, *response); */
+                        *response = NULL;
+                        return (PAM_BUF_ERR);
+                    }
+                    (void) strcpy(r->resp, saved_user_passwd);
+                    r->resp_retcode=0;
+                }
+
+                m++;
+                r++;
+                break;
+
+            case PAM_ERROR_MSG:
+                m++;
+                r++;
+                break;
+
+            case PAM_TEXT_INFO:
+                m++;
+                r++;
+                break;
+
+            default:
+                break;
+        }
+    }
+
+    return (PAM_SUCCESS);
+}

cde/lib/DtSvc/Makefile.am

@@ -172,3 +172,8 @@ libDtSvc_la_SOURCES = 	DtCodelibs/buf.C \
 	DtUtil2/Utility.c \
 	DtUtil2/XlationSvc.c \
 	DtUtil2/XmWrap.c
+
+if HAS_PAM_LIBRARY
+libDtSvc_la_SOURCES += DtUtil2/SvcPam.c
+libDtSvc_la_LIBADD = $(PAMLIB)
+endif

cde/lib/Makefile.am

@@ -2,7 +2,3 @@ MAINTAINERCLEANFILES = Makefile.in
 
 SUBDIRS = DtXinerama tt DtSvc DtSearch DtWidget DtHelp DtPrint DtTerm \
           DtMrm csa DtMmdb
-
-if HAS_PAM_LIBRARY
-SUBDIRS += DtPamSvc
-endif

cde/programs/dtlogin/Makefile.am

@@ -2,14 +2,6 @@ SUBDIRS = config
 
 bin_PROGRAMS = dtlogin dtgreet dtchooser
 
-if HAS_PAM_LIBRARY
-PAM_LIB = -lpam
-DTPAMSVCLIB = $(LIBPAMSVC)
-else
-PAM_LIB =
-DTPAMSVCLIB =
-endif
-
 XDMDIR = $(CDE_LOGFILES_TOP)
 
 DEF_SERVER = $(XBINDIR)/X
@@ -26,11 +18,11 @@ AM_CFLAGS = -DCDE_CONFIGURATION_TOP=\"$(CDE_CONFIGURATION_TOP)\" \
 	    -DXDMDIR=\"$(XDMDIR)\" \
 	    -DKORNSHELL=$(KSH) -DUNIXCONN -DTCPCONN -DXDMCP
 
-dtlogin_SOURCES = access.c account.c auth.c genauth.c daemon.c dm.c \
+dtlogin_SOURCES = access.c auth.c genauth.c daemon.c dm.c \
                   dpylist.c error.c file.c mitauth.c protodpy.c policy.c \
                   reset.c server.c session.c socket.c util.c \
                   verify.c sysauth.c fontpath.c qualify.c choose.c netaddr.c \
-		  xdmcp.c $(PAM_SRCS)
+		  xdmcp.c
 
 # We play a game here with resources.o (dtlogin).  It needs special options.
 noinst_LIBRARIES = libresource.a
@@ -57,7 +49,7 @@ dtchooser_SOURCES = chooser.c dtchooser.c vglogo.c vgutil.c vgcallback.c \
 		    vglang.c
 
 dtlogin_LDADD = libresource.a $(DTCLIENTLIBS) $(XDMCPLIB) \
-	$(XTOOLLIB) $(TIRPCLIB) $(DTPAMSVCLIB) $(PAM_LIB)
+	$(XTOOLLIB) $(TIRPCLIB)
 
 dtgreet_LDADD = $(DTCLIENTLIBS) $(XTOOLLIB)
 

cde/programs/dtlogin/account.c

@@ -1,510 +0,0 @@
-/*
- * CDE - Common Desktop Environment
- *
- * Copyright (c) 1993-2012, The Open Group. All rights reserved.
- *
- * These libraries and programs are free software; you can
- * redistribute them and/or modify them under the terms of the GNU
- * Lesser General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * These libraries and programs are distributed in the hope that
- * they will be useful, but WITHOUT ANY WARRANTY; without even the
- * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- * PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with these libraries and programs; if not, write
- * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
- * Floor, Boston, MA 02110-1301 USA
- */
-/* $XConsortium: account.c /main/6 1996/10/30 11:12:13 drk $ */
-/*                                                                      *
- * (c) Copyright 1993, 1994 Hewlett-Packard Company                     *
- * (c) Copyright 1993, 1994 International Business Machines Corp.       *
- * (c) Copyright 1993, 1994 Sun Microsystems, Inc.                      *
- * (c) Copyright 1993, 1994 Novell, Inc.                                *
- */
-/*
- *  account.c
- *
- *    routines for handling accounting
- *
- *    ex. utmp/wtmp/btmp, user-license restrictions,
- *
- */
-
-
-/***************************************************************************
- *
- *  Includes
- *
- ***************************************************************************/
-
-#include	<sys/types.h>
-#include	<sys/stat.h>
-
-#ifdef AIXV3
-#include	<usersec.h>
-#endif
-
-#include	<fcntl.h>
-#if defined (__FreeBSD__) || defined(HAS_PAM_LIBRARY)
-#include	<utmpx.h>
-#else
-#include	<utmp.h>
-#endif
-
-#include	<time.h>
-#include	"dm.h"
-
-#ifdef __PASSWD_ETC
-#include	"rgy_base.h"
-#endif
-
-#if defined(HAS_PAM_LIBRARY)
-# include <pam_svc.h>
-#endif
-
-/***************************************************************************
- *
- *  External declarations
- *
- ***************************************************************************/
-#if defined(AIXV3) && !defined(_POWER)
-extern void
-GetLoginInfo(struct display *d, int *loginType, char *ttyName, char **hostname);
-#endif
-
-
-
-/***************************************************************************
- *
- *  Procedure declarations
- *
- ***************************************************************************/
-#if defined(AIXV3) && !defined(_POWER)
-void dt_lastlogin ( char * user, struct lastlogin * llogin);
-#endif
-
-
-
-
-/***************************************************************************
- *
- *  Global variables
- *
- ***************************************************************************/
-
-#ifdef __PASSWD_ETC
-struct rtmp {
-         char              rt_line[8];       /* tty name */
-         rgy_$login_name_t rt_name;          /* user id (full SID) */
-         char              rt_host[16];      /* hostname, if remote */
-         long              rt_time;          /* time on */
-};
-#endif
-
-#ifdef AIXV3
-struct  lastlogin {
-        time_t  ftime;
-        time_t  stime;
-        int     fcount;
-        char    user[32];
-        char    *stty;
-        char    *ftty;
-        char    *shost;
-        char    *fhost;
-};
-
-
-static struct lastlogin last_login;
-#endif
-
-
-
-/***************************************************************************
- *
- *  Account
- *
- *  update utmp/wtmp files.
- ***************************************************************************/
-void
-Account( struct display *d, char *user, char *line, pid_t pid,
-#if NeedWidePrototypes
-        int type,
-#else
-        short type,
-#endif /* NeedWidePrototypes */
-        waitType exitcode )
-{
-#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY)
-#ifdef HAS_PAM_LIBRARY
-    struct utmpx utmp;		/* local struct for new entry	   	   */
-    struct utmpx *u;		/* pointer to entry in utmp file	   */
-#else
-    struct utmp utmp;		/* local struct for new entry	   	   */
-    struct utmp *u;		/* pointer to entry in utmp file	   */
-#endif
-    int	fd;
-    char	buf[32];
-    char* user_str = user ? user : "NULL";
-    char* line_str = line ? line : "NULL";
-
-#ifdef __PASSWD_ETC
-    struct rtmp rtmp;
-    struct rtmp *r;
-    int tty_slot;
-    int rtmp_fd;
-#endif
-
-    if (d->utmpId == NULL) return;
-
-    switch (type) {
-
-    case INIT_PROCESS:	strcpy(buf, "INIT_PROCESS");	break;
-    case LOGIN_PROCESS:	strcpy(buf, "LOGIN_PROCESS");	break;
-    case USER_PROCESS:	strcpy(buf, "USER_PROCESS");	break;
-    case DEAD_PROCESS:	strcpy(buf, "DEAD_PROCESS");	break;
-    default:		strcpy(buf, "UNKNOWN");		break;
-    }
-
-    Debug("Account: id=%s, user=%s, line=%s, pid=%d, type=%s\n",
-	   d->utmpId, user_str, line_str, pid, buf);
-
-#ifdef PAM
-    PamAccounting("dtlogin", d->name, d->utmpId, user,
-		        line, pid, type, exitcode);
-#elif defined(HAS_PAM_LIBRARY)
-    _DtAccounting("dtlogin", d->name, d->utmpId, user,
-		        line, pid, type, exitcode);
-#else
-#   ifdef SUNAUTH
-       solaris_accounting("dtlogin", d->name, d->utmpId, user,
-		           line, pid, type, exitcode);
-#   endif
-#endif
-
-#ifdef sun
-    return;
-#else
-#ifdef HAS_PAM_LIBRARY
-    bzero(&utmp, sizeof(struct utmpx));
-#else
-    bzero(&utmp, sizeof(struct utmp));
-#endif
-
-    strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id) - 1);
-    utmp.ut_type = LOGIN_PROCESS;
-
-#ifdef HAS_PAM_LIBRARY
-    setutxent();
-    if ( (u = getutxid(&utmp)) == NULL ) u = &utmp;
-#else
-    setutent();
-    if ( (u = getutid(&utmp)) == NULL ) u = &utmp;
-#endif
-
-    /*
-     *  make sure process ID's match if this is DEAD_PROCESS...
-     *  don't update an already DEAD_PROCESS...
-     */
-
-    if ((type == DEAD_PROCESS && pid != 0 && u->ut_pid != pid) ||
-        (type == DEAD_PROCESS && u->ut_type == DEAD_PROCESS)	) {
-
-#ifdef HAS_PAM_LIBRARY
-	endutxent();
-#else
-	endutent();
-#endif
-	return;
-    }
-
-
-    /*
-     *  fill in required fields of utmp structure...
-     *
-     *  Note: for USER_PRCESS the "e_exit" field is overloaded to contain
-     *        the method for counting this user. This is used later to
-     *        determine if restricted user licenses have been exceeded.
-     *	      Currently, an unlimited number of foreign displays can log in.
-     */
-
-    if (user) snprintf(u->ut_user, sizeof(u->ut_user), "%s", user);
-    if (line) {
-#ifdef _AIX
-/*
-      For AIX the Init process writes the exact mapped device name for console
-      to the utmp file (like hft/0), if a getty on /dev/console record exists
-      in the Inittab file.Hitherto, we need to have a similar logic to make
-      sure for having the correct entry in the utmp file in order for the correct
-      operation of the GettyRunning function. It should be noted that by having
-      the correct value in the d->gettyLine field, the utmp file eventuallly
-      updated by the Account function in dm.c will have the right value. And
-      thus the GettyRunning function returns the appropriate value. So, it
-      is important that the following logic be included here for AIX platform
-      only.
-      Raghu Krovvidi         07.06.93
- */
-
-        if (!strcmp(line,"console")) {
-             char *ttynm;
-             int fd=0;
-
-             fd = open("/dev/console",O_RDONLY);
-             ttynm = ttyname(fd);
-             ttynm += 5;
-             strcpy(u->ut_line,ttynm);
-             close(fd);
-        }
-	else
-             snprintf(u->ut_line, sizeof(u->ut_line), "%s", line);
-
-#else
-             snprintf(u->ut_line, sizeof(u->ut_line), "%s", line);
-#endif
-    }
-    if (pid ) u->ut_pid = pid;
-    if (type) {
-	u->ut_type = type;
-	if (type == DEAD_PROCESS) {
-#ifndef HAS_PAM_LIBRARY
-	    u->ut_exit.e_termination = waitSig(exitcode);
-	    u->ut_exit.e_exit = waitCode(exitcode);
-#endif
-#ifndef SVR4
-	    (void) memset((char *) u->ut_host, '\0', sizeof(u->ut_host));
-#endif
-	}
-
- 	if (type == LOGIN_PROCESS && d->displayType.location != Local ) {
-#ifndef SVR4
- 	    snprintf(u->ut_host, sizeof(u->ut_host), "%s", d->name);
-#endif
- 	}
-
-#ifndef HAS_PAM_LIBRARY
-	if (type == USER_PROCESS)
-	    u->ut_exit.e_exit = (d->displayType.location == Local ? 1 : 0 );
-#endif
-    }
-
-#ifdef HAS_PAM_LIBRARY
-    {
-        struct timeval tmp_tv;
-        (void) gettimeofday(&tmp_tv, NULL);
-        u->ut_tv.tv_sec = (int32_t)tmp_tv.tv_sec;
-        u->ut_tv.tv_usec = (int32_t)tmp_tv.tv_usec;
-    }
-#else
-    (void) time(&u->ut_time);
-#endif
-
-    /*
-     * write to utmp...
-     *
-     * (Do not close utmp yet. If "u" points to the static structure, it is
-     *  cleared upon close. This does not bode well for the following write
-     *  to wtmp!)
-     */
-
-#ifdef HAS_PAM_LIBRARY
-    pututxline(u);
-#else
-    pututline(u);
-#endif
-
-
-#ifndef HAS_PAM_LIBRARY
-    /*
-     *  write the same entry to wtmp...
-     */
-
-    if ((fd = open(WTMP_FILE, O_WRONLY | O_APPEND)) >= 0) {
-	if(-1 == write(fd, u, sizeof(utmp))) {
-          perror(strerror(errno));
-        }
-	close(fd);
-    }
-
-
-    /*
-     *  close utmp...
-     */
-
-    endutent();
-#else
-    endutxent();
-#endif
-
-#ifdef __PASSWD_ETC
-    /* Now fill in the "rgy utmp" struct */
-    if (line) strncpy(rtmp.rt_line, u->ut_line, sizeof(u->ut_line));
-    bzero(rtmp.rt_host, sizeof(rtmp.rt_host));
-    rtmp.rt_time = u->ut_time;
-    r = &rtmp;
-
-    /* Write entry to rtmp */
-    tty_slot = ttyslot();
-
-    if (tty_slot > 0 && (rtmp_fd = open("/etc/rtmp", O_WRONLY|O_CREAT, 0644)) >= 0) {
-         lseek(rtmp_fd, (long) (tty_slot * sizeof(struct rtmp)), 0);
-         write(rtmp_fd, (char *) r, sizeof(struct rtmp));
-         close(rtmp_fd);
-    }
-#endif
-#if defined(AIXV3) && !defined(_POWER)
-	/* Log the lastlogin data ..    RK  09.13.93  */
-	/** in AIX 4.1 this is taken care of during authentication **/
-    if(type == USER_PROCESS) {
-	int loginType;
-	char tempTtyName[128];
-	char *hostname;
-
-	GetLoginInfo(d, &loginType, tempTtyName, &hostname);
-	time(&last_login.stime);
-
-	if(line) {
-		Debug("tty_last_login is (line=%s)\n",line);
-		last_login.stty = (char *)malloc(strlen(line) + 1);
-		strcpy(last_login.stty,line);
-	} else {
-	    last_login.stty = (char *)malloc(strlen(tempTtyName) + 1);
-	    strcpy(last_login.stty,tempTtyName);
-	}
-
-        last_login.shost = (char *) malloc (MAXHOSTNAMELEN);
-	if (hostname == NULL) {
-            gethostname (last_login.shost , MAXHOSTNAMELEN);
-	} else {
-	    strncpy(last_login.shost, hostname, MAXHOSTNAMELEN);
-	    last_login.shost[MAXHOSTNAMELEN -1] = '\0';
-	}
-
-	Debug("logging lastlogin entry (user=%s)\n",user);
-	dt_lastlogin(user,&last_login);
-	free(last_login.stty);
-	free(last_login.shost);
-    }
-#endif
-
-#endif /* !sun */
-#endif /* !CSRG_BASED */
-}
-
-
-
-
-/***************************************************************************
- *
- *  UtmpIdOpen
- *
- *  see if a particular utmp ID is available
- *
- * return codes:  0 = ID is in use
- *		  1 = ID is open
- ***************************************************************************/
-
-int
-UtmpIdOpen( char *utmpId )
-{
-    int    status = 1;		/* return code				   */
-
-#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY)
-#ifdef HAS_PAM_LIBRARY
-    struct utmpx *u;		/* pointer to entry in utmp file	   */
-
-    while ( (u = getutxent()) != NULL ) {
-#else
-    struct utmp *u;		/* pointer to entry in utmp file	   */
-
-    while ( (u = getutent()) != NULL ) {
-#endif
-
-	if ( (strncmp(u->ut_id, utmpId, 4) == 0 ) &&
-	     u->ut_type != DEAD_PROCESS ) {
-
-	    status = 0;
-	    break;
-	}
-    }
-
-#ifdef HAS_PAM_LIBRARY
-    endutxent();
-#else
-    endutent();
-#endif
-#endif
-    return (status);
-}
-
-
-
-#if defined(AIXV3) && !defined(_POWER)
-void dt_lastlogin ( user, llogin)
-char * user;
-struct lastlogin * llogin;
-{
-	char *tmp_char;
-	char *tmp_int;
-	/*
-	 * We are loading all the lastlogin info into a struct and then dealing
-	 * with that so if the technique of storing the values is redone it
-	 * will be easy
-	 */
-	/* set id back to root */
-	seteuid(0);
-		/*
-		 * Open up the user data base
-		 */
-		setuserdb(S_READ | S_WRITE);
-
-		/*
-		 * setting new unsuccessful login attempts times
-		 */
-		if (llogin->ftime) {
-			/*
-			 * Get the old Failure count and increment it
-			 */
-			if (getuserattr(user, S_ULOGCNT, &tmp_int, SEC_INT) != 0)
-				llogin->fcount = 0;
-			else
-				llogin->fcount = (int)tmp_int;
-
-			/*
-			 * put all the new data
-			 */
-			putuserattr(user, S_ULASTTTY, llogin->ftty, SEC_CHAR);
-			llogin->fcount++;
-			putuserattr(user, S_ULOGCNT, (void *)llogin->fcount,
-				    SEC_INT);
-			putuserattr(user, S_ULASTTIME, (void *)llogin->ftime,
-				    SEC_INT);
-			putuserattr(user, S_ULASTHOST, llogin->fhost, SEC_CHAR);
-			putuserattr(user, NULL, NULL, SEC_COMMIT);
-
-			/*
-			 * Close data base and zero out indicator fields
-			 */
-			llogin->ftime = 0;
-			llogin->fcount = 0;
-		}
-
-		/*
-		 * New Successful login data
-		 */
-		if (llogin->stime) {
-			putuserattr(user, S_LASTTIME, (void *)llogin->stime,
-				    SEC_INT);
-			putuserattr(user, S_LASTTTY, llogin->stty, SEC_CHAR);
-			Debug("hostname logged is %s\n",llogin->shost);
-			putuserattr(user, S_LASTHOST, llogin->shost, SEC_CHAR);
-			putuserattr(user, S_ULOGCNT, 0, SEC_INT);
-			putuserattr(user, NULL, NULL, SEC_COMMIT);
-		}
-	enduserdb();
-}
-#endif

cde/programs/dtlogin/config/Makefile.am

@@ -16,8 +16,8 @@ CPP_TARGETS = 0060.dtsysenv Dtlogin Xaccess Xconfig Xconfig.con	\
 
 
 if HAS_PAM_LIBRARY
-CPP_TARGETS += pam/dtlogin
-dist_pam_DATA = pam/dtlogin
+CPP_TARGETS += dtlogin
+dist_pam_DATA = dtlogin
 if FREEBSD
 pamdir = /usr/local/etc/pam.d
 PAM_AUTHENTICATION_MODULE = /usr/local/lib/security/pam_pwauth_suid.so
@@ -55,6 +55,16 @@ if BSD
 AM_CPPFLAGS += -DCSRG_BASED
 endif
 
+AM_CPPFLAGS += -DSESSREG=$(SESSREG)
+
+if SET_UTMP_FILE
+AM_CPPFLAGS += -DUTMP_FLAG="-u\ $(UTMP_FILE)"
+endif
+
+if SET_WTMP_FILE
+AM_CPPFLAGS += -DWTMP_FLAG="-w\ $(WTMP_FILE)"
+endif
+
 BUILT_SOURCES = $(CPP_TARGETS)
 CLEANFILES = $(CPP_TARGETS)
 
@@ -168,7 +178,6 @@ home.session: home.session.src
 	$(RM) $@
 	$(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@
 
-pam/dtlogin: pam/dtlogin.src
+dtlogin: dtlogin.src
 	$(RM) $@
 	$(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@
-

cde/programs/dtlogin/config/Xreset.src

@@ -74,3 +74,17 @@ then
     /bin/rm -f $DTDBFILE
   fi
 fi
+
+#ifdef WTMP_FLAG
+wtmp_flag=WTMP_FLAG
+#else
+wtmp_flag=''
+#endif
+
+#ifdef UTMP_FLAG
+utmp_flag=UTMP_FLAG
+#else
+utmp_flag=''
+#endif
+
+SESSREG -d $wtmp_flag $utmp_flag -l $DISPLAY $USER

cde/programs/dtlogin/config/Xstartup.src

@@ -66,5 +66,16 @@ then
   fi
 fi
 
+#ifdef WTMP_FLAG
+wtmp_flag=WTMP_FLAG
+#else
+wtmp_flag=''
+#endif
+
+#ifdef UTMP_FLAG
+utmp_flag=UTMP_FLAG
+#else
+utmp_flag=''
+#endif
 
-		
+exec SESSREG -a $wtmp_flag $utmp_flag -l $DISPLAY $USER

cde/programs/dtlogin/dm.c

@@ -54,11 +54,6 @@
 # include	<sys/types.h>
 # include	<sys/signal.h>
 # include	<sys/stat.h>
-#if defined(__FreeBSD__)
-# include	<utmpx.h>
-#else
-# include	<utmp.h>
-#endif
 # include	<signal.h>
 # include	<time.h>
 # include	<utime.h>
@@ -123,7 +118,7 @@ struct passwd   puser;		/* pseudo-user password entry		   */
 int		Rescan;
 static long	ServersModTime, ConfigModTime, AccessFileModTime;
 int		wakeupTime = -1;
-char		*progName;
+char		*progPath, *progName;
 
 char		DisplayName[32]="main";
 
@@ -147,6 +142,7 @@ void RunChooser(struct display  *d); // RunChooser.c
 int 
 main( int argc, char **argv )
 {
+    char	*str;
     long	oldpid;
     mode_t	oldumask;
     struct passwd   *p;		/* pointer to  passwd structure (pwd.h)	   */
@@ -166,11 +162,29 @@ main( int argc, char **argv )
     /*
      * save program name and path...
      */
-     
-    if ( (progName = malloc(strlen(argv[0]) + 1)) != NULL )
-	strcpy(progName, argv[0]);
 
-     
+    progPath = strdup(argv[0]);
+
+    if (str = strrchr(progPath, '/'))
+    {
+	if (strlen(str) < 2)
+	{
+	    fprintf(stderr, (char *)
+		ReadCatalog(MC_ERROR_SET, MC_NO_MEMORY, MC_DEF_NO_MEMORY),
+		argv[0]);
+	    exit (1);
+	}
+
+	progName = strdup(++str);
+	*str = '\0';
+    }
+    else
+    {
+	progName = progPath;
+	progPath = strdup("./");
+    }
+
+
     /*
      * Step 1 - load configuration parameters
      */
@@ -579,14 +593,6 @@ ProcessChildDeath( int pid, waitType status )
 	if ( (d = FindDisplayByPid (pid)) != 0 ) {
 	    d->pid = -1;
 
-	    /*
-	     *  do process accounting...
-	     */
-
-#if !defined(CSRG_BASED)
-	    Account(d, NULL, NULL, pid, DEAD_PROCESS, status);
-#endif
-
 
 	    /*
 	     *  make sure authorization file is deleted...
@@ -714,14 +720,6 @@ ProcessChildDeath( int pid, waitType status )
 	{
 	    d->serverPid = -1;
 
-	    /*
-	     *  do process accounting...
-	     */
-
-#if !defined(CSRG_BASED)
-	    Account(d, NULL, NULL, pid, DEAD_PROCESS, status);
-#endif
-
 	    switch (d->status)
 	    {
 	    case zombie:
@@ -894,43 +892,6 @@ StartDisplay(
 		kill (d->serverPid, d->resetSignal);
     	}
 
-	/*
-	 *  initialize d->utmpId. Check to see if anyone else is using
-	 *  the requested ID. Always allow the first request for "dt" to
-	 *  succeed as utmp may have become corrupted.
-	 */
-
-	if (d->utmpId == NULL) {
-	    static int firsttime = 1;
-	    static char letters[] = "0123456789abcdefghijklmnopqrstuvwxyzz";
-	    char *t;	    
-
-	    d->utmpId = malloc(5);
-	    strcpy(d->utmpId, UTMPREC_PREFIX);
-	    d->utmpId[4] = '\0';
-	    
-	    t = letters;
-	    
-	    do {
-		if ( firsttime || UtmpIdOpen(d->utmpId)) {
-		    firsttime = 0;
-		    break;
-		}		
-		else {
-		    strncpy(&(d->utmpId[strlen(d->utmpId)]), t++, 1);
-    		}
-	    } while (*t != '\0');
-
-	    if (*t == '\0') {
-		Debug ("All DT utmp IDs already in use. Removing display %s\n",
-			d->name);
-		LogError ((unsigned char *)"All DT utmp IDs already in use. Removing display %s\n",
-			d->name);
-		RemoveDisplay(d);
-		return 0;
-	    }
-	}
-
 	/*
 	 *  set d->gettyLine to "console" for display ":0" if it is not 
 	 *  already set...
@@ -1009,46 +970,6 @@ StartDisplay(
 	/* this will only happen when using XDMCP */
         if (d->authorizations)
 	    SaveServerAuthorizations (d, d->authorizations, d->authNum);
-
- 	/*
- 	 *  Generate a utmp ID address for a foreign display. Use the last
- 	 *  four characters of the DISPLAY name, shifting left if they
- 	 *  are already in use...
- 	 */
- 
-#if !defined(CSRG_BASED)
- 	if (d->utmpId == NULL) {
- 	    int i;
- 	    char *p, *q;
- 	    struct utmp *u;
- 	    
- 	    d->utmpId = malloc(sizeof(u->ut_id) +1);
- 
- 	    i = strlen (d->name);
- 	    if (i >= sizeof (u->ut_id))
- 		i -= sizeof (u->ut_id);
- 	    else
- 		i = 0;
- 
- 	    for ( p = d->name, q = d->name + i; p <= q; q-- ) {
- 		(void) strncpy (d->utmpId, q, sizeof (u->ut_id));
- 		d->utmpId[sizeof(u->ut_id)] = '\0';
- 		if (UtmpIdOpen(d->utmpId))
- 		    break;
- 	    }
-
-#ifdef DEF_NETWORK_DEV
-	    /*
-	     * If "networkDev" does not start with "/dev/" then foreign
-	     * accounting is turned off. Return utmpId to NULL.
-	     */
-            if (networkDev && strncmp(networkDev,"/dev/",5) !=0 ) {
-		free(d->utmpId);
-		d->utmpId = NULL;
-	    }		
-#endif	     
- 	}
-#endif
     }
 
     if (NULL == d->authFile)
@@ -1137,9 +1058,6 @@ StartDisplay(
                         devname,line);
                 }
             }
-#endif
-#if !defined(CSRG_BASED)
-	    Account(d, "LOGIN", line, getpid(), LOGIN_PROCESS, status);
 #endif
         }
 
@@ -1234,10 +1152,6 @@ StopDisplay( struct display *d )
     }
     else 
         if ((d->displayType.location == Local) || !dt_shutdown ) {
-	    /* don't remove the console */
-#if !defined(CSRG_BASED)
-	    Account(d, NULL, NULL, 0, DEAD_PROCESS, status);
-#endif
 	    RemoveDisplay (d);
 	}	    
 }
@@ -1505,13 +1419,6 @@ StartGetty( struct display *d )
     case 0:
 	CleanUpChild ();
 
-	/*
-	 *  do process accounting...
-	 */
-#if !defined(CSRG_BASED)
-	Account(d, "LOGIN", NULL, getpid(), LOGIN_PROCESS, status);
-#endif
-
 
 	#ifdef _AIX
         /* The tty argument for getty on AIX must be of the form "/dev/any tty"
@@ -1646,101 +1553,7 @@ GettyMessage( struct display *d, int msgnum )
 int 
 GettyRunning( struct display *d )
 {
-#if defined(__FreeBSD__)
-    struct utmpx utmp;		/* local struct for new entry		   */
-    struct utmpx *u;		/* pointer to entry in utmp file	   */
-#else
-    struct utmp utmp;		/* local struct for new entry	   	   */
-    struct utmp *u;		/* pointer to entry in utmp file	   */
-#endif
-    
-    int		rvalue;		/* return value (TRUE or FALSE)		   */
-    char	buf[32];
-        
-    d->gettyState = DM_GETTY_NONE;
-
-    /*
-     * check to see if we have a valid device (at least a non-null name)...
-     */
-
-    if ( d->gettyLine			&& 
-        (strlen(d->gettyLine) > 0)	&&
-	(strcmp(d->gettyLine,"??") != 0)	)
-	;
-    else
-        return FALSE;
-
-
-#if defined(__FreeBSD__)
-    bzero(&utmp, sizeof(struct utmpx));
-#else
-    bzero(&utmp, sizeof(struct utmp));
-#endif
-
-#ifdef _AIX
-   if (!strcmp(d->gettyLine,"console")) {
-        char *ttynm;
-        int fd=0;
-
-        fd = open("/dev/console",O_RDONLY);
-        ttynm = ttyname(fd);
-        ttynm += 5;
-        strcpy(utmp.ut_line,ttynm);
-        close(fd);
-    }
-   else
-     {
-        strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1);
-        utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0;
-     }
-
-#else
-    strncpy(utmp.ut_line, d->gettyLine, sizeof(utmp.ut_line) - 1);
-    utmp.ut_line[sizeof(utmp.ut_line) - 1] = 0;
-#endif
-    
-    Debug("Checking for a getty on line %s.\n", utmp.ut_line);
-    
-#if !defined(CSRG_BASED)
-    setutent();
-
-    rvalue = FALSE;
-    
-    while ( (u = getutent()) != NULL ) {
-    
-        if ((strncmp(u->ut_line, utmp.ut_line, sizeof(u->ut_line)) != 0) ||
-            (strncmp(u->ut_id,   d->utmpId,    sizeof(u->ut_id))   == 0) )
-	    continue;
-
-	switch (u->ut_type) {
-    
-	case INIT_PROCESS:	strcpy(buf, "INIT_PROCESS");	break;
-	case LOGIN_PROCESS:	strcpy(buf, "LOGIN_PROCESS");	break;
-	case USER_PROCESS:	strcpy(buf, "USER_PROCESS");	break;
-	case DEAD_PROCESS:	strcpy(buf, "DEAD_PROCESS");	break;
-	default:		strcpy(buf, "UNKNOWN");		break;
-	}
-
-	Debug("Utmp info: id=%.4s, user=%s, line=%s, pid=%d, type=%s\n",
-	       u->ut_id, u->ut_user, u->ut_line, u->ut_pid, buf);
-
-	if ( u->ut_type == INIT_PROCESS || u->ut_type == LOGIN_PROCESS) {
-          d->gettyState = DM_GETTY_LOGIN;
-        }
-        else if (wakeupTime <= 0 && u->ut_type == USER_PROCESS) {
-          d->gettyState = DM_GETTY_USER;
-        }
-     
-        if (d->gettyState != DM_GETTY_NONE)
-        {
-	    rvalue = TRUE;
-	    break;
-	}
-    }
-
-    endutent();
-#endif /* !CSRG_BASED */
-    return rvalue;
+    return FALSE;
 }
 
 

cde/programs/dtlogin/fontpath.c

@@ -39,11 +39,6 @@
 # include <signal.h>
 # include <X11/Xatom.h>
 # include <X11/Xmu/Error.h>
-#if defined(__FreeBSD__)
-# include <utmpx.h>
-#else
-# include <utmp.h>
-#endif
 # include "vgproto.h"
 
 /* 

cde/programs/dtlogin/session.c

@@ -67,11 +67,6 @@
 # include <X11/Xatom.h>
 # include <X11/Xmu/Error.h>
 # include <setjmp.h>
-#if defined(__FreeBSD__) || defined(HAS_PAM_LIBRARY)
-# include <utmpx.h>
-#else
-# include <utmp.h>
-#endif
 #include <unistd.h>
 #include <pwd.h>
 #include <dirent.h>
@@ -104,7 +99,8 @@
 #endif
 
 #ifdef HAS_PAM_LIBRARY
-#include <Dt/PamSvc.h>
+#include <security/pam_appl.h>
+#include <Dt/SvcPam.h>
 #endif
 
 int ApplyFontPathMods(struct display *d, Display *dpy); // fontpath.c
@@ -170,7 +166,8 @@ struct greet_state {
 };
 
 char *globalDisplayName;
-extern char *progName;	/* Global argv[0]; dtlogin name and path */
+extern char *progPath;	/* dtlogin path */
+extern char *progName;	/* dtlogin name */
 
 /***************************************************************************
  *
@@ -314,9 +311,10 @@ SessionPingFailed( struct display *d )
 #endif
 
 #if !defined(sun) && defined(HAS_PAM_LIBRARY)
-    Account(d, user, NULL, clientPid, DEAD_PROCESS, 0);
+    _DtSvcPamCloseSession(progName, user, d->name);
 #endif
     }
+
     SessionExit (d, RESERVER_DISPLAY);
 }
 
@@ -639,7 +637,7 @@ ManageSession( struct display *d )
 #endif
 
 #if !defined(sun) && defined(HAS_PAM_LIBRARY)
-    Account(d, user, NULL, clientPid, DEAD_PROCESS, 0);
+    _DtSvcPamCloseSession(progName, user, d->name);
 #endif
 
     SessionExit (d, OBEYSESS_DISPLAY);
@@ -1186,6 +1184,8 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp )
     long	ngroups, groups[NGROUPS];
 #endif /* __AFS */
 
+    gid_t gid;
+
     if (verify->argv) {
 	Debug ("StartSession %s: ", verify->argv[0]);
 	for (f = verify->argv; *f; f++) {
@@ -1267,8 +1267,8 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp )
 	}
 #endif
 
-#if !defined(sun) && (!defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY))
-	Account(d, user, NULL, getpid(), USER_PROCESS, 0);
+#if !defined(sun) && defined(HAS_PAM_LIBRARY)
+	_DtSvcPamOpenSession(progName, user, d->name);
 #endif
 
 #ifdef AIXV3
@@ -1350,16 +1350,32 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp )
 	    return(0);
 	} 
 #elif defined(HAS_PAM_LIBRARY)
-    char *prog_name = strrchr(progName, '/');
-    if (!prog_name || _DtSetCred(prog_name + 1, user, verify->uid,
 #ifdef NGROUPS
-                verify->groups[0]
+	gid = verify->groups[0];
 #else
-                verify->gid
+	gid = verify->gid;
 #endif
-                ) > 0 ) {
-            Debug("Can't set User's Credentials (user=%s)\n",user);
-	    return(0);
+
+	if (setgid(gid) == -1) {
+	    Debug("setgid %d (user \"%s\") failed: %s\n",
+		gid, user, strerror(errno));
+	    return 0;
+	}
+
+	if (initgroups(user, gid) == -1) {
+	    Debug("initgroups for \"%s\" failed: %s\n", user, strerror(errno));
+	    return 0;
+	}
+
+	if (setuid(verify->uid) == -1) {
+	    Debug("setuid %d (user \"%s\") failed: %s\n",
+		verify->uid, user, strerror(errno));
+	    return 0;
+	}
+
+	if (_DtSvcPamSetcred(progName, user, d->name) != PAM_SUCCESS) {
+	    Debug("Can't set User's Credentials (user=%s)\n",user);
+	    return 0;
 	}
 #endif
 
@@ -2010,13 +2026,7 @@ RunGreeter( struct display *d, struct greet_info *greet,
 	     * figure out path to dtgreet...
 	     */
 
-	    snprintf(msg, sizeof(msg), "%s", progName);
-    
-	    if ((p = (char *) strrchr(msg, '/')) == NULL)
-		strcpy(msg,"./");
-	    else
-		*(++p) = '\0';
-
+	    snprintf(msg, sizeof(msg), "%s", progPath);
 	    strcat(msg,"dtgreet");
 
 	    execle(msg, "dtgreet", "-display", d->name, (char *)0, env);

cde/programs/dtlogin/sysauth.c

@@ -79,7 +79,11 @@
 
 #if defined(PAM) || defined(HAS_PAM_LIBRARY)
 #include	<security/pam_appl.h>
+#ifdef PAM
 #include        "pam_svc.h"
+#else
+#include	<Dt/SvcPam.h>
+#endif
 #endif
 
 #ifdef _AIX
@@ -175,6 +179,8 @@ Audit( struct passwd *p, char *msg, int errnum )
 int 
 Authenticate( struct display *d, char *name, char *passwd, char **msg )
 {
+   extern char *progName;
+
    int	status;
    char* ttyLine = d->gettyLine;
 
@@ -208,13 +214,11 @@ Authenticate( struct display *d, char *name, char *passwd, char **msg )
     */
 
 #if defined(PAM) || defined(HAS_PAM_LIBRARY)
-    status =
 #ifdef PAM
-        PamAuthenticate
+    status = PamAuthenticate("dtlogin", d->name, passwd, name, ttyLine);
 #else
-        _DtAuthentication
+    status = _DtSvcPamAuthenticate(progName, name, d->name, passwd);
 #endif
-        ("dtlogin", d->name, passwd, name, ttyLine);
 
     switch(status) {
         case PAM_SUCCESS:

cde/programs/dtlogin/vgmain.c

@@ -1903,6 +1903,7 @@ if ( session_menu != NULL ) {
 
     }
 
+#if 0
     /*
      *  [ No Windows ] menu pane...
      */
@@ -1920,6 +1921,7 @@ if ( session_menu != NULL ) {
     if (getenv(LOCATION) == NULL || strcmp(getenv(LOCATION), "local") != 0 )
         XtSetSensitive(options_item[j], False);
     j++;
+#endif
 
 
     /* 

cde/programs/dtsession/SmLock.c

@@ -86,7 +86,8 @@
 #endif
 
 #ifdef HAS_PAM_LIBRARY
-#include <Dt/PamSvc.h>
+#include <security/pam_appl.h>
+#include <Dt/SvcPam.h>
 #endif
 
 #include "Sm.h"
@@ -1622,7 +1623,8 @@ localAuthenticate(
 
     if (!(service = strrchr(smGD.programName, '/'))) return False;
 
-    return !_DtAuthentication(service + 1, NULL, passwd, pwent->pw_name, NULL);
+    return _DtSvcPamAuthenticate(service + 1, pwent->pw_name, NULL, passwd) ==
+	   PAM_SUCCESS;
 }
 #elif defined(SIA)
 

cde/programs/dtsession/config/Makefile.am

@@ -1,7 +1,7 @@
 MAINTAINERCLEANFILES = Makefile.in
 
 if HAS_PAM_LIBRARY
-CPP_TARGET = pam/dtsession
+CPP_TARGET = dtsession
 dist_pam_DATA = $(CPP_TARGET)
 if FREEBSD
 pamdir = /usr/local/etc/pam.d
@@ -19,6 +19,6 @@ endif
 BUILT_SOURCES = $(CPP_TARGET)
 CLEANFILES = $(CPP_TARGET)
 
-pam/dtsession: pam/dtsession.src
+dtsession: dtsession.src
 	$(RM) $@
 	$(GENCPP) -P -DXCOMM=# $(AM_CPPFLAGS) $< > $@