From 1141402db59a5e53b844652e3f2b25b398bc6c45 Mon Sep 17 00:00:00 2001 From: Frederic Lepied Date: Thu, 29 Jul 2004 23:11:33 +0000 Subject: added allow_xauth_from_root --- share/libmsec.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/share/libmsec.py b/share/libmsec.py index d15ce3e..5edd04c 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -79,6 +79,7 @@ SYSLOGCONF = '/etc/syslog.conf' SYSTEM_AUTH = '/etc/pam.d/system-auth' XDM = '/etc/pam.d/xdm' XSERVERS = '/etc/X11/xdm/Xservers' +EXPORT = '/root/.xauth/export' # constants to keep in sync with shadow.py NONE=0 @@ -1231,6 +1232,29 @@ def password_aging(max, inactive=-1): ################################################################################ +def allow_xauth_from_root(arg): + ''' Allow/forbid to export display when passing from the root account +to the other users. See pam_xauth(8) for more details.''' + export = ConfigFile.get_config_file(EXPORT) + + allow = export.exists() and export.get_match('^\*$') + + # don't lower security when not changing security level + if same_level(): + if not allow: + return + + if arg: + if not allow: + _interactive and log(_('Allowing export display from root')) + export.insert_at(0, '*') + else: + if allow: + _interactive and log(_('Forbidding export display from root')) + export.remove_line_matching('^\*$') + +################################################################################ + def set_security_conf(var, value): '''1 Set the variable \\fIvar\\fP to the value \\fIvalue\\fP in /var/lib/msec/security.conf. The best way to override the default setting is to use create /etc/security/msec/security.conf -- cgit v1.2.1