From 1141402db59a5e53b844652e3f2b25b398bc6c45 Mon Sep 17 00:00:00 2001
From: Frederic Lepied <flepied@mandriva.com>
Date: Thu, 29 Jul 2004 23:11:33 +0000
Subject: added allow_xauth_from_root

---
 share/libmsec.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/share/libmsec.py b/share/libmsec.py
index d15ce3e..5edd04c 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -79,6 +79,7 @@ SYSLOGCONF = '/etc/syslog.conf'
 SYSTEM_AUTH = '/etc/pam.d/system-auth'
 XDM = '/etc/pam.d/xdm'
 XSERVERS = '/etc/X11/xdm/Xservers'
+EXPORT = '/root/.xauth/export'
 
 # constants to keep in sync with shadow.py
 NONE=0
@@ -1231,6 +1232,29 @@ def password_aging(max, inactive=-1):
 
 ################################################################################
 
+def allow_xauth_from_root(arg):
+    ''' Allow/forbid to export display when passing from the root account
+to the other users. See pam_xauth(8) for more details.'''
+    export = ConfigFile.get_config_file(EXPORT)
+
+    allow = export.exists() and export.get_match('^\*$')
+
+    # don't lower security when not changing security level
+    if same_level():
+        if not allow:
+            return
+
+    if arg:
+        if not allow:
+            _interactive and log(_('Allowing export display from root'))
+            export.insert_at(0, '*')
+    else:
+        if allow:
+            _interactive and log(_('Forbidding export display from root'))
+            export.remove_line_matching('^\*$')
+
+################################################################################
+
 def set_security_conf(var, value):
     '''1 Set the variable \\fIvar\\fP to the value \\fIvalue\\fP in /var/lib/msec/security.conf.
 The best way to override the default setting is to use create /etc/security/msec/security.conf
-- 
cgit v1.2.1