aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2004-07-29 23:11:33 +0000
committerFrederic Lepied <flepied@mandriva.com>2004-07-29 23:11:33 +0000
commit1141402db59a5e53b844652e3f2b25b398bc6c45 (patch)
tree2bc9ee033a61730aa7a9512cbf0a348259774fa2
parent0b00a950ebe485a94d2b84441ca643cd67749f31 (diff)
downloadmsec-1141402db59a5e53b844652e3f2b25b398bc6c45.tar
msec-1141402db59a5e53b844652e3f2b25b398bc6c45.tar.gz
msec-1141402db59a5e53b844652e3f2b25b398bc6c45.tar.bz2
msec-1141402db59a5e53b844652e3f2b25b398bc6c45.tar.xz
msec-1141402db59a5e53b844652e3f2b25b398bc6c45.zip
added allow_xauth_from_root
-rw-r--r--share/libmsec.py24
1 files changed, 24 insertions, 0 deletions
diff --git a/share/libmsec.py b/share/libmsec.py
index d15ce3e..5edd04c 100644
--- a/share/libmsec.py
+++ b/share/libmsec.py
@@ -79,6 +79,7 @@ SYSLOGCONF = '/etc/syslog.conf'
SYSTEM_AUTH = '/etc/pam.d/system-auth'
XDM = '/etc/pam.d/xdm'
XSERVERS = '/etc/X11/xdm/Xservers'
+EXPORT = '/root/.xauth/export'
# constants to keep in sync with shadow.py
NONE=0
@@ -1231,6 +1232,29 @@ def password_aging(max, inactive=-1):
################################################################################
+def allow_xauth_from_root(arg):
+ ''' Allow/forbid to export display when passing from the root account
+to the other users. See pam_xauth(8) for more details.'''
+ export = ConfigFile.get_config_file(EXPORT)
+
+ allow = export.exists() and export.get_match('^\*$')
+
+ # don't lower security when not changing security level
+ if same_level():
+ if not allow:
+ return
+
+ if arg:
+ if not allow:
+ _interactive and log(_('Allowing export display from root'))
+ export.insert_at(0, '*')
+ else:
+ if allow:
+ _interactive and log(_('Forbidding export display from root'))
+ export.remove_line_matching('^\*$')
+
+################################################################################
+
def set_security_conf(var, value):
'''1 Set the variable \\fIvar\\fP to the value \\fIvalue\\fP in /var/lib/msec/security.conf.
The best way to override the default setting is to use create /etc/security/msec/security.conf