Light Display Manager

empty autologin-user should not be passed to PAM

Bug #817581 reported by Guido Berhoerster on 2011-07-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Light Display Manager	Fix Released	Undecided	Unassigned
	lightdm (Ubuntu)	Fix Released	Low	Unassigned

Bug Description

If autologin-user in lightdm.conf is set to an empty string this should not be passed on to PAM. At least with the pam_permit module from Linux PAM which is usually employed for password-less login on Linux setting the username to an empty string will result in a successful login as the "nobody" user. This is probably never desirable.
See the attached patch for a proposed fix.

Tags:

Related branches

lp:~mterry/lightdm/empty-autologin

Merged into lp:lightdm

LightDM Development Team: Pending requested 2011-08-12

lp:lightdm

lp:~ubuntu-desktop/lightdm/ubuntu

lp:ubuntu/oneiric/lightdm

Revision history for this message

Guido Berhoerster (gber) wrote on 2011-07-28:

handle empty autologin-user Edit (1.5 KiB, text/plain)

Revision history for this message

Sebastien Bacher (seb128) wrote on 2011-08-12:

Thank you for your work there, Robert, Michael could you review the patch? Not sure if that would solve the liveCD case but seems similar

Changed in lightdm (Ubuntu):
importance:	Undecided → Low
status:	New → Confirmed

Revision history for this message

Michael Terry (mterry) wrote on 2011-08-12:

Looks fine to me. I put the patch into a bzr merge proposal for Robert's review ease. Thanks Guido!

Brian Murray (brian-murray) on 2011-08-12

tags:

added: patch

Sebastien Bacher (seb128) on 2011-08-18

Changed in lightdm:
status:	New → Fix Committed
Changed in lightdm (Ubuntu):
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-08-18:

This bug was fixed in the package lightdm - 0.9.3-0ubuntu4

---------------
lightdm (0.9.3-0ubuntu4) oneiric; urgency=low

  * Updated to current trunk, that's a candidate version version for the next
    update, it fixes those issues:
    - login doesn't work for ecryptfs users (lp: #823775, #824594)
    - "lightdm-gtk-greeter segfaults in get_user_iter when adding a new user"
    (lp: #822470)
    - fix fallback from org.freedesktop.Accounts to passwd format (lp: #817835)
    - empty autologin-user should not be passed to pam (lp: #817581)
  * debian/control.in:
    - build-depends on quilt, it's needed with source v1
    - don't build-depends on valac, vala is not used in the current version
  * debian/lightdm.install:
    - install the manpages as well
  * debian/lightdm.manpages:
    - dropped, it's installed by the upstream make install
  * debian/rules:
    - use the quilt rule
  * debian/source/format:
    - use source v1, it works better with vcs workflows
-- Sebastien Bacher <email address hidden> Thu, 18 Aug 2011 15:29:42 +0200