diff options
author | George Lebl <jirka@5z.com> | 2004-10-26 22:35:17 +0000 |
---|---|---|
committer | George Lebl <jirka@src.gnome.org> | 2004-10-26 22:35:17 +0000 |
commit | eefd549d906827c43bbb1e45a8c0cafac377f5ae (patch) | |
tree | 799cfc75682b62d3aeadcca9c4b476efcab1a24e | |
parent | 696c5cae1cef80892b3dfa203ca8e2d02339762f (diff) | |
download | gdm-eefd549d906827c43bbb1e45a8c0cafac377f5ae.tar.gz |
Add a global cookie in <ServAuthDir>/.cookie which can be used to
Tue Oct 26 15:24:21 2004 George Lebl <jirka@5z.com>
* daemon/gdm.[ch]: Add a global cookie in <ServAuthDir>/.cookie which
can be used to authenticate if no display is available.
* daemon/gdm.[ch]: add a SOP command to launch a new flexiserver
by "echo FLEXI_XSERVER >/var/lib/gdm/.gdmfifo" No error detection
is possible then ofcourse. Patch from Tuukka Hastrup
<Tuukka.Hastrup@iki.fi> with some fixup to make it actually work
right.
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | daemon/gdm.c | 115 | ||||
-rw-r--r-- | daemon/gdm.h | 8 |
3 files changed, 117 insertions, 17 deletions
@@ -1,3 +1,14 @@ +Tue Oct 26 15:24:21 2004 George Lebl <jirka@5z.com> + + * daemon/gdm.[ch]: Add a global cookie in <ServAuthDir>/.cookie which + can be used to authenticate if no display is available. + + * daemon/gdm.[ch]: add a SOP command to launch a new flexiserver + by "echo FLEXI_XSERVER >/var/lib/gdm/.gdmfifo" No error detection + is possible then ofcourse. Patch from Tuukka Hastrup + <Tuukka.Hastrup@iki.fi> with some fixup to make it actually work + right. + Tue Oct 26 14:50:34 2004 George Lebl <jirka@5z.com> * daemon/gdm.c, daemon/server.c: Make autologin work on a second diff --git a/daemon/gdm.c b/daemon/gdm.c index 617e3ebd..09c40158 100644 --- a/daemon/gdm.c +++ b/daemon/gdm.c @@ -75,6 +75,15 @@ static void gdm_daemonify (void); static void gdm_safe_restart (void); static void gdm_try_logout_action (GdmDisplay *disp); static void gdm_restart_now (void); +static void handle_flexi_server (GdmConnection *conn, + int type, + const char *server, + gboolean handled, + gboolean chooser, + const char *xnest_disp, + uid_t xnest_uid, + const char *xnest_auth_file, + const char *xnest_cookie); /* Global vars */ GSList *displays = NULL; /* List of displays managed */ @@ -104,6 +113,9 @@ GdmConnection *pipeconn = NULL; /* slavepipe (handled just like Fifo for compati GdmConnection *unixconn = NULL; /* UNIX Socket connection */ int slave_fifo_pipe_fd = -1; /* the slavepipe connection */ +unsigned char *gdm_global_cookie = NULL; +unsigned char *gdm_global_bcookie = NULL; + char *gdm_charset = NULL; int gdm_normal_runlevel = -1; /* runlevel on linux that gdm was started in */ @@ -1967,6 +1979,49 @@ initial_term_int (int signal) _exit (EXIT_FAILURE); } +static void +gdm_make_global_cookie (void) +{ + FILE *fp; + char *file; + mode_t oldmode; + + /* kind of a hack */ + GdmDisplay faked = {0}; + faked.authfile = NULL; + faked.bcookie = NULL; + faked.cookie = NULL; + + gdm_cookie_generate (&faked); + + gdm_global_cookie = faked.cookie; + gdm_global_bcookie = faked.bcookie; + + file = g_build_filename (GdmServAuthDir, ".cookie", NULL); + VE_IGNORE_EINTR (unlink (file)); + + oldmode = umask (077); + fp = gdm_safe_fopen_w (file); + umask (oldmode); + if G_UNLIKELY (fp == NULL) { + gdm_error (_("Can't open %s for writing"), file); + g_free (file); + return; + } + + VE_IGNORE_EINTR (fprintf (fp, "%s\n", gdm_global_cookie)); + + /* FIXME: What about out of disk space errors? */ + errno = 0; + VE_IGNORE_EINTR (fclose (fp)); + if G_UNLIKELY (errno != 0) { + gdm_error (_("Can't write to %s: %s"), file, + strerror (errno)); + } + + g_free (file); +} + int main (int argc, char *argv[]) { @@ -2218,6 +2273,9 @@ main (int argc, char *argv[]) * are sane */ gdm_ensure_sanity () ; + /* Make us a unique global cookie to authenticate */ + gdm_make_global_cookie (); + /* Start local X servers */ gdm_start_first_unborn_local (0 /* delay */); @@ -2851,6 +2909,11 @@ gdm_handle_message (GdmConnection *conn, const char *msg, gpointer data) send_slave_ack (d, NULL); } + } else if (strcmp(msg, GDM_SOP_FLEXI_XSERVER) == 0) { + handle_flexi_server (NULL, TYPE_FLEXI, GdmStandardXServer, + TRUE /* handled */, + FALSE /* chooser */, + NULL, 0, NULL, NULL); } } @@ -3071,8 +3134,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, gdm_debug ("server: '%s'", server); if (gdm_wait_for_go) { - gdm_connection_write (conn, - "ERROR 1 No more flexi servers\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 1 No more flexi servers\n"); return; } @@ -3083,8 +3147,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, pw = getpwuid (xnest_uid); if (pw == NULL) { - gdm_connection_write (conn, - "ERROR 100 Not authenticated\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 100 Not authenticated\n"); return; } @@ -3095,8 +3160,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, NEVER_FAILS_setegid (GdmGroupId); if (seteuid (xnest_uid) < 0) { - gdm_connection_write (conn, - "ERROR 100 Not authenticated\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 100 Not authenticated\n"); return; } @@ -3121,8 +3187,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, if ( ! authorized) { /* Sorry dude, you're not doing something * right */ - gdm_connection_write (conn, - "ERROR 100 Not authenticated\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 100 Not authenticated\n"); return; } @@ -3130,8 +3197,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, } if (flexi_servers >= GdmFlexibleXServers) { - gdm_connection_write (conn, - "ERROR 1 No more flexi servers\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 1 No more flexi servers\n"); return; } @@ -3139,16 +3207,18 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, if (ve_string_empty (server) || access (bin, X_OK) != 0) { g_free (bin); - gdm_connection_write (conn, - "ERROR 6 No server binary\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 6 No server binary\n"); return; } g_free (bin); display = gdm_server_alloc (-1, server); if G_UNLIKELY (display == NULL) { - gdm_connection_write (conn, - "ERROR 2 Startup errors\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 2 Startup errors\n"); return; } @@ -3191,12 +3261,14 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server, display->socket_conn = conn; display->xnest_disp = g_strdup (xnest_disp); display->xnest_auth_file = g_strdup (xnest_auth_file); - gdm_connection_set_close_notify (conn, display, close_conn); + if (conn != NULL) + gdm_connection_set_close_notify (conn, display, close_conn); displays = g_slist_append (displays, display); if ( ! gdm_display_manage (display)) { gdm_display_unmanage (display); - gdm_connection_write (conn, - "ERROR 2 Startup errors\n"); + if (conn != NULL) + gdm_connection_write (conn, + "ERROR 2 Startup errors\n"); return; } /* Now we wait for the server to start up (or not) */ @@ -3539,6 +3611,15 @@ gdm_handle_user_message (GdmConnection *conn, const char *msg, gpointer data) } } + if (gdm_global_cookie != NULL && + g_ascii_strcasecmp (gdm_global_cookie, cookie) == 0) { + g_free (cookie); + GDM_CONNECTION_SET_USER_FLAG + (conn, GDM_SUP_FLAG_AUTHENTICATED); + gdm_connection_write (conn, "OK\n"); + return; + } + /* Hmmm, perhaps this is better defined behaviour */ GDM_CONNECTION_UNSET_USER_FLAG (conn, GDM_SUP_FLAG_AUTHENTICATED); diff --git a/daemon/gdm.h b/daemon/gdm.h index 2734e2b0..c1424a4d 100644 --- a/daemon/gdm.h +++ b/daemon/gdm.h @@ -560,6 +560,9 @@ void gdm_final_cleanup (void); #define GDM_SOP_SUSPEND_MACHINE "SUSPEND_MACHINE" /* no arguments */ #define GDM_SOP_CHOSEN_THEME "CHOSEN_THEME" /* <slave pid> <theme name> */ +/* Start a new standard X flexible server */ +#define GDM_SOP_FLEXI_XSERVER "FLEXI_XSERVER" /* no arguments */ + /* Notification protocol */ /* keys */ #define GDM_NOTIFY_ALLOWREMOTEROOT "AllowRemoteRoot" /* <true/false as int> */ @@ -625,6 +628,11 @@ void gdm_final_cleanup (void); * only users logged in from gdm. They must pass the xauth * MIT-MAGIC-COOKIE-1 that they were passed before the * connection is authenticated. + * Note that since 2.6.0.6 you can also use a global + * <ServAuthDir>/.cookie, which works for all authentication + * except for SET_LOGOUT_ACTION and QUERY_LOGOUT_ACTION + * and SET_SAFE_LOGOUT_ACTION which require a logged in + * display * Supported since: 2.2.4.0 * Arguments: <xauth cookie> * <xauth cookie> is in hex form with no 0x prefix |