Add a global cookie in <ServAuthDir>/.cookie which can be used to

Tue Oct 26 15:24:21 2004 George Lebl <jirka@5z.com> * daemon/gdm.[ch]: Add a global cookie in <ServAuthDir>/.cookie which can be used to authenticate if no display is available. * daemon/gdm.[ch]: add a SOP command to launch a new flexiserver by "echo FLEXI_XSERVER >/var/lib/gdm/.gdmfifo" No error detection is possible then ofcourse. Patch from Tuukka Hastrup <Tuukka.Hastrup@iki.fi> with some fixup to make it actually work right.
author: George Lebl <jirka@5z.com> 2004-10-26 22:35:17 +0000
committer: George Lebl <jirka@src.gnome.org> 2004-10-26 22:35:17 +0000
commit: eefd549d906827c43bbb1e45a8c0cafac377f5ae (patch)
tree: 799cfc75682b62d3aeadcca9c4b476efcab1a24e
parent: 696c5cae1cef80892b3dfa203ca8e2d02339762f (diff)
download: gdm-eefd549d906827c43bbb1e45a8c0cafac377f5ae.tar.gz
3 files changed, 117 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index e707ca52..3c71f048 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+Tue Oct 26 15:24:21 2004  George Lebl <jirka@5z.com>
+
+	* daemon/gdm.[ch]: Add a global cookie in <ServAuthDir>/.cookie which
+	  can be used to authenticate if no display is available.
+
+	* daemon/gdm.[ch]: add a SOP command to launch a new flexiserver
+	  by "echo FLEXI_XSERVER >/var/lib/gdm/.gdmfifo"  No error detection
+	  is possible then ofcourse.  Patch from Tuukka Hastrup
+	  <Tuukka.Hastrup@iki.fi> with some fixup to make it actually work
+	  right.
+
 Tue Oct 26 14:50:34 2004  George Lebl <jirka@5z.com>
 
 	* daemon/gdm.c, daemon/server.c: Make autologin work on a second
diff --git a/daemon/gdm.c b/daemon/gdm.c
index 617e3ebd..09c40158 100644
--- a/daemon/gdm.c
+++ b/daemon/gdm.c
@@ -75,6 +75,15 @@ static void gdm_daemonify (void);
 static void gdm_safe_restart (void);
 static void gdm_try_logout_action (GdmDisplay *disp);
 static void gdm_restart_now (void);
+static void handle_flexi_server (GdmConnection *conn,
+				 int type, 
+				 const char *server,
+				 gboolean handled,
+				 gboolean chooser,
+				 const char *xnest_disp, 
+				 uid_t xnest_uid,
+				 const char *xnest_auth_file,
+				 const char *xnest_cookie);
 
 /* Global vars */
 GSList *displays = NULL;	/* List of displays managed */
@@ -104,6 +113,9 @@ GdmConnection *pipeconn = NULL; /* slavepipe (handled just like Fifo for compati
 GdmConnection *unixconn = NULL; /* UNIX Socket connection */
 int slave_fifo_pipe_fd = -1; /* the slavepipe connection */
 
+unsigned char *gdm_global_cookie = NULL;
+unsigned char *gdm_global_bcookie = NULL;
+
 char *gdm_charset = NULL;
 
 int gdm_normal_runlevel = -1; /* runlevel on linux that gdm was started in */
@@ -1967,6 +1979,49 @@ initial_term_int (int signal)
 	_exit (EXIT_FAILURE);
 }
 
+static void
+gdm_make_global_cookie (void)
+{
+	FILE *fp;
+	char *file;
+	mode_t oldmode;
+
+	/* kind of a hack */
+	GdmDisplay faked = {0};
+	faked.authfile = NULL;
+	faked.bcookie = NULL;
+	faked.cookie = NULL;
+
+	gdm_cookie_generate (&faked);
+
+	gdm_global_cookie = faked.cookie;
+	gdm_global_bcookie = faked.bcookie;
+
+	file = g_build_filename (GdmServAuthDir, ".cookie", NULL);
+	VE_IGNORE_EINTR (unlink (file));
+
+	oldmode = umask (077);
+	fp = gdm_safe_fopen_w (file);
+	umask (oldmode);
+	if G_UNLIKELY (fp == NULL) {
+		gdm_error (_("Can't open %s for writing"), file);
+		g_free (file);
+		return;
+	}
+
+	VE_IGNORE_EINTR (fprintf (fp, "%s\n", gdm_global_cookie));
+
+	/* FIXME: What about out of disk space errors? */
+	errno = 0;
+	VE_IGNORE_EINTR (fclose (fp));
+	if G_UNLIKELY (errno != 0) {
+		gdm_error (_("Can't write to %s: %s"), file,
+			   strerror (errno));
+	}
+
+	g_free (file);
+}
+
 int 
 main (int argc, char *argv[])
 {
@@ -2218,6 +2273,9 @@ main (int argc, char *argv[])
      * are sane */
     gdm_ensure_sanity () ;
 
+    /* Make us a unique global cookie to authenticate */
+    gdm_make_global_cookie ();
+
     /* Start local X servers */
     gdm_start_first_unborn_local (0 /* delay */);
 
@@ -2851,6 +2909,11 @@ gdm_handle_message (GdmConnection *conn, const char *msg, gpointer data)
 
 			send_slave_ack (d, NULL);
 		}
+	} else if (strcmp(msg, GDM_SOP_FLEXI_XSERVER) == 0) {
+		handle_flexi_server (NULL, TYPE_FLEXI, GdmStandardXServer,
+				     TRUE /* handled */,
+				     FALSE /* chooser */,
+				     NULL, 0, NULL, NULL);
 	}
 }
 
@@ -3071,8 +3134,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 	gdm_debug ("server: '%s'", server);
 
 	if (gdm_wait_for_go) {
-		gdm_connection_write (conn,
-				      "ERROR 1 No more flexi servers\n");
+		if (conn != NULL)
+			gdm_connection_write (conn,
+					      "ERROR 1 No more flexi servers\n");
 		return;
 	}
 
@@ -3083,8 +3147,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 
 		pw = getpwuid (xnest_uid);
 		if (pw == NULL) {
-			gdm_connection_write (conn,
-					      "ERROR 100 Not authenticated\n");
+			if (conn != NULL)
+				gdm_connection_write (conn,
+						      "ERROR 100 Not authenticated\n");
 			return;
 		}
 
@@ -3095,8 +3160,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 			NEVER_FAILS_setegid (GdmGroupId);
 
 		if (seteuid (xnest_uid) < 0) {
-			gdm_connection_write (conn,
-					      "ERROR 100 Not authenticated\n");
+			if (conn != NULL)
+				gdm_connection_write (conn,
+						      "ERROR 100 Not authenticated\n");
 			return;
 		}
 
@@ -3121,8 +3187,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 		if ( ! authorized) {
 			/* Sorry dude, you're not doing something
 			 * right */
-			gdm_connection_write (conn,
-					      "ERROR 100 Not authenticated\n");
+			if (conn != NULL)
+				gdm_connection_write (conn,
+						      "ERROR 100 Not authenticated\n");
 			return;
 		}
 
@@ -3130,8 +3197,9 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 	}
 
 	if (flexi_servers >= GdmFlexibleXServers) {
-		gdm_connection_write (conn,
-				      "ERROR 1 No more flexi servers\n");
+		if (conn != NULL)
+			gdm_connection_write (conn,
+					      "ERROR 1 No more flexi servers\n");
 		return;
 	}
 
@@ -3139,16 +3207,18 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 	if (ve_string_empty (server) ||
 	    access (bin, X_OK) != 0) {
 		g_free (bin);
-		gdm_connection_write (conn,
-				      "ERROR 6 No server binary\n");
+		if (conn != NULL)
+			gdm_connection_write (conn,
+					      "ERROR 6 No server binary\n");
 		return;
 	}
 	g_free (bin);
 
 	display = gdm_server_alloc (-1, server);
 	if G_UNLIKELY (display == NULL) {
-		gdm_connection_write (conn,
-				      "ERROR 2 Startup errors\n");
+		if (conn != NULL)
+			gdm_connection_write (conn,
+					      "ERROR 2 Startup errors\n");
 		return;
 	}
 
@@ -3191,12 +3261,14 @@ handle_flexi_server (GdmConnection *conn, int type, const char *server,
 	display->socket_conn = conn;
 	display->xnest_disp = g_strdup (xnest_disp);
 	display->xnest_auth_file = g_strdup (xnest_auth_file);
-	gdm_connection_set_close_notify (conn, display, close_conn);
+	if (conn != NULL)
+		gdm_connection_set_close_notify (conn, display, close_conn);
 	displays = g_slist_append (displays, display);
 	if ( ! gdm_display_manage (display)) {
 		gdm_display_unmanage (display);
-		gdm_connection_write (conn,
-				      "ERROR 2 Startup errors\n");
+		if (conn != NULL)
+			gdm_connection_write (conn,
+					      "ERROR 2 Startup errors\n");
 		return;
 	}
 	/* Now we wait for the server to start up (or not) */
@@ -3539,6 +3611,15 @@ gdm_handle_user_message (GdmConnection *conn, const char *msg, gpointer data)
 			}
 		}
 
+		if (gdm_global_cookie != NULL &&
+		    g_ascii_strcasecmp (gdm_global_cookie, cookie) == 0) {
+			g_free (cookie);
+			GDM_CONNECTION_SET_USER_FLAG
+				(conn, GDM_SUP_FLAG_AUTHENTICATED);
+			gdm_connection_write (conn, "OK\n");
+			return;
+		}
+
 		/* Hmmm, perhaps this is better defined behaviour */
 		GDM_CONNECTION_UNSET_USER_FLAG
 			(conn, GDM_SUP_FLAG_AUTHENTICATED);
diff --git a/daemon/gdm.h b/daemon/gdm.h
index 2734e2b0..c1424a4d 100644
--- a/daemon/gdm.h
+++ b/daemon/gdm.h
@@ -560,6 +560,9 @@ void		gdm_final_cleanup	(void);
 #define GDM_SOP_SUSPEND_MACHINE "SUSPEND_MACHINE"  /* no arguments */
 #define GDM_SOP_CHOSEN_THEME "CHOSEN_THEME"  /* <slave pid> <theme name> */
 
+/* Start a new standard X flexible server */
+#define GDM_SOP_FLEXI_XSERVER "FLEXI_XSERVER" /* no arguments */
+
 /* Notification protocol */
 /* keys */
 #define GDM_NOTIFY_ALLOWREMOTEROOT "AllowRemoteRoot" /* <true/false as int> */
@@ -625,6 +628,11 @@ void		gdm_final_cleanup	(void);
  *             only users logged in from gdm.  They must pass the xauth
  *             MIT-MAGIC-COOKIE-1 that they were passed before the
  *             connection is authenticated.
+ *             Note that since 2.6.0.6 you can also use a global
+ *             <ServAuthDir>/.cookie, which works for all authentication
+ *             except for SET_LOGOUT_ACTION and QUERY_LOGOUT_ACTION
+ *             and SET_SAFE_LOGOUT_ACTION which require a logged in
+ *             display
  * Supported since: 2.2.4.0
  * Arguments:  <xauth cookie>
  *   <xauth cookie> is in hex form with no 0x prefix
author	George Lebl <jirka@5z.com>	2004-10-26 22:35:17 +0000
committer	George Lebl <jirka@src.gnome.org>	2004-10-26 22:35:17 +0000
commit	eefd549d906827c43bbb1e45a8c0cafac377f5ae (patch)
tree	799cfc75682b62d3aeadcca9c4b476efcab1a24e
parent	696c5cae1cef80892b3dfa203ca8e2d02339762f (diff)
download	gdm-eefd549d906827c43bbb1e45a8c0cafac377f5ae.tar.gz