diff options
| author | Brian Cameron <Brian.Cameron@sun.com> | 2010-04-21 17:11:34 -0500 |
|---|---|---|
| committer | Brian Cameron <Brian.Cameron@sun.com> | 2010-04-21 17:11:34 -0500 |
| commit | 30907fccf4c52109e0653925cabf86c656631918 (patch) | |
| tree | ab9af892827def5baf62ec76017c814373170071 | |
| parent | a9d7f04e02df0fb227ebc57e68e9bd75a210fb95 (diff) | |
| download | gdm-30907fccf4c52109e0653925cabf86c656631918.tar.gz | |
Drop xhost localuser:gdm and localuser:root after the user session starts.
Fixes bug #605350.
| -rw-r--r-- | daemon/gdm-slave.c | 57 |
1 files changed, 35 insertions, 22 deletions
diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c index 50211576..31c172d3 100644 --- a/daemon/gdm-slave.c +++ b/daemon/gdm-slave.c @@ -364,6 +364,27 @@ gdm_slave_set_busy_cursor (GdmSlave *slave) } } +static gboolean +gdm_slave_setup_xhost_auth (XHostAddress *host_entries, XServerInterpretedAddress *si_entries) +{ + si_entries[0].type = "localuser"; + si_entries[0].typelength = strlen ("localuser"); + si_entries[1].type = "localuser"; + si_entries[1].typelength = strlen ("localuser"); + + si_entries[0].value = "root"; + si_entries[0].valuelength = strlen ("root"); + si_entries[1].value = GDM_USERNAME; + si_entries[1].valuelength = strlen (GDM_USERNAME); + + host_entries[0].family = FamilyServerInterpreted; + host_entries[0].address = (char *) &si_entries[0]; + host_entries[0].length = sizeof (XServerInterpretedAddress); + host_entries[1].family = FamilyServerInterpreted; + host_entries[1].address = (char *) &si_entries[1]; + host_entries[1].length = sizeof (XServerInterpretedAddress); +} + gboolean gdm_slave_connect_to_x11_display (GdmSlave *slave) { @@ -400,11 +421,8 @@ gdm_slave_connect_to_x11_display (GdmSlave *slave) g_warning ("Unable to connect to display %s", slave->priv->display_name); ret = FALSE; } else if (slave->priv->display_is_local) { - XHostAddress host_entries[2] = { - { FamilyServerInterpreted }, - { FamilyServerInterpreted } - }; XServerInterpretedAddress si_entries[2]; + XHostAddress host_entries[2]; g_debug ("GdmSlave: Connected to display %s", slave->priv->display_name); ret = TRUE; @@ -412,21 +430,7 @@ gdm_slave_connect_to_x11_display (GdmSlave *slave) /* Give programs run by the slave and greeter access to the display * independent of current hostname */ - si_entries[0].type = "localuser"; - si_entries[0].typelength = strlen ("localuser"); - si_entries[1].type = "localuser"; - si_entries[1].typelength = strlen ("localuser"); - - si_entries[0].value = "root"; - si_entries[0].valuelength = strlen ("root"); - si_entries[1].value = GDM_USERNAME; - si_entries[1].valuelength = strlen (GDM_USERNAME); - - host_entries[0].address = (char *) &si_entries[0]; - host_entries[0].length = sizeof (XServerInterpretedAddress); - host_entries[1].address = (char *) &si_entries[1]; - host_entries[1].length = sizeof (XServerInterpretedAddress); - + gdm_slave_setup_xhost_auth (host_entries, si_entries); XAddHosts (slave->priv->server_display, host_entries, G_N_ELEMENTS (host_entries)); } else { @@ -724,9 +728,11 @@ gdm_slave_add_user_authorization (GdmSlave *slave, const char *username, char **filenamep) { - gboolean res; - GError *error; - char *filename; + XServerInterpretedAddress si_entries[2]; + XHostAddress host_entries[2]; + gboolean res; + GError *error; + char *filename; filename = NULL; @@ -761,6 +767,13 @@ gdm_slave_add_user_authorization (GdmSlave *slave, } g_free (filename); + /* Remove access for the programs run by slave and greeter now that the + * user session is starting. + */ + gdm_slave_setup_xhost_auth (host_entries, si_entries); + XRemoveHosts (slave->priv->server_display, host_entries, + G_N_ELEMENTS (host_entries)); + return res; } |