diff options
author | William Jon McCann <mccann@src.gnome.org> | 2007-05-16 17:38:16 +0000 |
---|---|---|
committer | William Jon McCann <mccann@src.gnome.org> | 2007-05-16 17:38:16 +0000 |
commit | d3d96c47dcaf36e6e1206ce15af8d09068f8c2bb (patch) | |
tree | 107d442cc28f7479e25e39572df37fecf073646a | |
parent | 83c224157e0cd0c6dbea5e721adef2aea1adf27a (diff) | |
download | gdm-d3d96c47dcaf36e6e1206ce15af8d09068f8c2bb.tar.gz |
Add new md5 code to common. Replace cookie generation code.
Remove some dead code from gdm-common. Set xauth stuff in slave
correctly. Greeter now starts on xdmcp.
svn path=/branches/mccann-gobject/; revision=4937
-rw-r--r-- | common/Makefile.am | 2 | ||||
-rw-r--r-- | common/gdm-common.c | 754 | ||||
-rw-r--r-- | common/gdm-common.h | 62 | ||||
-rw-r--r-- | common/gdm-md5.c | 457 | ||||
-rw-r--r-- | common/gdm-md5.h | 50 | ||||
-rw-r--r-- | daemon/Makefile.am | 4 | ||||
-rw-r--r-- | daemon/auth.c | 55 | ||||
-rw-r--r-- | daemon/auth.h | 4 | ||||
-rw-r--r-- | daemon/cookie.c | 272 | ||||
-rw-r--r-- | daemon/cookie.h | 29 | ||||
-rw-r--r-- | daemon/gdm-display.c | 107 | ||||
-rw-r--r-- | daemon/gdm-display.h | 11 | ||||
-rw-r--r-- | daemon/gdm-display.xml | 6 | ||||
-rw-r--r-- | daemon/gdm-greeter.c | 58 | ||||
-rw-r--r-- | daemon/gdm-manager.c | 13 | ||||
-rw-r--r-- | daemon/gdm-slave.c | 190 | ||||
-rw-r--r-- | daemon/gdm-xdmcp-display.c | 32 | ||||
-rw-r--r-- | daemon/gdm-xdmcp-manager.c | 71 | ||||
-rw-r--r-- | daemon/md5.c | 267 | ||||
-rw-r--r-- | daemon/md5.h | 41 |
20 files changed, 1298 insertions, 1187 deletions
diff --git a/common/Makefile.am b/common/Makefile.am index dd9d1218..f28a0e89 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -38,6 +38,8 @@ libgdmcommon_a_SOURCES = \ gdm-config.c \ gdm-log.h \ gdm-log.c \ + gdm-md5.h \ + gdm-md5.c \ gdm-signal-handler.h \ gdm-signal-handler.c \ ve-signal.h \ diff --git a/common/gdm-common.c b/common/gdm-common.c index 73e78b9f..c66c026a 100644 --- a/common/gdm-common.c +++ b/common/gdm-common.c @@ -40,6 +40,7 @@ #include <glib/gi18n.h> #include "gdm-common.h" +#include "gdm-md5.h" int gdm_fdgetc (int fd) @@ -314,361 +315,6 @@ gdm_sigusr2_block_pop (void) } } -static GdmHostent * -fillout_addrinfo (struct addrinfo *res, - struct sockaddr *ia, - const char *name) -{ - GdmHostent *he; - gint i; - gint addr_count = 0; - struct addrinfo *tempaddrinfo; - - he = g_new0 (GdmHostent, 1); - - he->addrs = NULL; - he->addr_count = 0; - - if (res != NULL && res->ai_canonname != NULL) { - he->hostname = g_strdup (res->ai_canonname); - he->not_found = FALSE; - } else { - he->not_found = TRUE; - if (name != NULL) - he->hostname = g_strdup (name); - else { - static char buffer6[INET6_ADDRSTRLEN]; - static char buffer[INET_ADDRSTRLEN]; - const char *new = NULL; - - if (ia->sa_family == AF_INET6) { - if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)ia)->sin6_addr)) { - new = inet_ntop (AF_INET, &(((struct sockaddr_in6 *)ia)->sin6_addr.s6_addr[12]), buffer, sizeof (buffer)); - } else { - new = inet_ntop (AF_INET6, &((struct sockaddr_in6 *)ia)->sin6_addr, buffer6, sizeof (buffer6)); - } - } else if (ia->sa_family == AF_INET) { - new = inet_ntop (AF_INET, &((struct sockaddr_in *)ia)->sin_addr, buffer, sizeof (buffer)); - } - - if (new != NULL) { - he->hostname = g_strdup (new); - } else { - he->hostname = NULL; - } - } - } - - tempaddrinfo = res; - - while (res != NULL) { - addr_count++; - res = res->ai_next; - } - - he->addrs = g_new0 (struct sockaddr_storage, addr_count); - he->addr_count = addr_count; - res = tempaddrinfo; - for (i = 0; ; i++) { - if (res == NULL) - break; - - if ((res->ai_family == AF_INET) || (res->ai_family == AF_INET6)) { - (he->addrs)[i] = *(struct sockaddr_storage *)(res->ai_addr); - } - - res = res->ai_next; - } - - /* We don't want the ::ffff: that could arise here */ - if (he->hostname != NULL && - strncmp (he->hostname, "::ffff:", 7) == 0) { - strcpy (he->hostname, he->hostname + 7); - } - - return he; -} - -/* stolen from xdm sources */ -#if defined(X_NOT_POSIX) || defined(__EMX__) || defined(__NetBSD__) && defined(__sparc__) -#define Setjmp(e) setjmp(e) -#define Longjmp(e,v) longjmp(e,v) -#define Jmp_buf jmp_buf -#else -#define Setjmp(e) sigsetjmp(e,1) -#define Longjmp(e,v) siglongjmp(e,v) -#define Jmp_buf sigjmp_buf -#endif - -static gboolean do_jumpback = FALSE; -static Jmp_buf signal_jumpback; -static struct sigaction oldterm, oldint, oldhup; - -static void -jumpback_sighandler (int signal) -{ - /* - * This avoids a race see Note below. - * We want to jump back only on the first - * signal invocation, even if the signal - * handler didn't return. - */ - gboolean old_do_jumpback = do_jumpback; - do_jumpback = FALSE; - - if (signal == SIGINT) - oldint.sa_handler (signal); - else if (signal == SIGTERM) - oldint.sa_handler (signal); - else if (signal == SIGHUP) - oldint.sa_handler (signal); - /* No others should be set up */ - - /* Note that we may not get here since - the SIGTERM handler in slave.c - might have in fact done the big Longjmp - to the slave's death */ - - if (old_do_jumpback) { - Longjmp (signal_jumpback, 1); - } -} - -/* - * This sets up interruptes to be proxied and the - * gethostbyname/addr to be whacked using longjmp, - * in case INT/TERM/HUP was gotten in which case - * we no longer care for the result of the - * resolution. - */ -#define SETUP_INTERRUPTS_FOR_TERM_DECLS \ - struct sigaction term; - -#define SETUP_INTERRUPTS_FOR_TERM_SETUP \ - do_jumpback = FALSE; \ - \ - term.sa_handler = jumpback_sighandler; \ - term.sa_flags = SA_RESTART; \ - sigemptyset (&term.sa_mask); \ - \ - if G_UNLIKELY (sigaction (SIGTERM, &term, &oldterm) < 0) \ - g_critical (_("%s: Error setting up %s signal handler: %s"), \ - "SETUP_INTERRUPTS_FOR_TERM", "TERM", g_strerror (errno)); \ - \ - if G_UNLIKELY (sigaction (SIGINT, &term, &oldint) < 0) \ - g_critical (_("%s: Error setting up %s signal handler: %s"), \ - "SETUP_INTERRUPTS_FOR_TERM", "INT", g_strerror (errno)); \ - \ - if G_UNLIKELY (sigaction (SIGHUP, &term, &oldhup) < 0) \ - g_critical (_("%s: Error setting up %s signal handler: %s"), \ - "SETUP_INTERRUPTS_FOR_TERM", "HUP", g_strerror (errno)); \ - -#define SETUP_INTERRUPTS_FOR_TERM_TEARDOWN \ - do_jumpback = FALSE; \ - \ - if G_UNLIKELY (sigaction (SIGTERM, &oldterm, NULL) < 0) \ - g_critical (_("%s: Error setting up %s signal handler: %s"), \ - "SETUP_INTERRUPTS_FOR_TERM", "TERM", g_strerror (errno)); \ - \ - if G_UNLIKELY (sigaction (SIGINT, &oldint, NULL) < 0) \ - g_critical (_("%s: Error setting up %s signal handler: %s"), \ - "SETUP_INTERRUPTS_FOR_TERM", "INT", g_strerror (errno)); \ - \ - if G_UNLIKELY (sigaction (SIGHUP, &oldhup, NULL) < 0) \ - g_critical (_("%s: Error setting up %s signal handler: %s"), \ - "SETUP_INTERRUPTS_FOR_TERM", "HUP", g_strerror (errno)); - -GdmHostent * -gdm_gethostbyname (const char *name) -{ - struct addrinfo hints; - /* static because of Setjmp */ - static struct addrinfo *result; - - SETUP_INTERRUPTS_FOR_TERM_DECLS - - /* The cached address */ - static GdmHostent *he = NULL; - static time_t last_time = 0; - static char *cached_hostname = NULL; - - if (cached_hostname != NULL && - strcmp (cached_hostname, name) == 0) { - /* Don't check more then every 60 seconds */ - if (last_time + 60 > time (NULL)) - return gdm_hostent_copy (he); - } - - SETUP_INTERRUPTS_FOR_TERM_SETUP - - if (Setjmp (signal_jumpback) == 0) { - do_jumpback = TRUE; - - /* Find client hostname */ - memset (&hints, 0, sizeof (hints)); - hints.ai_socktype = SOCK_DGRAM; - hints.ai_flags = AI_CANONNAME; - - if (result) { - freeaddrinfo (result); - result = NULL; - } - - getaddrinfo (name, NULL, &hints, &result); - do_jumpback = FALSE; - } else { - /* Here we got interrupted */ - result = NULL; - } - - SETUP_INTERRUPTS_FOR_TERM_TEARDOWN - - g_free (cached_hostname); - cached_hostname = g_strdup (name); - - gdm_hostent_free (he); - - he = fillout_addrinfo (result, NULL, name); - - last_time = time (NULL); - return gdm_hostent_copy (he); -} - -GdmHostent * -gdm_gethostbyaddr (struct sockaddr_storage *ia) -{ - struct addrinfo hints; - /* static because of Setjmp */ - static struct addrinfo *result = NULL; - struct sockaddr_in6 sin6; - struct sockaddr_in sin; - static struct in6_addr cached_addr6; - - SETUP_INTERRUPTS_FOR_TERM_DECLS - - /* The cached address */ - static GdmHostent *he = NULL; - static time_t last_time = 0; - static struct in_addr cached_addr; - - if (last_time != 0) { - if ((ia->ss_family == AF_INET6) && (memcmp (cached_addr6.s6_addr, ((struct sockaddr_in6 *) ia)->sin6_addr.s6_addr, sizeof (struct in6_addr)) == 0)) { - /* Don't check more then every 60 seconds */ - if (last_time + 60 > time (NULL)) - return gdm_hostent_copy (he); - } else if (ia->ss_family == AF_INET) { - if (memcmp (&cached_addr, &(((struct sockaddr_in *)ia)->sin_addr), sizeof (struct in_addr)) == 0) { - /* Don't check more then every 60 seconds */ - if (last_time + 60 > time (NULL)) - return gdm_hostent_copy (he); - } - } - } - - SETUP_INTERRUPTS_FOR_TERM_SETUP - - if (Setjmp (signal_jumpback) == 0) { - do_jumpback = TRUE; - - /* Find client hostname */ - memset (&hints, 0, sizeof (hints)); - hints.ai_socktype = SOCK_DGRAM; - hints.ai_flags = AI_CANONNAME; - - if (result) { - freeaddrinfo (result); - result = NULL; - } - - if (ia->ss_family == AF_INET6) { - char buffer6[INET6_ADDRSTRLEN]; - - inet_ntop (AF_INET6, &((struct sockaddr_in6 *)ia)->sin6_addr, buffer6, sizeof (buffer6)); - - /* - * In the case of IPv6 mapped address strip the - * ::ffff: and lookup as an IPv4 address - */ - if (strncmp (buffer6, "::ffff:", 7) == 0) { - char *temp= (buffer6 + 7); - strcpy (buffer6, temp); - } - getaddrinfo (buffer6, NULL, &hints, &result); - - } else if (ia->ss_family == AF_INET) { - char buffer[INET_ADDRSTRLEN]; - - inet_ntop (AF_INET, &((struct sockaddr_in *)ia)->sin_addr, buffer, sizeof (buffer)); - - getaddrinfo (buffer, NULL, &hints, &result); - } - - do_jumpback = FALSE; - } else { - /* Here we got interrupted */ - result = NULL; - } - - SETUP_INTERRUPTS_FOR_TERM_TEARDOWN - - if (ia->ss_family == AF_INET6) { - memcpy (cached_addr6.s6_addr, ((struct sockaddr_in6 *)ia)->sin6_addr.s6_addr, sizeof (struct in6_addr)); - memset (&sin6, 0, sizeof (sin6)); - memcpy (sin6.sin6_addr.s6_addr, cached_addr6.s6_addr, sizeof (struct in6_addr)); - sin6.sin6_family = AF_INET6; - he = fillout_addrinfo (result, (struct sockaddr *)&sin6, NULL); - } - else if (ia->ss_family == AF_INET) { - memcpy (&(cached_addr.s_addr), &(((struct sockaddr_in *)ia)->sin_addr.s_addr), sizeof (struct in_addr)); - memset (&sin, 0, sizeof (sin)); - memcpy (&sin.sin_addr, &cached_addr, sizeof (struct in_addr)); - sin.sin_family = AF_INET; - he = fillout_addrinfo (result, (struct sockaddr *)&sin, NULL); - } - - last_time = time (NULL); - return gdm_hostent_copy (he); -} - -GdmHostent * -gdm_hostent_copy (GdmHostent *he) -{ - GdmHostent *cpy; - - if (he == NULL) - return NULL; - - cpy = g_new0 (GdmHostent, 1); - cpy->not_found = he->not_found; - cpy->hostname = g_strdup (he->hostname); - if (he->addr_count == 0) { - cpy->addr_count = 0; - cpy->addrs = NULL; - } else { - cpy->addr_count = he->addr_count; - cpy->addrs = g_new0 (struct sockaddr_storage, he->addr_count); - memcpy (cpy->addrs, he->addrs, sizeof (struct sockaddr_storage) * he->addr_count); - } - return cpy; -} - -void -gdm_hostent_free (GdmHostent *he) -{ - if (he == NULL) - return; - g_free (he->hostname); - he->hostname = NULL; - - g_free (he->addrs); - he->addrs = NULL; - he->addr_count = 0; - - g_free (he); -} - - - /* Like fopen with "w" */ FILE * gdm_safe_fopen_w (const char *file, mode_t perm) @@ -916,3 +562,401 @@ ve_locale_exists (const char *loc) g_free (old); return ret; } + +/* hex conversion adapted from D-Bus */ + +/** + * Appends a two-character hex digit to a string, where the hex digit + * has the value of the given byte. + * + * @param str the string + * @param byte the byte + */ +static void +_gdm_string_append_byte_as_hex (GString *str, + int byte) +{ + const char hexdigits[16] = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', + 'a', 'b', 'c', 'd', 'e', 'f' + }; + + str = g_string_append_c (str, hexdigits[(byte >> 4)]); + + str = g_string_append_c (str, hexdigits[(byte & 0x0f)]); +} + +/** + * Encodes a string in hex, the way MD5 and SHA-1 are usually + * encoded. (Each byte is two hex digits.) + * + * @param source the string to encode + * @param start byte index to start encoding + * @param dest string where encoded data should be placed + * @param insert_at where to place encoded data + * @returns #TRUE if encoding was successful, #FALSE if no memory etc. + */ +gboolean +gdm_string_hex_encode (const GString *source, + int start, + GString *dest, + int insert_at) +{ + GString *result; + const unsigned char *p; + const unsigned char *end; + gboolean retval; + + g_assert (start <= source->len); + + result = g_string_new (NULL); + + retval = FALSE; + + p = (const unsigned char*) source->str; + end = p + source->len; + p += start; + + while (p != end) { + _gdm_string_append_byte_as_hex (result, *p); + ++p; + } + + dest = g_string_insert (dest, insert_at, result->str); + + retval = TRUE; + + g_string_free (result, TRUE); + + return retval; +} + +/** + * Decodes a string from hex encoding. + * + * @param source the string to decode + * @param start byte index to start decode + * @param end_return return location of the end of the hex data, or #NULL + * @param dest string where decoded data should be placed + * @param insert_at where to place decoded data + * @returns #TRUE if decoding was successful, #FALSE if no memory. + */ +gboolean +gdm_string_hex_decode (const GString *source, + int start, + int *end_return, + GString *dest, + int insert_at) +{ + GString *result; + const unsigned char *p; + const unsigned char *end; + gboolean retval; + gboolean high_bits; + + g_assert (start <= source->len); + + result = g_string_new (NULL); + + retval = FALSE; + + high_bits = TRUE; + p = (const unsigned char*) source->str; + end = p + source->len; + p += start; + + while (p != end) { + unsigned int val; + + switch (*p) { + case '0': + val = 0; + break; + case '1': + val = 1; + break; + case '2': + val = 2; + break; + case '3': + val = 3; + break; + case '4': + val = 4; + break; + case '5': + val = 5; + break; + case '6': + val = 6; + break; + case '7': + val = 7; + break; + case '8': + val = 8; + break; + case '9': + val = 9; + break; + case 'a': + case 'A': + val = 10; + break; + case 'b': + case 'B': + val = 11; + break; + case 'c': + case 'C': + val = 12; + break; + case 'd': + case 'D': + val = 13; + break; + case 'e': + case 'E': + val = 14; + break; + case 'f': + case 'F': + val = 15; + break; + default: + goto done; + } + + if (high_bits) { + result = g_string_append_c (result, val << 4); + } else { + int len; + unsigned char b; + + len = result->len; + + b = result->str[len - 1]; + + b |= val; + + result->str[len - 1] = b; + } + + high_bits = !high_bits; + + ++p; + } + + done: + dest = g_string_insert (dest, insert_at, result->str); + + if (end_return) { + *end_return = p - (const unsigned char*) source->str; + } + + retval = TRUE; + + g_string_free (result, TRUE); + + return retval; +} + +static void +_gdm_generate_pseudorandom_bytes_buffer (char *buffer, + int n_bytes) +{ + int i; + + /* fall back to pseudorandom */ + g_debug ("Falling back to pseudorandom for %d bytes\n", + n_bytes); + + i = 0; + while (i < n_bytes) { + int b; + + b = g_random_int_range (0, 255); + + buffer[i] = b; + + ++i; + } +} + +static gboolean +_gdm_generate_pseudorandom_bytes (GString *str, + int n_bytes) +{ + int old_len; + char *p; + + old_len = str->len; + + str = g_string_set_size (str, old_len + n_bytes); + + p = str->str + old_len; + + _gdm_generate_pseudorandom_bytes_buffer (p, n_bytes); + + return TRUE; +} + + +static int +_gdm_fdread (int fd, + GString *buffer, + int count) +{ + int bytes_read; + int start; + char *data; + + g_assert (count >= 0); + + start = buffer->len; + + buffer = g_string_set_size (buffer, start + count); + + data = buffer->str + start; + + again: + bytes_read = read (fd, data, count); + + if (bytes_read < 0) { + if (errno == EINTR) { + goto again; + } else { + /* put length back (note that this doesn't actually realloc anything) */ + buffer = g_string_set_size (buffer, start); + return -1; + } + } else { + /* put length back (doesn't actually realloc) */ + buffer = g_string_set_size (buffer, start + bytes_read); + + return bytes_read; + } +} + +/** + * Closes a file descriptor. + * + * @param fd the file descriptor + * @param error error object + * @returns #FALSE if error set + */ +static gboolean +_gdm_fdclose (int fd) +{ + again: + if (close (fd) < 0) { + if (errno == EINTR) + goto again; + + g_warning ("Could not close fd %d: %s", + fd, + g_strerror (errno)); + return FALSE; + } + + return TRUE; +} + +/** + * Generates the given number of random bytes, + * using the best mechanism we can come up with. + * + * @param str the string + * @param n_bytes the number of random bytes to append to string + */ +gboolean +gdm_generate_random_bytes (GString *str, + int n_bytes) +{ + int old_len; + int fd; + + /* FALSE return means "no memory", if it could + * mean something else then we'd need to return + * a DBusError. So we always fall back to pseudorandom + * if the I/O fails. + */ + + old_len = str->len; + fd = -1; + + /* note, urandom on linux will fall back to pseudorandom */ + fd = g_open ("/dev/urandom", O_RDONLY, 0); + if (fd < 0) { + return _gdm_generate_pseudorandom_bytes (str, n_bytes); + } + + if (_gdm_fdread (fd, str, n_bytes) != n_bytes) { + _gdm_fdclose (fd); + str = g_string_set_size (str, old_len); + return _gdm_generate_pseudorandom_bytes (str, n_bytes); + } + + g_debug ("Read %d bytes from /dev/urandom\n", n_bytes); + + _gdm_fdclose (fd); + + return TRUE; +} + +/** + * Computes the ASCII hex-encoded md5sum of the given data and + * appends it to the output string. + * + * @param data input data to be hashed + * @param ascii_output string to append ASCII md5sum to + * @returns #FALSE if not enough memory + */ +static gboolean +gdm_md5_compute (const GString *data, + GString *ascii_output) +{ + GdmMD5Context context; + GString *digest; + + gdm_md5_init (&context); + + gdm_md5_update (&context, data); + + digest = g_string_new (NULL); + if (digest == NULL) + return FALSE; + + if (! gdm_md5_final (&context, digest)) + goto error; + + if (! gdm_string_hex_encode (digest, + 0, + ascii_output, + ascii_output->len)) + goto error; + + g_string_free (digest, TRUE); + + return TRUE; + + error: + g_string_free (digest, TRUE); + + return FALSE; +} + +gboolean +gdm_generate_cookie (GString *result) +{ + gboolean ret; + GString *data; + + data = g_string_new (NULL); + gdm_generate_random_bytes (data, 16); + + ret = gdm_md5_compute (data, result); + g_string_free (data, TRUE); + + return ret; +} diff --git a/common/gdm-common.h b/common/gdm-common.h index d509271f..66b04bf7 100644 --- a/common/gdm-common.h +++ b/common/gdm-common.h @@ -84,42 +84,26 @@ FILE * gdm_safe_fopen_w (const char *file, FILE * gdm_safe_fopen_ap (const char *file, mode_t perm); - -typedef struct { - gboolean not_found; /* hostname below set to fallback, - as gethostbyaddr/name failed */ - char *hostname; /* never a bogus dot, if - invalid/unknown, then set to the - ip address in string form */ - - struct sockaddr_storage *addrs; - int addr_count; -} GdmHostent; - -GdmHostent * gdm_gethostbyname (const char *name); - -GdmHostent *gdm_gethostbyaddr (struct sockaddr_storage *ia); -GdmHostent * gdm_hostent_copy (GdmHostent *he); -void gdm_hostent_free (GdmHostent *he); - /* This is for race free forks */ -void gdm_sigchld_block_push (void); -void gdm_sigchld_block_pop (void); -void gdm_sigterm_block_push (void); -void gdm_sigterm_block_pop (void); -void gdm_sigusr2_block_push (void); -void gdm_sigusr2_block_pop (void); +void gdm_sigchld_block_push (void); +void gdm_sigchld_block_pop (void); +void gdm_sigterm_block_push (void); +void gdm_sigterm_block_pop (void); +void gdm_sigusr2_block_push (void); +void gdm_sigusr2_block_pop (void); + +void gdm_fdprintf (int fd, const gchar *format, ...) G_GNUC_PRINTF (2, 3); +int gdm_fdgetc (int fd); +char *gdm_fdgets (int fd); +void gdm_fd_set_close_on_exec (int fd); -void gdm_fdprintf (int fd, const gchar *format, ...) G_GNUC_PRINTF (2, 3); -int gdm_fdgetc (int fd); -char *gdm_fdgets (int fd); -void gdm_signal_ignore (int signal); -void gdm_signal_default (int signal); +void gdm_signal_ignore (int signal); +void gdm_signal_default (int signal); -void gdm_close_all_descriptors (int from, int except, int except2); +void gdm_close_all_descriptors (int from, int except, int except2); -int gdm_open_dev_null (mode_t mode); +int gdm_open_dev_null (mode_t mode); /* somewhat like g_build_filename, but does somet hing like * <dir> "/" <name> <extension> @@ -128,8 +112,6 @@ char * gdm_make_filename (const char *dir, const char *name, const char *extension); -void gdm_fd_set_close_on_exec (int fd); - void ve_clearenv (void); char * ve_first_word (const char *s); @@ -153,6 +135,20 @@ pid_t ve_waitpid_no_signal (pid_t pid, int *status, int options); /* Testing for existance of a certain locale */ gboolean ve_locale_exists (const char *loc); +gboolean gdm_generate_random_bytes (GString *str, + int n_bytes); + +gboolean gdm_string_hex_encode (const GString *source, + int start, + GString *dest, + int insert_at); +gboolean gdm_string_hex_decode (const GString *source, + int start, + int *end_return, + GString *dest, + int insert_at); +gboolean gdm_generate_cookie (GString *result); + G_END_DECLS #endif /* _GDM_COMMON_H */ diff --git a/common/gdm-md5.c b/common/gdm-md5.c new file mode 100644 index 00000000..6a676a59 --- /dev/null +++ b/common/gdm-md5.c @@ -0,0 +1,457 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- + * + * gdm-md5.c md5 implementation (based on L Peter Deutsch implementation) + * + * Copyright (C) 2003 Red Hat Inc. + * Copyright (C) 1999, 2000 Aladdin Enterprises. All rights reserved. + * + * This software is provided 'as-is', without any express or implied + * warranty. In no event will the authors be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; you must not + * claim that you wrote the original software. If you use this software + * in a product, an acknowledgment in the product documentation would be + * appreciated but is not required. + * 2. Altered source versions must be plainly marked as such, and must not be + * misrepresented as being the original software. + * 3. This notice may not be removed or altered from any source distribution. + * + * L. Peter Deutsch + * ghost@aladdin.com + */ +/* + * Independent implementation of MD5 (RFC 1321). + * + * This code implements the MD5 Algorithm defined in RFC 1321. + * It is derived directly from the text of the RFC and not from the + * reference implementation. + * + * The original and principal author of md5.c is L. Peter Deutsch + * <ghost@aladdin.com>. + */ + +/* This GDM version was modified for glib from dbus-md5.c */ + +#include <string.h> +#include <glib.h> + +#include "gdm-md5.h" + +/** + * @defgroup GdmMD5Internals MD5 implementation details + * @ingroup GdmInternals + * @brief Internals of MD5 implementation. + * + * The implementation of MD5 (see http://www.ietf.org/rfc/rfc1321.txt). + * This MD5 implementation was written by L. Peter Deutsch and + * is not derived from the RSA reference implementation in the + * RFC. The version included in D-Bus comes from the Ghostscript + * 7.05 distribution. + * + * @{ + */ +#ifndef DOXYGEN_SHOULD_SKIP_THIS +/* + * For reference, here is the program that computed the T values. + */ +#ifdef COMPUTE_T_VALUES +#include <math.h> +int +main(int argc, char **argv) +{ + int i; + for (i = 1; i <= 64; ++i) + { + unsigned long v = (unsigned long)(4294967296.0 * fabs(sin((double)i))); + + /* + * The following nonsense is only to avoid compiler warnings about + * "integer constant is unsigned in ANSI C, signed with -traditional". + */ + if (v >> 31) + { + printf("#define T%d /* 0x%08lx */ (T_MASK ^ 0x%08lx)\n", i, + v, (unsigned long)(unsigned int)(~v)); + } else { + printf("#define T%d 0x%08lx\n", i, v); + } + } + return 0; +} +#endif /* COMPUTE_T_VALUES */ +/* + * End of T computation program. + */ + +#define T_MASK ((guint32)~0) +#define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87) +#define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9) +#define T3 0x242070db +#define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111) +#define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050) +#define T6 0x4787c62a +#define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec) +#define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe) +#define T9 0x698098d8 +#define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850) +#define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e) +#define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841) +#define T13 0x6b901122 +#define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c) +#define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71) +#define T16 0x49b40821 +#define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d) +#define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf) +#define T19 0x265e5a51 +#define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855) +#define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2) +#define T22 0x02441453 +#define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e) +#define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437) +#define T25 0x21e1cde6 +#define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829) +#define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278) +#define T28 0x455a14ed +#define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa) +#define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07) +#define T31 0x676f02d9 +#define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375) +#define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd) +#define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e) +#define T35 0x6d9d6122 +#define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3) +#define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb) +#define T38 0x4bdecfa9 +#define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f) +#define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f) +#define T41 0x289b7ec6 +#define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805) +#define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a) +#define T44 0x04881d05 +#define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6) +#define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a) +#define T47 0x1fa27cf8 +#define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a) +#define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb) +#define T50 0x432aff97 +#define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58) +#define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6) +#define T53 0x655b59c3 +#define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d) +#define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82) +#define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e) +#define T57 0x6fa87e4f +#define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f) +#define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb) +#define T60 0x4e0811a1 +#define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d) +#define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca) +#define T63 0x2ad7d2bb +#define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e) +#endif /* !DOXYGEN_SHOULD_SKIP_THIS */ + +static void +md5_process (GdmMD5Context *context, + const unsigned char *data /*[64]*/) +{ + guint32 + a = context->abcd[0], b = context->abcd[1], + c = context->abcd[2], d = context->abcd[3]; + guint32 t; + +#ifdef WORDS_BIGENDIAN + /* + * On big-endian machines, we must arrange the bytes in the right + * order. (This also works on machines of unknown byte order.) + */ + guint32 X[16]; + const unsigned char *xp = data; + int i; + + for (i = 0; i < 16; ++i, xp += 4) + X[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24); + +#else /* !WORDS_BIGENDIAN */ + /* + * On little-endian machines, we can process properly aligned data + * without copying it. + */ + guint32 xbuf[16]; + const guint32 *X; + + if (!((data - (const unsigned char *)0) & 3)) + { + /* data are properly aligned */ + X = (const guint32 *)data; + } + else + { + /* not aligned */ + memcpy(xbuf, data, 64); + X = xbuf; + } +#endif + +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) + + /* Round 1. */ + /* Let [abcd k s i] denote the operation + a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */ +#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define SET(a, b, c, d, k, s, Ti) \ + t = a + F(b,c,d) + X[k] + Ti; \ + a = ROTATE_LEFT(t, s) + b + /* Do the following 16 operations. */ + SET(a, b, c, d, 0, 7, T1); + SET(d, a, b, c, 1, 12, T2); + SET(c, d, a, b, 2, 17, T3); + SET(b, c, d, a, 3, 22, T4); + SET(a, b, c, d, 4, 7, T5); + SET(d, a, b, c, 5, 12, T6); + SET(c, d, a, b, 6, 17, T7); + SET(b, c, d, a, 7, 22, T8); + SET(a, b, c, d, 8, 7, T9); + SET(d, a, b, c, 9, 12, T10); + SET(c, d, a, b, 10, 17, T11); + SET(b, c, d, a, 11, 22, T12); + SET(a, b, c, d, 12, 7, T13); + SET(d, a, b, c, 13, 12, T14); + SET(c, d, a, b, 14, 17, T15); + SET(b, c, d, a, 15, 22, T16); +#undef SET + + /* Round 2. */ + /* Let [abcd k s i] denote the operation + a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */ +#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define SET(a, b, c, d, k, s, Ti) \ + t = a + G(b,c,d) + X[k] + Ti; \ + a = ROTATE_LEFT(t, s) + b + /* Do the following 16 operations. */ + SET(a, b, c, d, 1, 5, T17); + SET(d, a, b, c, 6, 9, T18); + SET(c, d, a, b, 11, 14, T19); + SET(b, c, d, a, 0, 20, T20); + SET(a, b, c, d, 5, 5, T21); + SET(d, a, b, c, 10, 9, T22); + SET(c, d, a, b, 15, 14, T23); + SET(b, c, d, a, 4, 20, T24); + SET(a, b, c, d, 9, 5, T25); + SET(d, a, b, c, 14, 9, T26); + SET(c, d, a, b, 3, 14, T27); + SET(b, c, d, a, 8, 20, T28); + SET(a, b, c, d, 13, 5, T29); + SET(d, a, b, c, 2, 9, T30); + SET(c, d, a, b, 7, 14, T31); + SET(b, c, d, a, 12, 20, T32); +#undef SET + + /* Round 3. */ + /* Let [abcd k s t] denote the operation + a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */ +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define SET(a, b, c, d, k, s, Ti) \ + t = a + H(b,c,d) + X[k] + Ti; \ + a = ROTATE_LEFT(t, s) + b + /* Do the following 16 operations. */ + SET(a, b, c, d, 5, 4, T33); + SET(d, a, b, c, 8, 11, T34); + SET(c, d, a, b, 11, 16, T35); + SET(b, c, d, a, 14, 23, T36); + SET(a, b, c, d, 1, 4, T37); + SET(d, a, b, c, 4, 11, T38); + SET(c, d, a, b, 7, 16, T39); + SET(b, c, d, a, 10, 23, T40); + SET(a, b, c, d, 13, 4, T41); + SET(d, a, b, c, 0, 11, T42); + SET(c, d, a, b, 3, 16, T43); + SET(b, c, d, a, 6, 23, T44); + SET(a, b, c, d, 9, 4, T45); + SET(d, a, b, c, 12, 11, T46); + SET(c, d, a, b, 15, 16, T47); + SET(b, c, d, a, 2, 23, T48); +#undef SET + + /* Round 4. */ + /* Let [abcd k s t] denote the operation + a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */ +#define I(x, y, z) ((y) ^ ((x) | ~(z))) +#define SET(a, b, c, d, k, s, Ti) \ + t = a + I(b,c,d) + X[k] + Ti; \ + a = ROTATE_LEFT(t, s) + b + /* Do the following 16 operations. */ + SET(a, b, c, d, 0, 6, T49); + SET(d, a, b, c, 7, 10, T50); + SET(c, d, a, b, 14, 15, T51); + SET(b, c, d, a, 5, 21, T52); + SET(a, b, c, d, 12, 6, T53); + SET(d, a, b, c, 3, 10, T54); + SET(c, d, a, b, 10, 15, T55); + SET(b, c, d, a, 1, 21, T56); + SET(a, b, c, d, 8, 6, T57); + SET(d, a, b, c, 15, 10, T58); + SET(c, d, a, b, 6, 15, T59); + SET(b, c, d, a, 13, 21, T60); + SET(a, b, c, d, 4, 6, T61); + SET(d, a, b, c, 11, 10, T62); + SET(c, d, a, b, 2, 15, T63); + SET(b, c, d, a, 9, 21, T64); +#undef SET + + /* Then perform the following additions. (That is increment each + of the four registers by the value it had before this block + was started.) */ + context->abcd[0] += a; + context->abcd[1] += b; + context->abcd[2] += c; + context->abcd[3] += d; +} + +static void +md5_init (GdmMD5Context *context) +{ + context->count[0] = context->count[1] = 0; + context->abcd[0] = 0x67452301; + context->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476; + context->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301; + context->abcd[3] = 0x10325476; +} + +static void +md5_append (GdmMD5Context *context, + const unsigned char *data, + int nbytes) +{ + const unsigned char *p = data; + int left = nbytes; + int offset = (context->count[0] >> 3) & 63; + guint32 nbits = (guint32)(nbytes << 3); + + if (nbytes <= 0) + return; + + /* Update the message length. */ + context->count[1] += nbytes >> 29; + context->count[0] += nbits; + if (context->count[0] < nbits) + context->count[1]++; + + /* Process an initial partial block. */ + if (offset) + { + int copy = (offset + nbytes > 64 ? 64 - offset : nbytes); + + memcpy(context->buf + offset, p, copy); + if (offset + copy < 64) + return; + p += copy; + left -= copy; + md5_process(context, context->buf); + } + + /* Process full blocks. */ + for (; left >= 64; p += 64, left -= 64) + md5_process(context, p); + + /* Process a final partial block. */ + if (left) + memcpy(context->buf, p, left); +} + +static void +md5_finish (GdmMD5Context *context, + unsigned char digest[16]) +{ + static const unsigned char pad[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + unsigned char data[8]; + int i; + + /* Save the length before padding. */ + for (i = 0; i < 8; ++i) + data[i] = (unsigned char)(context->count[i >> 2] >> ((i & 3) << 3)); + /* Pad to 56 bytes mod 64. */ + md5_append(context, pad, ((55 - (context->count[0] >> 3)) & 63) + 1); + /* Append the length. */ + md5_append(context, data, 8); + for (i = 0; i < 16; ++i) + digest[i] = (unsigned char)(context->abcd[i >> 2] >> ((i & 3) << 3)); +} + +/** @} */ /* End of internals */ + +/** + * @addtogroup GdmMD5 + * + * @{ + */ + +/** + * Initializes the MD5 context. + * + * @param context an uninitialized context, typically on the stack. + */ +void +gdm_md5_init (GdmMD5Context *context) +{ + md5_init (context); +} + + +/** + * Feeds more data into an existing md5sum computation. + * + * @param context the MD5 context + * @param data the additional data to hash + */ +void +gdm_md5_update (GdmMD5Context *context, + const GString *data) +{ + unsigned int inputLen; + unsigned char *input; + + input = (unsigned char *)data->str; + inputLen = data->len; + + md5_append (context, input, inputLen); +} + +/** + * MD5 finalization. Ends an MD5 message-digest operation, writing the + * the message digest and zeroing the context. The results are + * returned as a raw 16-byte digest, not as the ascii-hex-digits + * string form of the digest. + * + * @param context the MD5 context + * @param results string to append the 16-byte MD5 digest to + * @returns #FALSE if not enough memory to append the digest + * + */ +gboolean +gdm_md5_final (GdmMD5Context *context, + GString *results) +{ + unsigned char digest[16]; + + md5_finish (context, digest); + + if (!g_string_append_len (results, digest, 16)) + return FALSE; + + /* some kind of security paranoia, though it seems pointless + * to me given the nonzeroed stuff flying around + */ + memset ((void*)context, '\0', sizeof (GdmMD5Context)); + + return TRUE; +} diff --git a/common/gdm-md5.h b/common/gdm-md5.h new file mode 100644 index 00000000..80051f49 --- /dev/null +++ b/common/gdm-md5.h @@ -0,0 +1,50 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- + * + * gdm-md5.h md5 implementation (based on L Peter Deutsch implementation) + * + * Copyright (C) 2003 Red Hat Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +#ifndef GDM_MD5_H +#define GDM_MD5_H + +#include <glib.h> + +G_BEGIN_DECLS + +typedef struct GdmMD5Context GdmMD5Context; + +/** + * A context used to store the state of the MD5 algorithm + */ +struct GdmMD5Context +{ + guint32 count[2]; /**< message length in bits, lsw first */ + guint32 abcd[4]; /**< digest buffer */ + unsigned char buf[64]; /**< accumulate block */ +}; + +void gdm_md5_init (GdmMD5Context *context); +void gdm_md5_update (GdmMD5Context *context, + const GString *data); +gboolean gdm_md5_final (GdmMD5Context *context, + GString *results); + +G_END_DECLS + +#endif /* GDM_MD5_H */ diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 02fcef7d..8879ee2b 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -114,14 +114,10 @@ gdm_binary_SOURCES = \ auth.h \ fstype.c \ server.h \ - cookie.c \ - cookie.h \ choose.c \ choose.h \ filecheck.c \ filecheck.h \ - md5.c \ - md5.h \ $(NULL) XDMCP_SOURCES = \ diff --git a/daemon/auth.c b/daemon/auth.c index 4b3e889f..f0730138 100644 --- a/daemon/auth.c +++ b/daemon/auth.c @@ -38,7 +38,6 @@ #include <glib.h> #include <glib/gi18n.h> -#include "cookie.h" #include "filecheck.h" #include "auth.h" @@ -59,7 +58,7 @@ static FILE *gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty gboolean gdm_auth_add_entry (int display_num, - const char *bcookie, + GString *binary_cookie, GSList **authlist, FILE *af, unsigned short family, @@ -105,8 +104,8 @@ gdm_auth_add_entry (int display_num, return FALSE; } - memcpy (xa->data, bcookie, 16); - xa->data_length = 16; + memcpy (xa->data, binary_cookie->str, binary_cookie->len); + xa->data_length = binary_cookie->len; if (af != NULL) { errno = 0; @@ -136,18 +135,35 @@ gdm_auth_add_entry (int display_num, } gboolean -gdm_auth_add_entry_for_display (int display_num, - const char *bcookie, - GSList **authlist, - FILE *af) +gdm_auth_add_entry_for_display (int display_num, + GString *cookie, + GSList **authlist, + FILE *af) { - gdm_auth_add_entry (display_num, - bcookie, - authlist, - af, - FamilyWild, - NULL, - 0); + GString *binary_cookie; + gboolean ret; + + binary_cookie = g_string_new (NULL); + + if (! gdm_string_hex_decode (cookie, + 0, + NULL, + binary_cookie, + 0)) { + ret = FALSE; + goto out; + } + + ret = gdm_auth_add_entry (display_num, + binary_cookie, + authlist, + af, + FamilyWild, + NULL, + 0); + out: + g_string_free (binary_cookie, TRUE); + return ret; } #if 0 @@ -828,15 +844,6 @@ gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty) } void -gdm_auth_set_local_auth (GdmDisplay *d) -{ - XSetAuthorization ((char *)"MIT-MAGIC-COOKIE-1", - (int) strlen ("MIT-MAGIC-COOKIE-1"), - (char *)d->bcookie, - (int) 16); -} - -void gdm_auth_free_auth_list (GSList *list) { GSList *li; diff --git a/daemon/auth.h b/daemon/auth.h index 0f84dde5..a6453dec 100644 --- a/daemon/auth.h +++ b/daemon/auth.h @@ -24,11 +24,11 @@ G_BEGIN_DECLS gboolean gdm_auth_add_entry_for_display (int display_num, - const char *bcookie, + GString *cookie, GSList **authlist, FILE *af); gboolean gdm_auth_add_entry (int display_num, - const char *bcookie, + GString *binary_cookie, GSList **authlist, FILE *af, unsigned short family, diff --git a/daemon/cookie.c b/daemon/cookie.c deleted file mode 100644 index 35016fb0..00000000 --- a/daemon/cookie.c +++ /dev/null @@ -1,272 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- - * - * GDM - The GNOME Display Manager - * Copyright (C) 2003 Red Hat, Inc. - * Copyright (C) 1998, 1999, 2000 Martin K. Petersen <mkp@mkp.net> - * Copyright (C) Rik Faith <faith@precisioninsight.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * Functions for generating MIT-MAGIC-COOKIEs. - * - * This code was derived (i.e. stolen) from mcookie.c written by Rik Faith - * - * Note that this code goes to much greater lengths to be as random as possible. - * Thus being more secure on systems without /dev/random and friends. - */ - -#include "config.h" - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <fcntl.h> -#include <sys/time.h> -#include <unistd.h> -#include <errno.h> - -#include "gdm.h" -#include "md5.h" -#include "cookie.h" - -#include "gdm-common.h" -#include "gdm-master-config.h" - -#define MAXBUFFERSIZE 1024 - -static struct rngs { - const char *path; /* null is the authfile name */ - int length; - off_t seek; -} rngs[] = { - { "/dev/random", 16, 0 }, -#ifdef __OpenBSD__ - { "/dev/srandom", 16, 0 }, -#endif - { "/dev/urandom", 128, 0 }, - { "/proc/stat", MAXBUFFERSIZE, 0 }, - { "/proc/interrupts", MAXBUFFERSIZE, 0 }, - { "/proc/loadavg", MAXBUFFERSIZE, 0 }, - { "/proc/meminfo", MAXBUFFERSIZE, 0 }, -#if defined (__i386__) || defined (__386__) || defined (_M_IX86) - /* On i386, we should not read the first 16megs */ - { "/dev/mem", MAXBUFFERSIZE, 0x100000 }, -#else - { "/dev/mem", MAXBUFFERSIZE, 0 }, -#endif - /* this will load the old authfile for the display */ - { NULL /* null means the authfile */, MAXBUFFERSIZE, 0 }, - { "/proc/net/dev", MAXBUFFERSIZE, 0 }, - { "/dev/audio", MAXBUFFERSIZE, 0 }, - { "/etc/shadow", MAXBUFFERSIZE, 0 }, - { "/var/log/messages", MAXBUFFERSIZE, 0 }, -}; - -/* Some semi random spinners to spin, - * this is 20 bytes of semi random data */ -#define RANDNUMS 5 -static guint32 randnums[RANDNUMS]; - -/* stolen from XDM which in turn stole this - from the C standard */ -static guint32 -next_rand_15 (guint32 num) -{ - num = num * 1103515245 + 12345; - return (unsigned int)(num/65536) % 32768; -} - -/* really quite apparently only 31 bits of entropy result (from tests), - but oh well */ -static guint32 -next_rand_32 (guint32 num) -{ - int i; - guint32 ret; - guint8 *p = (guint8 *)&ret; - - for (i = 0; i < 4; i++) { - num = next_rand_15 (num); - p[i] = (num & 0xff00) >> 8; - } - return ret; -} - -/* This adds a little bit of entropy to our buffer, - just in case /dev/random doesn't work out for us - really since that normally adds enough bytes of nice - randomness already */ -void -gdm_random_tick (void) -{ - struct timeval tv; - struct timezone tz; - - gettimeofday (&tv, &tz); - - /* the higher order bits of the seconds - are quite uninteresting */ - randnums[0] ^= next_rand_32 ((tv.tv_sec << 20) ^ tv.tv_usec); - - /* different method of combining */ - randnums[1] ^= next_rand_32 (tv.tv_sec) ^ next_rand_32 (tv.tv_usec); - - /* probably unneeded, but just being anal */ - randnums[2] ^= (tv.tv_sec << 20) ^ tv.tv_usec; - - /* probably unneeded, to guess above - the number of invocation is likely needed - anyway */ - randnums[3]++; - - /* also hope that other places call - g_random_int. Note that on systems - without /dev/urandom, this will yet again - measure time the first time it's called and - we'll add entropy based on the speed of the - computer. Yay */ - randnums[4] ^= g_random_int (); -} - -/* check a few values and if we get the same - value, it's not really random. Likely - we got perhaps a string of zeros or some - such. */ -static gboolean -data_seems_random (const char buf[], int size) -{ - int i, lastval = 0; - if (size < 16) - return FALSE; - for (i = 0; i < 10; i++) { - int idx = g_random_int_range (0, size); - if G_LIKELY (i > 0 && - lastval != buf[idx]) - return TRUE; - lastval = buf[idx]; - } - return FALSE; -} - -static unsigned char old_cookie[16]; - -void -gdm_cookie_generate (char **cookiep, - char **bcookiep) -{ - int i; - struct GdmMD5Context ctx; - unsigned char digest[16]; - unsigned char buf[MAXBUFFERSIZE]; - int fd; - pid_t pid; - int r; - char cookie[40]; /* 2*16 == 32, so 40 is enough */ - - cookie[0] = '\0'; - - gdm_md5_init (&ctx); - - /* spin the spinners according to current time */ - gdm_random_tick (); - - gdm_md5_update (&ctx, (unsigned char *) randnums, sizeof (int) * RANDNUMS); - - /* use the last cookie */ - gdm_md5_update (&ctx, old_cookie, 16); - - /* use some uninitialized stack space */ - gdm_md5_update (&ctx, (unsigned char *) cookie, sizeof (cookie)); - - pid = getppid (); - gdm_md5_update (&ctx, (unsigned char *) &pid, sizeof (pid)); - pid = getpid (); - gdm_md5_update (&ctx, (unsigned char *) &pid, sizeof (pid)); - - for (i = 0; i < G_N_ELEMENTS (rngs); i++) { - const char *file = rngs[i].path; - - if G_UNLIKELY (file == NULL) - continue; - do { - int flags; - - flags = O_RDONLY | O_NONBLOCK; -#ifdef O_NOCTTY - flags |= O_NOCTTY; -#endif -#ifdef O_NOFOLLOW - flags |= O_NOFOLLOW; -#endif - - errno = 0; - fd = open (file, flags); - - } while G_UNLIKELY (errno == EINTR); - - if G_LIKELY (fd >= 0) { - /* Apparently this can sometimes block anyway even if it is O_NONBLOCK, - so use select to figure out if there is something available */ - fd_set rfds; - struct timeval tv; - - FD_ZERO (&rfds); - FD_SET (fd, &rfds); - - tv.tv_sec = 0; - tv.tv_usec = 10*1000 /* 10 ms */; - r = 0; - - if G_UNLIKELY (rngs[i].seek > 0) - lseek (fd, rngs[i].seek, SEEK_SET); - - if G_LIKELY (select (fd+1, &rfds, NULL, NULL, &tv) > 0) { - VE_IGNORE_EINTR (r = read (fd, buf, MIN (sizeof (buf), rngs[i].length))); - } - - if G_LIKELY (r > 0) - gdm_md5_update (&ctx, buf, r); - else - r = 0; - - VE_IGNORE_EINTR (close (fd)); - - if G_LIKELY (r >= rngs[i].length && - data_seems_random ((char *) buf, r)) - break; - } - } - - gdm_md5_final (digest, &ctx); - - for (i = 0; i < 16; i++) { - char sub[3]; - g_snprintf (sub, sizeof (sub), "%02x", (guint)digest[i]); - strcat (cookie, sub); - } - - if (cookiep != NULL) { - *cookiep = g_strdup (cookie); - } - - if (bcookiep != NULL) { - *bcookiep = g_new (char, 16); - memcpy (*bcookiep, digest, 16); - } - - memcpy (old_cookie, digest, 16); -} diff --git a/daemon/cookie.h b/daemon/cookie.h deleted file mode 100644 index cdede2b8..00000000 --- a/daemon/cookie.h +++ /dev/null @@ -1,29 +0,0 @@ -/* GDM - The GNOME Display Manager - * Copyright (C) 1998, 1999, 2000 Martin K. Petersen <mkp@mkp.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef GDM_COOKIE_H -#define GDM_COOKIE_H - -void gdm_cookie_generate (char **cookie, - char **bcookie); - -/* Add some more time based randomness, should be done - * at less predictable events */ -void gdm_random_tick (void); - -#endif /* GDM_COOKIE_H */ diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c index 5855f0bb..390e0de6 100644 --- a/daemon/gdm-display.c +++ b/daemon/gdm-display.c @@ -52,9 +52,8 @@ struct GdmDisplayPrivate char *x11_display; int status; time_t creation_time; - char *cookie; - char *binary_cookie; - char *authority_file; + char *x11_cookie; + char *x11_authority_file; gboolean is_local; @@ -68,9 +67,8 @@ enum { PROP_REMOTE_HOSTNAME, PROP_NUMBER, PROP_X11_DISPLAY, - PROP_COOKIE, - PROP_BINARY_COOKIE, - PROP_AUTHORITY_FILE, + PROP_X11_COOKIE, + PROP_X11_AUTHORITY_FILE, PROP_IS_LOCAL, }; @@ -105,14 +103,6 @@ get_next_display_serial (void) return serial; } -char * -gdm_display_get_binary_cookie (GdmDisplay *display) -{ - g_return_val_if_fail (GDM_IS_DISPLAY (display), NULL); - - return g_strdup (display->priv->binary_cookie); -} - time_t gdm_display_get_creation_time (GdmDisplay *display) { @@ -152,6 +142,34 @@ gdm_display_create_authority (GdmDisplay *display) } gboolean +gdm_display_get_x11_cookie (GdmDisplay *display, + char **x11_cookie, + GError **error) +{ + g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); + + if (x11_cookie != NULL) { + *x11_cookie = g_strdup (display->priv->x11_cookie); + } + + return TRUE; +} + +gboolean +gdm_display_get_x11_authority_file (GdmDisplay *display, + char **filename, + GError **error) +{ + g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); + + if (filename != NULL) { + *filename = g_strdup (display->priv->x11_authority_file); + } + + return TRUE; +} + +gboolean gdm_display_get_remote_hostname (GdmDisplay *display, char **hostname, GError **error) @@ -321,27 +339,19 @@ _gdm_display_set_x11_display (GdmDisplay *display, } static void -_gdm_display_set_cookie (GdmDisplay *display, - const char *cookie) +_gdm_display_set_x11_cookie (GdmDisplay *display, + const char *x11_cookie) { - g_free (display->priv->cookie); - display->priv->cookie = g_strdup (cookie); + g_free (display->priv->x11_cookie); + display->priv->x11_cookie = g_strdup (x11_cookie); } static void -_gdm_display_set_binary_cookie (GdmDisplay *display, - const char *cookie) +_gdm_display_set_x11_authority_file (GdmDisplay *display, + const char *file) { - g_free (display->priv->binary_cookie); - display->priv->binary_cookie = g_strdup (cookie); -} - -static void -_gdm_display_set_authority_file (GdmDisplay *display, - const char *file) -{ - g_free (display->priv->authority_file); - display->priv->authority_file = g_strdup (file); + g_free (display->priv->x11_authority_file); + display->priv->x11_authority_file = g_strdup (file); } static void @@ -374,14 +384,11 @@ gdm_display_set_property (GObject *object, case PROP_X11_DISPLAY: _gdm_display_set_x11_display (self, g_value_get_string (value)); break; - case PROP_COOKIE: - _gdm_display_set_cookie (self, g_value_get_string (value)); + case PROP_X11_COOKIE: + _gdm_display_set_x11_cookie (self, g_value_get_string (value)); break; - case PROP_BINARY_COOKIE: - _gdm_display_set_binary_cookie (self, g_value_get_string (value)); - break; - case PROP_AUTHORITY_FILE: - _gdm_display_set_authority_file (self, g_value_get_string (value)); + case PROP_X11_AUTHORITY_FILE: + _gdm_display_set_x11_authority_file (self, g_value_get_string (value)); break; case PROP_IS_LOCAL: _gdm_display_set_is_local (self, g_value_get_boolean (value)); @@ -415,14 +422,11 @@ gdm_display_get_property (GObject *object, case PROP_X11_DISPLAY: g_value_set_string (value, self->priv->x11_display); break; - case PROP_COOKIE: - g_value_set_string (value, self->priv->cookie); - break; - case PROP_BINARY_COOKIE: - g_value_set_string (value, self->priv->binary_cookie); + case PROP_X11_COOKIE: + g_value_set_string (value, self->priv->x11_cookie); break; - case PROP_AUTHORITY_FILE: - g_value_set_string (value, self->priv->authority_file); + case PROP_X11_AUTHORITY_FILE: + g_value_set_string (value, self->priv->x11_authority_file); break; case PROP_IS_LOCAL: g_value_set_boolean (value, self->priv->is_local); @@ -541,22 +545,15 @@ gdm_display_class_init (GdmDisplayClass *klass) NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, - PROP_COOKIE, - g_param_spec_string ("cookie", + PROP_X11_COOKIE, + g_param_spec_string ("x11-cookie", "cookie", "cookie", NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); g_object_class_install_property (object_class, - PROP_BINARY_COOKIE, - g_param_spec_string ("binary-cookie", - "binary-cookie", - "binary-cookie", - NULL, - G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); - g_object_class_install_property (object_class, - PROP_AUTHORITY_FILE, - g_param_spec_string ("authority-file", + PROP_X11_AUTHORITY_FILE, + g_param_spec_string ("x11-authority-file", "authority file", "authority file", NULL, diff --git a/daemon/gdm-display.h b/daemon/gdm-display.h index 55806705..fbf4aab4 100644 --- a/daemon/gdm-display.h +++ b/daemon/gdm-display.h @@ -70,8 +70,6 @@ GType gdm_display_get_type (void); int gdm_display_get_status (GdmDisplay *display); time_t gdm_display_get_creation_time (GdmDisplay *display); -char * gdm_display_get_cookie (GdmDisplay *display); -char * gdm_display_get_binary_cookie (GdmDisplay *display); char * gdm_display_get_user_auth (GdmDisplay *display); gboolean gdm_display_create_authority (GdmDisplay *display); @@ -96,6 +94,15 @@ gboolean gdm_display_is_local (GdmDisplay *disp gboolean *local, GError **error); +/* exported but protected */ +gboolean gdm_display_get_x11_cookie (GdmDisplay *display, + char **x11_cookie, + GError **error); +gboolean gdm_display_get_x11_authority_file (GdmDisplay *display, + char **file, + GError **error); + + G_END_DECLS #endif /* __GDM_DISPLAY_H */ diff --git a/daemon/gdm-display.xml b/daemon/gdm-display.xml index 80037db6..1a99d4d3 100644 --- a/daemon/gdm-display.xml +++ b/daemon/gdm-display.xml @@ -7,6 +7,12 @@ <method name="GetX11Display"> <arg name="name" direction="out" type="s"/> </method> + <method name="GetX11Cookie"> + <arg name="x11_cookie" direction="out" type="s"/> + </method> + <method name="GetX11AuthorityFile"> + <arg name="filename" direction="out" type="s"/> + </method> <method name="IsLocal"> <arg name="local" direction="out" type="b"/> </method> diff --git a/daemon/gdm-greeter.c b/daemon/gdm-greeter.c index 7c572857..7d6b8a06 100644 --- a/daemon/gdm-greeter.c +++ b/daemon/gdm-greeter.c @@ -66,8 +66,8 @@ struct GdmGreeterPrivate int greeter_fd_in; int greeter_fd_out; - char *display_name; - char *display_auth_file; + char *x11_display_name; + char *x11_authority_file; int user_max_filesize; @@ -79,7 +79,8 @@ struct GdmGreeterPrivate enum { PROP_0, - PROP_DISPLAY_NAME, + PROP_X11_DISPLAY_NAME, + PROP_X11_AUTHORITY_FILE, PROP_USER_NAME, PROP_GROUP_NAME, }; @@ -193,15 +194,17 @@ get_greeter_environment (GdmGreeter *greeter) /* create a hash table of current environment, then update keys has necessary */ hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); + +#if 0 for (l = environ; *l != NULL; l++) { char **str; str = g_strsplit (*l, "=", 2); g_hash_table_insert (hash, str[0], str[1]); } +#endif - - g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (greeter->priv->display_auth_file)); - g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (greeter->priv->display_name)); + g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (greeter->priv->x11_authority_file)); + g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (greeter->priv->x11_display_name)); #if 0 /* hackish ain't it */ @@ -1137,11 +1140,19 @@ gdm_greeter_stop (GdmGreeter *greeter) static void -_gdm_greeter_set_display_name (GdmGreeter *greeter, - const char *name) +_gdm_greeter_set_x11_display_name (GdmGreeter *greeter, + const char *name) { - g_free (greeter->priv->display_name); - greeter->priv->display_name = g_strdup (name); + g_free (greeter->priv->x11_display_name); + greeter->priv->x11_display_name = g_strdup (name); +} + +static void +_gdm_greeter_set_x11_authority_file (GdmGreeter *greeter, + const char *file) +{ + g_free (greeter->priv->x11_authority_file); + greeter->priv->x11_authority_file = g_strdup (file); } static void @@ -1171,8 +1182,11 @@ gdm_greeter_set_property (GObject *object, self = GDM_GREETER (object); switch (prop_id) { - case PROP_DISPLAY_NAME: - _gdm_greeter_set_display_name (self, g_value_get_string (value)); + case PROP_X11_DISPLAY_NAME: + _gdm_greeter_set_x11_display_name (self, g_value_get_string (value)); + break; + case PROP_X11_AUTHORITY_FILE: + _gdm_greeter_set_x11_authority_file (self, g_value_get_string (value)); break; case PROP_USER_NAME: _gdm_greeter_set_user_name (self, g_value_get_string (value)); @@ -1197,8 +1211,11 @@ gdm_greeter_get_property (GObject *object, self = GDM_GREETER (object); switch (prop_id) { - case PROP_DISPLAY_NAME: - g_value_set_string (value, self->priv->display_name); + case PROP_X11_DISPLAY_NAME: + g_value_set_string (value, self->priv->x11_display_name); + break; + case PROP_X11_AUTHORITY_FILE: + g_value_set_string (value, self->priv->x11_authority_file); break; case PROP_USER_NAME: g_value_set_string (value, self->priv->user_name); @@ -1242,13 +1259,20 @@ gdm_greeter_class_init (GdmGreeterClass *klass) g_type_class_add_private (klass, sizeof (GdmGreeterPrivate)); g_object_class_install_property (object_class, - PROP_DISPLAY_NAME, - g_param_spec_string ("display-name", + PROP_X11_DISPLAY_NAME, + g_param_spec_string ("x11-display-name", "name", "name", NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, + PROP_X11_AUTHORITY_FILE, + g_param_spec_string ("x11-authority-file", + "authority file", + "authority file", + NULL, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); + g_object_class_install_property (object_class, PROP_USER_NAME, g_param_spec_string ("user-name", "user name", @@ -1299,7 +1323,7 @@ gdm_greeter_new (const char *display_name) GObject *object; object = g_object_new (GDM_TYPE_GREETER, - "display-name", display_name, + "x11-display-name", display_name, NULL); return GDM_GREETER (object); diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index 443108c5..6863af79 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -47,8 +47,6 @@ #include "gdm-master-config.h" #include "gdm-daemon-config-entries.h" -#include "cookie.h" - #define GDM_MANAGER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_MANAGER, GdmManagerPrivate)) #define GDM_DBUS_PATH "/org/gnome/DisplayManager" @@ -63,7 +61,7 @@ struct GdmManagerPrivate gboolean xdmcp_enabled; - char *global_cookie; + GString *global_cookie; gboolean wait_for_go; gboolean no_console; @@ -171,8 +169,9 @@ make_global_cookie (GdmManager *manager) { FILE *fp; char *file; + GString *cookie; - gdm_cookie_generate ((char **)&manager->priv->global_cookie, NULL); + gdm_generate_cookie (manager->priv->global_cookie); file = g_build_filename (AUTHDIR, ".cookie", NULL); VE_IGNORE_EINTR (g_unlink (file)); @@ -184,7 +183,7 @@ make_global_cookie (GdmManager *manager) return; } - VE_IGNORE_EINTR (fprintf (fp, "%s\n", manager->priv->global_cookie)); + VE_IGNORE_EINTR (fprintf (fp, "%s\n", manager->priv->global_cookie->str)); /* FIXME: What about out of disk space errors? */ errno = 0; @@ -403,6 +402,8 @@ gdm_manager_init (GdmManager *manager) manager->priv->daemon_config = gdm_daemon_config_new (); + manager->priv->global_cookie = g_string_new (NULL); + make_global_cookie (manager); gdm_daemon_config_get_bool_for_id (manager->priv->daemon_config, @@ -439,6 +440,8 @@ gdm_manager_finalize (GObject *object) g_object_unref (manager->priv->daemon_config); } + g_string_free (manager->priv->global_cookie, TRUE); + G_OBJECT_CLASS (gdm_manager_parent_class)->finalize (object); } diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c index 797de0d6..a9752583 100644 --- a/daemon/gdm-slave.c +++ b/daemon/gdm-slave.c @@ -60,6 +60,8 @@ extern char **environ; #define GDM_DBUS_NAME "org.gnome.DisplayManager" #define GDM_DBUS_DISPLAY_INTERFACE "org.gnome.DisplayManager.Display" +#define MAX_CONNECT_ATTEMPTS 10 + struct GdmSlavePrivate { char *id; @@ -71,6 +73,7 @@ struct GdmSlavePrivate GPid server_pid; Display *server_display; + guint connection_attempts; /* cached display values */ char *display_id; @@ -79,9 +82,10 @@ struct GdmSlavePrivate char *display_hostname; gboolean display_is_local; gboolean display_is_parented; - char *display_auth_file; + char *display_x11_authority_file; + char *display_x11_cookie; char *parent_display_name; - char *parent_display_auth_file; + char *parent_display_x11_authority_file; GdmServer *server; @@ -420,6 +424,7 @@ listify_hash (const char *key, { char *str; str = g_strdup_printf ("%s=%s", key, value); + g_debug ("environment: %s", str); g_ptr_array_add (env, str); } @@ -437,11 +442,14 @@ get_script_environment (GdmSlave *slave, /* create a hash table of current environment, then update keys has necessary */ hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); + +#if 0 for (l = environ; *l != NULL; l++) { char **str; str = g_strsplit (*l, "=", 2); g_hash_table_insert (hash, str[0], str[1]); } +#endif /* modify environment here */ g_hash_table_insert (hash, g_strdup ("HOME"), g_strdup ("/")); @@ -479,7 +487,7 @@ get_script_environment (GdmSlave *slave, } /* Runs as root */ - g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (slave->priv->display_auth_file)); + g_hash_table_insert (hash, g_strdup ("XAUTHORITY"), g_strdup (slave->priv->display_x11_authority_file)); g_hash_table_insert (hash, g_strdup ("DISPLAY"), g_strdup (slave->priv->display_name)); /*g_setenv ("PATH", gdm_daemon_config_get_value_string (GDM_KEY_ROOT_PATH), TRUE);*/ @@ -604,30 +612,12 @@ gdm_slave_exec_script (GdmSlave *slave, } static void -server_ready_cb (GdmServer *server, - GdmSlave *slave) +run_greeter (GdmSlave *slave) { - /* We keep our own (windowless) connection (dsp) open to avoid the - * X server resetting due to lack of active connections. */ - - g_debug ("Server is ready - opening display %s", slave->priv->display_name); - - gdm_sigchld_block_push (); - slave->priv->server_display = XOpenDisplay (slave->priv->display_name); - gdm_sigchld_block_pop (); - - if (slave->priv->server_display == NULL) { - return FALSE; - } - - - /* FIXME: handle wait for go */ - /* Set the busy cursor */ set_busy_cursor (slave); - /* FIXME: send a signal back to the master */ #if 0 @@ -658,6 +648,9 @@ server_ready_cb (GdmServer *server, "gdm"); slave->priv->greeter = gdm_greeter_new (slave->priv->display_name); + g_object_set (slave->priv->greeter, + "x11-authority-file", slave->priv->display_x11_authority_file, + NULL); gdm_greeter_start (slave->priv->greeter); /* If XDMCP stop pinging */ @@ -666,6 +659,102 @@ server_ready_cb (GdmServer *server, } } +static void +set_local_auth (GdmSlave *slave) +{ + GString *binary_cookie; + GString *cookie; + + g_debug ("Setting authorization key for display %s", slave->priv->display_x11_cookie); + + cookie = g_string_new (slave->priv->display_x11_cookie); + binary_cookie = g_string_new (NULL); + if (! gdm_string_hex_decode (cookie, + 0, + NULL, + binary_cookie, + 0)) { + g_warning ("Unable to decode hex cookie"); + goto out; + } + + g_debug ("Decoded cookie len %d", binary_cookie->len); + + XSetAuthorization ("MIT-MAGIC-COOKIE-1", + (int) strlen ("MIT-MAGIC-COOKIE-1"), + (char *)binary_cookie->str, + binary_cookie->len); + + out: + g_string_free (binary_cookie, TRUE); + g_string_free (cookie, TRUE); +} + +static gboolean +connect_to_display (GdmSlave *slave) +{ + /* We keep our own (windowless) connection (dsp) open to avoid the + * X server resetting due to lack of active connections. */ + + g_debug ("Server is ready - opening display %s", slave->priv->display_name); + + g_setenv ("DISPLAY", slave->priv->display_name, TRUE); + g_unsetenv ("XAUTHORITY"); /* just in case it's set */ + + + + set_local_auth (slave); + +#if 0 + /* X error handlers to avoid the default one (i.e. exit (1)) */ + do_xfailed_on_xio_error = TRUE; + XSetErrorHandler (gdm_slave_xerror_handler); + XSetIOErrorHandler (gdm_slave_xioerror_handler); +#endif + + gdm_sigchld_block_push (); + slave->priv->server_display = XOpenDisplay (slave->priv->display_name); + gdm_sigchld_block_pop (); + + if (slave->priv->server_display == NULL) { + g_warning ("Unable to connect to display %s", slave->priv->display_name); + return FALSE; + } else { + g_debug ("Connected to display %s", slave->priv->display_name); + } + + return TRUE; +} + +static gboolean +idle_connect_to_display (GdmSlave *slave) +{ + gboolean res; + + slave->priv->connection_attempts++; + + res = connect_to_display (slave); + if (res) { + /* FIXME: handle wait-for-go */ + + run_greeter (slave); + } else { + if (slave->priv->connection_attempts >= MAX_CONNECT_ATTEMPTS) { + g_warning ("Unable to connect to display after %d tries - bailing out", slave->priv->connection_attempts); + exit (1); + } + } + + return FALSE; +} + +static void +server_ready_cb (GdmServer *server, + GdmSlave *slave) +{ + g_timeout_add (500, (GSourceFunc)idle_connect_to_display, slave); +} + static gboolean gdm_slave_run (GdmSlave *slave) { @@ -695,27 +784,10 @@ gdm_slave_run (GdmSlave *slave) } g_debug ("Started X server"); + } else { + g_timeout_add (500, (GSourceFunc)idle_connect_to_display, slave); } - /* We can use d->handled from now on on this display, - * since the lookup was done in server start */ - - g_setenv ("DISPLAY", slave->priv->display_name, TRUE); - g_unsetenv ("XAUTHORITY"); /* just in case it's set */ - -#if 0 - gdm_auth_set_local_auth (d); -#endif - -#if 0 - /* X error handlers to avoid the default one (i.e. exit (1)) */ - do_xfailed_on_xio_error = TRUE; - XSetErrorHandler (gdm_slave_xerror_handler); - XSetIOErrorHandler (gdm_slave_xioerror_handler); -#endif - - /* now we wait for ready signal */ - return TRUE; } @@ -803,6 +875,42 @@ gdm_slave_start (GdmSlave *slave) return FALSE; } + error = NULL; + res = dbus_g_proxy_call (slave->priv->display_proxy, + "GetX11Cookie", + &error, + G_TYPE_INVALID, + G_TYPE_STRING, &slave->priv->display_x11_cookie, + G_TYPE_INVALID); + if (! res) { + if (error != NULL) { + g_warning ("Failed to get value: %s", error->message); + g_error_free (error); + } else { + g_warning ("Failed to get value"); + } + + return FALSE; + } + + error = NULL; + res = dbus_g_proxy_call (slave->priv->display_proxy, + "GetX11AuthorityFile", + &error, + G_TYPE_INVALID, + G_TYPE_STRING, &slave->priv->display_x11_authority_file, + G_TYPE_INVALID); + if (! res) { + if (error != NULL) { + g_warning ("Failed to get value: %s", error->message); + g_error_free (error); + } else { + g_warning ("Failed to get value"); + } + + return FALSE; + } + gdm_slave_run (slave); return TRUE; diff --git a/daemon/gdm-xdmcp-display.c b/daemon/gdm-xdmcp-display.c index 2201698f..18ed9019 100644 --- a/daemon/gdm-xdmcp-display.c +++ b/daemon/gdm-xdmcp-display.c @@ -42,7 +42,6 @@ #include "gdm-common.h" #include "gdm-address.h" -#include "cookie.h" #include "auth.h" #define GDM_XDMCP_DISPLAY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_XDMCP_DISPLAY, GdmXdmcpDisplayPrivate)) @@ -89,24 +88,27 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display) gboolean ret; char *authfile; int display_num; - char *name; - char *cookie; - char *bcookie; + char *x11_display; + GString *cookie; GSList *authlist; char *basename; ret = FALSE; - name = NULL; + x11_display = NULL; g_object_get (display, - "name", &name, + "x11-display", &x11_display, "number", &display_num, NULL); - g_debug ("Setting up access for %s", name); + /* Create new random cookie */ + cookie = g_string_new (NULL); + gdm_generate_cookie (cookie); + + g_debug ("Setting up access for %s", x11_display); /* gdm and xserver authfile can be the same, server will run as root */ - basename = g_strconcat (name, ".Xauth", NULL); + basename = g_strconcat (x11_display, ".Xauth", NULL); authfile = g_build_filename (AUTHDIR, basename, NULL); g_free (basename); @@ -117,10 +119,8 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display) goto out; } - /* Create new random cookie */ - gdm_cookie_generate (&cookie, &bcookie); authlist = NULL; - if (! gdm_auth_add_entry_for_display (display_num, bcookie, &authlist, af)) { + if (! gdm_auth_add_entry_for_display (display_num, cookie, &authlist, af)) { goto out; } @@ -134,21 +134,21 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display) } g_debug ("Set up access for %s - %d entries", - name, + x11_display, g_slist_length (authlist)); /* FIXME: save authlist */ g_object_set (display, - "authority-file", authfile, - "cookie", cookie, - "binary-cookie", bcookie, + "x11-authority-file", authfile, + "x11-cookie", cookie->str, NULL); ret = TRUE; out: - g_free (name); + g_free (x11_display); + g_string_free (cookie, TRUE); return ret; } diff --git a/daemon/gdm-xdmcp-manager.c b/daemon/gdm-xdmcp-manager.c index 50278fff..822db905 100644 --- a/daemon/gdm-xdmcp-manager.c +++ b/daemon/gdm-xdmcp-manager.c @@ -56,7 +56,6 @@ #include "gdm-display-store.h" #include "auth.h" -#include "cookie.h" #include "choose.h" #include "gdm-master-config.h" #include "gdm-daemon-config-entries.h" @@ -1674,9 +1673,9 @@ remove_host (const char *id, } static void -gdm_xdmcp_display_dispose_check (GdmXdmcpManager *manager, - const char *hostname, - int display_num) +display_dispose_check (GdmXdmcpManager *manager, + const char *hostname, + int display_num) { RemoveHostData *data; @@ -1684,7 +1683,7 @@ gdm_xdmcp_display_dispose_check (GdmXdmcpManager *manager, return; } - g_debug ("gdm_xdmcp_display_dispose_check (%s:%d)", hostname, display_num); + g_debug ("display_dispose_check (%s:%d)", hostname, display_num); data = g_new0 (RemoveHostData, 1); data->hostname = hostname; @@ -1826,7 +1825,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, ARRAYofARRAY8 clnt_addr; ARRAY8 clnt_authname; ARRAY8 clnt_authdata; - ARRAYofARRAY8 clnt_authorization; + ARRAYofARRAY8 clnt_authorization_names; ARRAY8 clnt_manufacturer; int explen; int i; @@ -1893,7 +1892,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, } /* Read and select from supported authorization list */ - if G_UNLIKELY (! XdmcpReadARRAYofARRAY8 (&manager->priv->buf, &clnt_authorization)) { + if G_UNLIKELY (! XdmcpReadARRAYofARRAY8 (&manager->priv->buf, &clnt_authorization_names)) { g_warning (_("%s: Could not read Authorization List"), "gdm_xdmcp_handle_request"); XdmcpDisposeARRAY8 (&clnt_authdata); @@ -1904,11 +1903,12 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, } /* libXdmcp doesn't terminate strings properly so we cheat and use strncmp () */ - for (i = 0 ; i < clnt_authorization.length ; i++) - if (clnt_authorization.data[i].length == 18 && - strncmp ((char *) clnt_authorization.data[i].data, - "MIT-MAGIC-COOKIE-1", 18) == 0) + for (i = 0 ; i < clnt_authorization_names.length ; i++) { + if (clnt_authorization_names.data[i].length == 18 && + strncmp ((char *) clnt_authorization_names.data[i].data, "MIT-MAGIC-COOKIE-1", 18) == 0) { mitauth = TRUE; + } + } /* Manufacturer ID */ if G_UNLIKELY (! XdmcpReadARRAY8 (&manager->priv->buf, &clnt_manufacturer)) { @@ -1917,7 +1917,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, XdmcpDisposeARRAY8 (&clnt_authname); XdmcpDisposeARRAY8 (&clnt_authdata); XdmcpDisposeARRAYofARRAY8 (&clnt_addr); - XdmcpDisposeARRAYofARRAY8 (&clnt_authorization); + XdmcpDisposeARRAYofARRAY8 (&clnt_authorization_names); XdmcpDisposeARRAY16 (&clnt_conntyp); goto out; } @@ -1926,13 +1926,16 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, explen = 2; /* Display Number */ explen += 1 + 2 * clnt_conntyp.length; /* Connection Type */ explen += 1; /* Connection Address */ - for (i = 0 ; i < clnt_addr.length ; i++) + for (i = 0 ; i < clnt_addr.length ; i++) { explen += 2 + clnt_addr.data[i].length; + } explen += 2 + clnt_authname.length; /* Authentication Name */ explen += 2 + clnt_authdata.length; /* Authentication Data */ explen += 1; /* Authorization Names */ - for (i = 0 ; i < clnt_authorization.length ; i++) - explen += 2 + clnt_authorization.data[i].length; + for (i = 0 ; i < clnt_authorization_names.length ; i++) { + explen += 2 + clnt_authorization_names.data[i].length; + } + explen += 2 + clnt_manufacturer.length; if G_UNLIKELY (explen != len) { @@ -1944,7 +1947,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, XdmcpDisposeARRAY8 (&clnt_authdata); XdmcpDisposeARRAY8 (&clnt_manufacturer); XdmcpDisposeARRAYofARRAY8 (&clnt_addr); - XdmcpDisposeARRAYofARRAY8 (&clnt_authorization); + XdmcpDisposeARRAYofARRAY8 (&clnt_authorization_names); XdmcpDisposeARRAY16 (&clnt_conntyp); goto out; } @@ -1971,7 +1974,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, if (entered) { /* Check if we are already talking to this host */ - gdm_xdmcp_display_dispose_check (manager, hostname, clnt_dspnum); + display_dispose_check (manager, hostname, clnt_dspnum); if (manager->priv->num_pending_sessions >= manager->priv->max_pending_displays) { g_debug ("gdm_xdmcp_handle_request: maximum pending"); @@ -1991,10 +1994,29 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, ARRAY8 authentication_data; ARRAY8 authorization_name; ARRAY8 authorization_data; - char *binary_cookie; gint32 session_number; + char *x11_cookie; + GString *cookie; + GString *binary_cookie; + + gdm_display_get_x11_cookie (display, &x11_cookie, NULL); + cookie = g_string_new (x11_cookie); + g_free (x11_cookie); + + binary_cookie = g_string_new (NULL); + + if (! gdm_string_hex_decode (cookie, + 0, + NULL, + binary_cookie, + 0)) { + g_warning ("Unable to decode hex cookie"); + /* FIXME: handle error */ + } + + g_debug ("Sending authorization key for display %s", cookie->str); + g_debug ("Decoded cookie len %d", binary_cookie->len); - binary_cookie = gdm_display_get_binary_cookie (display); session_number = gdm_xdmcp_display_get_session_number (GDM_XDMCP_DISPLAY (display)); /* the send accept will fail if cookie is null */ @@ -2008,10 +2030,8 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, authorization_name.data = (CARD8 *) "MIT-MAGIC-COOKIE-1"; authorization_name.length = strlen ((char *) authorization_name.data); - authorization_data.data = (CARD8 *) binary_cookie; - authorization_data.length = 16; - - g_free (binary_cookie); + authorization_data.data = (CARD8 *) binary_cookie->str; + authorization_data.length = binary_cookie->len; /* the addrs are NOT copied */ gdm_xdmcp_send_accept (manager, @@ -2021,6 +2041,9 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, &authentication_data, &authorization_name, &authorization_data); + + g_string_free (binary_cookie, TRUE); + g_string_free (cookie, TRUE); } } } else { @@ -2048,7 +2071,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, XdmcpDisposeARRAY8 (&clnt_authdata); XdmcpDisposeARRAY8 (&clnt_manufacturer); XdmcpDisposeARRAYofARRAY8 (&clnt_addr); - XdmcpDisposeARRAYofARRAY8 (&clnt_authorization); + XdmcpDisposeARRAYofARRAY8 (&clnt_authorization_names); XdmcpDisposeARRAY16 (&clnt_conntyp); out: g_free (hostname); diff --git a/daemon/md5.c b/daemon/md5.c deleted file mode 100644 index 3faf29a0..00000000 --- a/daemon/md5.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * GdmMD5Context structure, pass it to gdm_md5_init, call - * gdm_md5_update as needed on buffers full of bytes, and then call - * gdm_md5_final, which will fill a supplied 16-byte array with the - * digest. - * - * Changed all names to avoid glibc namespace pollution -- mkp - * - */ - -#include "config.h" -#include <string.h> /* for memcpy () */ -#include <glib.h> - -#ifdef __LINUX__ -#include <endian.h> -#endif - -#include "md5.h" - -#if BYTE_ORDER == LITTLE_ENDIAN -#define byteReverse(buf, len) /* Nothing */ -#else - -/* - * Note: this code is harmless on little-endian machines. - */ -static void -byteReverse(unsigned char *buf, unsigned longs) -{ - guint32 t; - do { - t = (guint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | - ((unsigned) buf[1] << 8 | buf[0]); - *(guint32 *) buf = t; - buf += 4; - } while (--longs); -} - -#endif - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void -gdm_md5_init (struct GdmMD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bits[0] = 0; - ctx->bits[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void -gdm_md5_update (struct GdmMD5Context *ctx, unsigned char const *buf, unsigned len) -{ - guint32 t; - - /* Update bitcount */ - - t = ctx->bits[0]; - if ((ctx->bits[0] = t + ((guint32) len << 3)) < t) - ctx->bits[1]++; /* Carry from low to high */ - ctx->bits[1] += len >> 29; - - t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ - - /* Handle any leading odd-sized chunks */ - - if (t) { - unsigned char *p = (unsigned char *) ctx->in + t; - - t = 64 - t; - if (len < t) { - memcpy (p, buf, len); - return; - } - memcpy (p, buf, t); - byteReverse(ctx->in, 16); - gdm_md5_transform (ctx->buf, (guint32 *) ctx->in); - buf += t; - len -= t; - } - - /* Process data in 64-byte chunks */ - - while (len >= 64) { - memcpy (ctx->in, buf, 64); - byteReverse(ctx->in, 16); - gdm_md5_transform (ctx->buf, (guint32 *) ctx->in); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - - memcpy (ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void -gdm_md5_final (unsigned char digest[16], struct GdmMD5Context *ctx) -{ - unsigned count; - unsigned char *p; - - /* Compute number of bytes mod 64 */ - count = (ctx->bits[0] >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - p = ctx->in + count; - *p++ = 0x80; - - /* Bytes of padding needed to make 64 bytes */ - count = 64 - 1 - count; - - /* Pad out to 56 mod 64 */ - if (count < 8) { - /* Two lots of padding: Pad the first block to 64 bytes */ - memset (p, 0, count); - byteReverse(ctx->in, 16); - gdm_md5_transform (ctx->buf, (guint32 *) ctx->in); - - /* Now fill the next block with 56 bytes */ - memset (ctx->in, 0, 56); - } else { - /* Pad block to 56 bytes */ - memset (p, 0, count - 8); - } - byteReverse(ctx->in, 14); - - /* Append length in bits and transform */ - ((guint32 *) ctx->in)[14] = ctx->bits[0]; - ((guint32 *) ctx->in)[15] = ctx->bits[1]; - - gdm_md5_transform (ctx->buf, (guint32 *) ctx->in); - byteReverse((unsigned char *) ctx->buf, 4); - memcpy (digest, ctx->buf, 16); - memset (ctx, 0, sizeof (ctx)); /* In case it's sensitive */ -} - - -/* The four core functions - F1 is optimized somewhat */ - -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1 (z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define gdm_md5_step(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x ) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. GdmMD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -void -gdm_md5_transform (guint32 buf[4], guint32 const in[16]) -{ - register guint32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - gdm_md5_step(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - gdm_md5_step(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - gdm_md5_step(F1, c, d, a, b, in[2] + 0x242070db, 17); - gdm_md5_step(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - gdm_md5_step(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - gdm_md5_step(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - gdm_md5_step(F1, c, d, a, b, in[6] + 0xa8304613, 17); - gdm_md5_step(F1, b, c, d, a, in[7] + 0xfd469501, 22); - gdm_md5_step(F1, a, b, c, d, in[8] + 0x698098d8, 7); - gdm_md5_step(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - gdm_md5_step(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - gdm_md5_step(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - gdm_md5_step(F1, a, b, c, d, in[12] + 0x6b901122, 7); - gdm_md5_step(F1, d, a, b, c, in[13] + 0xfd987193, 12); - gdm_md5_step(F1, c, d, a, b, in[14] + 0xa679438e, 17); - gdm_md5_step(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - gdm_md5_step(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - gdm_md5_step(F2, d, a, b, c, in[6] + 0xc040b340, 9); - gdm_md5_step(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - gdm_md5_step(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - gdm_md5_step(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - gdm_md5_step(F2, d, a, b, c, in[10] + 0x02441453, 9); - gdm_md5_step(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - gdm_md5_step(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - gdm_md5_step(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - gdm_md5_step(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - gdm_md5_step(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - gdm_md5_step(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - gdm_md5_step(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - gdm_md5_step(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - gdm_md5_step(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - gdm_md5_step(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - gdm_md5_step(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - gdm_md5_step(F3, d, a, b, c, in[8] + 0x8771f681, 11); - gdm_md5_step(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - gdm_md5_step(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - gdm_md5_step(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - gdm_md5_step(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - gdm_md5_step(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - gdm_md5_step(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - gdm_md5_step(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - gdm_md5_step(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - gdm_md5_step(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - gdm_md5_step(F3, b, c, d, a, in[6] + 0x04881d05, 23); - gdm_md5_step(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - gdm_md5_step(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - gdm_md5_step(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - gdm_md5_step(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - gdm_md5_step(F4, a, b, c, d, in[0] + 0xf4292244, 6); - gdm_md5_step(F4, d, a, b, c, in[7] + 0x432aff97, 10); - gdm_md5_step(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - gdm_md5_step(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - gdm_md5_step(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - gdm_md5_step(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - gdm_md5_step(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - gdm_md5_step(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - gdm_md5_step(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - gdm_md5_step(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - gdm_md5_step(F4, c, d, a, b, in[6] + 0xa3014314, 15); - gdm_md5_step(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - gdm_md5_step(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - gdm_md5_step(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - gdm_md5_step(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - gdm_md5_step(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - - - diff --git a/daemon/md5.h b/daemon/md5.h deleted file mode 100644 index 38b992b0..00000000 --- a/daemon/md5.h +++ /dev/null @@ -1,41 +0,0 @@ -/* GDM - The GNOME Display Manager - * Copyright (C) 1998, 1999, 2000 Martin K. Petersen <mkp@mkp.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef GdmMD5_H -#define GdmMD5_H - -#include <glib.h> - -struct GdmMD5Context { - guint32 buf[4]; - guint32 bits[2]; - unsigned char in[64]; -}; - -void gdm_md5_init (struct GdmMD5Context *context); -void gdm_md5_update (struct GdmMD5Context *context, unsigned char const *buf, - unsigned len); -void gdm_md5_final (unsigned char digest[16], struct GdmMD5Context *context); -void gdm_md5_transform (guint32 buf[4], guint32 const in[16]); - -/* - * This is needed to make RSAREF happy on some MS-DOS compilers. - */ -/* typedef struct gdm_md5_Context gdm_md5__CTX; */ - -#endif /* !GdmMD5_H */ |