diff options
author | William Jon McCann <mccann@jhu.edu> | 2007-07-25 22:45:28 +0000 |
---|---|---|
committer | William Jon McCann <mccann@src.gnome.org> | 2007-07-25 22:45:28 +0000 |
commit | cab659a1278bd000f116a41a4321159f720b0d2a (patch) | |
tree | 1d253e9756d9ba8a1d80d745e3bd2fa10dab18d5 | |
parent | 466d7376ec05b05e82efb5c359006cfb225cf653 (diff) | |
download | gdm-cab659a1278bd000f116a41a4321159f720b0d2a.tar.gz |
Make XDMCP logins work.
2007-07-25 William Jon McCann <mccann@jhu.edu>
* common/gdm-address.c: (gdm_address_get_hostname),
(gdm_address_get_numeric_info), (address_family_str),
(gdm_address_debug):
* common/gdm-address.h:
* daemon/Makefile.am:
* daemon/auth.c: (gdm_auth_add_entry),
(gdm_auth_add_entry_for_display), (gdm_auth_user_add):
* daemon/auth.h:
* daemon/gdm-ck-session.c: (unlock_ck_session):
* daemon/gdm-display.c: (gdm_display_real_add_user_authorization),
(gdm_display_add_user_authorization),
(gdm_display_real_remove_user_authorization),
(gdm_display_remove_user_authorization),
(gdm_display_get_x11_display_number),
(gdm_display_get_x11_display_name),
(_gdm_display_set_x11_display_number),
(_gdm_display_set_x11_display_name), (gdm_display_set_property),
(gdm_display_get_property), (gdm_display_class_init):
* daemon/gdm-display.h:
* daemon/gdm-display.xml:
* daemon/gdm-factory-slave.c: (run_greeter):
* daemon/gdm-greeter-proxy.c: (listify_hash):
* daemon/gdm-product-display.c:
(gdm_product_display_add_user_authorization),
(gdm_product_display_remove_user_authorization),
(gdm_product_display_class_init), (gdm_product_display_new):
* daemon/gdm-simple-slave.c: (listify_hash),
(get_script_environment), (add_user_authorization),
(setup_session_environment), (run_greeter),
(gdm_simple_slave_init):
* daemon/gdm-slave.c: (gdm_slave_real_start),
(gdm_slave_add_user_authorization),
(_gdm_slave_set_display_number), (gdm_slave_set_property),
(gdm_slave_get_property), (gdm_slave_class_init):
* daemon/gdm-slave.h:
* daemon/gdm-static-display.c:
(gdm_static_display_add_user_authorization),
(gdm_static_display_remove_user_authorization),
(gdm_static_display_class_init), (gdm_static_display_new):
* daemon/gdm-static-factory-display.c:
(gdm_static_factory_display_add_user_authorization),
(gdm_static_factory_display_remove_user_authorization),
(gdm_static_factory_display_class_init),
(gdm_static_factory_display_new):
* daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority),
(gdm_xdmcp_display_add_user_authorization),
(gdm_xdmcp_display_remove_user_authorization),
(_gdm_xdmcp_display_set_remote_address),
(gdm_xdmcp_display_set_property), (gdm_xdmcp_display_class_init),
(gdm_xdmcp_display_new):
* daemon/gdm-xdmcp-manager.c: (do_bind), (gdm_xdmcp_host_allow),
(lookup_by_host), (gdm_xdmcp_send_willing),
(gdm_xdmcp_send_unwilling), (gdm_xdmcp_send_forward_query),
(gdm_forward_query_dispose), (gdm_forward_query_lookup),
(gdm_xdmcp_handle_forward_query),
(gdm_xdmcp_really_send_managed_forward),
(gdm_xdmcp_send_got_managed_forward), (remove_host),
(gdm_xdmcp_send_decline), (gdm_xdmcp_display_alloc),
(gdm_xdmcp_send_accept), (gdm_xdmcp_handle_request),
(gdm_xdmcp_handle_manage), (gdm_xdmcp_handle_managed_forward),
(gdm_xdmcp_handle_got_managed_forward),
(gdm_xdmcp_handle_keepalive), (decode_packet):
* data/gdm.conf:
* gui/simple-greeter/greeter-main.c: (main):
Make XDMCP logins work.
svn path=/branches/mccann-gobject/; revision=5086
-rw-r--r-- | ChangeLog | 68 | ||||
-rw-r--r-- | common/gdm-address.c | 122 | ||||
-rw-r--r-- | common/gdm-address.h | 6 | ||||
-rw-r--r-- | daemon/Makefile.am | 4 | ||||
-rw-r--r-- | daemon/auth.c | 780 | ||||
-rw-r--r-- | daemon/auth.h | 40 | ||||
-rw-r--r-- | daemon/gdm-ck-session.c | 2 | ||||
-rw-r--r-- | daemon/gdm-display.c | 134 | ||||
-rw-r--r-- | daemon/gdm-display.h | 28 | ||||
-rw-r--r-- | daemon/gdm-display.xml | 15 | ||||
-rw-r--r-- | daemon/gdm-factory-slave.c | 9 | ||||
-rw-r--r-- | daemon/gdm-greeter-proxy.c | 1 | ||||
-rw-r--r-- | daemon/gdm-product-display.c | 23 | ||||
-rw-r--r-- | daemon/gdm-simple-slave.c | 58 | ||||
-rw-r--r-- | daemon/gdm-slave.c | 103 | ||||
-rw-r--r-- | daemon/gdm-slave.h | 4 | ||||
-rw-r--r-- | daemon/gdm-static-display.c | 23 | ||||
-rw-r--r-- | daemon/gdm-static-factory-display.c | 23 | ||||
-rw-r--r-- | daemon/gdm-xdmcp-display.c | 65 | ||||
-rw-r--r-- | daemon/gdm-xdmcp-manager.c | 74 | ||||
-rw-r--r-- | data/gdm.conf | 9 | ||||
-rw-r--r-- | gui/simple-greeter/greeter-main.c | 2 |
22 files changed, 774 insertions, 819 deletions
@@ -1,3 +1,71 @@ +2007-07-25 William Jon McCann <mccann@jhu.edu> + + * common/gdm-address.c: (gdm_address_get_hostname), + (gdm_address_get_numeric_info), (address_family_str), + (gdm_address_debug): + * common/gdm-address.h: + * daemon/Makefile.am: + * daemon/auth.c: (gdm_auth_add_entry), + (gdm_auth_add_entry_for_display), (gdm_auth_user_add): + * daemon/auth.h: + * daemon/gdm-ck-session.c: (unlock_ck_session): + * daemon/gdm-display.c: (gdm_display_real_add_user_authorization), + (gdm_display_add_user_authorization), + (gdm_display_real_remove_user_authorization), + (gdm_display_remove_user_authorization), + (gdm_display_get_x11_display_number), + (gdm_display_get_x11_display_name), + (_gdm_display_set_x11_display_number), + (_gdm_display_set_x11_display_name), (gdm_display_set_property), + (gdm_display_get_property), (gdm_display_class_init): + * daemon/gdm-display.h: + * daemon/gdm-display.xml: + * daemon/gdm-factory-slave.c: (run_greeter): + * daemon/gdm-greeter-proxy.c: (listify_hash): + * daemon/gdm-product-display.c: + (gdm_product_display_add_user_authorization), + (gdm_product_display_remove_user_authorization), + (gdm_product_display_class_init), (gdm_product_display_new): + * daemon/gdm-simple-slave.c: (listify_hash), + (get_script_environment), (add_user_authorization), + (setup_session_environment), (run_greeter), + (gdm_simple_slave_init): + * daemon/gdm-slave.c: (gdm_slave_real_start), + (gdm_slave_add_user_authorization), + (_gdm_slave_set_display_number), (gdm_slave_set_property), + (gdm_slave_get_property), (gdm_slave_class_init): + * daemon/gdm-slave.h: + * daemon/gdm-static-display.c: + (gdm_static_display_add_user_authorization), + (gdm_static_display_remove_user_authorization), + (gdm_static_display_class_init), (gdm_static_display_new): + * daemon/gdm-static-factory-display.c: + (gdm_static_factory_display_add_user_authorization), + (gdm_static_factory_display_remove_user_authorization), + (gdm_static_factory_display_class_init), + (gdm_static_factory_display_new): + * daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority), + (gdm_xdmcp_display_add_user_authorization), + (gdm_xdmcp_display_remove_user_authorization), + (_gdm_xdmcp_display_set_remote_address), + (gdm_xdmcp_display_set_property), (gdm_xdmcp_display_class_init), + (gdm_xdmcp_display_new): + * daemon/gdm-xdmcp-manager.c: (do_bind), (gdm_xdmcp_host_allow), + (lookup_by_host), (gdm_xdmcp_send_willing), + (gdm_xdmcp_send_unwilling), (gdm_xdmcp_send_forward_query), + (gdm_forward_query_dispose), (gdm_forward_query_lookup), + (gdm_xdmcp_handle_forward_query), + (gdm_xdmcp_really_send_managed_forward), + (gdm_xdmcp_send_got_managed_forward), (remove_host), + (gdm_xdmcp_send_decline), (gdm_xdmcp_display_alloc), + (gdm_xdmcp_send_accept), (gdm_xdmcp_handle_request), + (gdm_xdmcp_handle_manage), (gdm_xdmcp_handle_managed_forward), + (gdm_xdmcp_handle_got_managed_forward), + (gdm_xdmcp_handle_keepalive), (decode_packet): + * data/gdm.conf: + * gui/simple-greeter/greeter-main.c: (main): + Make XDMCP logins work. + 2007-07-24 William Jon McCann <mccann@jhu.edu> * daemon/gdm-display.c: (finish_idle), (queue_finish), diff --git a/common/gdm-address.c b/common/gdm-address.c index b5cf08da..36cbbf34 100644 --- a/common/gdm-address.c +++ b/common/gdm-address.c @@ -174,46 +174,77 @@ gdm_address_equal (GdmAddress *a, return FALSE; } -char * -gdm_address_get_hostname (GdmAddress *address) +gboolean +gdm_address_get_hostname (GdmAddress *address, + char **hostnamep) { - char host [NI_MAXHOST]; + char host [NI_MAXHOST]; + int res; + gboolean ret; + + g_return_val_if_fail (address != NULL || address->ss != NULL, FALSE); - g_return_val_if_fail (address != NULL || address->ss != NULL, NULL); + ret = FALSE; host [0] = '\0'; - getnameinfo ((const struct sockaddr *)address->ss, - sizeof (struct sockaddr_storage), - host, sizeof (host), - NULL, 0, - 0); + res = getnameinfo ((const struct sockaddr *)address->ss, + sizeof (struct sockaddr_storage), + host, sizeof (host), + NULL, 0, + 0); + if (res == 0) { + ret = TRUE; + goto done; + } else { + g_warning ("Unable lookup hostname: %s", gai_strerror (res)); + gdm_address_debug (address); + } - return g_strdup (host); + /* try numeric? */ + + done: + if (hostnamep != NULL) { + *hostnamep = g_strdup (host); + } + + return ret; } -void +gboolean gdm_address_get_numeric_info (GdmAddress *address, char **hostp, char **servp) { - char host [NI_MAXHOST]; - char serv [NI_MAXSERV]; + char host [NI_MAXHOST]; + char serv [NI_MAXSERV]; + int res; + gboolean ret; + + g_return_val_if_fail (address != NULL || address->ss != NULL, FALSE); - g_return_if_fail (address != NULL || address->ss != NULL); + ret = FALSE; host [0] = '\0'; serv [0] = '\0'; - getnameinfo ((const struct sockaddr *)address->ss, - sizeof (struct sockaddr_storage), - host, sizeof (host), - serv, sizeof (serv), - NI_NUMERICHOST | NI_NUMERICSERV); + res = getnameinfo ((const struct sockaddr *)address->ss, + sizeof (struct sockaddr_storage), + host, sizeof (host), + serv, sizeof (serv), + NI_NUMERICHOST | NI_NUMERICSERV); + if (res != 0) { + g_warning ("Unable lookup numeric info: %s", gai_strerror (res)); + } else { + ret = TRUE; + } + if (servp != NULL) { *servp = g_strdup (serv); } if (hostp != NULL) { *hostp = g_strdup (host); } + + return ret; } gboolean @@ -351,4 +382,57 @@ gdm_address_free (GdmAddress *address) g_free (address); } +/* for debugging */ +static const char * +address_family_str (GdmAddress *address) +{ + const char *str; + switch (address->ss->ss_family) { + case AF_INET: + str = "inet"; + break; + case AF_INET6: + str = "inet6"; + break; + case AF_UNIX: + str = "unix"; + break; + case AF_UNSPEC: + str = "unspecified"; + break; + default: + str = "unknown"; + break; + } + return str; +} + +void +gdm_address_debug (GdmAddress *address) +{ + char *hostname; + char *host; + char *port; + g_return_if_fail (address != NULL); + + hostname = NULL; + host = NULL; + port = NULL; + + gdm_address_get_hostname (address, &hostname); + gdm_address_get_numeric_info (address, &host, &port); + + g_debug ("Address family:%d (%s) hostname:%s host:%s port:%s local:%d loopback:%d", + address->ss->ss_family, + address_family_str (address), + hostname, + host, + port, + gdm_address_is_local (address), + gdm_address_is_loopback (address)); + + g_free (hostname); + g_free (host); + g_free (port); +} diff --git a/common/gdm-address.h b/common/gdm-address.h index 2c6ec2cf..1db36b19 100644 --- a/common/gdm-address.h +++ b/common/gdm-address.h @@ -46,8 +46,9 @@ int gdm_address_get_family_type (GdmAddress struct sockaddr_storage *gdm_address_get_sockaddr_storage (GdmAddress *address); struct sockaddr_storage *gdm_address_peek_sockaddr_storage (GdmAddress *address); -char * gdm_address_get_hostname (GdmAddress *address); -void gdm_address_get_numeric_info (GdmAddress *address, +gboolean gdm_address_get_hostname (GdmAddress *address, + char **hostname); +gboolean gdm_address_get_numeric_info (GdmAddress *address, char **numeric_hostname, char **service); gboolean gdm_address_is_local (GdmAddress *address); @@ -60,6 +61,7 @@ GdmAddress * gdm_address_copy (GdmAddress void gdm_address_free (GdmAddress *address); +void gdm_address_debug (GdmAddress *address); const GList * gdm_address_peek_local_list (void); diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 25b504cb..e81e3fb8 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -105,6 +105,8 @@ gdm_simple_slave_SOURCES = \ gdm-slave.h \ gdm-simple-slave.c \ gdm-simple-slave.h \ + auth.c \ + auth.h \ fstype.c \ filecheck.c \ filecheck.h \ @@ -181,6 +183,8 @@ gdm_product_slave_SOURCES = \ gdm-slave.h \ gdm-product-slave.c \ gdm-product-slave.h \ + auth.c \ + auth.h \ fstype.c \ filecheck.c \ filecheck.h \ diff --git a/daemon/auth.c b/daemon/auth.c index 0a63fb06..3ac76235 100644 --- a/daemon/auth.c +++ b/daemon/auth.c @@ -32,6 +32,7 @@ #include <sys/stat.h> #include <netinet/in.h> #include <errno.h> +#include <pwd.h> #include <X11/Xauth.h> @@ -42,49 +43,45 @@ #include "auth.h" #include "gdm-common.h" +#include "gdm-address.h" #include "gdm-log.h" -/* Ensure we know about FamilyInternetV6 even if what we're compiling - against doesn't */ -#ifdef ENABLE_IPV6 -#ifndef FamilyInternetV6 -#define FamilyInternetV6 6 -#endif /* ! FamilyInternetV6 */ -#endif /* ENABLE_IPV6 */ - -/* Local prototypes */ -static FILE *gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty); - gboolean gdm_auth_add_entry (int display_num, + GdmAddress *address, GString *binary_cookie, - GSList **authlist, FILE *af, - unsigned short family, - const char *addr, - int addrlen) + GSList **authlist) { Xauth *xa; char *dispnum; xa = malloc (sizeof (Xauth)); - if G_UNLIKELY (xa == NULL) + if (xa == NULL) { return FALSE; + } - xa->family = family; - if (addrlen == 0) { + if (address == NULL) { + xa->family = FamilyWild; xa->address = NULL; xa->address_length = 0; } else { - xa->address = malloc (addrlen); - if G_UNLIKELY (xa->address == NULL) { + gboolean res; + char *hostname; + + xa->family = gdm_address_get_family_type (address); + + res = gdm_address_get_hostname (address, &hostname); + if (! res) { free (xa); return FALSE; } - memcpy (xa->address, addr, addrlen); - xa->address_length = addrlen; + g_debug ("Got hostname: %s", hostname); + + xa->address = hostname; + xa->address_length = strlen (xa->address); } dispnum = g_strdup_printf ("%d", display_num); @@ -95,7 +92,7 @@ gdm_auth_add_entry (int display_num, xa->name = strdup ("MIT-MAGIC-COOKIE-1"); xa->name_length = strlen ("MIT-MAGIC-COOKIE-1"); xa->data = malloc (16); - if G_UNLIKELY (xa->data == NULL) { + if (xa->data == NULL) { free (xa->number); free (xa->name); free (xa->address); @@ -106,9 +103,11 @@ gdm_auth_add_entry (int display_num, memcpy (xa->data, binary_cookie->str, binary_cookie->len); xa->data_length = binary_cookie->len; + g_debug ("Writing auth for address:%p %s:%d", address, xa->address, display_num); + if (af != NULL) { errno = 0; - if G_UNLIKELY ( ! XauWriteAuth (af, xa)) { + if ( ! XauWriteAuth (af, xa)) { free (xa->data); free (xa->number); free (xa->name); @@ -128,16 +127,19 @@ gdm_auth_add_entry (int display_num, } } - *authlist = g_slist_append (*authlist, xa); + if (authlist != NULL) { + *authlist = g_slist_append (*authlist, xa); + } return TRUE; } gboolean -gdm_auth_add_entry_for_display (int display_num, - GString *cookie, - GSList **authlist, - FILE *af) +gdm_auth_add_entry_for_display (int display_num, + GdmAddress *address, + GString *cookie, + FILE *af, + GSList **authlist) { GString *binary_cookie; gboolean ret; @@ -154,704 +156,86 @@ gdm_auth_add_entry_for_display (int display_num, } ret = gdm_auth_add_entry (display_num, + address, binary_cookie, - authlist, af, - FamilyWild, - NULL, - 0); + authlist); + out: g_string_free (binary_cookie, TRUE); return ret; } -#if 0 - -#define SA(__s) ((struct sockaddr *) __s) -#define SIN(__s) ((struct sockaddr_in *) __s) -#define SIN6(__s) ((struct sockaddr_in6 *) __s) - -static gboolean -add_auth_entry_for_addr (GdmDisplay *d, - GSList **authlist, - struct sockaddr_storage *ss) -{ - const char *addr; - int len; - unsigned short family; - - switch (ss->ss_family) { -#if IPV6_ENABLED - case AF_INET6: - family = FamilyInternetV6; - addr = (const char *) &SIN6 (ss)->sin6_addr; - len = sizeof (struct in6_addr); - break; -#endif - case AF_INET: - default: - family = FamilyInternet; - addr = (const char *) &SIN (ss)->sin_addr; - len = sizeof (struct in_addr); - break; - } - - return add_auth_entry (d, authlist, NULL, NULL, family, addr, len); -} - -static GSList * -get_local_auths (GdmDisplay *d) -{ - gboolean is_local = FALSE; - guint i; - const GList *local_addys = NULL; - gboolean added_lo = FALSE; - GSList *auths = NULL; - - if G_UNLIKELY (!d) - return NULL; - - if (gdm_display_is_local (d)) { - char hostname[1024]; - - /* reget local host if local as it may have changed */ - hostname[1023] = '\0'; - if G_LIKELY (gethostname (hostname, 1023) == 0) { - g_free (d->hostname); - d->hostname = g_strdup (hostname); - } - if ( ! d->tcp_disallowed) - local_addys = gdm_address_peek_local_list (); - - is_local = TRUE; - } else { - is_local = FALSE; - - if (gdm_address_is_local (&(d->addr))) { - is_local = TRUE; - } - - for (i = 0; ! is_local && i < d->addr_count; i++) { - if (gdm_address_is_local (&d->addrs[i])) { - is_local = TRUE; - break; - } - } - } - - /* Local access also in case the host is very local */ - if (is_local) { - gdm_debug ("get_local_auths: Setting up socket access"); - - if ( ! add_auth_entry (d, &auths, NULL, NULL, FamilyLocal, - d->hostname, strlen (d->hostname))) - goto get_local_auth_error; - - /* local machine but not local if you get my meaning, add - * the host gotten by gethostname as well if it's different - * since the above is probably localhost */ - if ( ! gdm_display_is_local (d)) { - char hostname[1024]; - - hostname[1023] = '\0'; - if (gethostname (hostname, 1023) == 0 && - strcmp (hostname, d->hostname) != 0) { - if ( ! add_auth_entry (d, &auths, NULL, NULL, FamilyLocal, - hostname, - strlen (hostname))) - goto get_local_auth_error; - } - } else { - /* local machine, perhaps we haven't added - * localhost.localdomain to socket access */ - const char *localhost = "localhost.localdomain"; - if (strcmp (localhost, d->hostname) != 0) { - if ( ! add_auth_entry (d, &auths, NULL, NULL, FamilyLocal, - localhost, - strlen (localhost))) { - goto get_local_auth_error; - } - } - } - } - - gdm_debug ("get_local_auths: Setting up network access"); - - if ( ! gdm_display_is_local (d)) { - /* we should write out an entry for d->addr since - possibly it is not in d->addrs */ - - if (! add_auth_entry_for_addr (d, &auths, &d->addr)) { - goto get_local_auth_error; - } - - if (gdm_address_is_loopback (&(d->addr))) { - added_lo = TRUE; - } - } - - /* Network access: Write out an authentication entry for each of - * this host's official addresses */ - for (i = 0; i < d->addr_count; i++) { - struct sockaddr_storage *sa; - - sa = &d->addrs[i]; - if (gdm_address_equal (sa, &d->addr)) { - continue; - } - - if (! add_auth_entry_for_addr (d, &auths, sa)) { - goto get_local_auth_error; - } - - if (gdm_address_is_loopback (sa)) { - added_lo = TRUE; - } - } - - /* Network access: Write out an authentication entry for each of - * this host's local addresses if any */ - for (; local_addys != NULL; local_addys = local_addys->next) { - struct sockaddr_storage *ia = local_addys->data; - - if (ia == NULL) - break; - - if (! add_auth_entry_for_addr (d, &auths, ia)) { - goto get_local_auth_error; - } - - if (gdm_address_is_loopback (ia)) { - added_lo = TRUE; - } - } - - /* if local server add loopback */ - if (gdm_display_is_local (d) && ! added_lo && ! d->tcp_disallowed) { - struct sockaddr_storage *lo_ss = NULL; - /* FIXME: get loobback ss */ - if (! add_auth_entry_for_addr (d, &auths, lo_ss)) { - goto get_local_auth_error; - } - } - - g_debug ("get_local_auths: Setting up access for %s - %d entries", - d->name, g_slist_length (auths)); - - return auths; - - get_local_auth_error: - - gdm_auth_free_auth_list (auths); - - return NULL; -} - -static gboolean -try_open_append (const char *file) -{ - FILE *fp; - - VE_IGNORE_EINTR (fp = fopen (file, "a+")); - if G_LIKELY (fp != NULL) { - VE_IGNORE_EINTR (fclose (fp)); - return TRUE; - } else { - return FALSE; - } -} - -static gboolean -try_open_read_as_root (const char *file) -{ - int fd; - uid_t oldeuid = geteuid (); - uid_t oldegid = getegid (); - NEVER_FAILS_root_set_euid_egid (0, 0); - - VE_IGNORE_EINTR (fd = open (file, O_RDONLY)); - if G_UNLIKELY (fd < 0) { - NEVER_FAILS_root_set_euid_egid (oldeuid, oldegid); - return FALSE; - } else { - VE_IGNORE_EINTR (close (fd)); - NEVER_FAILS_root_set_euid_egid (oldeuid, oldegid); - return TRUE; - } -} - -/** - * gdm_auth_user_add: - * @d: Pointer to a GdmDisplay struct - * @user: Userid of the user whose cookie file to add entries to - * @homedir: The user's home directory - * - * Remove all cookies referring to this display from user's cookie - * file and append the ones specified in the display's authlist. - * - * Returns TRUE on success and FALSE on error. - */ - gboolean -gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir) +gdm_auth_user_add (int display_num, + GdmAddress *address, + const char *username, + const char *cookie, + char **filenamep) { - char *authdir; - gint authfd; - FILE *af; - GSList *auths = NULL; - const gchar *userauthdir; - const gchar *userauthfile; - gboolean ret = TRUE; - gboolean automatic_tmp_dir = FALSE; - gboolean authdir_is_tmp_dir = FALSE; - gboolean locked; - gboolean user_auth_exists; - int closeret; - - if (!d) - return FALSE; - - if (d->local_auths != NULL) { - gdm_auth_free_auth_list (d->local_auths); - d->local_auths = NULL; - } - - d->local_auths = get_local_auths (d); - - if (d->local_auths == NULL) { - gdm_error ("Can't make cookies"); - return FALSE; - } - - gdm_debug ("gdm_auth_user_add: Adding cookie for %d", user); - - userauthdir = gdm_daemon_config_get_value_string (GDM_KEY_USER_AUTHDIR); - userauthfile = gdm_daemon_config_get_value_string (GDM_KEY_USER_AUTHFILE); - - /* Determine whether UserAuthDir is specified. Otherwise ~user is used */ - if ( ! ve_string_empty (userauthdir) && - strcmp (userauthdir, "~") != 0) { - if (strncmp (userauthdir, "~/", 2) == 0) { - authdir = g_build_filename (homedir, &userauthdir[2], NULL); - } else { - authdir = g_strdup (userauthdir); - automatic_tmp_dir = TRUE; - authdir_is_tmp_dir = TRUE; - } - } else { - authdir = g_strdup (homedir); - } - - try_user_add_again: - - locked = FALSE; - - umask (077); - - if (authdir == NULL) - d->userauth = NULL; - else - d->userauth = g_build_filename (authdir, userauthfile, NULL); - - user_auth_exists = (d->userauth != NULL && - g_access (d->userauth, F_OK) == 0); - - /* Find out if the Xauthority file passes the paranoia check */ - /* Note that this is not very efficient, we stat the files over - and over, but we don't care, we don't do this too often */ - if (automatic_tmp_dir || - authdir == NULL || - - /* first the standard paranoia check (this checks the home dir - * too which is useful here) */ - ! gdm_file_check ("gdm_auth_user_add", user, authdir, userauthfile, - TRUE, FALSE, gdm_daemon_config_get_value_int (GDM_KEY_USER_MAX_FILE), - gdm_daemon_config_get_value_int (GDM_KEY_RELAX_PERM)) || - - /* now the auth file checking routine */ - ! gdm_auth_file_check ("gdm_auth_user_add", user, d->userauth, TRUE /* absentok */, NULL) || - - /* now see if we can actually append this file */ - ! try_open_append (d->userauth) || - - /* try opening as root, if we can't open as root, - then this is a NFS mounted directory with root squashing, - and we don't want to write cookies over NFS */ - (gdm_daemon_config_get_value_bool (GDM_KEY_NEVER_PLACE_COOKIES_ON_NFS) && - ! try_open_read_as_root (d->userauth))) { - - /* if the userauth file didn't exist and we were looking at it, - it likely exists now but empty, so just whack it - (it may not exist if the file didn't exist and the directory - was of wrong permissions, but more likely this is - file on NFS dir with root-squashing enabled) */ - if ( ! user_auth_exists && d->userauth != NULL) - g_unlink (d->userauth); - - /* No go. Let's create a fallback file in GDM_KEY_USER_AUTHDIR_FALLBACK (/tmp) - * or perhaps userauthfile directory (usually would be /tmp) */ - d->authfb = TRUE; - g_free (d->userauth); - if (authdir_is_tmp_dir && authdir != NULL) - d->userauth = g_build_filename (authdir, ".gdmXXXXXX", NULL); - else - d->userauth = g_build_filename (gdm_daemon_config_get_value_string (GDM_KEY_USER_AUTHDIR_FALLBACK), ".gdmXXXXXX", NULL); - authfd = g_mkstemp (d->userauth); - - if G_UNLIKELY (authfd < 0 && authdir_is_tmp_dir) { - g_free (d->userauth); - d->userauth = NULL; - - authdir_is_tmp_dir = FALSE; - goto try_user_add_again; - } - - if G_UNLIKELY (authfd < 0) { - gdm_error (_("%s: Could not open cookie file %s"), - "gdm_auth_user_add", - d->userauth); - g_free (d->userauth); - d->userauth = NULL; - - umask (022); + int fd; + char *filename; + GError *error; + mode_t old_mask; + FILE *af; + gboolean ret; + struct passwd *pwent; + GString *cookie_str; - g_free (authdir); - return FALSE; - } - - d->last_auth_touch = time (NULL); + g_debug ("Add user auth for address:%p num:%d user:%s", address, display_num, username); - VE_IGNORE_EINTR (af = fdopen (authfd, "w")); - } else { /* User's Xauthority file is ok */ - d->authfb = FALSE; + ret = FALSE; + filename = NULL; + af = NULL; + fd = -1; - /* FIXME: Better implement my own locking. The libXau one is not kosher */ - if G_UNLIKELY (XauLockAuth (d->userauth, 3, 3, 0) != LOCK_SUCCESS) { - gdm_error (_("%s: Could not lock cookie file %s"), - "gdm_auth_user_add", - d->userauth); - g_free (d->userauth); - d->userauth = NULL; + old_mask = umask (077); - automatic_tmp_dir = TRUE; - goto try_user_add_again; - } - - locked = TRUE; + filename = NULL; + error = NULL; + fd = g_file_open_tmp (".gdmXXXXXX", &filename, &error); - af = gdm_safe_fopen_ap (d->userauth, 0600); - } + umask (old_mask); - /* Set to NULL, because can goto try_user_add_again. */ - g_free (authdir); - authdir = NULL; - - if G_UNLIKELY (af == NULL) { - /* Really no need to clean up here - this process is a goner anyway */ - gdm_error (_("%s: Could not open cookie file %s"), - "gdm_auth_user_add", - d->userauth); - if (locked) - XauUnlockAuth (d->userauth); - g_free (d->userauth); - d->userauth = NULL; - - if ( ! d->authfb) { - automatic_tmp_dir = TRUE; - goto try_user_add_again; - } - - umask (022); - return FALSE; - } - - gdm_debug ("gdm_auth_user_add: Using %s for cookies", d->userauth); - - /* If not a fallback file, nuke any existing cookies for this display */ - if (! d->authfb) - af = gdm_auth_purge (d, af, FALSE /* remove when empty */); - - /* Append the authlist for this display to the cookie file */ - auths = d->local_auths; - - while (auths) { - if G_UNLIKELY ( ! XauWriteAuth (af, auths->data)) { - gdm_error (_("%s: Could not write cookie"), - "gdm_auth_user_add"); - - if ( ! d->authfb) { - VE_IGNORE_EINTR (fclose (af)); - if (locked) - XauUnlockAuth (d->userauth); - g_free (d->userauth); - d->userauth = NULL; - automatic_tmp_dir = TRUE; - goto try_user_add_again; - } - - ret = FALSE; - break; - } - - auths = auths->next; - } - - VE_IGNORE_EINTR (closeret = fclose (af)); - if G_UNLIKELY (closeret < 0) { - gdm_error (_("%s: Could not write cookie"), - "gdm_auth_user_add"); - - if ( ! d->authfb) { - if (locked) - XauUnlockAuth (d->userauth); - g_free (d->userauth); - d->userauth = NULL; - automatic_tmp_dir = TRUE; - goto try_user_add_again; - } - - ret = FALSE; + if (fd == -1) { + g_warning ("Unable to create temporary file: %s", error->message); + g_error_free (error); + goto out; } - if (locked) - XauUnlockAuth (d->userauth); - - gdm_debug ("gdm_auth_user_add: Done"); - - umask (022); - return ret; -} - - -/** - * gdm_auth_user_remove: - * @d: Pointer to a GdmDisplay struct - * @user: Userid of the user whose cookie file to remove entries from - * - * Remove all cookies referring to this display from user's cookie - * file. - */ - -void -gdm_auth_user_remove (GdmDisplay *d, uid_t user) -{ - FILE *af; - gchar *authfile; - gchar *authdir; - - if G_UNLIKELY (!d || !d->userauth) - return; - - gdm_debug ("gdm_auth_user_remove: Removing cookie from %s (%d)", d->userauth, d->authfb); - - /* If we are using the fallback cookie location, simply nuke the - * cookie file */ - if (d->authfb) { - VE_IGNORE_EINTR (g_unlink (d->userauth)); - g_free (d->userauth); - d->userauth = NULL; - return; + if (filenamep != NULL) { + *filenamep = g_strdup (filename); } - /* if the file doesn't exist, oh well, just ignore this then */ - if G_UNLIKELY (g_access (d->userauth, F_OK) != 0) { - g_free (d->userauth); - d->userauth = NULL; - return; + VE_IGNORE_EINTR (af = fdopen (fd, "w")); + if (af == NULL) { + g_warning ("Unable to open cookie file: %s", filename); + goto out; } - authfile = g_path_get_basename (d->userauth); - authdir = g_path_get_dirname (d->userauth); + /* FIXME: clean old files? */ - if (ve_string_empty (authfile) || - ve_string_empty (authdir)) { - g_free (authdir); - g_free (authfile); - return; - } - - /* Now, the cookie file could be owned by a malicious user who - * decided to concatenate something like his entire MP3 collection - * to it. So we better play it safe... */ - - if G_UNLIKELY ( ! gdm_file_check ("gdm_auth_user_remove", user, authdir, authfile, - TRUE, FALSE, gdm_daemon_config_get_value_int (GDM_KEY_USER_MAX_FILE), - gdm_daemon_config_get_value_int (GDM_KEY_RELAX_PERM)) || - /* be even paranoider with permissions */ - ! gdm_auth_file_check ("gdm_auth_user_remove", user, d->userauth, FALSE /* absentok */, NULL)) { - g_free (authdir); - g_free (authfile); - gdm_error (_("%s: Ignoring suspiciously looking cookie file %s"), - "gdm_auth_user_remove", - d->userauth); - - return; - } + cookie_str = g_string_new (cookie); - g_free (authdir); - g_free (authfile); + /* FIXME: ?? */ + /*gdm_auth_add_entry_for_display (display_num, address, cookie_str, af, NULL);*/ + gdm_auth_add_entry_for_display (display_num, NULL, cookie_str, af, NULL); + g_string_free (cookie_str, TRUE); - /* Lock user's cookie jar and open it for writing */ - if G_UNLIKELY (XauLockAuth (d->userauth, 3, 3, 0) != LOCK_SUCCESS) { - g_free (d->userauth); - d->userauth = NULL; - return; + pwent = getpwnam (username); + if (pwent == NULL) { + goto out; } - af = gdm_safe_fopen_ap (d->userauth, 0600); - - if G_UNLIKELY (af == NULL) { - XauUnlockAuth (d->userauth); + fchown (fd, pwent->pw_uid, -1); - gdm_error (_("%s: Cannot safely open %s"), - "gdm_auth_user_remove", - d->userauth); - - g_free (d->userauth); - d->userauth = NULL; - - return; - } - - /* Purge entries for this display from the cookie jar */ - af = gdm_auth_purge (d, af, TRUE /* remove when empty */); + ret = TRUE; + out: + g_free (filename); - /* Close the file and unlock it */ if (af != NULL) { - /* FIXME: what about out of diskspace errors on errors close */ - errno = 0; - VE_IGNORE_EINTR (fclose (af)); - if G_UNLIKELY (errno != 0) { - gdm_error (_("Can't write to %s: %s"), d->userauth, - strerror (errno)); - } + fclose (af); } - XauUnlockAuth (d->userauth); - - g_free (d->userauth); - d->userauth = NULL; -} - -static gboolean -memory_same (const char *sa, int lena, const char *sb, int lenb) -{ - if (lena == lenb) { - if (lena == 0) - return TRUE; - /* sanity */ - if G_UNLIKELY (sa == NULL || sb == NULL) - return FALSE; - return memcmp (sa, sb, lena) == 0; - } else { - return FALSE; - } -} - -static gboolean -auth_same_except_data (Xauth *xa, Xauth *xb) -{ - if (xa->family == xb->family && - memory_same (xa->number, xa->number_length, - xb->number, xb->number_length) && - memory_same (xa->name, xa->name_length, - xb->name, xb->name_length) && - memory_same (xa->address, xa->address_length, - xb->address, xb->address_length)) - return TRUE; - else - return FALSE; -} - - -/** - * gdm_auth_purge: - * @d: Pointer to a GdmDisplay struct - * @af: File handle to a cookie file - * @remove_when_empty: remove the file when empty - * - * Remove all cookies referring to this display a cookie file. - */ - -static FILE * -gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty) -{ - Xauth *xa; - GSList *keep = NULL, *li; - int cnt; - - if G_UNLIKELY (!d || !af) - return af; - - gdm_debug ("gdm_auth_purge: %s", d->name); - - fseek (af, 0L, SEEK_SET); - - /* Read the user's entire Xauth file into memory to avoid - * temporary file issues. Then remove any instance of this display - * in the cookie jar... */ - - cnt = 0; - - while ( (xa = XauReadAuth (af)) != NULL ) { - GSList *li; - /* We look at the current auths, but those may - have different cookies then what is in the file, - so don't compare those, but we wish to purge all - the entries that we'd normally write */ - for (li = d->local_auths; li != NULL; li = li->next) { - Xauth *xb = li->data; - if (auth_same_except_data (xa, xb)) { - XauDisposeAuth (xa); - xa = NULL; - break; - } - } - if (xa != NULL) - keep = g_slist_append (keep, xa); - - /* just being ultra anal */ - cnt++; - if (cnt > 500) - break; - } - - VE_IGNORE_EINTR (fclose (af)); - - if (remove_when_empty && - keep == NULL) { - VE_IGNORE_EINTR (g_unlink (d->userauth)); - return NULL; - } - - af = gdm_safe_fopen_w (d->userauth, 0600); - - /* Write out remaining entries */ - for (li = keep; li != NULL; li = li->next) { - /* FIXME: is this correct, if we can't open - * this is quite bad isn't it ... */ - if G_LIKELY (af != NULL) - XauWriteAuth (af, li->data); - /* FIXME: what about errors? */ - XauDisposeAuth (li->data); - li->data = NULL; - } - - g_slist_free (keep); - - return af; -} - -void -gdm_auth_free_auth_list (GSList *list) -{ - GSList *li; - - for (li = list; li != NULL; li = li->next) { - XauDisposeAuth ((Xauth *) li->data); - li->data = NULL; - } - - g_slist_free (list); + return ret; } -#endif diff --git a/daemon/auth.h b/daemon/auth.h index a6453dec..b6850b0e 100644 --- a/daemon/auth.h +++ b/daemon/auth.h @@ -19,30 +19,28 @@ #ifndef GDM_AUTH_H #define GDM_AUTH_H -#include "gdm-display.h" +#include <glib.h> +#include "gdm-address.h" G_BEGIN_DECLS -gboolean gdm_auth_add_entry_for_display (int display_num, - GString *cookie, - GSList **authlist, - FILE *af); -gboolean gdm_auth_add_entry (int display_num, - GString *binary_cookie, - GSList **authlist, - FILE *af, - unsigned short family, - const char *addr, - int addrlen); - -gboolean gdm_auth_user_add (GdmDisplay *d, - uid_t user, - const char *homedir); -void gdm_auth_user_remove (GdmDisplay *d, - uid_t user); - -/* Call XSetAuthorization */ -void gdm_auth_set_local_auth (GdmDisplay *d); +gboolean gdm_auth_add_entry_for_display (int display_num, + GdmAddress *address, + GString *cookie, + FILE *af, + GSList **authlist); + +gboolean gdm_auth_add_entry (int display_num, + GdmAddress *address, + GString *binary_cookie, + FILE *af, + GSList **authlist); + +gboolean gdm_auth_user_add (int display_num, + GdmAddress *address, + const char *cookie, + const char *username, + char **filenamep); void gdm_auth_free_auth_list (GSList *list); diff --git a/daemon/gdm-ck-session.c b/daemon/gdm-ck-session.c index b25c3a8a..08c8147b 100644 --- a/daemon/gdm-ck-session.c +++ b/daemon/gdm-ck-session.c @@ -189,7 +189,7 @@ unlock_ck_session (const char *user, if (session_proxy != NULL) { char *xdisplay; - get_string (session_proxy, "GetX11Display", &xdisplay); + get_string (session_proxy, "GetX11DisplayName", &xdisplay); if (xdisplay != NULL && x11_display != NULL && strcmp (xdisplay, x11_display) == 0) { diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c index 902d599f..130f2b7e 100644 --- a/daemon/gdm-display.c +++ b/daemon/gdm-display.c @@ -50,8 +50,8 @@ struct GdmDisplayPrivate { char *id; char *remote_hostname; - int number; - char *x11_display; + int x11_display_number; + char *x11_display_name; int status; time_t creation_time; char *x11_cookie; @@ -69,8 +69,8 @@ enum { PROP_0, PROP_ID, PROP_REMOTE_HOSTNAME, - PROP_NUMBER, - PROP_X11_DISPLAY, + PROP_X11_DISPLAY_NUMBER, + PROP_X11_DISPLAY_NAME, PROP_X11_COOKIE, PROP_X11_AUTHORITY_FILE, PROP_IS_LOCAL, @@ -146,6 +146,68 @@ gdm_display_create_authority (GdmDisplay *display) return ret; } +static gboolean +gdm_display_real_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error) +{ + gboolean ret; + + ret = FALSE; + + return ret; +} + +gboolean +gdm_display_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error) +{ + gboolean ret; + + g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); + + g_debug ("Adding authorization for user:%s on display %s", username, display->priv->x11_display_name); + + g_object_ref (display); + ret = GDM_DISPLAY_GET_CLASS (display)->add_user_authorization (display, username, filename, error); + g_object_unref (display); + + return ret; +} + +static gboolean +gdm_display_real_remove_user_authorization (GdmDisplay *display, + const char *username, + GError **error) +{ + gboolean ret; + + ret = FALSE; + + return ret; +} + +gboolean +gdm_display_remove_user_authorization (GdmDisplay *display, + const char *username, + GError **error) +{ + gboolean ret; + + g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); + + g_debug ("Removing authorization for user:%s on display %s", username, display->priv->x11_display_name); + + g_object_ref (display); + ret = GDM_DISPLAY_GET_CLASS (display)->remove_user_authorization (display, username, error); + g_object_unref (display); + + return ret; +} + gboolean gdm_display_get_x11_cookie (GdmDisplay *display, char **x11_cookie, @@ -189,14 +251,14 @@ gdm_display_get_remote_hostname (GdmDisplay *display, } gboolean -gdm_display_get_number (GdmDisplay *display, - int *number, - GError **error) +gdm_display_get_x11_display_number (GdmDisplay *display, + int *number, + GError **error) { g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); if (number != NULL) { - *number = display->priv->number; + *number = display->priv->x11_display_number; } return TRUE; @@ -367,14 +429,14 @@ gdm_display_get_id (GdmDisplay *display, } gboolean -gdm_display_get_x11_display (GdmDisplay *display, - char **x11_display, - GError **error) +gdm_display_get_x11_display_name (GdmDisplay *display, + char **x11_display, + GError **error) { g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); if (x11_display != NULL) { - *x11_display = g_strdup (display->priv->x11_display); + *x11_display = g_strdup (display->priv->x11_display_name); } return TRUE; @@ -411,18 +473,18 @@ _gdm_display_set_remote_hostname (GdmDisplay *display, } static void -_gdm_display_set_number (GdmDisplay *display, - int num) +_gdm_display_set_x11_display_number (GdmDisplay *display, + int num) { - display->priv->number = num; + display->priv->x11_display_number = num; } static void -_gdm_display_set_x11_display (GdmDisplay *display, - const char *x11_display) +_gdm_display_set_x11_display_name (GdmDisplay *display, + const char *x11_display) { - g_free (display->priv->x11_display); - display->priv->x11_display = g_strdup (x11_display); + g_free (display->priv->x11_display_name); + display->priv->x11_display_name = g_strdup (x11_display); } static void @@ -473,11 +535,11 @@ gdm_display_set_property (GObject *object, case PROP_REMOTE_HOSTNAME: _gdm_display_set_remote_hostname (self, g_value_get_string (value)); break; - case PROP_NUMBER: - _gdm_display_set_number (self, g_value_get_int (value)); + case PROP_X11_DISPLAY_NUMBER: + _gdm_display_set_x11_display_number (self, g_value_get_int (value)); break; - case PROP_X11_DISPLAY: - _gdm_display_set_x11_display (self, g_value_get_string (value)); + case PROP_X11_DISPLAY_NAME: + _gdm_display_set_x11_display_name (self, g_value_get_string (value)); break; case PROP_X11_COOKIE: _gdm_display_set_x11_cookie (self, g_value_get_string (value)); @@ -514,11 +576,11 @@ gdm_display_get_property (GObject *object, case PROP_REMOTE_HOSTNAME: g_value_set_string (value, self->priv->remote_hostname); break; - case PROP_NUMBER: - g_value_set_int (value, self->priv->number); + case PROP_X11_DISPLAY_NUMBER: + g_value_set_int (value, self->priv->x11_display_number); break; - case PROP_X11_DISPLAY: - g_value_set_string (value, self->priv->x11_display); + case PROP_X11_DISPLAY_NAME: + g_value_set_string (value, self->priv->x11_display_name); break; case PROP_X11_COOKIE: g_value_set_string (value, self->priv->x11_cookie); @@ -617,6 +679,8 @@ gdm_display_class_init (GdmDisplayClass *klass) object_class->finalize = gdm_display_finalize; klass->create_authority = gdm_display_real_create_authority; + klass->add_user_authorization = gdm_display_real_add_user_authorization; + klass->remove_user_authorization = gdm_display_real_remove_user_authorization; klass->manage = gdm_display_real_manage; klass->finish = gdm_display_real_finish; klass->unmanage = gdm_display_real_unmanage; @@ -636,19 +700,19 @@ gdm_display_class_init (GdmDisplayClass *klass) NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, - PROP_NUMBER, - g_param_spec_int ("number", - "number", - "number", + PROP_X11_DISPLAY_NUMBER, + g_param_spec_int ("x11-display-number", + "x11 display number", + "x11 display number", -1, G_MAXINT, -1, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, - PROP_X11_DISPLAY, - g_param_spec_string ("x11-display", - "x11-display", - "x11-display", + PROP_X11_DISPLAY_NAME, + g_param_spec_string ("x11-display-name", + "x11-display-name", + "x11-display-name", NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, diff --git a/daemon/gdm-display.h b/daemon/gdm-display.h index 220f18b8..60bbb83e 100644 --- a/daemon/gdm-display.h +++ b/daemon/gdm-display.h @@ -53,10 +53,17 @@ typedef struct GObjectClass parent_class; /* methods */ - gboolean (*create_authority) (GdmDisplay *display); - gboolean (*manage) (GdmDisplay *display); - gboolean (*finish) (GdmDisplay *display); - gboolean (*unmanage) (GdmDisplay *display); + gboolean (*create_authority) (GdmDisplay *display); + gboolean (*add_user_authorization) (GdmDisplay *display, + const char *username, + char **filename, + GError **error); + gboolean (*remove_user_authorization) (GdmDisplay *display, + const char *username, + GError **error); + gboolean (*manage) (GdmDisplay *display); + gboolean (*finish) (GdmDisplay *display); + gboolean (*unmanage) (GdmDisplay *display); } GdmDisplayClass; @@ -87,10 +94,10 @@ gboolean gdm_display_get_id (GdmDisplay *disp gboolean gdm_display_get_remote_hostname (GdmDisplay *display, char **hostname, GError **error); -gboolean gdm_display_get_number (GdmDisplay *display, +gboolean gdm_display_get_x11_display_number (GdmDisplay *display, int *number, GError **error); -gboolean gdm_display_get_x11_display (GdmDisplay *display, +gboolean gdm_display_get_x11_display_name (GdmDisplay *display, char **x11_display, GError **error); gboolean gdm_display_is_local (GdmDisplay *display, @@ -102,7 +109,14 @@ gboolean gdm_display_get_x11_cookie (GdmDisplay *disp char **x11_cookie, GError **error); gboolean gdm_display_get_x11_authority_file (GdmDisplay *display, - char **file, + char **filename, + GError **error); +gboolean gdm_display_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error); +gboolean gdm_display_remove_user_authorization (GdmDisplay *display, + const char *username, GError **error); diff --git a/daemon/gdm-display.xml b/daemon/gdm-display.xml index 1a99d4d3..474212f8 100644 --- a/daemon/gdm-display.xml +++ b/daemon/gdm-display.xml @@ -4,17 +4,30 @@ <method name="GetId"> <arg name="id" direction="out" type="o"/> </method> - <method name="GetX11Display"> + <method name="GetX11DisplayName"> <arg name="name" direction="out" type="s"/> </method> + <method name="GetX11DisplayNumber"> + <arg name="name" direction="out" type="i"/> + </method> <method name="GetX11Cookie"> <arg name="x11_cookie" direction="out" type="s"/> </method> <method name="GetX11AuthorityFile"> <arg name="filename" direction="out" type="s"/> </method> + <method name="GetRemoteHostname"> + <arg name="hostname" direction="out" type="s"/> + </method> <method name="IsLocal"> <arg name="local" direction="out" type="b"/> </method> + <method name="AddUserAuthorization"> + <arg name="username" direction="in" type="s"/> + <arg name="filename" direction="out" type="s"/> + </method> + <method name="RemoveUserAuthorization"> + <arg name="username" direction="in" type="s"/> + </method> </interface> </node> diff --git a/daemon/gdm-factory-slave.c b/daemon/gdm-factory-slave.c index fe860334..b03d6360 100644 --- a/daemon/gdm-factory-slave.c +++ b/daemon/gdm-factory-slave.c @@ -560,13 +560,20 @@ run_greeter (GdmFactorySlave *slave) g_debug ("Running greeter"); + display_is_local = FALSE; + display_name = NULL; + auth_file = NULL; + display_device = NULL; + g_object_get (slave, "display-is-local", &display_is_local, "display-name", &display_name, "display-x11-authority-file", &auth_file, NULL); - display_device = gdm_server_get_display_device (slave->priv->server); + if (slave->priv->server != NULL) { + display_device = gdm_server_get_display_device (slave->priv->server); + } /* Set the busy cursor */ set_busy_cursor (slave); diff --git a/daemon/gdm-greeter-proxy.c b/daemon/gdm-greeter-proxy.c index d4eea37f..07abbf6b 100644 --- a/daemon/gdm-greeter-proxy.c +++ b/daemon/gdm-greeter-proxy.c @@ -175,6 +175,7 @@ listify_hash (const char *key, { char *str; str = g_strdup_printf ("%s=%s", key, value); + g_debug ("greeter environment: %s", str); g_ptr_array_add (env, str); } diff --git a/daemon/gdm-product-display.c b/daemon/gdm-product-display.c index 206773e9..09ca7bb8 100644 --- a/daemon/gdm-product-display.c +++ b/daemon/gdm-product-display.c @@ -69,6 +69,23 @@ gdm_product_display_create_authority (GdmDisplay *display) } static gboolean +gdm_product_display_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error) +{ + return TRUE; +} + +static gboolean +gdm_product_display_remove_user_authorization (GdmDisplay *display, + const char *username, + GError **error) +{ + return TRUE; +} + +static gboolean gdm_product_display_manage (GdmDisplay *display) { g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); @@ -192,6 +209,8 @@ gdm_product_display_class_init (GdmProductDisplayClass *klass) object_class->finalize = gdm_product_display_finalize; display_class->create_authority = gdm_product_display_create_authority; + display_class->add_user_authorization = gdm_product_display_add_user_authorization; + display_class->remove_user_authorization = gdm_product_display_remove_user_authorization; display_class->manage = gdm_product_display_manage; display_class->finish = gdm_product_display_finish; display_class->unmanage = gdm_product_display_unmanage; @@ -241,8 +260,8 @@ gdm_product_display_new (int display_number, x11_display = g_strdup_printf (":%d", display_number); object = g_object_new (GDM_TYPE_PRODUCT_DISPLAY, "slave-command", DEFAULT_SLAVE_COMMAND, - "number", display_number, - "x11-display", x11_display, + "x11-display-number", display_number, + "x11-display-name", x11_display, "relay-address", relay_address, NULL); g_free (x11_display); diff --git a/daemon/gdm-simple-slave.c b/daemon/gdm-simple-slave.c index a174baaa..d29f1178 100644 --- a/daemon/gdm-simple-slave.c +++ b/daemon/gdm-simple-slave.c @@ -168,7 +168,7 @@ listify_hash (const char *key, { char *str; str = g_strdup_printf ("%s=%s", key, value); - g_debug ("environment: %s", str); + g_debug ("script environment: %s", str); g_ptr_array_add (env, str); } @@ -185,6 +185,11 @@ get_script_environment (GdmSimpleSlave *slave, char *display_x11_authority_file; gboolean display_is_local; + display_name = NULL; + display_hostname = NULL; + display_x11_authority_file = NULL; + display_is_local = FALSE; + g_object_get (slave, "display-name", &display_name, "display-hostname", &display_hostname, @@ -511,17 +516,42 @@ out: return ret; } +static gboolean +add_user_authorization (GdmSimpleSlave *slave, + char **filename) +{ + char *username; + gboolean ret; + + username = gdm_session_get_username (slave->priv->session); + ret = gdm_slave_add_user_authorization (GDM_SLAVE (slave), + username, + filename); + g_free (username); + + return ret; +} + static void setup_session_environment (GdmSimpleSlave *slave) { + int display_number; + char *display_x11_cookie; char *display_name; char *auth_file; + display_name = NULL; + display_x11_cookie = NULL; + auth_file = NULL; + g_object_get (slave, + "display-number", &display_number, "display-name", &display_name, - "display-x11-authority-file", &auth_file, + "display-x11-cookie", &display_x11_cookie, NULL); + add_user_authorization (slave, &auth_file); + gdm_session_set_environment_variable (slave->priv->session, "GDMSESSION", slave->priv->selected_session); @@ -548,6 +578,7 @@ setup_session_environment (GdmSimpleSlave *slave) "/bin:/usr/bin:" BINDIR); g_free (display_name); + g_free (display_x11_cookie); g_free (auth_file); } @@ -810,13 +841,20 @@ run_greeter (GdmSimpleSlave *slave) g_debug ("Running greeter"); + display_is_local = FALSE; + display_name = NULL; + auth_file = NULL; + display_device = NULL; + g_object_get (slave, "display-is-local", &display_is_local, "display-name", &display_name, "display-x11-authority-file", &auth_file, NULL); - display_device = gdm_server_get_display_device (slave->priv->server); + if (slave->priv->server != NULL) { + display_device = gdm_server_get_display_device (slave->priv->server); + } /* Set the busy cursor */ set_busy_cursor (slave); @@ -1177,12 +1215,20 @@ gdm_simple_slave_class_init (GdmSimpleSlaveClass *klass) } static void -gdm_simple_slave_init (GdmSimpleSlave *simple_slave) +gdm_simple_slave_init (GdmSimpleSlave *slave) { + const char **languages; + + slave->priv = GDM_SIMPLE_SLAVE_GET_PRIVATE (slave); - simple_slave->priv = GDM_SIMPLE_SLAVE_GET_PRIVATE (simple_slave); + slave->priv->pid = -1; + + languages = g_get_language_names (); + if (languages != NULL) { + slave->priv->selected_language = g_strdup (languages[0]); + } - simple_slave->priv->pid = -1; + slave->priv->selected_session = g_strdup ("gnome.desktop"); } static void diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c index e415b3f9..4372fe14 100644 --- a/daemon/gdm-slave.c +++ b/daemon/gdm-slave.c @@ -52,8 +52,6 @@ #include "gdm-session.h" #include "gdm-greeter-proxy.h" -extern char **environ; - #define GDM_SLAVE_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SLAVE, GdmSlavePrivate)) #define GDM_DBUS_NAME "org.gnome.DisplayManager" @@ -99,6 +97,7 @@ enum { PROP_0, PROP_DISPLAY_ID, PROP_DISPLAY_NAME, + PROP_DISPLAY_NUMBER, PROP_DISPLAY_HOSTNAME, PROP_DISPLAY_IS_LOCAL, PROP_DISPLAY_X11_AUTHORITY_FILE, @@ -207,7 +206,7 @@ gdm_slave_real_start (GdmSlave *slave) error = NULL; res = dbus_g_proxy_call (slave->priv->display_proxy, - "GetX11Display", + "GetX11DisplayName", &error, G_TYPE_INVALID, G_TYPE_STRING, &slave->priv->display_name, @@ -225,6 +224,42 @@ gdm_slave_real_start (GdmSlave *slave) error = NULL; res = dbus_g_proxy_call (slave->priv->display_proxy, + "GetX11DisplayNumber", + &error, + G_TYPE_INVALID, + G_TYPE_INT, &slave->priv->display_number, + G_TYPE_INVALID); + if (! res) { + if (error != NULL) { + g_warning ("Failed to get value: %s", error->message); + g_error_free (error); + } else { + g_warning ("Failed to get value"); + } + + return FALSE; + } + + error = NULL; + res = dbus_g_proxy_call (slave->priv->display_proxy, + "GetRemoteHostname", + &error, + G_TYPE_INVALID, + G_TYPE_STRING, &slave->priv->display_hostname, + G_TYPE_INVALID); + if (! res) { + if (error != NULL) { + g_warning ("Failed to get value: %s", error->message); + g_error_free (error); + } else { + g_warning ("Failed to get value"); + } + + return FALSE; + } + + error = NULL; + res = dbus_g_proxy_call (slave->priv->display_proxy, "GetX11Cookie", &error, G_TYPE_INVALID, @@ -314,6 +349,46 @@ gdm_slave_stopped (GdmSlave *slave) g_signal_emit (slave, signals [STOPPED], 0); } +gboolean +gdm_slave_add_user_authorization (GdmSlave *slave, + const char *username, + char **filenamep) +{ + gboolean res; + GError *error; + char *filename; + + filename = NULL; + + if (filenamep != NULL) { + *filenamep = NULL; + } + + error = NULL; + res = dbus_g_proxy_call (slave->priv->display_proxy, + "AddUserAuthorization", + &error, + G_TYPE_STRING, username, + G_TYPE_INVALID, + G_TYPE_STRING, &filename, + G_TYPE_INVALID); + if (filenamep != NULL) { + *filenamep = g_strdup (filename); + } + g_free (filename); + + if (! res) { + if (error != NULL) { + g_warning ("Failed to add user authorization: %s", error->message); + g_error_free (error); + } else { + g_warning ("Failed to add user authorization"); + } + } + + return res; +} + static void _gdm_slave_set_display_id (GdmSlave *slave, const char *id) @@ -331,6 +406,13 @@ _gdm_slave_set_display_name (GdmSlave *slave, } static void +_gdm_slave_set_display_number (GdmSlave *slave, + int number) +{ + slave->priv->display_number = number; +} + +static void _gdm_slave_set_display_hostname (GdmSlave *slave, const char *name) { @@ -378,6 +460,9 @@ gdm_slave_set_property (GObject *object, case PROP_DISPLAY_NAME: _gdm_slave_set_display_name (self, g_value_get_string (value)); break; + case PROP_DISPLAY_NUMBER: + _gdm_slave_set_display_number (self, g_value_get_int (value)); + break; case PROP_DISPLAY_HOSTNAME: _gdm_slave_set_display_hostname (self, g_value_get_string (value)); break; @@ -413,6 +498,9 @@ gdm_slave_get_property (GObject *object, case PROP_DISPLAY_NAME: g_value_set_string (value, self->priv->display_name); break; + case PROP_DISPLAY_NUMBER: + g_value_set_int (value, self->priv->display_number); + break; case PROP_DISPLAY_HOSTNAME: g_value_set_string (value, self->priv->display_hostname); break; @@ -513,6 +601,15 @@ gdm_slave_class_init (GdmSlaveClass *klass) NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, + PROP_DISPLAY_NUMBER, + g_param_spec_int ("display-number", + "display number", + "display number", + -1, + G_MAXINT, + -1, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + g_object_class_install_property (object_class, PROP_DISPLAY_HOSTNAME, g_param_spec_string ("display-hostname", "display hostname", diff --git a/daemon/gdm-slave.h b/daemon/gdm-slave.h index 1ac1c316..880aa003 100644 --- a/daemon/gdm-slave.h +++ b/daemon/gdm-slave.h @@ -57,6 +57,10 @@ GType gdm_slave_get_type (void); gboolean gdm_slave_start (GdmSlave *slave); gboolean gdm_slave_stop (GdmSlave *slave); +gboolean gdm_slave_add_user_authorization (GdmSlave *slave, + const char *username, + char **filename); + void gdm_slave_stopped (GdmSlave *slave); G_END_DECLS diff --git a/daemon/gdm-static-display.c b/daemon/gdm-static-display.c index eb17bbb4..e6e4a647 100644 --- a/daemon/gdm-static-display.c +++ b/daemon/gdm-static-display.c @@ -66,6 +66,23 @@ gdm_static_display_create_authority (GdmDisplay *display) } static gboolean +gdm_static_display_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error) +{ + return TRUE; +} + +static gboolean +gdm_static_display_remove_user_authorization (GdmDisplay *display, + const char *username, + GError **error) +{ + return TRUE; +} + +static gboolean gdm_static_display_manage (GdmDisplay *display) { g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); @@ -144,6 +161,8 @@ gdm_static_display_class_init (GdmStaticDisplayClass *klass) object_class->finalize = gdm_static_display_finalize; display_class->create_authority = gdm_static_display_create_authority; + display_class->add_user_authorization = gdm_static_display_add_user_authorization; + display_class->remove_user_authorization = gdm_static_display_remove_user_authorization; display_class->manage = gdm_static_display_manage; display_class->finish = gdm_static_display_finish; display_class->unmanage = gdm_static_display_unmanage; @@ -183,8 +202,8 @@ gdm_static_display_new (int display_number) x11_display = g_strdup_printf (":%d", display_number); object = g_object_new (GDM_TYPE_STATIC_DISPLAY, - "number", display_number, - "x11-display", x11_display, + "x11-display-number", display_number, + "x11-display-name", x11_display, NULL); g_free (x11_display); diff --git a/daemon/gdm-static-factory-display.c b/daemon/gdm-static-factory-display.c index 892278ce..91cd1195 100644 --- a/daemon/gdm-static-factory-display.c +++ b/daemon/gdm-static-factory-display.c @@ -123,6 +123,23 @@ gdm_static_factory_display_create_product_display (GdmStaticFactoryDisplay *disp } static gboolean +gdm_static_factory_display_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error) +{ + return FALSE; +} + +static gboolean +gdm_static_factory_display_remove_user_authorization (GdmDisplay *display, + const char *username, + GError **error) +{ + return FALSE; +} + +static gboolean gdm_static_factory_display_create_authority (GdmDisplay *display) { g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); @@ -249,6 +266,8 @@ gdm_static_factory_display_class_init (GdmStaticFactoryDisplayClass *klass) object_class->finalize = gdm_static_factory_display_finalize; display_class->create_authority = gdm_static_factory_display_create_authority; + display_class->add_user_authorization = gdm_static_factory_display_add_user_authorization; + display_class->remove_user_authorization = gdm_static_factory_display_remove_user_authorization; display_class->manage = gdm_static_factory_display_manage; display_class->finish = gdm_static_factory_display_finish; display_class->unmanage = gdm_static_factory_display_unmanage; @@ -298,8 +317,8 @@ gdm_static_factory_display_new (int display_number, x11_display = g_strdup_printf (":%d", display_number); object = g_object_new (GDM_TYPE_STATIC_FACTORY_DISPLAY, "slave-command", DEFAULT_SLAVE_COMMAND, - "number", display_number, - "x11-display", x11_display, + "x11-display-number", display_number, + "x11-display-name", x11_display, "display-store", store, NULL); g_free (x11_display); diff --git a/daemon/gdm-xdmcp-display.c b/daemon/gdm-xdmcp-display.c index 18ed9019..a2faea18 100644 --- a/daemon/gdm-xdmcp-display.c +++ b/daemon/gdm-xdmcp-display.c @@ -97,8 +97,8 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display) x11_display = NULL; g_object_get (display, - "x11-display", &x11_display, - "number", &display_num, + "x11-display-name", &x11_display, + "x11-display-number", &display_num, NULL); /* Create new random cookie */ @@ -119,8 +119,9 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display) goto out; } + g_debug ("Adding auth entry for xdmcp display:%d cookie:%s", display_num, cookie->str); authlist = NULL; - if (! gdm_auth_add_entry_for_display (display_num, cookie, &authlist, af)) { + if (! gdm_auth_add_entry_for_display (display_num, NULL, cookie, af, &authlist)) { goto out; } @@ -154,6 +155,42 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display) } static gboolean +gdm_xdmcp_display_add_user_authorization (GdmDisplay *display, + const char *username, + char **filename, + GError **error) +{ + gboolean res; + char *cookie; + char *hostname; + int display_num; + + res = gdm_display_get_x11_cookie (display, &cookie, NULL); + res = gdm_display_get_x11_display_number (display, &display_num, NULL); + + hostname = NULL; + res = gdm_address_get_hostname (GDM_XDMCP_DISPLAY (display)->priv->remote_address, &hostname); + g_debug ("add user auth for xdmcp display: %s host:%s", username, hostname); + gdm_address_debug (GDM_XDMCP_DISPLAY (display)->priv->remote_address); + g_free (hostname); + + res = gdm_auth_user_add (display_num, + GDM_XDMCP_DISPLAY (display)->priv->remote_address, + username, + cookie, + filename); + return res; +} + +static gboolean +gdm_xdmcp_display_remove_user_authorization (GdmDisplay *display, + const char *username, + GError **error) +{ + return TRUE; +} + +static gboolean gdm_xdmcp_display_manage (GdmDisplay *display) { g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE); @@ -174,6 +211,20 @@ gdm_xdmcp_display_unmanage (GdmDisplay *display) } static void +_gdm_xdmcp_display_set_remote_address (GdmXdmcpDisplay *display, + GdmAddress *address) +{ + if (display->priv->remote_address != NULL) { + gdm_address_free (display->priv->remote_address); + } + + g_assert (address != NULL); + + gdm_address_debug (address); + display->priv->remote_address = gdm_address_copy (address); +} + +static void gdm_xdmcp_display_set_property (GObject *object, guint prop_id, const GValue *value, @@ -185,7 +236,7 @@ gdm_xdmcp_display_set_property (GObject *object, switch (prop_id) { case PROP_REMOTE_ADDRESS: - self->priv->remote_address = g_value_get_boxed (value); + _gdm_xdmcp_display_set_remote_address (self, g_value_get_boxed (value)); break; case PROP_SESSION_NUMBER: self->priv->session_number = g_value_get_int (value); @@ -230,6 +281,8 @@ gdm_xdmcp_display_class_init (GdmXdmcpDisplayClass *klass) object_class->finalize = gdm_xdmcp_display_finalize; display_class->create_authority = gdm_xdmcp_display_create_authority; + display_class->add_user_authorization = gdm_xdmcp_display_add_user_authorization; + display_class->remove_user_authorization = gdm_xdmcp_display_remove_user_authorization; display_class->manage = gdm_xdmcp_display_manage; display_class->unmanage = gdm_xdmcp_display_unmanage; @@ -290,8 +343,8 @@ gdm_xdmcp_display_new (const char *hostname, x11_display = g_strdup_printf ("%s:%d", hostname, number); object = g_object_new (GDM_TYPE_XDMCP_DISPLAY, "remote-hostname", hostname, - "number", number, - "x11-display", x11_display, + "x11-display-number", number, + "x11-display-name", x11_display, "is-local", FALSE, "remote-address", address, "session-number", session_number, diff --git a/daemon/gdm-xdmcp-manager.c b/daemon/gdm-xdmcp-manager.c index e0b40da6..d88bd46e 100644 --- a/daemon/gdm-xdmcp-manager.c +++ b/daemon/gdm-xdmcp-manager.c @@ -456,6 +456,9 @@ do_bind (guint port, GdmAddress *addr; addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr); + + host = NULL; + serv = NULL; gdm_address_get_numeric_info (addr, &host, &serv); g_debug ("XDMCP: Attempting to bind to host %s port %s", host, serv); g_free (host); @@ -602,9 +605,10 @@ gdm_xdmcp_host_allow (GdmAddress *address) gboolean ret; host = NULL; + client = NULL; /* Find client hostname */ - client = gdm_address_get_hostname (address); + gdm_address_get_hostname (address, &client); gdm_address_get_numeric_info (address, &host, NULL); /* Check with tcp_wrappers if client is allowed to access */ @@ -676,7 +680,7 @@ lookup_by_host (const char *id, } this_address = gdm_xdmcp_display_get_remote_address (GDM_XDMCP_DISPLAY (display)); - gdm_display_get_number (display, &disp_num, NULL); + gdm_display_get_x11_display_number (display, &disp_num, NULL); if (gdm_address_equal (this_address, data->address) && disp_num == data->display_num) { @@ -760,6 +764,7 @@ gdm_xdmcp_send_willing (GdmXdmcpManager *manager, static time_t last_willing = 0; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XDMCP: Sending WILLING to %s", host); g_free (host); @@ -827,6 +832,7 @@ gdm_xdmcp_send_unwilling (GdmXdmcpManager *manager, return; } + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XDMCP: Sending UNWILLING to %s", host); g_warning (_("Denied XDMCP query from host %s"), host); @@ -923,11 +929,14 @@ gdm_xdmcp_send_forward_query (GdmXdmcpManager *manager, g_assert (id != NULL); g_assert (id->chosen_host != NULL); + host = NULL; gdm_address_get_numeric_info (id->chosen_host, &host, NULL); g_debug ("XDMCP: Sending forward query to %s", host); g_free (host); + host = NULL; + serv = NULL; gdm_address_get_numeric_info (display_address, &host, &serv); g_debug ("gdm_xdmcp_send_forward_query: Query contains %s:%s", host, serv); @@ -1134,6 +1143,7 @@ gdm_forward_query_dispose (GdmXdmcpManager *manager, { char *host; + host = NULL; gdm_address_get_numeric_info (q->dsp_address, &host, NULL); g_debug ("gdm_forward_query_dispose: Disposing %s", host); g_free (host); @@ -1217,6 +1227,8 @@ gdm_forward_query_lookup (GdmXdmcpManager *manager, continue; } + host = NULL; + serv = NULL; gdm_address_get_numeric_info (q->dsp_address, &host, &serv); g_debug ("gdm_forward_query_lookup: comparing %s:%s", host, serv); @@ -1243,6 +1255,7 @@ gdm_forward_query_lookup (GdmXdmcpManager *manager, if (ret == NULL) { char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("gdm_forward_query_lookup: Host %s not found", host); @@ -1376,6 +1389,7 @@ gdm_xdmcp_handle_forward_query (GdmXdmcpManager *manager, if (! gdm_xdmcp_host_allow (address)) { char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_warning ("%s: Got FORWARD_QUERY from banned host %s", @@ -1438,6 +1452,8 @@ gdm_xdmcp_handle_forward_query (GdmXdmcpManager *manager, address, disp_address); + host = NULL; + serv = NULL; gdm_address_get_numeric_info (disp_address, &host, &serv); g_debug ("gdm_xdmcp_handle_forward_query: Got FORWARD_QUERY for display: %s, port %s", host, serv); @@ -1476,6 +1492,7 @@ gdm_xdmcp_really_send_managed_forward (GdmXdmcpManager *manager, XdmcpHeader header; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XDMCP: Sending MANAGED_FORWARD to %s", host); g_free (host); @@ -1556,6 +1573,7 @@ gdm_xdmcp_send_got_managed_forward (GdmXdmcpManager *manager, XdmcpHeader header; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XDMCP: Sending GOT_MANAGED_FORWARD to %s", host); g_free (host); @@ -1657,7 +1675,7 @@ remove_host (const char *id, } gdm_display_get_remote_hostname (display, &hostname, NULL); - gdm_display_get_number (display, &disp_num, NULL); + gdm_display_get_x11_display_number (display, &disp_num, NULL); if (disp_num == data->display_num && hostname != NULL && @@ -1706,6 +1724,7 @@ gdm_xdmcp_send_decline (GdmXdmcpManager *manager, GdmForwardQuery *fq; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XMDCP: Sending DECLINE to %s", host); g_free (host); @@ -1752,6 +1771,8 @@ gdm_xdmcp_display_alloc (GdmXdmcpManager *manager, { GdmDisplay *display; + g_debug ("Creating xdmcp display for %s:%d", hostname, displaynum); + display = gdm_xdmcp_display_new (hostname, displaynum, address, @@ -1806,6 +1827,7 @@ gdm_xdmcp_send_accept (GdmXdmcpManager *manager, (XdmcpNetaddr)gdm_address_peek_sockaddr_storage (address), (int)sizeof (struct sockaddr_storage)); + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XDMCP: Sending ACCEPT to %s with SessionID=%ld", host, @@ -1996,6 +2018,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, char *x11_cookie; GString *cookie; GString *binary_cookie; + GString *test_cookie; gdm_display_get_x11_cookie (display, &x11_cookie, NULL); cookie = g_string_new (x11_cookie); @@ -2012,6 +2035,21 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager, /* FIXME: handle error */ } + test_cookie = g_string_new (NULL); + if (! gdm_string_hex_encode (binary_cookie, + 0, + test_cookie, + 0)) { + g_warning ("Unable to encode hex cookie"); + /* FIXME: handle error */ + } + + /* sanity check cookie */ + g_debug ("Reencoded cookie len:%d '%s'", test_cookie->len, test_cookie->str); + g_assert (test_cookie->len == cookie->len); + g_assert (strcmp (test_cookie->str, cookie->str) == 0); + g_string_free (test_cookie, TRUE); + g_debug ("Sending authorization key for display %s", cookie->str); g_debug ("Decoded cookie len %d", binary_cookie->len); @@ -2192,6 +2230,7 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager, GdmForwardQuery *fq; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("gdm_xdmcp_handle_manage: Got MANAGE from %s", host); @@ -2203,33 +2242,35 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager, g_free (host); return; } - g_free (host); /* SessionID */ if G_UNLIKELY (! XdmcpReadCARD32 (&manager->priv->buf, &clnt_sessid)) { g_warning (_("%s: Could not read Session ID"), "gdm_xdmcp_handle_manage"); - return; + goto out; } /* Remote display number */ if G_UNLIKELY (! XdmcpReadCARD16 (&manager->priv->buf, &clnt_dspnum)) { g_warning (_("%s: Could not read Display Number"), "gdm_xdmcp_handle_manage"); - return; + goto out; } /* Display Class */ if G_UNLIKELY (! XdmcpReadARRAY8 (&manager->priv->buf, &clnt_dspclass)) { g_warning (_("%s: Could not read Display Class"), "gdm_xdmcp_handle_manage"); - return; + goto out; } { char *s = g_strndup ((char *) clnt_dspclass.data, clnt_dspclass.length); g_debug ("gdm_xdmcp-handle_manage: Got display=%d, SessionID=%ld Class=%s from %s", - (int)clnt_dspnum, (long)clnt_sessid, ve_sure_string (s), host); + (int)clnt_dspnum, + (long)clnt_sessid, + ve_sure_string (s), + host); g_free (s); } @@ -2240,7 +2281,7 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager, char *name; name = NULL; - gdm_display_get_x11_display (display, &name, NULL); + gdm_display_get_x11_display_name (display, &name, NULL); g_debug ("gdm_xdmcp_handle_manage: Looked up %s", name); g_free (name); @@ -2293,7 +2334,9 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager, gdm_xdmcp_send_refuse (manager, address, clnt_sessid); } + out: XdmcpDisposeARRAY8 (&clnt_dspclass); + g_free (host); } static void @@ -2301,11 +2344,12 @@ gdm_xdmcp_handle_managed_forward (GdmXdmcpManager *manager, GdmAddress *address, int len) { - ARRAY8 clnt_address; + ARRAY8 clnt_address; GdmIndirectDisplay *id; - char *host; - GdmAddress *disp_address; + char *host; + GdmAddress *disp_address; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("gdm_xdmcp_handle_managed_forward: Got MANAGED_FORWARD from %s", host); @@ -2356,6 +2400,7 @@ gdm_xdmcp_handle_got_managed_forward (GdmXdmcpManager *manager, ARRAY8 clnt_address; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("gdm_xdmcp_handle_got_managed_forward: Got MANAGED_FORWARD from %s", host); @@ -2444,6 +2489,7 @@ gdm_xdmcp_handle_keepalive (GdmXdmcpManager *manager, CARD32 clnt_sessid; char *host; + host = NULL; gdm_address_get_numeric_info (address, &host, NULL); g_debug ("XDMCP: Got KEEPALIVE from %s", host); @@ -2554,6 +2600,10 @@ decode_packet (GIOChannel *source, return TRUE; } + gdm_address_debug (address); + + host = NULL; + port = NULL; gdm_address_get_numeric_info (address, &host, &port); g_debug ("XDMCP: Received opcode %s from client %s : %s", diff --git a/data/gdm.conf b/data/gdm.conf index a3881dc7..b701f73e 100644 --- a/data/gdm.conf +++ b/data/gdm.conf @@ -13,12 +13,19 @@ send_interface="org.gnome.DBus.Properties" /> </policy> - <!-- Allow anyone to invoke methods on the interfaces --> <policy context="default"> <allow send_interface="org.gnome.DisplayManager.Manager"/> <allow send_interface="org.gnome.DisplayManager.Display"/> <deny send_destination="org.gnome.DisplayManager" send_interface="org.gnome.DBus.Properties" /> + <deny send_interface="org.gnome.DisplayManager.Display" + send_member="GetX11Cookie"/> + <deny send_interface="org.gnome.DisplayManager.Display" + send_member="GetX11AuthorityFile"/> + <deny send_interface="org.gnome.DisplayManager.Display" + send_member="AddUserAuthoritization"/> + <deny send_interface="org.gnome.DisplayManager.Display" + send_member="RemoveUserAuthoritization"/> </policy> <policy user="gdm"> diff --git a/gui/simple-greeter/greeter-main.c b/gui/simple-greeter/greeter-main.c index a921e172..bf64d790 100644 --- a/gui/simple-greeter/greeter-main.c +++ b/gui/simple-greeter/greeter-main.c @@ -296,6 +296,8 @@ main (int argc, char *argv[]) exit (1); } + g_debug ("Greeter for display %s xauthority:%s", g_getenv ("DISPLAY"), g_getenv ("XAUTHORITY")); + /* * gdm_common_atspi_launch () needs gdk initialized. * We cannot start gtk before the registry is running |