summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Jon McCann <mccann@jhu.edu>2007-07-25 22:45:28 +0000
committerWilliam Jon McCann <mccann@src.gnome.org>2007-07-25 22:45:28 +0000
commitcab659a1278bd000f116a41a4321159f720b0d2a (patch)
tree1d253e9756d9ba8a1d80d745e3bd2fa10dab18d5
parent466d7376ec05b05e82efb5c359006cfb225cf653 (diff)
downloadgdm-cab659a1278bd000f116a41a4321159f720b0d2a.tar.gz
Make XDMCP logins work.
2007-07-25 William Jon McCann <mccann@jhu.edu> * common/gdm-address.c: (gdm_address_get_hostname), (gdm_address_get_numeric_info), (address_family_str), (gdm_address_debug): * common/gdm-address.h: * daemon/Makefile.am: * daemon/auth.c: (gdm_auth_add_entry), (gdm_auth_add_entry_for_display), (gdm_auth_user_add): * daemon/auth.h: * daemon/gdm-ck-session.c: (unlock_ck_session): * daemon/gdm-display.c: (gdm_display_real_add_user_authorization), (gdm_display_add_user_authorization), (gdm_display_real_remove_user_authorization), (gdm_display_remove_user_authorization), (gdm_display_get_x11_display_number), (gdm_display_get_x11_display_name), (_gdm_display_set_x11_display_number), (_gdm_display_set_x11_display_name), (gdm_display_set_property), (gdm_display_get_property), (gdm_display_class_init): * daemon/gdm-display.h: * daemon/gdm-display.xml: * daemon/gdm-factory-slave.c: (run_greeter): * daemon/gdm-greeter-proxy.c: (listify_hash): * daemon/gdm-product-display.c: (gdm_product_display_add_user_authorization), (gdm_product_display_remove_user_authorization), (gdm_product_display_class_init), (gdm_product_display_new): * daemon/gdm-simple-slave.c: (listify_hash), (get_script_environment), (add_user_authorization), (setup_session_environment), (run_greeter), (gdm_simple_slave_init): * daemon/gdm-slave.c: (gdm_slave_real_start), (gdm_slave_add_user_authorization), (_gdm_slave_set_display_number), (gdm_slave_set_property), (gdm_slave_get_property), (gdm_slave_class_init): * daemon/gdm-slave.h: * daemon/gdm-static-display.c: (gdm_static_display_add_user_authorization), (gdm_static_display_remove_user_authorization), (gdm_static_display_class_init), (gdm_static_display_new): * daemon/gdm-static-factory-display.c: (gdm_static_factory_display_add_user_authorization), (gdm_static_factory_display_remove_user_authorization), (gdm_static_factory_display_class_init), (gdm_static_factory_display_new): * daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority), (gdm_xdmcp_display_add_user_authorization), (gdm_xdmcp_display_remove_user_authorization), (_gdm_xdmcp_display_set_remote_address), (gdm_xdmcp_display_set_property), (gdm_xdmcp_display_class_init), (gdm_xdmcp_display_new): * daemon/gdm-xdmcp-manager.c: (do_bind), (gdm_xdmcp_host_allow), (lookup_by_host), (gdm_xdmcp_send_willing), (gdm_xdmcp_send_unwilling), (gdm_xdmcp_send_forward_query), (gdm_forward_query_dispose), (gdm_forward_query_lookup), (gdm_xdmcp_handle_forward_query), (gdm_xdmcp_really_send_managed_forward), (gdm_xdmcp_send_got_managed_forward), (remove_host), (gdm_xdmcp_send_decline), (gdm_xdmcp_display_alloc), (gdm_xdmcp_send_accept), (gdm_xdmcp_handle_request), (gdm_xdmcp_handle_manage), (gdm_xdmcp_handle_managed_forward), (gdm_xdmcp_handle_got_managed_forward), (gdm_xdmcp_handle_keepalive), (decode_packet): * data/gdm.conf: * gui/simple-greeter/greeter-main.c: (main): Make XDMCP logins work. svn path=/branches/mccann-gobject/; revision=5086
-rw-r--r--ChangeLog68
-rw-r--r--common/gdm-address.c122
-rw-r--r--common/gdm-address.h6
-rw-r--r--daemon/Makefile.am4
-rw-r--r--daemon/auth.c780
-rw-r--r--daemon/auth.h40
-rw-r--r--daemon/gdm-ck-session.c2
-rw-r--r--daemon/gdm-display.c134
-rw-r--r--daemon/gdm-display.h28
-rw-r--r--daemon/gdm-display.xml15
-rw-r--r--daemon/gdm-factory-slave.c9
-rw-r--r--daemon/gdm-greeter-proxy.c1
-rw-r--r--daemon/gdm-product-display.c23
-rw-r--r--daemon/gdm-simple-slave.c58
-rw-r--r--daemon/gdm-slave.c103
-rw-r--r--daemon/gdm-slave.h4
-rw-r--r--daemon/gdm-static-display.c23
-rw-r--r--daemon/gdm-static-factory-display.c23
-rw-r--r--daemon/gdm-xdmcp-display.c65
-rw-r--r--daemon/gdm-xdmcp-manager.c74
-rw-r--r--data/gdm.conf9
-rw-r--r--gui/simple-greeter/greeter-main.c2
22 files changed, 774 insertions, 819 deletions
diff --git a/ChangeLog b/ChangeLog
index 2838be50..94303c90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,71 @@
+2007-07-25 William Jon McCann <mccann@jhu.edu>
+
+ * common/gdm-address.c: (gdm_address_get_hostname),
+ (gdm_address_get_numeric_info), (address_family_str),
+ (gdm_address_debug):
+ * common/gdm-address.h:
+ * daemon/Makefile.am:
+ * daemon/auth.c: (gdm_auth_add_entry),
+ (gdm_auth_add_entry_for_display), (gdm_auth_user_add):
+ * daemon/auth.h:
+ * daemon/gdm-ck-session.c: (unlock_ck_session):
+ * daemon/gdm-display.c: (gdm_display_real_add_user_authorization),
+ (gdm_display_add_user_authorization),
+ (gdm_display_real_remove_user_authorization),
+ (gdm_display_remove_user_authorization),
+ (gdm_display_get_x11_display_number),
+ (gdm_display_get_x11_display_name),
+ (_gdm_display_set_x11_display_number),
+ (_gdm_display_set_x11_display_name), (gdm_display_set_property),
+ (gdm_display_get_property), (gdm_display_class_init):
+ * daemon/gdm-display.h:
+ * daemon/gdm-display.xml:
+ * daemon/gdm-factory-slave.c: (run_greeter):
+ * daemon/gdm-greeter-proxy.c: (listify_hash):
+ * daemon/gdm-product-display.c:
+ (gdm_product_display_add_user_authorization),
+ (gdm_product_display_remove_user_authorization),
+ (gdm_product_display_class_init), (gdm_product_display_new):
+ * daemon/gdm-simple-slave.c: (listify_hash),
+ (get_script_environment), (add_user_authorization),
+ (setup_session_environment), (run_greeter),
+ (gdm_simple_slave_init):
+ * daemon/gdm-slave.c: (gdm_slave_real_start),
+ (gdm_slave_add_user_authorization),
+ (_gdm_slave_set_display_number), (gdm_slave_set_property),
+ (gdm_slave_get_property), (gdm_slave_class_init):
+ * daemon/gdm-slave.h:
+ * daemon/gdm-static-display.c:
+ (gdm_static_display_add_user_authorization),
+ (gdm_static_display_remove_user_authorization),
+ (gdm_static_display_class_init), (gdm_static_display_new):
+ * daemon/gdm-static-factory-display.c:
+ (gdm_static_factory_display_add_user_authorization),
+ (gdm_static_factory_display_remove_user_authorization),
+ (gdm_static_factory_display_class_init),
+ (gdm_static_factory_display_new):
+ * daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority),
+ (gdm_xdmcp_display_add_user_authorization),
+ (gdm_xdmcp_display_remove_user_authorization),
+ (_gdm_xdmcp_display_set_remote_address),
+ (gdm_xdmcp_display_set_property), (gdm_xdmcp_display_class_init),
+ (gdm_xdmcp_display_new):
+ * daemon/gdm-xdmcp-manager.c: (do_bind), (gdm_xdmcp_host_allow),
+ (lookup_by_host), (gdm_xdmcp_send_willing),
+ (gdm_xdmcp_send_unwilling), (gdm_xdmcp_send_forward_query),
+ (gdm_forward_query_dispose), (gdm_forward_query_lookup),
+ (gdm_xdmcp_handle_forward_query),
+ (gdm_xdmcp_really_send_managed_forward),
+ (gdm_xdmcp_send_got_managed_forward), (remove_host),
+ (gdm_xdmcp_send_decline), (gdm_xdmcp_display_alloc),
+ (gdm_xdmcp_send_accept), (gdm_xdmcp_handle_request),
+ (gdm_xdmcp_handle_manage), (gdm_xdmcp_handle_managed_forward),
+ (gdm_xdmcp_handle_got_managed_forward),
+ (gdm_xdmcp_handle_keepalive), (decode_packet):
+ * data/gdm.conf:
+ * gui/simple-greeter/greeter-main.c: (main):
+ Make XDMCP logins work.
+
2007-07-24 William Jon McCann <mccann@jhu.edu>
* daemon/gdm-display.c: (finish_idle), (queue_finish),
diff --git a/common/gdm-address.c b/common/gdm-address.c
index b5cf08da..36cbbf34 100644
--- a/common/gdm-address.c
+++ b/common/gdm-address.c
@@ -174,46 +174,77 @@ gdm_address_equal (GdmAddress *a,
return FALSE;
}
-char *
-gdm_address_get_hostname (GdmAddress *address)
+gboolean
+gdm_address_get_hostname (GdmAddress *address,
+ char **hostnamep)
{
- char host [NI_MAXHOST];
+ char host [NI_MAXHOST];
+ int res;
+ gboolean ret;
+
+ g_return_val_if_fail (address != NULL || address->ss != NULL, FALSE);
- g_return_val_if_fail (address != NULL || address->ss != NULL, NULL);
+ ret = FALSE;
host [0] = '\0';
- getnameinfo ((const struct sockaddr *)address->ss,
- sizeof (struct sockaddr_storage),
- host, sizeof (host),
- NULL, 0,
- 0);
+ res = getnameinfo ((const struct sockaddr *)address->ss,
+ sizeof (struct sockaddr_storage),
+ host, sizeof (host),
+ NULL, 0,
+ 0);
+ if (res == 0) {
+ ret = TRUE;
+ goto done;
+ } else {
+ g_warning ("Unable lookup hostname: %s", gai_strerror (res));
+ gdm_address_debug (address);
+ }
- return g_strdup (host);
+ /* try numeric? */
+
+ done:
+ if (hostnamep != NULL) {
+ *hostnamep = g_strdup (host);
+ }
+
+ return ret;
}
-void
+gboolean
gdm_address_get_numeric_info (GdmAddress *address,
char **hostp,
char **servp)
{
- char host [NI_MAXHOST];
- char serv [NI_MAXSERV];
+ char host [NI_MAXHOST];
+ char serv [NI_MAXSERV];
+ int res;
+ gboolean ret;
+
+ g_return_val_if_fail (address != NULL || address->ss != NULL, FALSE);
- g_return_if_fail (address != NULL || address->ss != NULL);
+ ret = FALSE;
host [0] = '\0';
serv [0] = '\0';
- getnameinfo ((const struct sockaddr *)address->ss,
- sizeof (struct sockaddr_storage),
- host, sizeof (host),
- serv, sizeof (serv),
- NI_NUMERICHOST | NI_NUMERICSERV);
+ res = getnameinfo ((const struct sockaddr *)address->ss,
+ sizeof (struct sockaddr_storage),
+ host, sizeof (host),
+ serv, sizeof (serv),
+ NI_NUMERICHOST | NI_NUMERICSERV);
+ if (res != 0) {
+ g_warning ("Unable lookup numeric info: %s", gai_strerror (res));
+ } else {
+ ret = TRUE;
+ }
+
if (servp != NULL) {
*servp = g_strdup (serv);
}
if (hostp != NULL) {
*hostp = g_strdup (host);
}
+
+ return ret;
}
gboolean
@@ -351,4 +382,57 @@ gdm_address_free (GdmAddress *address)
g_free (address);
}
+/* for debugging */
+static const char *
+address_family_str (GdmAddress *address)
+{
+ const char *str;
+ switch (address->ss->ss_family) {
+ case AF_INET:
+ str = "inet";
+ break;
+ case AF_INET6:
+ str = "inet6";
+ break;
+ case AF_UNIX:
+ str = "unix";
+ break;
+ case AF_UNSPEC:
+ str = "unspecified";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+ return str;
+}
+
+void
+gdm_address_debug (GdmAddress *address)
+{
+ char *hostname;
+ char *host;
+ char *port;
+ g_return_if_fail (address != NULL);
+
+ hostname = NULL;
+ host = NULL;
+ port = NULL;
+
+ gdm_address_get_hostname (address, &hostname);
+ gdm_address_get_numeric_info (address, &host, &port);
+
+ g_debug ("Address family:%d (%s) hostname:%s host:%s port:%s local:%d loopback:%d",
+ address->ss->ss_family,
+ address_family_str (address),
+ hostname,
+ host,
+ port,
+ gdm_address_is_local (address),
+ gdm_address_is_loopback (address));
+
+ g_free (hostname);
+ g_free (host);
+ g_free (port);
+}
diff --git a/common/gdm-address.h b/common/gdm-address.h
index 2c6ec2cf..1db36b19 100644
--- a/common/gdm-address.h
+++ b/common/gdm-address.h
@@ -46,8 +46,9 @@ int gdm_address_get_family_type (GdmAddress
struct sockaddr_storage *gdm_address_get_sockaddr_storage (GdmAddress *address);
struct sockaddr_storage *gdm_address_peek_sockaddr_storage (GdmAddress *address);
-char * gdm_address_get_hostname (GdmAddress *address);
-void gdm_address_get_numeric_info (GdmAddress *address,
+gboolean gdm_address_get_hostname (GdmAddress *address,
+ char **hostname);
+gboolean gdm_address_get_numeric_info (GdmAddress *address,
char **numeric_hostname,
char **service);
gboolean gdm_address_is_local (GdmAddress *address);
@@ -60,6 +61,7 @@ GdmAddress * gdm_address_copy (GdmAddress
void gdm_address_free (GdmAddress *address);
+void gdm_address_debug (GdmAddress *address);
const GList * gdm_address_peek_local_list (void);
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 25b504cb..e81e3fb8 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -105,6 +105,8 @@ gdm_simple_slave_SOURCES = \
gdm-slave.h \
gdm-simple-slave.c \
gdm-simple-slave.h \
+ auth.c \
+ auth.h \
fstype.c \
filecheck.c \
filecheck.h \
@@ -181,6 +183,8 @@ gdm_product_slave_SOURCES = \
gdm-slave.h \
gdm-product-slave.c \
gdm-product-slave.h \
+ auth.c \
+ auth.h \
fstype.c \
filecheck.c \
filecheck.h \
diff --git a/daemon/auth.c b/daemon/auth.c
index 0a63fb06..3ac76235 100644
--- a/daemon/auth.c
+++ b/daemon/auth.c
@@ -32,6 +32,7 @@
#include <sys/stat.h>
#include <netinet/in.h>
#include <errno.h>
+#include <pwd.h>
#include <X11/Xauth.h>
@@ -42,49 +43,45 @@
#include "auth.h"
#include "gdm-common.h"
+#include "gdm-address.h"
#include "gdm-log.h"
-/* Ensure we know about FamilyInternetV6 even if what we're compiling
- against doesn't */
-#ifdef ENABLE_IPV6
-#ifndef FamilyInternetV6
-#define FamilyInternetV6 6
-#endif /* ! FamilyInternetV6 */
-#endif /* ENABLE_IPV6 */
-
-/* Local prototypes */
-static FILE *gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty);
-
gboolean
gdm_auth_add_entry (int display_num,
+ GdmAddress *address,
GString *binary_cookie,
- GSList **authlist,
FILE *af,
- unsigned short family,
- const char *addr,
- int addrlen)
+ GSList **authlist)
{
Xauth *xa;
char *dispnum;
xa = malloc (sizeof (Xauth));
- if G_UNLIKELY (xa == NULL)
+ if (xa == NULL) {
return FALSE;
+ }
- xa->family = family;
- if (addrlen == 0) {
+ if (address == NULL) {
+ xa->family = FamilyWild;
xa->address = NULL;
xa->address_length = 0;
} else {
- xa->address = malloc (addrlen);
- if G_UNLIKELY (xa->address == NULL) {
+ gboolean res;
+ char *hostname;
+
+ xa->family = gdm_address_get_family_type (address);
+
+ res = gdm_address_get_hostname (address, &hostname);
+ if (! res) {
free (xa);
return FALSE;
}
- memcpy (xa->address, addr, addrlen);
- xa->address_length = addrlen;
+ g_debug ("Got hostname: %s", hostname);
+
+ xa->address = hostname;
+ xa->address_length = strlen (xa->address);
}
dispnum = g_strdup_printf ("%d", display_num);
@@ -95,7 +92,7 @@ gdm_auth_add_entry (int display_num,
xa->name = strdup ("MIT-MAGIC-COOKIE-1");
xa->name_length = strlen ("MIT-MAGIC-COOKIE-1");
xa->data = malloc (16);
- if G_UNLIKELY (xa->data == NULL) {
+ if (xa->data == NULL) {
free (xa->number);
free (xa->name);
free (xa->address);
@@ -106,9 +103,11 @@ gdm_auth_add_entry (int display_num,
memcpy (xa->data, binary_cookie->str, binary_cookie->len);
xa->data_length = binary_cookie->len;
+ g_debug ("Writing auth for address:%p %s:%d", address, xa->address, display_num);
+
if (af != NULL) {
errno = 0;
- if G_UNLIKELY ( ! XauWriteAuth (af, xa)) {
+ if ( ! XauWriteAuth (af, xa)) {
free (xa->data);
free (xa->number);
free (xa->name);
@@ -128,16 +127,19 @@ gdm_auth_add_entry (int display_num,
}
}
- *authlist = g_slist_append (*authlist, xa);
+ if (authlist != NULL) {
+ *authlist = g_slist_append (*authlist, xa);
+ }
return TRUE;
}
gboolean
-gdm_auth_add_entry_for_display (int display_num,
- GString *cookie,
- GSList **authlist,
- FILE *af)
+gdm_auth_add_entry_for_display (int display_num,
+ GdmAddress *address,
+ GString *cookie,
+ FILE *af,
+ GSList **authlist)
{
GString *binary_cookie;
gboolean ret;
@@ -154,704 +156,86 @@ gdm_auth_add_entry_for_display (int display_num,
}
ret = gdm_auth_add_entry (display_num,
+ address,
binary_cookie,
- authlist,
af,
- FamilyWild,
- NULL,
- 0);
+ authlist);
+
out:
g_string_free (binary_cookie, TRUE);
return ret;
}
-#if 0
-
-#define SA(__s) ((struct sockaddr *) __s)
-#define SIN(__s) ((struct sockaddr_in *) __s)
-#define SIN6(__s) ((struct sockaddr_in6 *) __s)
-
-static gboolean
-add_auth_entry_for_addr (GdmDisplay *d,
- GSList **authlist,
- struct sockaddr_storage *ss)
-{
- const char *addr;
- int len;
- unsigned short family;
-
- switch (ss->ss_family) {
-#if IPV6_ENABLED
- case AF_INET6:
- family = FamilyInternetV6;
- addr = (const char *) &SIN6 (ss)->sin6_addr;
- len = sizeof (struct in6_addr);
- break;
-#endif
- case AF_INET:
- default:
- family = FamilyInternet;
- addr = (const char *) &SIN (ss)->sin_addr;
- len = sizeof (struct in_addr);
- break;
- }
-
- return add_auth_entry (d, authlist, NULL, NULL, family, addr, len);
-}
-
-static GSList *
-get_local_auths (GdmDisplay *d)
-{
- gboolean is_local = FALSE;
- guint i;
- const GList *local_addys = NULL;
- gboolean added_lo = FALSE;
- GSList *auths = NULL;
-
- if G_UNLIKELY (!d)
- return NULL;
-
- if (gdm_display_is_local (d)) {
- char hostname[1024];
-
- /* reget local host if local as it may have changed */
- hostname[1023] = '\0';
- if G_LIKELY (gethostname (hostname, 1023) == 0) {
- g_free (d->hostname);
- d->hostname = g_strdup (hostname);
- }
- if ( ! d->tcp_disallowed)
- local_addys = gdm_address_peek_local_list ();
-
- is_local = TRUE;
- } else {
- is_local = FALSE;
-
- if (gdm_address_is_local (&(d->addr))) {
- is_local = TRUE;
- }
-
- for (i = 0; ! is_local && i < d->addr_count; i++) {
- if (gdm_address_is_local (&d->addrs[i])) {
- is_local = TRUE;
- break;
- }
- }
- }
-
- /* Local access also in case the host is very local */
- if (is_local) {
- gdm_debug ("get_local_auths: Setting up socket access");
-
- if ( ! add_auth_entry (d, &auths, NULL, NULL, FamilyLocal,
- d->hostname, strlen (d->hostname)))
- goto get_local_auth_error;
-
- /* local machine but not local if you get my meaning, add
- * the host gotten by gethostname as well if it's different
- * since the above is probably localhost */
- if ( ! gdm_display_is_local (d)) {
- char hostname[1024];
-
- hostname[1023] = '\0';
- if (gethostname (hostname, 1023) == 0 &&
- strcmp (hostname, d->hostname) != 0) {
- if ( ! add_auth_entry (d, &auths, NULL, NULL, FamilyLocal,
- hostname,
- strlen (hostname)))
- goto get_local_auth_error;
- }
- } else {
- /* local machine, perhaps we haven't added
- * localhost.localdomain to socket access */
- const char *localhost = "localhost.localdomain";
- if (strcmp (localhost, d->hostname) != 0) {
- if ( ! add_auth_entry (d, &auths, NULL, NULL, FamilyLocal,
- localhost,
- strlen (localhost))) {
- goto get_local_auth_error;
- }
- }
- }
- }
-
- gdm_debug ("get_local_auths: Setting up network access");
-
- if ( ! gdm_display_is_local (d)) {
- /* we should write out an entry for d->addr since
- possibly it is not in d->addrs */
-
- if (! add_auth_entry_for_addr (d, &auths, &d->addr)) {
- goto get_local_auth_error;
- }
-
- if (gdm_address_is_loopback (&(d->addr))) {
- added_lo = TRUE;
- }
- }
-
- /* Network access: Write out an authentication entry for each of
- * this host's official addresses */
- for (i = 0; i < d->addr_count; i++) {
- struct sockaddr_storage *sa;
-
- sa = &d->addrs[i];
- if (gdm_address_equal (sa, &d->addr)) {
- continue;
- }
-
- if (! add_auth_entry_for_addr (d, &auths, sa)) {
- goto get_local_auth_error;
- }
-
- if (gdm_address_is_loopback (sa)) {
- added_lo = TRUE;
- }
- }
-
- /* Network access: Write out an authentication entry for each of
- * this host's local addresses if any */
- for (; local_addys != NULL; local_addys = local_addys->next) {
- struct sockaddr_storage *ia = local_addys->data;
-
- if (ia == NULL)
- break;
-
- if (! add_auth_entry_for_addr (d, &auths, ia)) {
- goto get_local_auth_error;
- }
-
- if (gdm_address_is_loopback (ia)) {
- added_lo = TRUE;
- }
- }
-
- /* if local server add loopback */
- if (gdm_display_is_local (d) && ! added_lo && ! d->tcp_disallowed) {
- struct sockaddr_storage *lo_ss = NULL;
- /* FIXME: get loobback ss */
- if (! add_auth_entry_for_addr (d, &auths, lo_ss)) {
- goto get_local_auth_error;
- }
- }
-
- g_debug ("get_local_auths: Setting up access for %s - %d entries",
- d->name, g_slist_length (auths));
-
- return auths;
-
- get_local_auth_error:
-
- gdm_auth_free_auth_list (auths);
-
- return NULL;
-}
-
-static gboolean
-try_open_append (const char *file)
-{
- FILE *fp;
-
- VE_IGNORE_EINTR (fp = fopen (file, "a+"));
- if G_LIKELY (fp != NULL) {
- VE_IGNORE_EINTR (fclose (fp));
- return TRUE;
- } else {
- return FALSE;
- }
-}
-
-static gboolean
-try_open_read_as_root (const char *file)
-{
- int fd;
- uid_t oldeuid = geteuid ();
- uid_t oldegid = getegid ();
- NEVER_FAILS_root_set_euid_egid (0, 0);
-
- VE_IGNORE_EINTR (fd = open (file, O_RDONLY));
- if G_UNLIKELY (fd < 0) {
- NEVER_FAILS_root_set_euid_egid (oldeuid, oldegid);
- return FALSE;
- } else {
- VE_IGNORE_EINTR (close (fd));
- NEVER_FAILS_root_set_euid_egid (oldeuid, oldegid);
- return TRUE;
- }
-}
-
-/**
- * gdm_auth_user_add:
- * @d: Pointer to a GdmDisplay struct
- * @user: Userid of the user whose cookie file to add entries to
- * @homedir: The user's home directory
- *
- * Remove all cookies referring to this display from user's cookie
- * file and append the ones specified in the display's authlist.
- *
- * Returns TRUE on success and FALSE on error.
- */
-
gboolean
-gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir)
+gdm_auth_user_add (int display_num,
+ GdmAddress *address,
+ const char *username,
+ const char *cookie,
+ char **filenamep)
{
- char *authdir;
- gint authfd;
- FILE *af;
- GSList *auths = NULL;
- const gchar *userauthdir;
- const gchar *userauthfile;
- gboolean ret = TRUE;
- gboolean automatic_tmp_dir = FALSE;
- gboolean authdir_is_tmp_dir = FALSE;
- gboolean locked;
- gboolean user_auth_exists;
- int closeret;
-
- if (!d)
- return FALSE;
-
- if (d->local_auths != NULL) {
- gdm_auth_free_auth_list (d->local_auths);
- d->local_auths = NULL;
- }
-
- d->local_auths = get_local_auths (d);
-
- if (d->local_auths == NULL) {
- gdm_error ("Can't make cookies");
- return FALSE;
- }
-
- gdm_debug ("gdm_auth_user_add: Adding cookie for %d", user);
-
- userauthdir = gdm_daemon_config_get_value_string (GDM_KEY_USER_AUTHDIR);
- userauthfile = gdm_daemon_config_get_value_string (GDM_KEY_USER_AUTHFILE);
-
- /* Determine whether UserAuthDir is specified. Otherwise ~user is used */
- if ( ! ve_string_empty (userauthdir) &&
- strcmp (userauthdir, "~") != 0) {
- if (strncmp (userauthdir, "~/", 2) == 0) {
- authdir = g_build_filename (homedir, &userauthdir[2], NULL);
- } else {
- authdir = g_strdup (userauthdir);
- automatic_tmp_dir = TRUE;
- authdir_is_tmp_dir = TRUE;
- }
- } else {
- authdir = g_strdup (homedir);
- }
-
- try_user_add_again:
-
- locked = FALSE;
-
- umask (077);
-
- if (authdir == NULL)
- d->userauth = NULL;
- else
- d->userauth = g_build_filename (authdir, userauthfile, NULL);
-
- user_auth_exists = (d->userauth != NULL &&
- g_access (d->userauth, F_OK) == 0);
-
- /* Find out if the Xauthority file passes the paranoia check */
- /* Note that this is not very efficient, we stat the files over
- and over, but we don't care, we don't do this too often */
- if (automatic_tmp_dir ||
- authdir == NULL ||
-
- /* first the standard paranoia check (this checks the home dir
- * too which is useful here) */
- ! gdm_file_check ("gdm_auth_user_add", user, authdir, userauthfile,
- TRUE, FALSE, gdm_daemon_config_get_value_int (GDM_KEY_USER_MAX_FILE),
- gdm_daemon_config_get_value_int (GDM_KEY_RELAX_PERM)) ||
-
- /* now the auth file checking routine */
- ! gdm_auth_file_check ("gdm_auth_user_add", user, d->userauth, TRUE /* absentok */, NULL) ||
-
- /* now see if we can actually append this file */
- ! try_open_append (d->userauth) ||
-
- /* try opening as root, if we can't open as root,
- then this is a NFS mounted directory with root squashing,
- and we don't want to write cookies over NFS */
- (gdm_daemon_config_get_value_bool (GDM_KEY_NEVER_PLACE_COOKIES_ON_NFS) &&
- ! try_open_read_as_root (d->userauth))) {
-
- /* if the userauth file didn't exist and we were looking at it,
- it likely exists now but empty, so just whack it
- (it may not exist if the file didn't exist and the directory
- was of wrong permissions, but more likely this is
- file on NFS dir with root-squashing enabled) */
- if ( ! user_auth_exists && d->userauth != NULL)
- g_unlink (d->userauth);
-
- /* No go. Let's create a fallback file in GDM_KEY_USER_AUTHDIR_FALLBACK (/tmp)
- * or perhaps userauthfile directory (usually would be /tmp) */
- d->authfb = TRUE;
- g_free (d->userauth);
- if (authdir_is_tmp_dir && authdir != NULL)
- d->userauth = g_build_filename (authdir, ".gdmXXXXXX", NULL);
- else
- d->userauth = g_build_filename (gdm_daemon_config_get_value_string (GDM_KEY_USER_AUTHDIR_FALLBACK), ".gdmXXXXXX", NULL);
- authfd = g_mkstemp (d->userauth);
-
- if G_UNLIKELY (authfd < 0 && authdir_is_tmp_dir) {
- g_free (d->userauth);
- d->userauth = NULL;
-
- authdir_is_tmp_dir = FALSE;
- goto try_user_add_again;
- }
-
- if G_UNLIKELY (authfd < 0) {
- gdm_error (_("%s: Could not open cookie file %s"),
- "gdm_auth_user_add",
- d->userauth);
- g_free (d->userauth);
- d->userauth = NULL;
-
- umask (022);
+ int fd;
+ char *filename;
+ GError *error;
+ mode_t old_mask;
+ FILE *af;
+ gboolean ret;
+ struct passwd *pwent;
+ GString *cookie_str;
- g_free (authdir);
- return FALSE;
- }
-
- d->last_auth_touch = time (NULL);
+ g_debug ("Add user auth for address:%p num:%d user:%s", address, display_num, username);
- VE_IGNORE_EINTR (af = fdopen (authfd, "w"));
- } else { /* User's Xauthority file is ok */
- d->authfb = FALSE;
+ ret = FALSE;
+ filename = NULL;
+ af = NULL;
+ fd = -1;
- /* FIXME: Better implement my own locking. The libXau one is not kosher */
- if G_UNLIKELY (XauLockAuth (d->userauth, 3, 3, 0) != LOCK_SUCCESS) {
- gdm_error (_("%s: Could not lock cookie file %s"),
- "gdm_auth_user_add",
- d->userauth);
- g_free (d->userauth);
- d->userauth = NULL;
+ old_mask = umask (077);
- automatic_tmp_dir = TRUE;
- goto try_user_add_again;
- }
-
- locked = TRUE;
+ filename = NULL;
+ error = NULL;
+ fd = g_file_open_tmp (".gdmXXXXXX", &filename, &error);
- af = gdm_safe_fopen_ap (d->userauth, 0600);
- }
+ umask (old_mask);
- /* Set to NULL, because can goto try_user_add_again. */
- g_free (authdir);
- authdir = NULL;
-
- if G_UNLIKELY (af == NULL) {
- /* Really no need to clean up here - this process is a goner anyway */
- gdm_error (_("%s: Could not open cookie file %s"),
- "gdm_auth_user_add",
- d->userauth);
- if (locked)
- XauUnlockAuth (d->userauth);
- g_free (d->userauth);
- d->userauth = NULL;
-
- if ( ! d->authfb) {
- automatic_tmp_dir = TRUE;
- goto try_user_add_again;
- }
-
- umask (022);
- return FALSE;
- }
-
- gdm_debug ("gdm_auth_user_add: Using %s for cookies", d->userauth);
-
- /* If not a fallback file, nuke any existing cookies for this display */
- if (! d->authfb)
- af = gdm_auth_purge (d, af, FALSE /* remove when empty */);
-
- /* Append the authlist for this display to the cookie file */
- auths = d->local_auths;
-
- while (auths) {
- if G_UNLIKELY ( ! XauWriteAuth (af, auths->data)) {
- gdm_error (_("%s: Could not write cookie"),
- "gdm_auth_user_add");
-
- if ( ! d->authfb) {
- VE_IGNORE_EINTR (fclose (af));
- if (locked)
- XauUnlockAuth (d->userauth);
- g_free (d->userauth);
- d->userauth = NULL;
- automatic_tmp_dir = TRUE;
- goto try_user_add_again;
- }
-
- ret = FALSE;
- break;
- }
-
- auths = auths->next;
- }
-
- VE_IGNORE_EINTR (closeret = fclose (af));
- if G_UNLIKELY (closeret < 0) {
- gdm_error (_("%s: Could not write cookie"),
- "gdm_auth_user_add");
-
- if ( ! d->authfb) {
- if (locked)
- XauUnlockAuth (d->userauth);
- g_free (d->userauth);
- d->userauth = NULL;
- automatic_tmp_dir = TRUE;
- goto try_user_add_again;
- }
-
- ret = FALSE;
+ if (fd == -1) {
+ g_warning ("Unable to create temporary file: %s", error->message);
+ g_error_free (error);
+ goto out;
}
- if (locked)
- XauUnlockAuth (d->userauth);
-
- gdm_debug ("gdm_auth_user_add: Done");
-
- umask (022);
- return ret;
-}
-
-
-/**
- * gdm_auth_user_remove:
- * @d: Pointer to a GdmDisplay struct
- * @user: Userid of the user whose cookie file to remove entries from
- *
- * Remove all cookies referring to this display from user's cookie
- * file.
- */
-
-void
-gdm_auth_user_remove (GdmDisplay *d, uid_t user)
-{
- FILE *af;
- gchar *authfile;
- gchar *authdir;
-
- if G_UNLIKELY (!d || !d->userauth)
- return;
-
- gdm_debug ("gdm_auth_user_remove: Removing cookie from %s (%d)", d->userauth, d->authfb);
-
- /* If we are using the fallback cookie location, simply nuke the
- * cookie file */
- if (d->authfb) {
- VE_IGNORE_EINTR (g_unlink (d->userauth));
- g_free (d->userauth);
- d->userauth = NULL;
- return;
+ if (filenamep != NULL) {
+ *filenamep = g_strdup (filename);
}
- /* if the file doesn't exist, oh well, just ignore this then */
- if G_UNLIKELY (g_access (d->userauth, F_OK) != 0) {
- g_free (d->userauth);
- d->userauth = NULL;
- return;
+ VE_IGNORE_EINTR (af = fdopen (fd, "w"));
+ if (af == NULL) {
+ g_warning ("Unable to open cookie file: %s", filename);
+ goto out;
}
- authfile = g_path_get_basename (d->userauth);
- authdir = g_path_get_dirname (d->userauth);
+ /* FIXME: clean old files? */
- if (ve_string_empty (authfile) ||
- ve_string_empty (authdir)) {
- g_free (authdir);
- g_free (authfile);
- return;
- }
-
- /* Now, the cookie file could be owned by a malicious user who
- * decided to concatenate something like his entire MP3 collection
- * to it. So we better play it safe... */
-
- if G_UNLIKELY ( ! gdm_file_check ("gdm_auth_user_remove", user, authdir, authfile,
- TRUE, FALSE, gdm_daemon_config_get_value_int (GDM_KEY_USER_MAX_FILE),
- gdm_daemon_config_get_value_int (GDM_KEY_RELAX_PERM)) ||
- /* be even paranoider with permissions */
- ! gdm_auth_file_check ("gdm_auth_user_remove", user, d->userauth, FALSE /* absentok */, NULL)) {
- g_free (authdir);
- g_free (authfile);
- gdm_error (_("%s: Ignoring suspiciously looking cookie file %s"),
- "gdm_auth_user_remove",
- d->userauth);
-
- return;
- }
+ cookie_str = g_string_new (cookie);
- g_free (authdir);
- g_free (authfile);
+ /* FIXME: ?? */
+ /*gdm_auth_add_entry_for_display (display_num, address, cookie_str, af, NULL);*/
+ gdm_auth_add_entry_for_display (display_num, NULL, cookie_str, af, NULL);
+ g_string_free (cookie_str, TRUE);
- /* Lock user's cookie jar and open it for writing */
- if G_UNLIKELY (XauLockAuth (d->userauth, 3, 3, 0) != LOCK_SUCCESS) {
- g_free (d->userauth);
- d->userauth = NULL;
- return;
+ pwent = getpwnam (username);
+ if (pwent == NULL) {
+ goto out;
}
- af = gdm_safe_fopen_ap (d->userauth, 0600);
-
- if G_UNLIKELY (af == NULL) {
- XauUnlockAuth (d->userauth);
+ fchown (fd, pwent->pw_uid, -1);
- gdm_error (_("%s: Cannot safely open %s"),
- "gdm_auth_user_remove",
- d->userauth);
-
- g_free (d->userauth);
- d->userauth = NULL;
-
- return;
- }
-
- /* Purge entries for this display from the cookie jar */
- af = gdm_auth_purge (d, af, TRUE /* remove when empty */);
+ ret = TRUE;
+ out:
+ g_free (filename);
- /* Close the file and unlock it */
if (af != NULL) {
- /* FIXME: what about out of diskspace errors on errors close */
- errno = 0;
- VE_IGNORE_EINTR (fclose (af));
- if G_UNLIKELY (errno != 0) {
- gdm_error (_("Can't write to %s: %s"), d->userauth,
- strerror (errno));
- }
+ fclose (af);
}
- XauUnlockAuth (d->userauth);
-
- g_free (d->userauth);
- d->userauth = NULL;
-}
-
-static gboolean
-memory_same (const char *sa, int lena, const char *sb, int lenb)
-{
- if (lena == lenb) {
- if (lena == 0)
- return TRUE;
- /* sanity */
- if G_UNLIKELY (sa == NULL || sb == NULL)
- return FALSE;
- return memcmp (sa, sb, lena) == 0;
- } else {
- return FALSE;
- }
-}
-
-static gboolean
-auth_same_except_data (Xauth *xa, Xauth *xb)
-{
- if (xa->family == xb->family &&
- memory_same (xa->number, xa->number_length,
- xb->number, xb->number_length) &&
- memory_same (xa->name, xa->name_length,
- xb->name, xb->name_length) &&
- memory_same (xa->address, xa->address_length,
- xb->address, xb->address_length))
- return TRUE;
- else
- return FALSE;
-}
-
-
-/**
- * gdm_auth_purge:
- * @d: Pointer to a GdmDisplay struct
- * @af: File handle to a cookie file
- * @remove_when_empty: remove the file when empty
- *
- * Remove all cookies referring to this display a cookie file.
- */
-
-static FILE *
-gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty)
-{
- Xauth *xa;
- GSList *keep = NULL, *li;
- int cnt;
-
- if G_UNLIKELY (!d || !af)
- return af;
-
- gdm_debug ("gdm_auth_purge: %s", d->name);
-
- fseek (af, 0L, SEEK_SET);
-
- /* Read the user's entire Xauth file into memory to avoid
- * temporary file issues. Then remove any instance of this display
- * in the cookie jar... */
-
- cnt = 0;
-
- while ( (xa = XauReadAuth (af)) != NULL ) {
- GSList *li;
- /* We look at the current auths, but those may
- have different cookies then what is in the file,
- so don't compare those, but we wish to purge all
- the entries that we'd normally write */
- for (li = d->local_auths; li != NULL; li = li->next) {
- Xauth *xb = li->data;
- if (auth_same_except_data (xa, xb)) {
- XauDisposeAuth (xa);
- xa = NULL;
- break;
- }
- }
- if (xa != NULL)
- keep = g_slist_append (keep, xa);
-
- /* just being ultra anal */
- cnt++;
- if (cnt > 500)
- break;
- }
-
- VE_IGNORE_EINTR (fclose (af));
-
- if (remove_when_empty &&
- keep == NULL) {
- VE_IGNORE_EINTR (g_unlink (d->userauth));
- return NULL;
- }
-
- af = gdm_safe_fopen_w (d->userauth, 0600);
-
- /* Write out remaining entries */
- for (li = keep; li != NULL; li = li->next) {
- /* FIXME: is this correct, if we can't open
- * this is quite bad isn't it ... */
- if G_LIKELY (af != NULL)
- XauWriteAuth (af, li->data);
- /* FIXME: what about errors? */
- XauDisposeAuth (li->data);
- li->data = NULL;
- }
-
- g_slist_free (keep);
-
- return af;
-}
-
-void
-gdm_auth_free_auth_list (GSList *list)
-{
- GSList *li;
-
- for (li = list; li != NULL; li = li->next) {
- XauDisposeAuth ((Xauth *) li->data);
- li->data = NULL;
- }
-
- g_slist_free (list);
+ return ret;
}
-#endif
diff --git a/daemon/auth.h b/daemon/auth.h
index a6453dec..b6850b0e 100644
--- a/daemon/auth.h
+++ b/daemon/auth.h
@@ -19,30 +19,28 @@
#ifndef GDM_AUTH_H
#define GDM_AUTH_H
-#include "gdm-display.h"
+#include <glib.h>
+#include "gdm-address.h"
G_BEGIN_DECLS
-gboolean gdm_auth_add_entry_for_display (int display_num,
- GString *cookie,
- GSList **authlist,
- FILE *af);
-gboolean gdm_auth_add_entry (int display_num,
- GString *binary_cookie,
- GSList **authlist,
- FILE *af,
- unsigned short family,
- const char *addr,
- int addrlen);
-
-gboolean gdm_auth_user_add (GdmDisplay *d,
- uid_t user,
- const char *homedir);
-void gdm_auth_user_remove (GdmDisplay *d,
- uid_t user);
-
-/* Call XSetAuthorization */
-void gdm_auth_set_local_auth (GdmDisplay *d);
+gboolean gdm_auth_add_entry_for_display (int display_num,
+ GdmAddress *address,
+ GString *cookie,
+ FILE *af,
+ GSList **authlist);
+
+gboolean gdm_auth_add_entry (int display_num,
+ GdmAddress *address,
+ GString *binary_cookie,
+ FILE *af,
+ GSList **authlist);
+
+gboolean gdm_auth_user_add (int display_num,
+ GdmAddress *address,
+ const char *cookie,
+ const char *username,
+ char **filenamep);
void gdm_auth_free_auth_list (GSList *list);
diff --git a/daemon/gdm-ck-session.c b/daemon/gdm-ck-session.c
index b25c3a8a..08c8147b 100644
--- a/daemon/gdm-ck-session.c
+++ b/daemon/gdm-ck-session.c
@@ -189,7 +189,7 @@ unlock_ck_session (const char *user,
if (session_proxy != NULL) {
char *xdisplay;
- get_string (session_proxy, "GetX11Display", &xdisplay);
+ get_string (session_proxy, "GetX11DisplayName", &xdisplay);
if (xdisplay != NULL
&& x11_display != NULL
&& strcmp (xdisplay, x11_display) == 0) {
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
index 902d599f..130f2b7e 100644
--- a/daemon/gdm-display.c
+++ b/daemon/gdm-display.c
@@ -50,8 +50,8 @@ struct GdmDisplayPrivate
{
char *id;
char *remote_hostname;
- int number;
- char *x11_display;
+ int x11_display_number;
+ char *x11_display_name;
int status;
time_t creation_time;
char *x11_cookie;
@@ -69,8 +69,8 @@ enum {
PROP_0,
PROP_ID,
PROP_REMOTE_HOSTNAME,
- PROP_NUMBER,
- PROP_X11_DISPLAY,
+ PROP_X11_DISPLAY_NUMBER,
+ PROP_X11_DISPLAY_NAME,
PROP_X11_COOKIE,
PROP_X11_AUTHORITY_FILE,
PROP_IS_LOCAL,
@@ -146,6 +146,68 @@ gdm_display_create_authority (GdmDisplay *display)
return ret;
}
+static gboolean
+gdm_display_real_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error)
+{
+ gboolean ret;
+
+ ret = FALSE;
+
+ return ret;
+}
+
+gboolean
+gdm_display_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error)
+{
+ gboolean ret;
+
+ g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
+
+ g_debug ("Adding authorization for user:%s on display %s", username, display->priv->x11_display_name);
+
+ g_object_ref (display);
+ ret = GDM_DISPLAY_GET_CLASS (display)->add_user_authorization (display, username, filename, error);
+ g_object_unref (display);
+
+ return ret;
+}
+
+static gboolean
+gdm_display_real_remove_user_authorization (GdmDisplay *display,
+ const char *username,
+ GError **error)
+{
+ gboolean ret;
+
+ ret = FALSE;
+
+ return ret;
+}
+
+gboolean
+gdm_display_remove_user_authorization (GdmDisplay *display,
+ const char *username,
+ GError **error)
+{
+ gboolean ret;
+
+ g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
+
+ g_debug ("Removing authorization for user:%s on display %s", username, display->priv->x11_display_name);
+
+ g_object_ref (display);
+ ret = GDM_DISPLAY_GET_CLASS (display)->remove_user_authorization (display, username, error);
+ g_object_unref (display);
+
+ return ret;
+}
+
gboolean
gdm_display_get_x11_cookie (GdmDisplay *display,
char **x11_cookie,
@@ -189,14 +251,14 @@ gdm_display_get_remote_hostname (GdmDisplay *display,
}
gboolean
-gdm_display_get_number (GdmDisplay *display,
- int *number,
- GError **error)
+gdm_display_get_x11_display_number (GdmDisplay *display,
+ int *number,
+ GError **error)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
if (number != NULL) {
- *number = display->priv->number;
+ *number = display->priv->x11_display_number;
}
return TRUE;
@@ -367,14 +429,14 @@ gdm_display_get_id (GdmDisplay *display,
}
gboolean
-gdm_display_get_x11_display (GdmDisplay *display,
- char **x11_display,
- GError **error)
+gdm_display_get_x11_display_name (GdmDisplay *display,
+ char **x11_display,
+ GError **error)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
if (x11_display != NULL) {
- *x11_display = g_strdup (display->priv->x11_display);
+ *x11_display = g_strdup (display->priv->x11_display_name);
}
return TRUE;
@@ -411,18 +473,18 @@ _gdm_display_set_remote_hostname (GdmDisplay *display,
}
static void
-_gdm_display_set_number (GdmDisplay *display,
- int num)
+_gdm_display_set_x11_display_number (GdmDisplay *display,
+ int num)
{
- display->priv->number = num;
+ display->priv->x11_display_number = num;
}
static void
-_gdm_display_set_x11_display (GdmDisplay *display,
- const char *x11_display)
+_gdm_display_set_x11_display_name (GdmDisplay *display,
+ const char *x11_display)
{
- g_free (display->priv->x11_display);
- display->priv->x11_display = g_strdup (x11_display);
+ g_free (display->priv->x11_display_name);
+ display->priv->x11_display_name = g_strdup (x11_display);
}
static void
@@ -473,11 +535,11 @@ gdm_display_set_property (GObject *object,
case PROP_REMOTE_HOSTNAME:
_gdm_display_set_remote_hostname (self, g_value_get_string (value));
break;
- case PROP_NUMBER:
- _gdm_display_set_number (self, g_value_get_int (value));
+ case PROP_X11_DISPLAY_NUMBER:
+ _gdm_display_set_x11_display_number (self, g_value_get_int (value));
break;
- case PROP_X11_DISPLAY:
- _gdm_display_set_x11_display (self, g_value_get_string (value));
+ case PROP_X11_DISPLAY_NAME:
+ _gdm_display_set_x11_display_name (self, g_value_get_string (value));
break;
case PROP_X11_COOKIE:
_gdm_display_set_x11_cookie (self, g_value_get_string (value));
@@ -514,11 +576,11 @@ gdm_display_get_property (GObject *object,
case PROP_REMOTE_HOSTNAME:
g_value_set_string (value, self->priv->remote_hostname);
break;
- case PROP_NUMBER:
- g_value_set_int (value, self->priv->number);
+ case PROP_X11_DISPLAY_NUMBER:
+ g_value_set_int (value, self->priv->x11_display_number);
break;
- case PROP_X11_DISPLAY:
- g_value_set_string (value, self->priv->x11_display);
+ case PROP_X11_DISPLAY_NAME:
+ g_value_set_string (value, self->priv->x11_display_name);
break;
case PROP_X11_COOKIE:
g_value_set_string (value, self->priv->x11_cookie);
@@ -617,6 +679,8 @@ gdm_display_class_init (GdmDisplayClass *klass)
object_class->finalize = gdm_display_finalize;
klass->create_authority = gdm_display_real_create_authority;
+ klass->add_user_authorization = gdm_display_real_add_user_authorization;
+ klass->remove_user_authorization = gdm_display_real_remove_user_authorization;
klass->manage = gdm_display_real_manage;
klass->finish = gdm_display_real_finish;
klass->unmanage = gdm_display_real_unmanage;
@@ -636,19 +700,19 @@ gdm_display_class_init (GdmDisplayClass *klass)
NULL,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class,
- PROP_NUMBER,
- g_param_spec_int ("number",
- "number",
- "number",
+ PROP_X11_DISPLAY_NUMBER,
+ g_param_spec_int ("x11-display-number",
+ "x11 display number",
+ "x11 display number",
-1,
G_MAXINT,
-1,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class,
- PROP_X11_DISPLAY,
- g_param_spec_string ("x11-display",
- "x11-display",
- "x11-display",
+ PROP_X11_DISPLAY_NAME,
+ g_param_spec_string ("x11-display-name",
+ "x11-display-name",
+ "x11-display-name",
NULL,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class,
diff --git a/daemon/gdm-display.h b/daemon/gdm-display.h
index 220f18b8..60bbb83e 100644
--- a/daemon/gdm-display.h
+++ b/daemon/gdm-display.h
@@ -53,10 +53,17 @@ typedef struct
GObjectClass parent_class;
/* methods */
- gboolean (*create_authority) (GdmDisplay *display);
- gboolean (*manage) (GdmDisplay *display);
- gboolean (*finish) (GdmDisplay *display);
- gboolean (*unmanage) (GdmDisplay *display);
+ gboolean (*create_authority) (GdmDisplay *display);
+ gboolean (*add_user_authorization) (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error);
+ gboolean (*remove_user_authorization) (GdmDisplay *display,
+ const char *username,
+ GError **error);
+ gboolean (*manage) (GdmDisplay *display);
+ gboolean (*finish) (GdmDisplay *display);
+ gboolean (*unmanage) (GdmDisplay *display);
} GdmDisplayClass;
@@ -87,10 +94,10 @@ gboolean gdm_display_get_id (GdmDisplay *disp
gboolean gdm_display_get_remote_hostname (GdmDisplay *display,
char **hostname,
GError **error);
-gboolean gdm_display_get_number (GdmDisplay *display,
+gboolean gdm_display_get_x11_display_number (GdmDisplay *display,
int *number,
GError **error);
-gboolean gdm_display_get_x11_display (GdmDisplay *display,
+gboolean gdm_display_get_x11_display_name (GdmDisplay *display,
char **x11_display,
GError **error);
gboolean gdm_display_is_local (GdmDisplay *display,
@@ -102,7 +109,14 @@ gboolean gdm_display_get_x11_cookie (GdmDisplay *disp
char **x11_cookie,
GError **error);
gboolean gdm_display_get_x11_authority_file (GdmDisplay *display,
- char **file,
+ char **filename,
+ GError **error);
+gboolean gdm_display_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error);
+gboolean gdm_display_remove_user_authorization (GdmDisplay *display,
+ const char *username,
GError **error);
diff --git a/daemon/gdm-display.xml b/daemon/gdm-display.xml
index 1a99d4d3..474212f8 100644
--- a/daemon/gdm-display.xml
+++ b/daemon/gdm-display.xml
@@ -4,17 +4,30 @@
<method name="GetId">
<arg name="id" direction="out" type="o"/>
</method>
- <method name="GetX11Display">
+ <method name="GetX11DisplayName">
<arg name="name" direction="out" type="s"/>
</method>
+ <method name="GetX11DisplayNumber">
+ <arg name="name" direction="out" type="i"/>
+ </method>
<method name="GetX11Cookie">
<arg name="x11_cookie" direction="out" type="s"/>
</method>
<method name="GetX11AuthorityFile">
<arg name="filename" direction="out" type="s"/>
</method>
+ <method name="GetRemoteHostname">
+ <arg name="hostname" direction="out" type="s"/>
+ </method>
<method name="IsLocal">
<arg name="local" direction="out" type="b"/>
</method>
+ <method name="AddUserAuthorization">
+ <arg name="username" direction="in" type="s"/>
+ <arg name="filename" direction="out" type="s"/>
+ </method>
+ <method name="RemoveUserAuthorization">
+ <arg name="username" direction="in" type="s"/>
+ </method>
</interface>
</node>
diff --git a/daemon/gdm-factory-slave.c b/daemon/gdm-factory-slave.c
index fe860334..b03d6360 100644
--- a/daemon/gdm-factory-slave.c
+++ b/daemon/gdm-factory-slave.c
@@ -560,13 +560,20 @@ run_greeter (GdmFactorySlave *slave)
g_debug ("Running greeter");
+ display_is_local = FALSE;
+ display_name = NULL;
+ auth_file = NULL;
+ display_device = NULL;
+
g_object_get (slave,
"display-is-local", &display_is_local,
"display-name", &display_name,
"display-x11-authority-file", &auth_file,
NULL);
- display_device = gdm_server_get_display_device (slave->priv->server);
+ if (slave->priv->server != NULL) {
+ display_device = gdm_server_get_display_device (slave->priv->server);
+ }
/* Set the busy cursor */
set_busy_cursor (slave);
diff --git a/daemon/gdm-greeter-proxy.c b/daemon/gdm-greeter-proxy.c
index d4eea37f..07abbf6b 100644
--- a/daemon/gdm-greeter-proxy.c
+++ b/daemon/gdm-greeter-proxy.c
@@ -175,6 +175,7 @@ listify_hash (const char *key,
{
char *str;
str = g_strdup_printf ("%s=%s", key, value);
+ g_debug ("greeter environment: %s", str);
g_ptr_array_add (env, str);
}
diff --git a/daemon/gdm-product-display.c b/daemon/gdm-product-display.c
index 206773e9..09ca7bb8 100644
--- a/daemon/gdm-product-display.c
+++ b/daemon/gdm-product-display.c
@@ -69,6 +69,23 @@ gdm_product_display_create_authority (GdmDisplay *display)
}
static gboolean
+gdm_product_display_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error)
+{
+ return TRUE;
+}
+
+static gboolean
+gdm_product_display_remove_user_authorization (GdmDisplay *display,
+ const char *username,
+ GError **error)
+{
+ return TRUE;
+}
+
+static gboolean
gdm_product_display_manage (GdmDisplay *display)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
@@ -192,6 +209,8 @@ gdm_product_display_class_init (GdmProductDisplayClass *klass)
object_class->finalize = gdm_product_display_finalize;
display_class->create_authority = gdm_product_display_create_authority;
+ display_class->add_user_authorization = gdm_product_display_add_user_authorization;
+ display_class->remove_user_authorization = gdm_product_display_remove_user_authorization;
display_class->manage = gdm_product_display_manage;
display_class->finish = gdm_product_display_finish;
display_class->unmanage = gdm_product_display_unmanage;
@@ -241,8 +260,8 @@ gdm_product_display_new (int display_number,
x11_display = g_strdup_printf (":%d", display_number);
object = g_object_new (GDM_TYPE_PRODUCT_DISPLAY,
"slave-command", DEFAULT_SLAVE_COMMAND,
- "number", display_number,
- "x11-display", x11_display,
+ "x11-display-number", display_number,
+ "x11-display-name", x11_display,
"relay-address", relay_address,
NULL);
g_free (x11_display);
diff --git a/daemon/gdm-simple-slave.c b/daemon/gdm-simple-slave.c
index a174baaa..d29f1178 100644
--- a/daemon/gdm-simple-slave.c
+++ b/daemon/gdm-simple-slave.c
@@ -168,7 +168,7 @@ listify_hash (const char *key,
{
char *str;
str = g_strdup_printf ("%s=%s", key, value);
- g_debug ("environment: %s", str);
+ g_debug ("script environment: %s", str);
g_ptr_array_add (env, str);
}
@@ -185,6 +185,11 @@ get_script_environment (GdmSimpleSlave *slave,
char *display_x11_authority_file;
gboolean display_is_local;
+ display_name = NULL;
+ display_hostname = NULL;
+ display_x11_authority_file = NULL;
+ display_is_local = FALSE;
+
g_object_get (slave,
"display-name", &display_name,
"display-hostname", &display_hostname,
@@ -511,17 +516,42 @@ out:
return ret;
}
+static gboolean
+add_user_authorization (GdmSimpleSlave *slave,
+ char **filename)
+{
+ char *username;
+ gboolean ret;
+
+ username = gdm_session_get_username (slave->priv->session);
+ ret = gdm_slave_add_user_authorization (GDM_SLAVE (slave),
+ username,
+ filename);
+ g_free (username);
+
+ return ret;
+}
+
static void
setup_session_environment (GdmSimpleSlave *slave)
{
+ int display_number;
+ char *display_x11_cookie;
char *display_name;
char *auth_file;
+ display_name = NULL;
+ display_x11_cookie = NULL;
+ auth_file = NULL;
+
g_object_get (slave,
+ "display-number", &display_number,
"display-name", &display_name,
- "display-x11-authority-file", &auth_file,
+ "display-x11-cookie", &display_x11_cookie,
NULL);
+ add_user_authorization (slave, &auth_file);
+
gdm_session_set_environment_variable (slave->priv->session,
"GDMSESSION",
slave->priv->selected_session);
@@ -548,6 +578,7 @@ setup_session_environment (GdmSimpleSlave *slave)
"/bin:/usr/bin:" BINDIR);
g_free (display_name);
+ g_free (display_x11_cookie);
g_free (auth_file);
}
@@ -810,13 +841,20 @@ run_greeter (GdmSimpleSlave *slave)
g_debug ("Running greeter");
+ display_is_local = FALSE;
+ display_name = NULL;
+ auth_file = NULL;
+ display_device = NULL;
+
g_object_get (slave,
"display-is-local", &display_is_local,
"display-name", &display_name,
"display-x11-authority-file", &auth_file,
NULL);
- display_device = gdm_server_get_display_device (slave->priv->server);
+ if (slave->priv->server != NULL) {
+ display_device = gdm_server_get_display_device (slave->priv->server);
+ }
/* Set the busy cursor */
set_busy_cursor (slave);
@@ -1177,12 +1215,20 @@ gdm_simple_slave_class_init (GdmSimpleSlaveClass *klass)
}
static void
-gdm_simple_slave_init (GdmSimpleSlave *simple_slave)
+gdm_simple_slave_init (GdmSimpleSlave *slave)
{
+ const char **languages;
+
+ slave->priv = GDM_SIMPLE_SLAVE_GET_PRIVATE (slave);
- simple_slave->priv = GDM_SIMPLE_SLAVE_GET_PRIVATE (simple_slave);
+ slave->priv->pid = -1;
+
+ languages = g_get_language_names ();
+ if (languages != NULL) {
+ slave->priv->selected_language = g_strdup (languages[0]);
+ }
- simple_slave->priv->pid = -1;
+ slave->priv->selected_session = g_strdup ("gnome.desktop");
}
static void
diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c
index e415b3f9..4372fe14 100644
--- a/daemon/gdm-slave.c
+++ b/daemon/gdm-slave.c
@@ -52,8 +52,6 @@
#include "gdm-session.h"
#include "gdm-greeter-proxy.h"
-extern char **environ;
-
#define GDM_SLAVE_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SLAVE, GdmSlavePrivate))
#define GDM_DBUS_NAME "org.gnome.DisplayManager"
@@ -99,6 +97,7 @@ enum {
PROP_0,
PROP_DISPLAY_ID,
PROP_DISPLAY_NAME,
+ PROP_DISPLAY_NUMBER,
PROP_DISPLAY_HOSTNAME,
PROP_DISPLAY_IS_LOCAL,
PROP_DISPLAY_X11_AUTHORITY_FILE,
@@ -207,7 +206,7 @@ gdm_slave_real_start (GdmSlave *slave)
error = NULL;
res = dbus_g_proxy_call (slave->priv->display_proxy,
- "GetX11Display",
+ "GetX11DisplayName",
&error,
G_TYPE_INVALID,
G_TYPE_STRING, &slave->priv->display_name,
@@ -225,6 +224,42 @@ gdm_slave_real_start (GdmSlave *slave)
error = NULL;
res = dbus_g_proxy_call (slave->priv->display_proxy,
+ "GetX11DisplayNumber",
+ &error,
+ G_TYPE_INVALID,
+ G_TYPE_INT, &slave->priv->display_number,
+ G_TYPE_INVALID);
+ if (! res) {
+ if (error != NULL) {
+ g_warning ("Failed to get value: %s", error->message);
+ g_error_free (error);
+ } else {
+ g_warning ("Failed to get value");
+ }
+
+ return FALSE;
+ }
+
+ error = NULL;
+ res = dbus_g_proxy_call (slave->priv->display_proxy,
+ "GetRemoteHostname",
+ &error,
+ G_TYPE_INVALID,
+ G_TYPE_STRING, &slave->priv->display_hostname,
+ G_TYPE_INVALID);
+ if (! res) {
+ if (error != NULL) {
+ g_warning ("Failed to get value: %s", error->message);
+ g_error_free (error);
+ } else {
+ g_warning ("Failed to get value");
+ }
+
+ return FALSE;
+ }
+
+ error = NULL;
+ res = dbus_g_proxy_call (slave->priv->display_proxy,
"GetX11Cookie",
&error,
G_TYPE_INVALID,
@@ -314,6 +349,46 @@ gdm_slave_stopped (GdmSlave *slave)
g_signal_emit (slave, signals [STOPPED], 0);
}
+gboolean
+gdm_slave_add_user_authorization (GdmSlave *slave,
+ const char *username,
+ char **filenamep)
+{
+ gboolean res;
+ GError *error;
+ char *filename;
+
+ filename = NULL;
+
+ if (filenamep != NULL) {
+ *filenamep = NULL;
+ }
+
+ error = NULL;
+ res = dbus_g_proxy_call (slave->priv->display_proxy,
+ "AddUserAuthorization",
+ &error,
+ G_TYPE_STRING, username,
+ G_TYPE_INVALID,
+ G_TYPE_STRING, &filename,
+ G_TYPE_INVALID);
+ if (filenamep != NULL) {
+ *filenamep = g_strdup (filename);
+ }
+ g_free (filename);
+
+ if (! res) {
+ if (error != NULL) {
+ g_warning ("Failed to add user authorization: %s", error->message);
+ g_error_free (error);
+ } else {
+ g_warning ("Failed to add user authorization");
+ }
+ }
+
+ return res;
+}
+
static void
_gdm_slave_set_display_id (GdmSlave *slave,
const char *id)
@@ -331,6 +406,13 @@ _gdm_slave_set_display_name (GdmSlave *slave,
}
static void
+_gdm_slave_set_display_number (GdmSlave *slave,
+ int number)
+{
+ slave->priv->display_number = number;
+}
+
+static void
_gdm_slave_set_display_hostname (GdmSlave *slave,
const char *name)
{
@@ -378,6 +460,9 @@ gdm_slave_set_property (GObject *object,
case PROP_DISPLAY_NAME:
_gdm_slave_set_display_name (self, g_value_get_string (value));
break;
+ case PROP_DISPLAY_NUMBER:
+ _gdm_slave_set_display_number (self, g_value_get_int (value));
+ break;
case PROP_DISPLAY_HOSTNAME:
_gdm_slave_set_display_hostname (self, g_value_get_string (value));
break;
@@ -413,6 +498,9 @@ gdm_slave_get_property (GObject *object,
case PROP_DISPLAY_NAME:
g_value_set_string (value, self->priv->display_name);
break;
+ case PROP_DISPLAY_NUMBER:
+ g_value_set_int (value, self->priv->display_number);
+ break;
case PROP_DISPLAY_HOSTNAME:
g_value_set_string (value, self->priv->display_hostname);
break;
@@ -513,6 +601,15 @@ gdm_slave_class_init (GdmSlaveClass *klass)
NULL,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class,
+ PROP_DISPLAY_NUMBER,
+ g_param_spec_int ("display-number",
+ "display number",
+ "display number",
+ -1,
+ G_MAXINT,
+ -1,
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+ g_object_class_install_property (object_class,
PROP_DISPLAY_HOSTNAME,
g_param_spec_string ("display-hostname",
"display hostname",
diff --git a/daemon/gdm-slave.h b/daemon/gdm-slave.h
index 1ac1c316..880aa003 100644
--- a/daemon/gdm-slave.h
+++ b/daemon/gdm-slave.h
@@ -57,6 +57,10 @@ GType gdm_slave_get_type (void);
gboolean gdm_slave_start (GdmSlave *slave);
gboolean gdm_slave_stop (GdmSlave *slave);
+gboolean gdm_slave_add_user_authorization (GdmSlave *slave,
+ const char *username,
+ char **filename);
+
void gdm_slave_stopped (GdmSlave *slave);
G_END_DECLS
diff --git a/daemon/gdm-static-display.c b/daemon/gdm-static-display.c
index eb17bbb4..e6e4a647 100644
--- a/daemon/gdm-static-display.c
+++ b/daemon/gdm-static-display.c
@@ -66,6 +66,23 @@ gdm_static_display_create_authority (GdmDisplay *display)
}
static gboolean
+gdm_static_display_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error)
+{
+ return TRUE;
+}
+
+static gboolean
+gdm_static_display_remove_user_authorization (GdmDisplay *display,
+ const char *username,
+ GError **error)
+{
+ return TRUE;
+}
+
+static gboolean
gdm_static_display_manage (GdmDisplay *display)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
@@ -144,6 +161,8 @@ gdm_static_display_class_init (GdmStaticDisplayClass *klass)
object_class->finalize = gdm_static_display_finalize;
display_class->create_authority = gdm_static_display_create_authority;
+ display_class->add_user_authorization = gdm_static_display_add_user_authorization;
+ display_class->remove_user_authorization = gdm_static_display_remove_user_authorization;
display_class->manage = gdm_static_display_manage;
display_class->finish = gdm_static_display_finish;
display_class->unmanage = gdm_static_display_unmanage;
@@ -183,8 +202,8 @@ gdm_static_display_new (int display_number)
x11_display = g_strdup_printf (":%d", display_number);
object = g_object_new (GDM_TYPE_STATIC_DISPLAY,
- "number", display_number,
- "x11-display", x11_display,
+ "x11-display-number", display_number,
+ "x11-display-name", x11_display,
NULL);
g_free (x11_display);
diff --git a/daemon/gdm-static-factory-display.c b/daemon/gdm-static-factory-display.c
index 892278ce..91cd1195 100644
--- a/daemon/gdm-static-factory-display.c
+++ b/daemon/gdm-static-factory-display.c
@@ -123,6 +123,23 @@ gdm_static_factory_display_create_product_display (GdmStaticFactoryDisplay *disp
}
static gboolean
+gdm_static_factory_display_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error)
+{
+ return FALSE;
+}
+
+static gboolean
+gdm_static_factory_display_remove_user_authorization (GdmDisplay *display,
+ const char *username,
+ GError **error)
+{
+ return FALSE;
+}
+
+static gboolean
gdm_static_factory_display_create_authority (GdmDisplay *display)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
@@ -249,6 +266,8 @@ gdm_static_factory_display_class_init (GdmStaticFactoryDisplayClass *klass)
object_class->finalize = gdm_static_factory_display_finalize;
display_class->create_authority = gdm_static_factory_display_create_authority;
+ display_class->add_user_authorization = gdm_static_factory_display_add_user_authorization;
+ display_class->remove_user_authorization = gdm_static_factory_display_remove_user_authorization;
display_class->manage = gdm_static_factory_display_manage;
display_class->finish = gdm_static_factory_display_finish;
display_class->unmanage = gdm_static_factory_display_unmanage;
@@ -298,8 +317,8 @@ gdm_static_factory_display_new (int display_number,
x11_display = g_strdup_printf (":%d", display_number);
object = g_object_new (GDM_TYPE_STATIC_FACTORY_DISPLAY,
"slave-command", DEFAULT_SLAVE_COMMAND,
- "number", display_number,
- "x11-display", x11_display,
+ "x11-display-number", display_number,
+ "x11-display-name", x11_display,
"display-store", store,
NULL);
g_free (x11_display);
diff --git a/daemon/gdm-xdmcp-display.c b/daemon/gdm-xdmcp-display.c
index 18ed9019..a2faea18 100644
--- a/daemon/gdm-xdmcp-display.c
+++ b/daemon/gdm-xdmcp-display.c
@@ -97,8 +97,8 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display)
x11_display = NULL;
g_object_get (display,
- "x11-display", &x11_display,
- "number", &display_num,
+ "x11-display-name", &x11_display,
+ "x11-display-number", &display_num,
NULL);
/* Create new random cookie */
@@ -119,8 +119,9 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display)
goto out;
}
+ g_debug ("Adding auth entry for xdmcp display:%d cookie:%s", display_num, cookie->str);
authlist = NULL;
- if (! gdm_auth_add_entry_for_display (display_num, cookie, &authlist, af)) {
+ if (! gdm_auth_add_entry_for_display (display_num, NULL, cookie, af, &authlist)) {
goto out;
}
@@ -154,6 +155,42 @@ gdm_xdmcp_display_create_authority (GdmDisplay *display)
}
static gboolean
+gdm_xdmcp_display_add_user_authorization (GdmDisplay *display,
+ const char *username,
+ char **filename,
+ GError **error)
+{
+ gboolean res;
+ char *cookie;
+ char *hostname;
+ int display_num;
+
+ res = gdm_display_get_x11_cookie (display, &cookie, NULL);
+ res = gdm_display_get_x11_display_number (display, &display_num, NULL);
+
+ hostname = NULL;
+ res = gdm_address_get_hostname (GDM_XDMCP_DISPLAY (display)->priv->remote_address, &hostname);
+ g_debug ("add user auth for xdmcp display: %s host:%s", username, hostname);
+ gdm_address_debug (GDM_XDMCP_DISPLAY (display)->priv->remote_address);
+ g_free (hostname);
+
+ res = gdm_auth_user_add (display_num,
+ GDM_XDMCP_DISPLAY (display)->priv->remote_address,
+ username,
+ cookie,
+ filename);
+ return res;
+}
+
+static gboolean
+gdm_xdmcp_display_remove_user_authorization (GdmDisplay *display,
+ const char *username,
+ GError **error)
+{
+ return TRUE;
+}
+
+static gboolean
gdm_xdmcp_display_manage (GdmDisplay *display)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
@@ -174,6 +211,20 @@ gdm_xdmcp_display_unmanage (GdmDisplay *display)
}
static void
+_gdm_xdmcp_display_set_remote_address (GdmXdmcpDisplay *display,
+ GdmAddress *address)
+{
+ if (display->priv->remote_address != NULL) {
+ gdm_address_free (display->priv->remote_address);
+ }
+
+ g_assert (address != NULL);
+
+ gdm_address_debug (address);
+ display->priv->remote_address = gdm_address_copy (address);
+}
+
+static void
gdm_xdmcp_display_set_property (GObject *object,
guint prop_id,
const GValue *value,
@@ -185,7 +236,7 @@ gdm_xdmcp_display_set_property (GObject *object,
switch (prop_id) {
case PROP_REMOTE_ADDRESS:
- self->priv->remote_address = g_value_get_boxed (value);
+ _gdm_xdmcp_display_set_remote_address (self, g_value_get_boxed (value));
break;
case PROP_SESSION_NUMBER:
self->priv->session_number = g_value_get_int (value);
@@ -230,6 +281,8 @@ gdm_xdmcp_display_class_init (GdmXdmcpDisplayClass *klass)
object_class->finalize = gdm_xdmcp_display_finalize;
display_class->create_authority = gdm_xdmcp_display_create_authority;
+ display_class->add_user_authorization = gdm_xdmcp_display_add_user_authorization;
+ display_class->remove_user_authorization = gdm_xdmcp_display_remove_user_authorization;
display_class->manage = gdm_xdmcp_display_manage;
display_class->unmanage = gdm_xdmcp_display_unmanage;
@@ -290,8 +343,8 @@ gdm_xdmcp_display_new (const char *hostname,
x11_display = g_strdup_printf ("%s:%d", hostname, number);
object = g_object_new (GDM_TYPE_XDMCP_DISPLAY,
"remote-hostname", hostname,
- "number", number,
- "x11-display", x11_display,
+ "x11-display-number", number,
+ "x11-display-name", x11_display,
"is-local", FALSE,
"remote-address", address,
"session-number", session_number,
diff --git a/daemon/gdm-xdmcp-manager.c b/daemon/gdm-xdmcp-manager.c
index e0b40da6..d88bd46e 100644
--- a/daemon/gdm-xdmcp-manager.c
+++ b/daemon/gdm-xdmcp-manager.c
@@ -456,6 +456,9 @@ do_bind (guint port,
GdmAddress *addr;
addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr);
+
+ host = NULL;
+ serv = NULL;
gdm_address_get_numeric_info (addr, &host, &serv);
g_debug ("XDMCP: Attempting to bind to host %s port %s", host, serv);
g_free (host);
@@ -602,9 +605,10 @@ gdm_xdmcp_host_allow (GdmAddress *address)
gboolean ret;
host = NULL;
+ client = NULL;
/* Find client hostname */
- client = gdm_address_get_hostname (address);
+ gdm_address_get_hostname (address, &client);
gdm_address_get_numeric_info (address, &host, NULL);
/* Check with tcp_wrappers if client is allowed to access */
@@ -676,7 +680,7 @@ lookup_by_host (const char *id,
}
this_address = gdm_xdmcp_display_get_remote_address (GDM_XDMCP_DISPLAY (display));
- gdm_display_get_number (display, &disp_num, NULL);
+ gdm_display_get_x11_display_number (display, &disp_num, NULL);
if (gdm_address_equal (this_address, data->address)
&& disp_num == data->display_num) {
@@ -760,6 +764,7 @@ gdm_xdmcp_send_willing (GdmXdmcpManager *manager,
static time_t last_willing = 0;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XDMCP: Sending WILLING to %s", host);
g_free (host);
@@ -827,6 +832,7 @@ gdm_xdmcp_send_unwilling (GdmXdmcpManager *manager,
return;
}
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XDMCP: Sending UNWILLING to %s", host);
g_warning (_("Denied XDMCP query from host %s"), host);
@@ -923,11 +929,14 @@ gdm_xdmcp_send_forward_query (GdmXdmcpManager *manager,
g_assert (id != NULL);
g_assert (id->chosen_host != NULL);
+ host = NULL;
gdm_address_get_numeric_info (id->chosen_host, &host, NULL);
g_debug ("XDMCP: Sending forward query to %s",
host);
g_free (host);
+ host = NULL;
+ serv = NULL;
gdm_address_get_numeric_info (display_address, &host, &serv);
g_debug ("gdm_xdmcp_send_forward_query: Query contains %s:%s",
host, serv);
@@ -1134,6 +1143,7 @@ gdm_forward_query_dispose (GdmXdmcpManager *manager,
{
char *host;
+ host = NULL;
gdm_address_get_numeric_info (q->dsp_address, &host, NULL);
g_debug ("gdm_forward_query_dispose: Disposing %s", host);
g_free (host);
@@ -1217,6 +1227,8 @@ gdm_forward_query_lookup (GdmXdmcpManager *manager,
continue;
}
+ host = NULL;
+ serv = NULL;
gdm_address_get_numeric_info (q->dsp_address, &host, &serv);
g_debug ("gdm_forward_query_lookup: comparing %s:%s", host, serv);
@@ -1243,6 +1255,7 @@ gdm_forward_query_lookup (GdmXdmcpManager *manager,
if (ret == NULL) {
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("gdm_forward_query_lookup: Host %s not found",
host);
@@ -1376,6 +1389,7 @@ gdm_xdmcp_handle_forward_query (GdmXdmcpManager *manager,
if (! gdm_xdmcp_host_allow (address)) {
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_warning ("%s: Got FORWARD_QUERY from banned host %s",
@@ -1438,6 +1452,8 @@ gdm_xdmcp_handle_forward_query (GdmXdmcpManager *manager,
address,
disp_address);
+ host = NULL;
+ serv = NULL;
gdm_address_get_numeric_info (disp_address, &host, &serv);
g_debug ("gdm_xdmcp_handle_forward_query: Got FORWARD_QUERY for display: %s, port %s",
host, serv);
@@ -1476,6 +1492,7 @@ gdm_xdmcp_really_send_managed_forward (GdmXdmcpManager *manager,
XdmcpHeader header;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XDMCP: Sending MANAGED_FORWARD to %s", host);
g_free (host);
@@ -1556,6 +1573,7 @@ gdm_xdmcp_send_got_managed_forward (GdmXdmcpManager *manager,
XdmcpHeader header;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XDMCP: Sending GOT_MANAGED_FORWARD to %s", host);
g_free (host);
@@ -1657,7 +1675,7 @@ remove_host (const char *id,
}
gdm_display_get_remote_hostname (display, &hostname, NULL);
- gdm_display_get_number (display, &disp_num, NULL);
+ gdm_display_get_x11_display_number (display, &disp_num, NULL);
if (disp_num == data->display_num &&
hostname != NULL &&
@@ -1706,6 +1724,7 @@ gdm_xdmcp_send_decline (GdmXdmcpManager *manager,
GdmForwardQuery *fq;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XMDCP: Sending DECLINE to %s", host);
g_free (host);
@@ -1752,6 +1771,8 @@ gdm_xdmcp_display_alloc (GdmXdmcpManager *manager,
{
GdmDisplay *display;
+ g_debug ("Creating xdmcp display for %s:%d", hostname, displaynum);
+
display = gdm_xdmcp_display_new (hostname,
displaynum,
address,
@@ -1806,6 +1827,7 @@ gdm_xdmcp_send_accept (GdmXdmcpManager *manager,
(XdmcpNetaddr)gdm_address_peek_sockaddr_storage (address),
(int)sizeof (struct sockaddr_storage));
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XDMCP: Sending ACCEPT to %s with SessionID=%ld",
host,
@@ -1996,6 +2018,7 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager,
char *x11_cookie;
GString *cookie;
GString *binary_cookie;
+ GString *test_cookie;
gdm_display_get_x11_cookie (display, &x11_cookie, NULL);
cookie = g_string_new (x11_cookie);
@@ -2012,6 +2035,21 @@ gdm_xdmcp_handle_request (GdmXdmcpManager *manager,
/* FIXME: handle error */
}
+ test_cookie = g_string_new (NULL);
+ if (! gdm_string_hex_encode (binary_cookie,
+ 0,
+ test_cookie,
+ 0)) {
+ g_warning ("Unable to encode hex cookie");
+ /* FIXME: handle error */
+ }
+
+ /* sanity check cookie */
+ g_debug ("Reencoded cookie len:%d '%s'", test_cookie->len, test_cookie->str);
+ g_assert (test_cookie->len == cookie->len);
+ g_assert (strcmp (test_cookie->str, cookie->str) == 0);
+ g_string_free (test_cookie, TRUE);
+
g_debug ("Sending authorization key for display %s", cookie->str);
g_debug ("Decoded cookie len %d", binary_cookie->len);
@@ -2192,6 +2230,7 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager,
GdmForwardQuery *fq;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("gdm_xdmcp_handle_manage: Got MANAGE from %s", host);
@@ -2203,33 +2242,35 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager,
g_free (host);
return;
}
- g_free (host);
/* SessionID */
if G_UNLIKELY (! XdmcpReadCARD32 (&manager->priv->buf, &clnt_sessid)) {
g_warning (_("%s: Could not read Session ID"),
"gdm_xdmcp_handle_manage");
- return;
+ goto out;
}
/* Remote display number */
if G_UNLIKELY (! XdmcpReadCARD16 (&manager->priv->buf, &clnt_dspnum)) {
g_warning (_("%s: Could not read Display Number"),
"gdm_xdmcp_handle_manage");
- return;
+ goto out;
}
/* Display Class */
if G_UNLIKELY (! XdmcpReadARRAY8 (&manager->priv->buf, &clnt_dspclass)) {
g_warning (_("%s: Could not read Display Class"),
"gdm_xdmcp_handle_manage");
- return;
+ goto out;
}
{
char *s = g_strndup ((char *) clnt_dspclass.data, clnt_dspclass.length);
g_debug ("gdm_xdmcp-handle_manage: Got display=%d, SessionID=%ld Class=%s from %s",
- (int)clnt_dspnum, (long)clnt_sessid, ve_sure_string (s), host);
+ (int)clnt_dspnum,
+ (long)clnt_sessid,
+ ve_sure_string (s),
+ host);
g_free (s);
}
@@ -2240,7 +2281,7 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager,
char *name;
name = NULL;
- gdm_display_get_x11_display (display, &name, NULL);
+ gdm_display_get_x11_display_name (display, &name, NULL);
g_debug ("gdm_xdmcp_handle_manage: Looked up %s", name);
g_free (name);
@@ -2293,7 +2334,9 @@ gdm_xdmcp_handle_manage (GdmXdmcpManager *manager,
gdm_xdmcp_send_refuse (manager, address, clnt_sessid);
}
+ out:
XdmcpDisposeARRAY8 (&clnt_dspclass);
+ g_free (host);
}
static void
@@ -2301,11 +2344,12 @@ gdm_xdmcp_handle_managed_forward (GdmXdmcpManager *manager,
GdmAddress *address,
int len)
{
- ARRAY8 clnt_address;
+ ARRAY8 clnt_address;
GdmIndirectDisplay *id;
- char *host;
- GdmAddress *disp_address;
+ char *host;
+ GdmAddress *disp_address;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("gdm_xdmcp_handle_managed_forward: Got MANAGED_FORWARD from %s",
host);
@@ -2356,6 +2400,7 @@ gdm_xdmcp_handle_got_managed_forward (GdmXdmcpManager *manager,
ARRAY8 clnt_address;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("gdm_xdmcp_handle_got_managed_forward: Got MANAGED_FORWARD from %s",
host);
@@ -2444,6 +2489,7 @@ gdm_xdmcp_handle_keepalive (GdmXdmcpManager *manager,
CARD32 clnt_sessid;
char *host;
+ host = NULL;
gdm_address_get_numeric_info (address, &host, NULL);
g_debug ("XDMCP: Got KEEPALIVE from %s", host);
@@ -2554,6 +2600,10 @@ decode_packet (GIOChannel *source,
return TRUE;
}
+ gdm_address_debug (address);
+
+ host = NULL;
+ port = NULL;
gdm_address_get_numeric_info (address, &host, &port);
g_debug ("XDMCP: Received opcode %s from client %s : %s",
diff --git a/data/gdm.conf b/data/gdm.conf
index a3881dc7..b701f73e 100644
--- a/data/gdm.conf
+++ b/data/gdm.conf
@@ -13,12 +13,19 @@
send_interface="org.gnome.DBus.Properties" />
</policy>
- <!-- Allow anyone to invoke methods on the interfaces -->
<policy context="default">
<allow send_interface="org.gnome.DisplayManager.Manager"/>
<allow send_interface="org.gnome.DisplayManager.Display"/>
<deny send_destination="org.gnome.DisplayManager"
send_interface="org.gnome.DBus.Properties" />
+ <deny send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetX11Cookie"/>
+ <deny send_interface="org.gnome.DisplayManager.Display"
+ send_member="GetX11AuthorityFile"/>
+ <deny send_interface="org.gnome.DisplayManager.Display"
+ send_member="AddUserAuthoritization"/>
+ <deny send_interface="org.gnome.DisplayManager.Display"
+ send_member="RemoveUserAuthoritization"/>
</policy>
<policy user="gdm">
diff --git a/gui/simple-greeter/greeter-main.c b/gui/simple-greeter/greeter-main.c
index a921e172..bf64d790 100644
--- a/gui/simple-greeter/greeter-main.c
+++ b/gui/simple-greeter/greeter-main.c
@@ -296,6 +296,8 @@ main (int argc, char *argv[])
exit (1);
}
+ g_debug ("Greeter for display %s xauthority:%s", g_getenv ("DISPLAY"), g_getenv ("XAUTHORITY"));
+
/*
* gdm_common_atspi_launch () needs gdk initialized.
* We cannot start gtk before the registry is running