summaryrefslogtreecommitdiff
path: root/daemon/auth.c
diff options
context:
space:
mode:
authorGeorge Lebl <jirka@5z.com>2003-07-24 22:01:21 +0000
committerGeorge Lebl <jirka@src.gnome.org>2003-07-24 22:01:21 +0000
commit405013a3120c612b629072c16a4baaa542bb02d0 (patch)
treea8e8f3a113d6eaf9a8cf518e916161c60979b088 /daemon/auth.c
parent38ad2d1c9bceb5507411daff7868abaaf9045d27 (diff)
downloadgdm-405013a3120c612b629072c16a4baaa542bb02d0.tar.gz
change some g_strconcat's to g_build_filename's to address #118040. still
Thu Jul 24 14:58:23 2003 George Lebl <jirka@5z.com> * daemon/gdm.c, daemon/slave.c, daemon/auth.c: change some g_strconcat's to g_build_filename's to address #118040. still more need to be converted * gdm.spec.in, daemon/gdm.h, config/gdm.conf.in, config/Makefile.am, configure.in: By default use logdir of /var/log/gdm just like redhat does it * daemon/gdm.c: check logdir to exist and if not set it to ServAuthDir * gdm.spec.in, daemon/gdm.c, config/Makefile.am: Make the ServAuthDir permissions to be 1770 with owenership root.gdm. That makes it impossible for the gdm user to run DoS attacks against the gdm daemon (though without any process limits set it can still somewhat do that) * daemon/slave.c, daemon/display.c, daemon/gdm.c, daemon/misc.c, daemon/server.c: Hunt more races and hangs. Make sure we really don't do anything bad in signal handlers by making a setjmp at the beginning of the slave_start function and returning there from signal handlers to do final cleanup kind of stuff. Also when we are receiving TERM signals while waiting on stuff to die, be very un-nice to things and SIGKILL them. Also stop using sleep if we might be using alarm at the same time. * daemon/display.c: whack non-useful signal block push on unmanage, and if we get a TERM signal while waiting on the slave, then send a TERM signal to the slave again. * daemon/errorgui.c: set USER, USERNAME and LOGNAME to "gdm" so that they don't end up root by some mistake * daemon/slave.c: Use home of root rather then /root for the home directory of gdmsetup. Also if we can't change to the home directory chdir to / instead of leaving it at servauthdir. Be anal about COOKIEs in the logfile. Also when things go just a bit wrong and not completely whacko, don't ABORT but just REMANAGE, the toplevel loop of death will handle things for us correctly. And setsid a very close to the start of the session to avoid a race ABORTing a display by mistake. * daemon/slave.c: make the PostLogin behave just like PostSession with respect to the return value * daemon/verify-pam.c: avoid races on termination with the verify_cleanup and handle some cases where crashes may (but should not) occur. * daemon/gdm.c: whack unneeded signal blockers (the main daemon is all async with a nice mainloop) * gui/gdmchooser.c: handle HUP gracefully, when one of the config options we care about changes just restart self instead of * gui/gdmlogin.c, gui/greeter/greeter_item_ulist.c: make the username bold * docs/C/gdm.xml: update the PostLogin behaviour and the permissions on the ServAuthDir
Diffstat (limited to 'daemon/auth.c')
-rw-r--r--daemon/auth.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/daemon/auth.c b/daemon/auth.c
index 6fff5cc2..a1d0a155 100644
--- a/daemon/auth.c
+++ b/daemon/auth.c
@@ -178,7 +178,7 @@ gdm_auth_secure_display (GdmDisplay *d)
/* Note, Xnest can't use the ServAuthDir unless running as
* root, which is rare anyway, unless the user is a wanker */
- d->authfile = g_strconcat (GdmUserAuthFB, "/.gdmXXXXXX", NULL);
+ d->authfile = g_build_filename (GdmUserAuthFB, ".gdmXXXXXX", NULL);
umask (077);
authfd = g_mkstemp (d->authfile);
@@ -438,7 +438,7 @@ try_user_add_again:
if (authdir == NULL)
d->userauth = NULL;
else
- d->userauth = g_strconcat (authdir, "/", GdmUserAuthFile, NULL);
+ d->userauth = g_build_filename (authdir, GdmUserAuthFile, NULL);
/* Find out if the Xauthority file passes the paranoia check */
if (automatic_tmp_dir ||
@@ -450,7 +450,7 @@ try_user_add_again:
/* No go. Let's create a fallback file in GdmUserAuthFB (/tmp) */
d->authfb = TRUE;
g_free (d->userauth);
- d->userauth = g_strconcat (GdmUserAuthFB, "/.gdmXXXXXX", NULL);
+ d->userauth = g_build_filename (GdmUserAuthFB, ".gdmXXXXXX", NULL);
authfd = g_mkstemp (d->userauth);
if (authfd == -1) {