check for setresuid

Tue May 21 15:12:51 2002 George Lebl <jirka@5z.com> * configure.in, accconfig.h: check for setresuid * daemon/errorgui.c, daemon/misc.[ch]: use setresuid to really get rid of setuidiness * gui/gdmlogin.c: fix accelerators. Since now we have nice visible accelerators (mnemonics) we no longer need the Esc one which wasn't working anyway * daemon/gdm.c, daemon/slave.c, gui/gdmphotosetup.c: Don't init gnome. This only breaks the getting of the gnome pixmap dir, so whack the places where this is done. It's not a big deal really. And not initting things really helps a lot in both init speed, random crashes, hangs, and security. * daemon/slave.c, daemon/errorgui.[ch], config/Xsession: Now we open the .xsession-errors file early on, in fact for all non-failsafe sessions. If the session is less then 10 seconds long warn the user of possible errors and let him view the .xsession-errors file. * daemon/slave.c, daemon/auth.c: give error output when we can't setup the authentication file. * daemon/slave.c, daemon/errorgui.c: fix focus issues, fix crash for the error gui boxes * daemon/verify-pam.c: fix typo
author: George Lebl <jirka@5z.com> 2002-05-21 22:03:14 +0000
committer: George Lebl <jirka@src.gnome.org> 2002-05-21 22:03:14 +0000
commit: 7bef54089841c144df9212631765c44556859d56 (patch)
tree: 58d200c59f9d1195a07121b5179f4fa4cf98343a /daemon/auth.c
parent: 6e18a19bc159269541d9dc48318db765a0ae4ce4 (diff)
download: gdm-7bef54089841c144df9212631765c44556859d56.tar.gz
1 files changed, 59 insertions, 7 deletions
diff --git a/daemon/auth.c b/daemon/auth.c
index 64636812..a2a17c2c 100644
--- a/daemon/auth.c
+++ b/daemon/auth.c
@@ -48,6 +48,27 @@ extern gint  GdmUserMaxFile;
 extern gint  GdmRelaxPerms;
 extern gboolean GdmDebug;
 
+static void
+display_add_error (GdmDisplay *d)
+{
+	if (errno != 0)
+		gdm_error (_("%s: Could not write new authorization entry: %s"),
+			   "add_auth_entry", g_strerror (errno));
+	else
+		gdm_error (_("%s: Could not write new authorization entry.  "
+			     "Possibly out of diskspace"),
+			   "add_auth_entry");
+	if (d->console) {
+		char *s = g_strdup_printf
+			(_("GDM could not write a new authorization "
+			   "entry to disk.  Possibly out of diskspace.%s%s"),
+			 errno != 0 ? "  Error: " : "",
+			 errno != 0 ? g_strerror (errno) : "");
+		gdm_text_message_dialog (s);
+		g_free (s);
+	}
+}
+
 static gboolean
 add_auth_entry (GdmDisplay *d, FILE *af, FILE *af2,
 		unsigned short family, const char *addr, int addrlen)
@@ -92,9 +113,19 @@ add_auth_entry (GdmDisplay *d, FILE *af, FILE *af2,
 	memcpy (xa->data, d->bcookie, 16);
 	xa->data_length = 16;
 
-	XauWriteAuth (af, xa);
-	if (af2 != NULL)
-		XauWriteAuth (af2, xa);
+	errno = 0;
+	if ( ! XauWriteAuth (af, xa)) {
+		display_add_error (d);
+		return FALSE;
+	}
+
+	if (af2 != NULL) {
+		errno = 0;
+		if ( ! XauWriteAuth (af2, xa)) {
+			display_add_error (d);
+			return FALSE;
+		}
+	}
 
 	d->auths = g_slist_append (d->auths, xa);
 
@@ -323,6 +354,18 @@ gdm_auth_secure_display (GdmDisplay *d)
     return TRUE;
 }
 
+static gboolean
+try_open_append (const char *file)
+{
+	FILE *fp;
+	fp = fopen (file, "a+");
+	if (fp != NULL) {
+		fclose (fp);
+		return TRUE;
+	} else {
+		return FALSE;
+	}
+}
 
 /**
  * gdm_auth_user_add:
@@ -343,6 +386,7 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir)
     gint authfd;
     FILE *af;
     GSList *auths = NULL;
+    gboolean ret = TRUE;
 
     if (!d)
 	return FALSE;
@@ -357,13 +401,17 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir)
 
     umask (077);
 
+    d->userauth = g_strconcat (authdir, "/", GdmUserAuthFile, NULL);
+
     /* Find out if the Xauthority file passes the paranoia check */
     if (authdir == NULL ||
 	! gdm_file_check ("gdm_auth_user_add", user, authdir, GdmUserAuthFile, 
-			  TRUE, GdmUserMaxFile, GdmRelaxPerms)) {
+			  TRUE, GdmUserMaxFile, GdmRelaxPerms) ||
+	! try_open_append (d->userauth)) {
 
 	/* No go. Let's create a fallback file in GdmUserAuthFB (/tmp) */
 	d->authfb = TRUE;
+	g_free (d->userauth);
 	d->userauth = g_strconcat (GdmUserAuthFB, "/.gdmXXXXXX", NULL);
 	authfd = g_mkstemp (d->userauth);
 
@@ -381,7 +429,6 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir)
     }
     else { /* User's Xauthority file is ok */
 	d->authfb = FALSE;
-	d->userauth = g_strconcat (authdir, "/", GdmUserAuthFile, NULL);
 
 	/* FIXME: Better implement my own locking. The libXau one is not kosher */
 	if (XauLockAuth (d->userauth, 3, 3, 0) != LOCK_SUCCESS) {
@@ -419,7 +466,12 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir)
     auths = d->auths;
 
     while (auths) {
-	XauWriteAuth (af, auths->data);
+	if ( ! XauWriteAuth (af, auths->data)) {
+		gdm_error (_("%s: Could not write cookie"));
+		ret = FALSE;
+		break;
+	}
+
 	auths = auths->next;
     }
 
@@ -430,7 +482,7 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir)
 
     umask (022);
 
-    return TRUE;
+    return ret;
 }
author	George Lebl <jirka@5z.com>	2002-05-21 22:03:14 +0000
committer	George Lebl <jirka@src.gnome.org>	2002-05-21 22:03:14 +0000
commit	7bef54089841c144df9212631765c44556859d56 (patch)
tree	58d200c59f9d1195a07121b5179f4fa4cf98343a /daemon/auth.c
parent	6e18a19bc159269541d9dc48318db765a0ae4ce4 (diff)
download	gdm-7bef54089841c144df9212631765c44556859d56.tar.gz