diff options
| author | Brian Cameron <brian.cameron@sun.com> | 2007-04-24 06:02:29 +0000 |
|---|---|---|
| committer | Brian Cameron <bcameron@src.gnome.org> | 2007-04-24 06:02:29 +0000 |
| commit | 17c6f1e3a1479d5f5813d69d3344a380dfd930a5 (patch) | |
| tree | 5140e10bd300dd80846cb649ba7c6bd637db607e /daemon/auth.c | |
| parent | 0046cf1344a74b7c2030868a3a0380db81749de9 (diff) | |
| download | gdm-17c6f1e3a1479d5f5813d69d3344a380dfd930a5.tar.gz | |
Be more clever about setting umask. Now gdm_safe_fopen_w and
2007-04-24 Brian Cameron <brian.cameron@sun.com>
* daemon/misc.[ch], daemon/auth.c, daemon/misc.c: Be more clever
about setting umask. Now gdm_safe_fopen_w and gdm_safe_fopen_ap
takes a perm argument so that the open can specify the mode
rather than having to use umask to cause the mode to be set
properly. In daemon/auth.c, no longer set umask to 022
immediately before calling "goto try_user_add_again" since
the umask is reset to 077 right after the goto label. Patch
by Peter Baumann <waste.manager@gmx.de>. Partially fixes
bug #305931.
svn path=/trunk/; revision=4870
Diffstat (limited to 'daemon/auth.c')
| -rw-r--r-- | daemon/auth.c | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/daemon/auth.c b/daemon/auth.c index b47c7316..0927c288 100644 --- a/daemon/auth.c +++ b/daemon/auth.c @@ -223,7 +223,7 @@ gdm_auth_secure_display (GdmDisplay *d) /* Make another authfile since the greeter can't read the server/user * readable file */ d->authfile_gdm = gdm_make_filename (gdm_daemon_config_get_value_string (GDM_KEY_SERV_AUTHDIR), d->name, ".Xauth"); - af_gdm = gdm_safe_fopen_w (d->authfile_gdm); + af_gdm = gdm_safe_fopen_w (d->authfile_gdm, 0644); if G_UNLIKELY (af_gdm == NULL) { gdm_error (_("%s: Cannot safely open %s"), @@ -240,7 +240,7 @@ gdm_auth_secure_display (GdmDisplay *d) } else { /* gdm and xserver authfile can be the same, server will run as root */ d->authfile = gdm_make_filename (gdm_daemon_config_get_value_string (GDM_KEY_SERV_AUTHDIR), d->name, ".Xauth"); - af = gdm_safe_fopen_w (d->authfile); + af = gdm_safe_fopen_w (d->authfile, 0644); if G_UNLIKELY (af == NULL) { gdm_error (_("%s: Cannot safely open %s"), @@ -644,8 +644,6 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir) g_free (d->userauth); d->userauth = NULL; - umask (022); - authdir_is_tmp_dir = FALSE; goto try_user_add_again; } @@ -677,15 +675,13 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir) g_free (d->userauth); d->userauth = NULL; - umask (022); - automatic_tmp_dir = TRUE; goto try_user_add_again; } locked = TRUE; - af = gdm_safe_fopen_ap (d->userauth); + af = gdm_safe_fopen_ap (d->userauth, 0600); } /* Set to NULL, because can goto try_user_add_again. */ @@ -702,13 +698,12 @@ gdm_auth_user_add (GdmDisplay *d, uid_t user, const char *homedir) g_free (d->userauth); d->userauth = NULL; - umask (022); - if ( ! d->authfb) { automatic_tmp_dir = TRUE; goto try_user_add_again; } + umask (022); return FALSE; } @@ -785,7 +780,6 @@ gdm_auth_user_remove (GdmDisplay *d, uid_t user) FILE *af; gchar *authfile; gchar *authdir; - mode_t oldmode; if G_UNLIKELY (!d || !d->userauth) return; @@ -846,9 +840,7 @@ gdm_auth_user_remove (GdmDisplay *d, uid_t user) return; } - oldmode = umask (077); - af = gdm_safe_fopen_ap (d->userauth); - umask (oldmode); + af = gdm_safe_fopen_ap (d->userauth, 0600); if G_UNLIKELY (af == NULL) { XauUnlockAuth (d->userauth); @@ -928,7 +920,6 @@ gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty) { Xauth *xa; GSList *keep = NULL, *li; - mode_t oldmode; int cnt; if G_UNLIKELY (!d || !af) @@ -975,9 +966,7 @@ gdm_auth_purge (GdmDisplay *d, FILE *af, gboolean remove_when_empty) return NULL; } - oldmode = umask (077); - af = gdm_safe_fopen_w (d->userauth); - umask (oldmode); + af = gdm_safe_fopen_w (d->userauth, 0600); /* Write out remaining entries */ for (li = keep; li != NULL; li = li->next) { |