diff options
author | William Jon McCann <mccann@jhu.edu> | 2007-11-09 15:25:57 +0000 |
---|---|---|
committer | William Jon McCann <mccann@src.gnome.org> | 2007-11-09 15:25:57 +0000 |
commit | e3962077f95f4a7a438e1be8c997c64db7c4ff05 (patch) | |
tree | 37493b5bd063e8b825f8a97441bf81574ba1ff03 /daemon/gdm-display-access-file.c | |
parent | 040df92ba6ee0b5b32872552d36b77896ba12686 (diff) | |
download | gdm-e3962077f95f4a7a438e1be8c997c64db7c4ff05.tar.gz |
With this patch we now invoke the X server with the -auth argument and
2007-11-09 William Jon McCann <mccann@jhu.edu>
* common/gdm-common.c: (gdm_string_hex_decode):
* common/gdm-common.h:
* daemon/Makefile.am:
* daemon/auth.c:
* daemon/auth.h:
* daemon/gdm-display.c: (_create_access_file_for_user),
(gdm_display_real_create_authority),
(gdm_display_real_add_user_authorization),
(gdm_display_real_remove_user_authorization),
(gdm_display_get_x11_cookie), (gdm_display_get_x11_authority_file),
(gdm_display_real_unmanage), (gdm_display_set_property),
(gdm_display_get_property), (gdm_display_class_init),
(gdm_display_finalize):
* daemon/gdm-display.h:
* daemon/gdm-factory-slave.c: (gdm_factory_slave_run):
* daemon/gdm-local-display-factory.c: (create_display_for_device):
* daemon/gdm-manager.c: (gdm_manager_init), (gdm_manager_finalize):
* daemon/gdm-product-slave.c: (gdm_product_slave_create_server):
* daemon/gdm-server.c: (_gdm_server_set_auth_file),
(gdm_server_set_property), (gdm_server_get_property),
(gdm_server_class_init), (gdm_server_new):
* daemon/gdm-server.h:
* daemon/gdm-simple-slave.c: (gdm_simple_slave_run):
* daemon/gdm-slave.c: (gdm_slave_connect_to_x11_display),
(gdm_slave_real_start), (gdm_slave_set_property),
(gdm_slave_get_property), (gdm_slave_class_init):
* daemon/gdm-static-display.c:
(gdm_static_display_add_user_authorization),
(gdm_static_display_remove_user_authorization):
* daemon/gdm-xdmcp-display-factory.c: (gdm_xdmcp_handle_request):
* daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority),
(gdm_xdmcp_display_add_user_authorization),
(gdm_xdmcp_display_remove_user_authorization),
(gdm_xdmcp_display_unmanage):
* daemon/gdm-display-access-file.c:
* daemon/gdm-display-access-file.h:
With this patch we now invoke the X server with the -auth argument
and disable machine wide access to the X server. This patch also
drops the md5 hashing of random bytes to create cookies and
instead just creates cookies directly (like the X server would if
we asked the X server to generate the cookies for us).
Patch from: Ray Strode <rstrode@redhat.com>
svn path=/trunk/; revision=5499
Diffstat (limited to 'daemon/gdm-display-access-file.c')
-rw-r--r-- | daemon/gdm-display-access-file.c | 506 |
1 files changed, 506 insertions, 0 deletions
diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c new file mode 100644 index 00000000..087de2b7 --- /dev/null +++ b/daemon/gdm-display-access-file.c @@ -0,0 +1,506 @@ +/* gdm-display-access-file.c - Abstraction around xauth cookies + * + * Copyright (C) 2007 Ray Strode <rstrode@redhat.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + */ +#include "config.h" +#include "gdm-display-access-file.h" + +#include <errno.h> +#include <pwd.h> +#include <string.h> +#include <sys/types.h> +#include <unistd.h> + +#include <glib.h> +#include <glib-object.h> +#include <glib/gstdio.h> +#include <glib/gi18n.h> + +#include <X11/Xauth.h> + +struct _GdmDisplayAccessFilePrivate +{ + char *username; + FILE *fp; + char *path; +}; + +#ifndef GDM_DISPLAY_ACCESS_COOKIE_SIZE +#define GDM_DISPLAY_ACCESS_COOKIE_SIZE 16 +#endif + +static void gdm_display_access_file_finalize (GObject * object); + +enum +{ + PROP_0 = 0, + PROP_USERNAME, + PROP_PATH +}; + +G_DEFINE_TYPE (GdmDisplayAccessFile, gdm_display_access_file, G_TYPE_OBJECT); + +static void +gdm_display_access_file_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GdmDisplayAccessFile *access_file; + + access_file = GDM_DISPLAY_ACCESS_FILE (object); + + switch (prop_id) { + case PROP_USERNAME: + g_value_set_string (value, access_file->priv->username); + break; + + case PROP_PATH: + g_value_set_string (value, access_file->priv->path); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +gdm_display_access_file_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GdmDisplayAccessFile *access_file; + + access_file = GDM_DISPLAY_ACCESS_FILE (object); + + switch (prop_id) { + case PROP_USERNAME: + g_assert (access_file->priv->username == NULL); + access_file->priv->username = g_value_dup_string (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +gdm_display_access_file_class_init (GdmDisplayAccessFileClass *access_file_class) +{ + GObjectClass *object_class; + GParamSpec *param_spec; + + object_class = G_OBJECT_CLASS (access_file_class); + + object_class->finalize = gdm_display_access_file_finalize; + object_class->get_property = gdm_display_access_file_get_property; + object_class->set_property = gdm_display_access_file_set_property; + + param_spec = g_param_spec_string ("username", "Username", + "Owner of Xauthority file", + NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY); + g_object_class_install_property (object_class, PROP_USERNAME, param_spec); + param_spec = g_param_spec_string ("path", "Path", + "Path to Xauthority file", + NULL, G_PARAM_READABLE); + g_object_class_install_property (object_class, PROP_PATH, param_spec); + g_type_class_add_private (access_file_class, sizeof (GdmDisplayAccessFilePrivate)); +} + +static void +gdm_display_access_file_init (GdmDisplayAccessFile *access_file) +{ + access_file->priv = G_TYPE_INSTANCE_GET_PRIVATE (access_file, + GDM_TYPE_DISPLAY_ACCESS_FILE, + GdmDisplayAccessFilePrivate); +} + +static void +gdm_display_access_file_finalize (GObject *object) +{ + GdmDisplayAccessFile *file; + GObjectClass *parent_class; + + file = GDM_DISPLAY_ACCESS_FILE (object); + parent_class = G_OBJECT_CLASS (gdm_display_access_file_parent_class); + + if (file->priv->fp != NULL) { + gdm_display_access_file_close (file); + } + g_assert (file->priv->path == NULL); + + if (file->priv->username != NULL) { + g_free (file->priv->username); + file->priv->username = NULL; + g_object_notify (object, "username"); + } + + if (parent_class->finalize != NULL) { + parent_class->finalize (object); + } +} + +GQuark +gdm_display_access_file_error_quark (void) +{ + static GQuark error_quark = 0; + + if (error_quark == 0) { + error_quark = g_quark_from_static_string ("gdm-display-access-file"); + } + + return error_quark; +} + +GdmDisplayAccessFile * +gdm_display_access_file_new (const char *username) +{ + GdmDisplayAccessFile *access_file; + g_return_val_if_fail (username != NULL, NULL); + + access_file = g_object_new (GDM_TYPE_DISPLAY_ACCESS_FILE, + "username", username, NULL); + + return access_file; +} + +static gboolean +_get_uid_and_gid_for_user (const char *username, + uid_t *uid, + gid_t *gid) +{ + struct passwd *passwd_entry; + + g_assert (username != NULL); + g_assert (uid != NULL); + g_assert (gid != NULL); + + errno = 0; + passwd_entry = getpwnam (username); + + if (passwd_entry == NULL) { + return FALSE; + } + + *uid = passwd_entry->pw_uid; + *gid = passwd_entry->pw_gid; + + return TRUE; +} + +static FILE * +_create_xauth_file_for_user (const char *username, + char **filename, + GError **error) +{ + char *template; + GError *open_error; + int fd; + FILE *fp; + uid_t uid; + gid_t gid; + + fp = NULL; + + template = g_strdup_printf (".gdm-xauth-%s.XXXXXX", username); + + open_error = NULL; + fd = g_file_open_tmp (template, filename, &open_error); + g_free (template); + + if (fd < 0) { + g_propagate_error (error, open_error); + goto out; + } + + if (!_get_uid_and_gid_for_user (username, &uid, &gid)) { + g_set_error (error, + GDM_DISPLAY_ERROR, + GDM_DISPLAY_ERROR_GETTING_USER_INFO, + _("could not find user \"%s\" on system"), + username); + close (fd); + fd = -1; + goto out; + + } + + if (fchown (fd, uid, gid) < 0) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "%s", g_strerror (errno)); + close (fd); + fd = -1; + goto out; + } + + fp = fdopen (fd, "w"); + + if (fp == NULL) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "%s", g_strerror (errno)); + close (fd); + fd = -1; + goto out; + } +out: + return fp; +} + +gboolean +gdm_display_access_file_open (GdmDisplayAccessFile *file, + GError **error) +{ + GError *create_error; + + g_return_val_if_fail (file != NULL, FALSE); + g_return_val_if_fail (file->priv->fp == NULL, FALSE); + g_return_val_if_fail (file->priv->path == NULL, FALSE); + + create_error = NULL; + file->priv->fp = _create_xauth_file_for_user (file->priv->username, + &file->priv->path, + &create_error); + + if (file->priv->fp == NULL) { + g_propagate_error (error, create_error); + return FALSE; + } + + return TRUE; +} + +static char * +_generate_random_bytes (gsize size) +{ + char *bytes; + int i; + + bytes = g_malloc (size); + + for (i = 0; i < size; i++) { + guint8 byte; + + byte = (guint8) g_random_int_range (0, G_MAXUINT8); + + bytes[i] = (char) byte; + } + + return bytes; +} + +static void +_get_auth_info_for_display (GdmDisplayAccessFile *file, + GdmDisplay *display, + unsigned short *family, + unsigned short *address_length, + char **address, + unsigned short *number_length, + char **number, + unsigned short *name_length, + char **name) +{ + int display_number; + gboolean is_local; + + gdm_display_is_local (display, &is_local, NULL); + + if (is_local) { + *family = FamilyLocal; + *address = g_strdup (g_get_host_name ()); + } else { + *family = FamilyWild; + gdm_display_get_remote_hostname (display, address, NULL); + } + *address_length = strlen (*address); + + gdm_display_get_x11_display_number (display, &display_number, NULL); + *number = g_strdup_printf ("%d", display_number); + *number_length = strlen (*number); + + *name = g_strdup ("MIT-MAGIC-COOKIE-1"); + *name_length = strlen (*name); +} + +gboolean +gdm_display_access_file_add_display (GdmDisplayAccessFile *file, + GdmDisplay *display, + char **cookie, + gsize *cookie_size, + GError **error) +{ + GError *add_error; + gboolean display_added; + + g_return_val_if_fail (file != NULL, FALSE); + g_return_val_if_fail (file->priv->path != NULL, FALSE); + g_return_val_if_fail (cookie != NULL, FALSE); + + *cookie = _generate_random_bytes (GDM_DISPLAY_ACCESS_COOKIE_SIZE); + *cookie_size = GDM_DISPLAY_ACCESS_COOKIE_SIZE; + + add_error = NULL; + display_added = + gdm_display_access_file_add_display_with_cookie (file, display, + *cookie, + *cookie_size, + &add_error); + if (!display_added) { + g_free (*cookie); + *cookie = NULL; + g_propagate_error (error, add_error); + return FALSE; + } + + return TRUE; +} + +gboolean +gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile *file, + GdmDisplay *display, + const char *cookie, + gsize cookie_size, + GError **error) +{ + Xauth auth_entry; + gboolean display_added; + + g_return_val_if_fail (file != NULL, FALSE); + g_return_val_if_fail (file->priv->path != NULL, FALSE); + g_return_val_if_fail (cookie != NULL, FALSE); + + _get_auth_info_for_display (file, display, + &auth_entry.family, + &auth_entry.address_length, + &auth_entry.address, + &auth_entry.number_length, + &auth_entry.number, + &auth_entry.name_length, + &auth_entry.name); + + auth_entry.data = (char *) cookie; + auth_entry.data_length = cookie_size; + + /* FIXME: We should lock the file in case the X server is + * trying to use it, too. + */ + if (!XauWriteAuth (file->priv->fp, &auth_entry) + || fflush (file->priv->fp) == EOF) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "%s", g_strerror (errno)); + display_added = FALSE; + } else { + display_added = TRUE; + } + + + g_free (auth_entry.address); + g_free (auth_entry.number); + g_free (auth_entry.name); + + return display_added; +} + +gboolean +gdm_display_access_file_remove_display (GdmDisplayAccessFile *file, + GdmDisplay *display, + GError **error) +{ + Xauth *auth_entry; + unsigned short family; + unsigned short address_length; + char *address; + unsigned short number_length; + char *number; + unsigned short name_length; + char *name; + + + g_return_val_if_fail (file != NULL, FALSE); + g_return_val_if_fail (file->priv->path != NULL, FALSE); + + _get_auth_info_for_display (file, display, + &family, + &address_length, + &address, + &number_length, + &number, + &name_length, + &name); + + auth_entry = XauGetAuthByAddr (family, + address_length, + address, + number_length, + number, + name_length, + name); + g_free (address); + g_free (number); + g_free (name); + + if (auth_entry == NULL) { + g_set_error (error, + GDM_DISPLAY_ACCESS_FILE_ERROR, + GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY, + "could not find authorization entry"); + return FALSE; + } + + XauDisposeAuth (auth_entry); + + if (fflush (file->priv->fp) == EOF) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "%s", g_strerror (errno)); + return FALSE; + } + + return TRUE; +} + +void +gdm_display_access_file_close (GdmDisplayAccessFile *file) +{ + g_return_if_fail (file != NULL); + g_return_if_fail (file->priv->fp != NULL); + g_return_if_fail (file->priv->path != NULL); + + g_unlink (file->priv->path); + if (file->priv->path != NULL) { + g_free (file->priv->path); + file->priv->path = NULL; + g_object_notify (G_OBJECT (file), "path"); + } + + fclose (file->priv->fp); + file->priv->fp = NULL; +} + +char * +gdm_display_access_file_get_path (GdmDisplayAccessFile *access_file) +{ + return g_strdup (access_file->priv->path); +} |