diff options
author | Ray Strode <rstrode@redhat.com> | 2012-12-20 11:07:09 -0500 |
---|---|---|
committer | Ray Strode <rstrode@redhat.com> | 2012-12-20 11:12:38 -0500 |
commit | 6bc39aa208dbd8105232ae62255c42fafdec0541 (patch) | |
tree | 167b38cc86a53d70e19ec4e3e137ee0b4847f767 /daemon/gdm-display-access-file.c | |
parent | f5441a78a9b202f9899402883018082be3922e11 (diff) | |
download | gdm-6bc39aa208dbd8105232ae62255c42fafdec0541.tar.gz |
display-access-file: maintain FamilyLocal entry for backward compatibility
commit 0fccf4e0671e49f6e57d0135c97344973c042b23 swapped out the
FamilyLocal auth cookie for a FamilyWild auth cookie, because the
latter is more resilient to hostname changes. Unfortunately,
not all of the tooling accepts FamilyWild cookies (in particular the
xauth command), so things like su broke.
This commit changes the code to have a FamilyWild and FamilyLocal
cookie.
https://bugzilla.gnome.org/show_bug.cgi?id=690562
Diffstat (limited to 'daemon/gdm-display-access-file.c')
-rw-r--r-- | daemon/gdm-display-access-file.c | 64 |
1 files changed, 53 insertions, 11 deletions
diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c index 02bd4141..02ec0a0b 100644 --- a/daemon/gdm-display-access-file.c +++ b/daemon/gdm-display-access-file.c @@ -438,8 +438,18 @@ _get_auth_info_for_display (GdmDisplayAccessFile *file, gdm_display_is_local (display, &is_local, NULL); if (is_local) { - *family = FamilyWild; - *address = g_strdup ("localhost"); + /* We could just use FamilyWild here except xauth + * (and by extension su and ssh) doesn't support it yet + * + * https://bugs.freedesktop.org/show_bug.cgi?id=43425 + */ + char localhost[HOST_NAME_MAX + 1] = ""; + *family = FamilyLocal; + if (gethostname (localhost, HOST_NAME_MAX) == 0) { + *address = g_strdup (localhost); + } else { + *address = g_strdup ("localhost"); + } } else { *family = FamilyWild; gdm_display_get_remote_hostname (display, address, NULL); @@ -533,6 +543,18 @@ gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile *file, display_added = TRUE; } + /* If we wrote a FamilyLocal entry, we still want a FamilyWild + * entry, because it's more resiliant against hostname changes + * + */ + if (auth_entry.family == FamilyLocal) { + auth_entry.family = FamilyWild; + + if (XauWriteAuth (file->priv->fp, &auth_entry) + && fflush (file->priv->fp) != EOF) { + display_added = TRUE; + } + } g_free (auth_entry.address); g_free (auth_entry.number); @@ -555,6 +577,7 @@ gdm_display_access_file_remove_display (GdmDisplayAccessFile *file, unsigned short name_length; char *name; + gboolean result = FALSE; g_return_val_if_fail (file != NULL, FALSE); g_return_val_if_fail (file->priv->path != NULL, FALSE); @@ -579,25 +602,44 @@ gdm_display_access_file_remove_display (GdmDisplayAccessFile *file, g_free (number); g_free (name); - if (auth_entry == NULL) { + if (auth_entry != NULL) { + XauDisposeAuth (auth_entry); + result = TRUE; + } + + /* If FamilyLocal, we also added a FamilyWild entry, + * so we need to clean that up too + */ + if (family == FamilyLocal) { + auth_entry = XauGetAuthByAddr (FamilyWild, + address_length, + address, + number_length, + number, + name_length, + name); + + if (auth_entry != NULL) { + XauDisposeAuth (auth_entry); + result = TRUE; + } + } + + + if (result == FALSE) { g_set_error (error, GDM_DISPLAY_ACCESS_FILE_ERROR, GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY, "could not find authorization entry"); - return FALSE; - } - - XauDisposeAuth (auth_entry); - - if (fflush (file->priv->fp) == EOF) { + } else if (fflush (file->priv->fp) == EOF) { g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno), "%s", g_strerror (errno)); - return FALSE; + result = FALSE; } - return TRUE; + return result; } void |