With this patch we now invoke the X server with the -auth argument and

2007-11-09 William Jon McCann <mccann@jhu.edu> * common/gdm-common.c: (gdm_string_hex_decode): * common/gdm-common.h: * daemon/Makefile.am: * daemon/auth.c: * daemon/auth.h: * daemon/gdm-display.c: (_create_access_file_for_user), (gdm_display_real_create_authority), (gdm_display_real_add_user_authorization), (gdm_display_real_remove_user_authorization), (gdm_display_get_x11_cookie), (gdm_display_get_x11_authority_file), (gdm_display_real_unmanage), (gdm_display_set_property), (gdm_display_get_property), (gdm_display_class_init), (gdm_display_finalize): * daemon/gdm-display.h: * daemon/gdm-factory-slave.c: (gdm_factory_slave_run): * daemon/gdm-local-display-factory.c: (create_display_for_device): * daemon/gdm-manager.c: (gdm_manager_init), (gdm_manager_finalize): * daemon/gdm-product-slave.c: (gdm_product_slave_create_server): * daemon/gdm-server.c: (_gdm_server_set_auth_file), (gdm_server_set_property), (gdm_server_get_property), (gdm_server_class_init), (gdm_server_new): * daemon/gdm-server.h: * daemon/gdm-simple-slave.c: (gdm_simple_slave_run): * daemon/gdm-slave.c: (gdm_slave_connect_to_x11_display), (gdm_slave_real_start), (gdm_slave_set_property), (gdm_slave_get_property), (gdm_slave_class_init): * daemon/gdm-static-display.c: (gdm_static_display_add_user_authorization), (gdm_static_display_remove_user_authorization): * daemon/gdm-xdmcp-display-factory.c: (gdm_xdmcp_handle_request): * daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority), (gdm_xdmcp_display_add_user_authorization), (gdm_xdmcp_display_remove_user_authorization), (gdm_xdmcp_display_unmanage): * daemon/gdm-display-access-file.c: * daemon/gdm-display-access-file.h: With this patch we now invoke the X server with the -auth argument and disable machine wide access to the X server. This patch also drops the md5 hashing of random bytes to create cookies and instead just creates cookies directly (like the X server would if we asked the X server to generate the cookies for us). Patch from: Ray Strode <rstrode@redhat.com> svn path=/trunk/; revision=5499
author: William Jon McCann <mccann@jhu.edu> 2007-11-09 15:25:57 +0000
committer: William Jon McCann <mccann@src.gnome.org> 2007-11-09 15:25:57 +0000
commit: e3962077f95f4a7a438e1be8c997c64db7c4ff05 (patch)
tree: 37493b5bd063e8b825f8a97441bf81574ba1ff03 /daemon/gdm-display-access-file.h
parent: 040df92ba6ee0b5b32872552d36b77896ba12686 (diff)
download: gdm-e3962077f95f4a7a438e1be8c997c64db7c4ff05.tar.gz
1 files changed, 86 insertions, 0 deletions
diff --git a/daemon/gdm-display-access-file.h b/daemon/gdm-display-access-file.h
new file mode 100644
index 00000000..79f313e7
--- /dev/null
+++ b/daemon/gdm-display-access-file.h
@@ -0,0 +1,86 @@
+/* gdm-display-access-file.h - Abstraction around xauth cookies
+ *
+ * Copyright (C) 2007 Ray Strode <rstrode@redhat.com>
+ *
+ * Written by Ray Strode <rstrode@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.  
+ */
+#ifndef __GDM_DISPLAY_ACCESS_FILE_H__
+#define __GDM_DISPLAY_ACCESS_FILE_H__
+
+#include <glib.h>
+#include <glib-object.h>
+
+#include "gdm-display.h"
+
+G_BEGIN_DECLS
+#define GDM_TYPE_DISPLAY_ACCESS_FILE            (gdm_display_access_file_get_type ())
+#define GDM_DISPLAY_ACCESS_FILE(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), GDM_TYPE_DISPLAY_ACCESS_FILE, GdmDisplayAccessFile))
+#define GDM_DISPLAY_ACCESS_FILE_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), GDM_TYPE_DISPLAY_ACCESS_FILE, GdmDisplayAccessFileClass))
+#define GDM_IS_DISPLAY_ACCESS_FILE(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GDM_TYPE_DISPLAY_ACCESS_FILE))
+#define GDM_IS_DISPLAY_ACCESS_FILE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GDM_TYPE_DISPLAY_ACCESS_FILE))
+#define GDM_DISPLAY_ACCESS_FILE_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS((obj), GDM_TYPE_DISPLAY_ACCESS_FILE, GdmDisplayAccessFileClass))
+#define GDM_DISPLAY_ACCESS_FILE_ERROR           (gdm_display_access_file_error_quark ())
+
+typedef struct _GdmDisplayAccessFile GdmDisplayAccessFile;
+typedef struct _GdmDisplayAccessFileClass GdmDisplayAccessFileClass;
+typedef struct _GdmDisplayAccessFilePrivate GdmDisplayAccessFilePrivate;
+typedef enum _GdmDisplayAccessFileError GdmDisplayAccessFileError;
+
+struct _GdmDisplayAccessFile
+{
+        GObject parent;
+
+        GdmDisplayAccessFilePrivate *priv;
+};
+
+struct _GdmDisplayAccessFileClass
+{
+        GObjectClass parent_class;
+};
+
+enum _GdmDisplayAccessFileError
+{
+        GDM_DISPLAY_ACCESS_FILE_ERROR_GENERAL = 0,
+        GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY
+};
+
+GQuark                gdm_display_access_file_error_quark             (void);
+GType                 gdm_display_access_file_get_type                (void);
+
+GdmDisplayAccessFile *gdm_display_access_file_new                     (const char            *username);
+gboolean              gdm_display_access_file_open                    (GdmDisplayAccessFile  *file,
+                                                                       GError               **error);
+gboolean              gdm_display_access_file_add_display             (GdmDisplayAccessFile  *file,
+                                                                       GdmDisplay            *display,
+                                                                       char                 **cookie,
+                                                                       gsize                 *cookie_size,
+                                                                       GError               **error);
+gboolean              gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile  *file,
+                                                                       GdmDisplay            *display,
+                                                                       const char            *cookie,
+                                                                       gsize                  cookie_size,
+                                                                       GError               **error);
+gboolean              gdm_display_access_file_remove_display          (GdmDisplayAccessFile  *file,
+                                                                       GdmDisplay            *display,
+                                                                       GError               **error);
+
+void                  gdm_display_access_file_close                   (GdmDisplayAccessFile  *file);
+char                 *gdm_display_access_file_get_path                (GdmDisplayAccessFile  *file);
+
+G_END_DECLS
+#endif /* __GDM_DISPLAY_ACCESS_FILE_H__ */
author	William Jon McCann <mccann@jhu.edu>	2007-11-09 15:25:57 +0000
committer	William Jon McCann <mccann@src.gnome.org>	2007-11-09 15:25:57 +0000
commit	e3962077f95f4a7a438e1be8c997c64db7c4ff05 (patch)
tree	37493b5bd063e8b825f8a97441bf81574ba1ff03 /daemon/gdm-display-access-file.h
parent	040df92ba6ee0b5b32872552d36b77896ba12686 (diff)
download	gdm-e3962077f95f4a7a438e1be8c997c64db7c4ff05.tar.gz