From 4e85b11eb11c630bd02a980ee18b2477341dd78e Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Fri, 30 Nov 2007 22:13:21 +0000 Subject: Ensure second and subsequent auth cookies are random. Spotted by George 2007-11-30 Ray Strode Ensure second and subsequent auth cookies are random. Spotted by George Lebl. * common/gdm-common.[ch] (gdm_generate_random_bytes): open /dev/urandom and read size bytes from it. (_fd_is_character_device): check if fd points to char device (_read_bytes): the usual loop until all bytes are read helper function for read(). * daemon/gdm-display-access-file.c (generate_random_bytes): remove function (gdm_display_access_file_add_display): use gdm_generate_random_bytes instead of _generate_random_bytes svn path=/trunk/; revision=5534 --- common/gdm-common.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++ common/gdm-common.h | 2 + 2 files changed, 110 insertions(+) (limited to 'common') diff --git a/common/gdm-common.c b/common/gdm-common.c index f6075f37..014c464e 100644 --- a/common/gdm-common.c +++ b/common/gdm-common.c @@ -272,3 +272,111 @@ gdm_string_hex_decode (const GString *source, return retval; } + +static gboolean +_fd_is_character_device (int fd) +{ + struct stat file_info; + + if (fstat (fd, &file_info) < 0) { + return FALSE; + } + + return S_ISCHR (file_info.st_mode); +} + +static gboolean +_read_bytes (int fd, + char *bytes, + gsize number_of_bytes, + GError **error) +{ + size_t bytes_left_to_read; + size_t total_bytes_read = 0; + gboolean premature_eof; + + premature_eof = FALSE; + do { + size_t bytes_read = 0; + + bytes_read = read (fd, ((guchar *) bytes) + total_bytes_read, + bytes_left_to_read); + + if (bytes_read > 0) { + total_bytes_read += bytes_read; + bytes_left_to_read -= bytes_read; + } else if (bytes_read == 0) { + premature_eof = TRUE; + break; + } else if ((errno != EINTR)) { + break; + } + } while (bytes_left_to_read > 0); + + if (premature_eof) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (ENODATA), + g_strerror (ENODATA)); + + return FALSE; + } else if (bytes_left_to_read > 0) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + g_strerror (errno)); + return FALSE; + } + + return TRUE; +} + +/** + * Pulls a requested number of bytes from /dev/urandom + * + * @param size number of bytes to pull + * @param error error if read fails + * @returns The requested number of random bytes or #NULL if fail + */ + +char * +gdm_generate_random_bytes (gsize size, + GError **error) +{ + int fd; + char *bytes; + GError *read_error; + + /* We don't use the g_rand_* glib apis because they don't document + * how much entropy they are seeded with, and it might be less + * than the passed in size. + */ + + fd = open ("/dev/urandom", O_RDONLY); + + if (fd < 0) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "%s", g_strerror (errno)); + return NULL; + } + + if (!_fd_is_character_device (fd)) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (ENODEV), + _("/dev/urandom is not a character device")); + return NULL; + } + + bytes = g_malloc (size); + read_error = NULL; + if (!_read_bytes (fd, bytes, size, &read_error)) { + g_propagate_error (error, read_error); + g_free (bytes); + return NULL; + } + + return bytes; +} diff --git a/common/gdm-common.h b/common/gdm-common.h index d281b9ab..a1aea54e 100644 --- a/common/gdm-common.h +++ b/common/gdm-common.h @@ -41,6 +41,8 @@ gboolean gdm_string_hex_decode (const GString *source, int *end_return, GString *dest, int insert_at); +char *gdm_generate_random_bytes (gsize size, + GError **error); G_END_DECLS -- cgit v1.2.1