From e3962077f95f4a7a438e1be8c997c64db7c4ff05 Mon Sep 17 00:00:00 2001 From: William Jon McCann Date: Fri, 9 Nov 2007 15:25:57 +0000 Subject: With this patch we now invoke the X server with the -auth argument and 2007-11-09 William Jon McCann * common/gdm-common.c: (gdm_string_hex_decode): * common/gdm-common.h: * daemon/Makefile.am: * daemon/auth.c: * daemon/auth.h: * daemon/gdm-display.c: (_create_access_file_for_user), (gdm_display_real_create_authority), (gdm_display_real_add_user_authorization), (gdm_display_real_remove_user_authorization), (gdm_display_get_x11_cookie), (gdm_display_get_x11_authority_file), (gdm_display_real_unmanage), (gdm_display_set_property), (gdm_display_get_property), (gdm_display_class_init), (gdm_display_finalize): * daemon/gdm-display.h: * daemon/gdm-factory-slave.c: (gdm_factory_slave_run): * daemon/gdm-local-display-factory.c: (create_display_for_device): * daemon/gdm-manager.c: (gdm_manager_init), (gdm_manager_finalize): * daemon/gdm-product-slave.c: (gdm_product_slave_create_server): * daemon/gdm-server.c: (_gdm_server_set_auth_file), (gdm_server_set_property), (gdm_server_get_property), (gdm_server_class_init), (gdm_server_new): * daemon/gdm-server.h: * daemon/gdm-simple-slave.c: (gdm_simple_slave_run): * daemon/gdm-slave.c: (gdm_slave_connect_to_x11_display), (gdm_slave_real_start), (gdm_slave_set_property), (gdm_slave_get_property), (gdm_slave_class_init): * daemon/gdm-static-display.c: (gdm_static_display_add_user_authorization), (gdm_static_display_remove_user_authorization): * daemon/gdm-xdmcp-display-factory.c: (gdm_xdmcp_handle_request): * daemon/gdm-xdmcp-display.c: (gdm_xdmcp_display_create_authority), (gdm_xdmcp_display_add_user_authorization), (gdm_xdmcp_display_remove_user_authorization), (gdm_xdmcp_display_unmanage): * daemon/gdm-display-access-file.c: * daemon/gdm-display-access-file.h: With this patch we now invoke the X server with the -auth argument and disable machine wide access to the X server. This patch also drops the md5 hashing of random bytes to create cookies and instead just creates cookies directly (like the X server would if we asked the X server to generate the cookies for us). Patch from: Ray Strode svn path=/trunk/; revision=5499 --- daemon/gdm-manager.c | 39 --------------------------------------- 1 file changed, 39 deletions(-) (limited to 'daemon/gdm-manager.c') diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index 02147e1b..fa87800e 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -60,7 +60,6 @@ struct GdmManagerPrivate gboolean xdmcp_enabled; - GString *global_cookie; gboolean wait_for_go; gboolean no_console; @@ -137,38 +136,6 @@ gdm_manager_get_displays (GdmManager *manager, return TRUE; } -static void -make_global_cookie (GdmManager *manager) -{ - FILE *fp; - char *file; - - gdm_generate_cookie (manager->priv->global_cookie); - - file = g_build_filename (AUTHDIR, ".cookie", NULL); - VE_IGNORE_EINTR (g_unlink (file)); - - fp = gdm_safe_fopen_w (file, 077); - if G_UNLIKELY (fp == NULL) { - g_warning (_("Can't open %s for writing"), file); - g_free (file); - return; - } - - VE_IGNORE_EINTR (fprintf (fp, "%s\n", manager->priv->global_cookie->str)); - - /* FIXME: What about out of disk space errors? */ - errno = 0; - VE_IGNORE_EINTR (fclose (fp)); - if G_UNLIKELY (errno != 0) { - g_warning (_("Can't write to %s: %s"), - file, - g_strerror (errno)); - } - - g_free (file); -} - void gdm_manager_start (GdmManager *manager) { @@ -420,10 +387,6 @@ gdm_manager_init (GdmManager *manager) manager->priv = GDM_MANAGER_GET_PRIVATE (manager); - manager->priv->global_cookie = g_string_new (NULL); - - make_global_cookie (manager); - manager->priv->display_store = gdm_display_store_new (); } @@ -446,8 +409,6 @@ gdm_manager_finalize (GObject *object) gdm_display_store_clear (manager->priv->display_store); g_object_unref (manager->priv->display_store); - g_string_free (manager->priv->global_cookie, TRUE); - G_OBJECT_CLASS (gdm_manager_parent_class)->finalize (object); } -- cgit v1.2.1