1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
From 6bc39aa208dbd8105232ae62255c42fafdec0541 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 20 Dec 2012 16:07:09 +0000
Subject: display-access-file: maintain FamilyLocal entry for backward compatibility
commit 0fccf4e0671e49f6e57d0135c97344973c042b23 swapped out the
FamilyLocal auth cookie for a FamilyWild auth cookie, because the
latter is more resilient to hostname changes. Unfortunately,
not all of the tooling accepts FamilyWild cookies (in particular the
xauth command), so things like su broke.
This commit changes the code to have a FamilyWild and FamilyLocal
cookie.
https://bugzilla.gnome.org/show_bug.cgi?id=690562
---
diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c
index 02bd414..02ec0a0 100644
--- a/daemon/gdm-display-access-file.c
+++ b/daemon/gdm-display-access-file.c
@@ -438,8 +438,18 @@ _get_auth_info_for_display (GdmDisplayAccessFile *file,
gdm_display_is_local (display, &is_local, NULL);
if (is_local) {
- *family = FamilyWild;
- *address = g_strdup ("localhost");
+ /* We could just use FamilyWild here except xauth
+ * (and by extension su and ssh) doesn't support it yet
+ *
+ * https://bugs.freedesktop.org/show_bug.cgi?id=43425
+ */
+ char localhost[HOST_NAME_MAX + 1] = "";
+ *family = FamilyLocal;
+ if (gethostname (localhost, HOST_NAME_MAX) == 0) {
+ *address = g_strdup (localhost);
+ } else {
+ *address = g_strdup ("localhost");
+ }
} else {
*family = FamilyWild;
gdm_display_get_remote_hostname (display, address, NULL);
@@ -533,6 +543,18 @@ gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile *file,
display_added = TRUE;
}
+ /* If we wrote a FamilyLocal entry, we still want a FamilyWild
+ * entry, because it's more resiliant against hostname changes
+ *
+ */
+ if (auth_entry.family == FamilyLocal) {
+ auth_entry.family = FamilyWild;
+
+ if (XauWriteAuth (file->priv->fp, &auth_entry)
+ && fflush (file->priv->fp) != EOF) {
+ display_added = TRUE;
+ }
+ }
g_free (auth_entry.address);
g_free (auth_entry.number);
@@ -555,6 +577,7 @@ gdm_display_access_file_remove_display (GdmDisplayAccessFile *file,
unsigned short name_length;
char *name;
+ gboolean result = FALSE;
g_return_val_if_fail (file != NULL, FALSE);
g_return_val_if_fail (file->priv->path != NULL, FALSE);
@@ -579,25 +602,44 @@ gdm_display_access_file_remove_display (GdmDisplayAccessFile *file,
g_free (number);
g_free (name);
- if (auth_entry == NULL) {
+ if (auth_entry != NULL) {
+ XauDisposeAuth (auth_entry);
+ result = TRUE;
+ }
+
+ /* If FamilyLocal, we also added a FamilyWild entry,
+ * so we need to clean that up too
+ */
+ if (family == FamilyLocal) {
+ auth_entry = XauGetAuthByAddr (FamilyWild,
+ address_length,
+ address,
+ number_length,
+ number,
+ name_length,
+ name);
+
+ if (auth_entry != NULL) {
+ XauDisposeAuth (auth_entry);
+ result = TRUE;
+ }
+ }
+
+
+ if (result == FALSE) {
g_set_error (error,
GDM_DISPLAY_ACCESS_FILE_ERROR,
GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
"could not find authorization entry");
- return FALSE;
- }
-
- XauDisposeAuth (auth_entry);
-
- if (fflush (file->priv->fp) == EOF) {
+ } else if (fflush (file->priv->fp) == EOF) {
g_set_error (error,
G_FILE_ERROR,
g_file_error_from_errno (errno),
"%s", g_strerror (errno));
- return FALSE;
+ result = FALSE;
}
- return TRUE;
+ return result;
}
void
--
cgit v0.9.0.2
|
