- Drop the use localhost patch because it broke things. Instead add
authorization that doesn't depend on a hostname
This commit is contained in:
parent
8aac46388e
commit
b5dee5c468
212
gdm-2.25.2-dont-depend-on-hostname.patch
Normal file
212
gdm-2.25.2-dont-depend-on-hostname.patch
Normal file
@ -0,0 +1,212 @@
|
||||
commit c8ff53ab9bd73dd6f752afbf7f7d541ec5e4514e
|
||||
Author: Ray Strode <rstrode@redhat.com>
|
||||
Date: Sat Mar 14 22:11:10 2009 -0400
|
||||
|
||||
Make GetX11Cookie dbus method work
|
||||
|
||||
We were trying to send a binary blob as a utf-8 string.
|
||||
Now we use an ugly GArray.
|
||||
|
||||
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
|
||||
index 323d941..671857a 100644
|
||||
--- a/daemon/gdm-display.c
|
||||
+++ b/daemon/gdm-display.c
|
||||
@@ -416,19 +416,16 @@ gdm_display_remove_user_authorization (GdmDisplay *display,
|
||||
|
||||
gboolean
|
||||
gdm_display_get_x11_cookie (GdmDisplay *display,
|
||||
- char **x11_cookie,
|
||||
- gsize *x11_cookie_size,
|
||||
+ GArray **x11_cookie,
|
||||
GError **error)
|
||||
{
|
||||
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
|
||||
|
||||
if (x11_cookie != NULL) {
|
||||
- *x11_cookie = g_memdup (display->priv->x11_cookie,
|
||||
- display->priv->x11_cookie_size);
|
||||
- }
|
||||
-
|
||||
- if (x11_cookie_size != NULL) {
|
||||
- *x11_cookie_size = display->priv->x11_cookie_size;
|
||||
+ *x11_cookie = g_array_new (FALSE, FALSE, sizeof (char));
|
||||
+ g_array_append_vals (*x11_cookie,
|
||||
+ display->priv->x11_cookie,
|
||||
+ display->priv->x11_cookie_size);
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
diff --git a/daemon/gdm-display.h b/daemon/gdm-display.h
|
||||
index 2914c81..607ea1d 100644
|
||||
--- a/daemon/gdm-display.h
|
||||
+++ b/daemon/gdm-display.h
|
||||
@@ -125,8 +125,7 @@ gboolean gdm_display_get_timed_login_details (GdmDisplay *disp
|
||||
|
||||
/* exported but protected */
|
||||
gboolean gdm_display_get_x11_cookie (GdmDisplay *display,
|
||||
- char **x11_cookie,
|
||||
- gsize *cookie_size,
|
||||
+ GArray **x11_cookie,
|
||||
GError **error);
|
||||
gboolean gdm_display_get_x11_authority_file (GdmDisplay *display,
|
||||
char **filename,
|
||||
diff --git a/daemon/gdm-display.xml b/daemon/gdm-display.xml
|
||||
index e8a2369..a92e37f 100644
|
||||
--- a/daemon/gdm-display.xml
|
||||
+++ b/daemon/gdm-display.xml
|
||||
@@ -11,7 +11,7 @@
|
||||
<arg name="name" direction="out" type="i"/>
|
||||
</method>
|
||||
<method name="GetX11Cookie">
|
||||
- <arg name="x11_cookie" direction="out" type="s"/>
|
||||
+ <arg name="x11_cookie" direction="out" type="ay"/>
|
||||
</method>
|
||||
<method name="GetX11AuthorityFile">
|
||||
<arg name="filename" direction="out" type="s"/>
|
||||
diff --git a/daemon/gdm-xdmcp-display-factory.c b/daemon/gdm-xdmcp-display-factory.c
|
||||
index 58cdf59..b12b726 100644
|
||||
--- a/daemon/gdm-xdmcp-display-factory.c
|
||||
+++ b/daemon/gdm-xdmcp-display-factory.c
|
||||
@@ -2277,19 +2277,17 @@ gdm_xdmcp_handle_request (GdmXdmcpDisplayFactory *factory,
|
||||
ARRAY8 authorization_name;
|
||||
ARRAY8 authorization_data;
|
||||
gint32 session_number;
|
||||
- char *cookie;
|
||||
- gsize cookie_size;
|
||||
+ GArray *cookie;
|
||||
char *name;
|
||||
|
||||
- gdm_display_get_x11_cookie (display, &cookie,
|
||||
- &cookie_size, NULL);
|
||||
+ gdm_display_get_x11_cookie (display, &cookie, NULL);
|
||||
|
||||
gdm_display_get_x11_display_name (display, &name, NULL);
|
||||
|
||||
g_debug ("GdmXdmcpDisplayFactory: Sending authorization key for display %s", name);
|
||||
g_free (name);
|
||||
|
||||
- g_debug ("GdmXdmcpDisplayFactory: cookie len %d", (int) cookie_size);
|
||||
+ g_debug ("GdmXdmcpDisplayFactory: cookie len %d", (int) cookie->len);
|
||||
|
||||
session_number = gdm_xdmcp_display_get_session_number (GDM_XDMCP_DISPLAY (display));
|
||||
|
||||
@@ -2304,8 +2302,10 @@ gdm_xdmcp_handle_request (GdmXdmcpDisplayFactory *factory,
|
||||
authorization_name.data = (CARD8 *) "MIT-MAGIC-COOKIE-1";
|
||||
authorization_name.length = strlen ((char *) authorization_name.data);
|
||||
|
||||
- authorization_data.data = (CARD8 *) cookie;
|
||||
- authorization_data.length = cookie_size;
|
||||
+ authorization_data.data = (CARD8 *) cookie->data;
|
||||
+ authorization_data.length = cookie->len;
|
||||
+
|
||||
+ g_array_free (cookie, TRUE);
|
||||
|
||||
/* the addrs are NOT copied */
|
||||
gdm_xdmcp_send_accept (factory,
|
||||
commit 8d141425bed92140b866c1a83e460aa74d97760f
|
||||
Author: Ray Strode <rstrode@redhat.com>
|
||||
Date: Sat Mar 14 22:11:58 2009 -0400
|
||||
|
||||
Don't make slave and greeter display authorization dependent on hostname
|
||||
|
||||
The hostname can get changed out from under us at any
|
||||
point, so we need to give the slave (and its helpers)
|
||||
and the greeter access to the display based solely on the
|
||||
X11 cookie, without any hostname constraints.
|
||||
|
||||
diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c
|
||||
index 19432dc..a241f73 100644
|
||||
--- a/daemon/gdm-slave.c
|
||||
+++ b/daemon/gdm-slave.c
|
||||
@@ -89,6 +89,8 @@ struct GdmSlavePrivate
|
||||
char *parent_display_name;
|
||||
char *parent_display_x11_authority_file;
|
||||
|
||||
+ GArray *display_x11_cookie;
|
||||
+
|
||||
DBusGProxy *display_proxy;
|
||||
DBusGConnection *connection;
|
||||
};
|
||||
@@ -449,6 +451,12 @@ gdm_slave_connect_to_x11_display (GdmSlave *slave)
|
||||
sigaddset (&mask, SIGCHLD);
|
||||
sigprocmask (SIG_BLOCK, &mask, &omask);
|
||||
|
||||
+ /* Give slave access to the display independent of current hostname */
|
||||
+ XSetAuthorization ("MIT-MAGIC-COOKIE-1",
|
||||
+ strlen ("MIT-MAGIC-COOKIE-1"),
|
||||
+ slave->priv->display_x11_cookie->data,
|
||||
+ slave->priv->display_x11_cookie->len);
|
||||
+
|
||||
slave->priv->server_display = XOpenDisplay (slave->priv->display_name);
|
||||
|
||||
sigprocmask (SIG_SETMASK, &omask, NULL);
|
||||
@@ -458,8 +466,35 @@ gdm_slave_connect_to_x11_display (GdmSlave *slave)
|
||||
g_warning ("Unable to connect to display %s", slave->priv->display_name);
|
||||
ret = FALSE;
|
||||
} else {
|
||||
+ XHostAddress host_entries[2] = {
|
||||
+ { FamilyServerInterpreted },
|
||||
+ { FamilyServerInterpreted }
|
||||
+ };
|
||||
+ XServerInterpretedAddress si_entries[2];
|
||||
+
|
||||
g_debug ("GdmSlave: Connected to display %s", slave->priv->display_name);
|
||||
ret = TRUE;
|
||||
+
|
||||
+ /* Give programs run by the slave and greeter access to the display
|
||||
+ * independent of current hostname
|
||||
+ */
|
||||
+ si_entries[0].type = "localuser";
|
||||
+ si_entries[0].typelength = strlen ("localuser");
|
||||
+ si_entries[1].type = "localuser";
|
||||
+ si_entries[1].typelength = strlen ("localuser");
|
||||
+
|
||||
+ si_entries[0].value = "root";
|
||||
+ si_entries[0].valuelength = strlen ("root");
|
||||
+ si_entries[1].value = GDM_USERNAME;
|
||||
+ si_entries[1].valuelength = strlen (GDM_USERNAME);
|
||||
+
|
||||
+ host_entries[0].address = (char *) &si_entries[0];
|
||||
+ host_entries[0].length = sizeof (XServerInterpretedAddress);
|
||||
+ host_entries[1].address = (char *) &si_entries[1];
|
||||
+ host_entries[1].length = sizeof (XServerInterpretedAddress);
|
||||
+
|
||||
+ XAddHosts (slave->priv->server_display, host_entries,
|
||||
+ G_N_ELEMENTS (host_entries));
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -639,6 +674,25 @@ gdm_slave_real_start (GdmSlave *slave)
|
||||
|
||||
error = NULL;
|
||||
res = dbus_g_proxy_call (slave->priv->display_proxy,
|
||||
+ "GetX11Cookie",
|
||||
+ &error,
|
||||
+ G_TYPE_INVALID,
|
||||
+ dbus_g_type_get_collection ("GArray", G_TYPE_CHAR),
|
||||
+ &slave->priv->display_x11_cookie,
|
||||
+ G_TYPE_INVALID);
|
||||
+ if (! res) {
|
||||
+ if (error != NULL) {
|
||||
+ g_warning ("Failed to get value: %s", error->message);
|
||||
+ g_error_free (error);
|
||||
+ } else {
|
||||
+ g_warning ("Failed to get value");
|
||||
+ }
|
||||
+
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ error = NULL;
|
||||
+ res = dbus_g_proxy_call (slave->priv->display_proxy,
|
||||
"GetX11AuthorityFile",
|
||||
&error,
|
||||
G_TYPE_INVALID,
|
||||
@@ -1475,6 +1529,7 @@ gdm_slave_finalize (GObject *object)
|
||||
g_free (slave->priv->display_x11_authority_file);
|
||||
g_free (slave->priv->parent_display_name);
|
||||
g_free (slave->priv->parent_display_x11_authority_file);
|
||||
+ g_array_free (slave->priv->display_x11_cookie, TRUE);
|
||||
|
||||
G_OBJECT_CLASS (gdm_slave_parent_class)->finalize (object);
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
diff -up gdm-2.25.2/daemon/gdm-display-access-file.c.use-resolvable-hostname gdm-2.25.2/daemon/gdm-display-access-file.c
|
||||
--- gdm-2.25.2/daemon/gdm-display-access-file.c.use-resolvable-hostname 2009-03-10 23:28:29.355897686 -0400
|
||||
+++ gdm-2.25.2/daemon/gdm-display-access-file.c 2009-03-10 23:28:33.925897051 -0400
|
||||
@@ -410,7 +410,7 @@ _get_auth_info_for_display (GdmDisplayAc
|
||||
|
||||
if (is_local) {
|
||||
*family = FamilyLocal;
|
||||
- *address = g_strdup (g_get_host_name ());
|
||||
+ *address = g_strdup ("localhost");
|
||||
} else {
|
||||
*family = FamilyWild;
|
||||
gdm_display_get_remote_hostname (display, address, NULL);
|
10
gdm.spec
10
gdm.spec
@ -15,7 +15,7 @@
|
||||
Summary: The GNOME Display Manager
|
||||
Name: gdm
|
||||
Version: 2.25.2
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
Epoch: 1
|
||||
License: GPLv2+
|
||||
Group: User Interface/X
|
||||
@ -93,7 +93,7 @@ Patch13: gdm-system-keyboard.patch
|
||||
Patch14: gdm-2.25.2-multistack-but-boring.patch
|
||||
Patch15: gdm-2.25.2-start-faster.patch
|
||||
|
||||
Patch16: gdm-2.25.2-use-resolvable-hostname.patch
|
||||
Patch16: gdm-2.25.2-dont-depend-on-hostname.patch
|
||||
Patch17: gdm-2.25.2-maybe-work-around-gcc-bug.patch
|
||||
|
||||
# Fedora-specific
|
||||
@ -123,7 +123,7 @@ multiple simulanteous logged in users.
|
||||
|
||||
%patch14 -p1 -b .multistack-but-boring
|
||||
%patch15 -p1 -b .start-faster
|
||||
%patch16 -p1 -b .use-resolvable-hostname
|
||||
%patch16 -p1 -b .dont-depend-on-hostname
|
||||
%patch17 -p1 -b .maybe-work-around-gcc-bug
|
||||
|
||||
%patch99 -p1 -b .fedora-logo
|
||||
@ -348,6 +348,10 @@ fi
|
||||
%{_datadir}/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
|
||||
|
||||
%changelog
|
||||
* Sat Mar 14 2009 Ray Strode <rstrode@redhat.com> - 1:2.25.2-20
|
||||
- Drop the use localhost patch because it broke things.
|
||||
Instead add authorization that doesn't depend on a hostname
|
||||
|
||||
* Thu Mar 12 2009 Ray Strode <rstrode@redhat.com> - 1:2.25.2-19
|
||||
- Add a lame patch in the off chance it might work around a
|
||||
gcc bug on ppc:
|
||||
|
Loading…
Reference in New Issue
Block a user