- Drop the use localhost patch because it broke things. Instead add

authorization that doesn't depend on a hostname
This commit is contained in:
Ray Strode 2009-03-15 03:55:12 +00:00
parent 8aac46388e
commit b5dee5c468
3 changed files with 219 additions and 15 deletions

View File

@ -0,0 +1,212 @@
commit c8ff53ab9bd73dd6f752afbf7f7d541ec5e4514e
Author: Ray Strode <rstrode@redhat.com>
Date: Sat Mar 14 22:11:10 2009 -0400
Make GetX11Cookie dbus method work
We were trying to send a binary blob as a utf-8 string.
Now we use an ugly GArray.
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
index 323d941..671857a 100644
--- a/daemon/gdm-display.c
+++ b/daemon/gdm-display.c
@@ -416,19 +416,16 @@ gdm_display_remove_user_authorization (GdmDisplay *display,
gboolean
gdm_display_get_x11_cookie (GdmDisplay *display,
- char **x11_cookie,
- gsize *x11_cookie_size,
+ GArray **x11_cookie,
GError **error)
{
g_return_val_if_fail (GDM_IS_DISPLAY (display), FALSE);
if (x11_cookie != NULL) {
- *x11_cookie = g_memdup (display->priv->x11_cookie,
- display->priv->x11_cookie_size);
- }
-
- if (x11_cookie_size != NULL) {
- *x11_cookie_size = display->priv->x11_cookie_size;
+ *x11_cookie = g_array_new (FALSE, FALSE, sizeof (char));
+ g_array_append_vals (*x11_cookie,
+ display->priv->x11_cookie,
+ display->priv->x11_cookie_size);
}
return TRUE;
diff --git a/daemon/gdm-display.h b/daemon/gdm-display.h
index 2914c81..607ea1d 100644
--- a/daemon/gdm-display.h
+++ b/daemon/gdm-display.h
@@ -125,8 +125,7 @@ gboolean gdm_display_get_timed_login_details (GdmDisplay *disp
/* exported but protected */
gboolean gdm_display_get_x11_cookie (GdmDisplay *display,
- char **x11_cookie,
- gsize *cookie_size,
+ GArray **x11_cookie,
GError **error);
gboolean gdm_display_get_x11_authority_file (GdmDisplay *display,
char **filename,
diff --git a/daemon/gdm-display.xml b/daemon/gdm-display.xml
index e8a2369..a92e37f 100644
--- a/daemon/gdm-display.xml
+++ b/daemon/gdm-display.xml
@@ -11,7 +11,7 @@
<arg name="name" direction="out" type="i"/>
</method>
<method name="GetX11Cookie">
- <arg name="x11_cookie" direction="out" type="s"/>
+ <arg name="x11_cookie" direction="out" type="ay"/>
</method>
<method name="GetX11AuthorityFile">
<arg name="filename" direction="out" type="s"/>
diff --git a/daemon/gdm-xdmcp-display-factory.c b/daemon/gdm-xdmcp-display-factory.c
index 58cdf59..b12b726 100644
--- a/daemon/gdm-xdmcp-display-factory.c
+++ b/daemon/gdm-xdmcp-display-factory.c
@@ -2277,19 +2277,17 @@ gdm_xdmcp_handle_request (GdmXdmcpDisplayFactory *factory,
ARRAY8 authorization_name;
ARRAY8 authorization_data;
gint32 session_number;
- char *cookie;
- gsize cookie_size;
+ GArray *cookie;
char *name;
- gdm_display_get_x11_cookie (display, &cookie,
- &cookie_size, NULL);
+ gdm_display_get_x11_cookie (display, &cookie, NULL);
gdm_display_get_x11_display_name (display, &name, NULL);
g_debug ("GdmXdmcpDisplayFactory: Sending authorization key for display %s", name);
g_free (name);
- g_debug ("GdmXdmcpDisplayFactory: cookie len %d", (int) cookie_size);
+ g_debug ("GdmXdmcpDisplayFactory: cookie len %d", (int) cookie->len);
session_number = gdm_xdmcp_display_get_session_number (GDM_XDMCP_DISPLAY (display));
@@ -2304,8 +2302,10 @@ gdm_xdmcp_handle_request (GdmXdmcpDisplayFactory *factory,
authorization_name.data = (CARD8 *) "MIT-MAGIC-COOKIE-1";
authorization_name.length = strlen ((char *) authorization_name.data);
- authorization_data.data = (CARD8 *) cookie;
- authorization_data.length = cookie_size;
+ authorization_data.data = (CARD8 *) cookie->data;
+ authorization_data.length = cookie->len;
+
+ g_array_free (cookie, TRUE);
/* the addrs are NOT copied */
gdm_xdmcp_send_accept (factory,
commit 8d141425bed92140b866c1a83e460aa74d97760f
Author: Ray Strode <rstrode@redhat.com>
Date: Sat Mar 14 22:11:58 2009 -0400
Don't make slave and greeter display authorization dependent on hostname
The hostname can get changed out from under us at any
point, so we need to give the slave (and its helpers)
and the greeter access to the display based solely on the
X11 cookie, without any hostname constraints.
diff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c
index 19432dc..a241f73 100644
--- a/daemon/gdm-slave.c
+++ b/daemon/gdm-slave.c
@@ -89,6 +89,8 @@ struct GdmSlavePrivate
char *parent_display_name;
char *parent_display_x11_authority_file;
+ GArray *display_x11_cookie;
+
DBusGProxy *display_proxy;
DBusGConnection *connection;
};
@@ -449,6 +451,12 @@ gdm_slave_connect_to_x11_display (GdmSlave *slave)
sigaddset (&mask, SIGCHLD);
sigprocmask (SIG_BLOCK, &mask, &omask);
+ /* Give slave access to the display independent of current hostname */
+ XSetAuthorization ("MIT-MAGIC-COOKIE-1",
+ strlen ("MIT-MAGIC-COOKIE-1"),
+ slave->priv->display_x11_cookie->data,
+ slave->priv->display_x11_cookie->len);
+
slave->priv->server_display = XOpenDisplay (slave->priv->display_name);
sigprocmask (SIG_SETMASK, &omask, NULL);
@@ -458,8 +466,35 @@ gdm_slave_connect_to_x11_display (GdmSlave *slave)
g_warning ("Unable to connect to display %s", slave->priv->display_name);
ret = FALSE;
} else {
+ XHostAddress host_entries[2] = {
+ { FamilyServerInterpreted },
+ { FamilyServerInterpreted }
+ };
+ XServerInterpretedAddress si_entries[2];
+
g_debug ("GdmSlave: Connected to display %s", slave->priv->display_name);
ret = TRUE;
+
+ /* Give programs run by the slave and greeter access to the display
+ * independent of current hostname
+ */
+ si_entries[0].type = "localuser";
+ si_entries[0].typelength = strlen ("localuser");
+ si_entries[1].type = "localuser";
+ si_entries[1].typelength = strlen ("localuser");
+
+ si_entries[0].value = "root";
+ si_entries[0].valuelength = strlen ("root");
+ si_entries[1].value = GDM_USERNAME;
+ si_entries[1].valuelength = strlen (GDM_USERNAME);
+
+ host_entries[0].address = (char *) &si_entries[0];
+ host_entries[0].length = sizeof (XServerInterpretedAddress);
+ host_entries[1].address = (char *) &si_entries[1];
+ host_entries[1].length = sizeof (XServerInterpretedAddress);
+
+ XAddHosts (slave->priv->server_display, host_entries,
+ G_N_ELEMENTS (host_entries));
}
return ret;
@@ -639,6 +674,25 @@ gdm_slave_real_start (GdmSlave *slave)
error = NULL;
res = dbus_g_proxy_call (slave->priv->display_proxy,
+ "GetX11Cookie",
+ &error,
+ G_TYPE_INVALID,
+ dbus_g_type_get_collection ("GArray", G_TYPE_CHAR),
+ &slave->priv->display_x11_cookie,
+ G_TYPE_INVALID);
+ if (! res) {
+ if (error != NULL) {
+ g_warning ("Failed to get value: %s", error->message);
+ g_error_free (error);
+ } else {
+ g_warning ("Failed to get value");
+ }
+
+ return FALSE;
+ }
+
+ error = NULL;
+ res = dbus_g_proxy_call (slave->priv->display_proxy,
"GetX11AuthorityFile",
&error,
G_TYPE_INVALID,
@@ -1475,6 +1529,7 @@ gdm_slave_finalize (GObject *object)
g_free (slave->priv->display_x11_authority_file);
g_free (slave->priv->parent_display_name);
g_free (slave->priv->parent_display_x11_authority_file);
+ g_array_free (slave->priv->display_x11_cookie, TRUE);
G_OBJECT_CLASS (gdm_slave_parent_class)->finalize (object);
}

View File

@ -1,12 +0,0 @@
diff -up gdm-2.25.2/daemon/gdm-display-access-file.c.use-resolvable-hostname gdm-2.25.2/daemon/gdm-display-access-file.c
--- gdm-2.25.2/daemon/gdm-display-access-file.c.use-resolvable-hostname 2009-03-10 23:28:29.355897686 -0400
+++ gdm-2.25.2/daemon/gdm-display-access-file.c 2009-03-10 23:28:33.925897051 -0400
@@ -410,7 +410,7 @@ _get_auth_info_for_display (GdmDisplayAc
if (is_local) {
*family = FamilyLocal;
- *address = g_strdup (g_get_host_name ());
+ *address = g_strdup ("localhost");
} else {
*family = FamilyWild;
gdm_display_get_remote_hostname (display, address, NULL);

View File

@ -15,7 +15,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 2.25.2
Release: 19%{?dist}
Release: 20%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@ -93,7 +93,7 @@ Patch13: gdm-system-keyboard.patch
Patch14: gdm-2.25.2-multistack-but-boring.patch
Patch15: gdm-2.25.2-start-faster.patch
Patch16: gdm-2.25.2-use-resolvable-hostname.patch
Patch16: gdm-2.25.2-dont-depend-on-hostname.patch
Patch17: gdm-2.25.2-maybe-work-around-gcc-bug.patch
# Fedora-specific
@ -123,7 +123,7 @@ multiple simulanteous logged in users.
%patch14 -p1 -b .multistack-but-boring
%patch15 -p1 -b .start-faster
%patch16 -p1 -b .use-resolvable-hostname
%patch16 -p1 -b .dont-depend-on-hostname
%patch17 -p1 -b .maybe-work-around-gcc-bug
%patch99 -p1 -b .fedora-logo
@ -348,6 +348,10 @@ fi
%{_datadir}/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
%changelog
* Sat Mar 14 2009 Ray Strode <rstrode@redhat.com> - 1:2.25.2-20
- Drop the use localhost patch because it broke things.
Instead add authorization that doesn't depend on a hostname
* Thu Mar 12 2009 Ray Strode <rstrode@redhat.com> - 1:2.25.2-19
- Add a lame patch in the off chance it might work around a
gcc bug on ppc: