From 160c3a71aa514ce8f91ea11a3968aa5686f0c6c0 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 20 Dec 2012 11:07:09 -0500
Subject: [PATCH] display-access-file: maintain FamilyLocal entry for backward
compatibility
commit 0fccf4e0671e49f6e57d0135c97344973c042b23 swapped out the
FamilyLocal auth cookie for a FamilyWild auth cookie, because the
latter is more resilient to hostname changes. Unfortunately,
not all of the tooling accepts FamilyWild cookies (in particular the
xauth command), so things like su broke.
This commit changes the code to have a FamilyWild and FamilyLocal
cookie.
https://bugzilla.gnome.org/show_bug.cgi?id=690562
---
daemon/gdm-display-access-file.c | 55 +++++++++++++++++++++++++++++++++-------
1 file changed, 46 insertions(+), 9 deletions(-)
diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c
index cff8b70..02ec0a0 100644
--- a/daemon/gdm-display-access-file.c
+++ b/daemon/gdm-display-access-file.c
@@ -438,6 +438,11 @@ _get_auth_info_for_display (GdmDisplayAccessFile *file,
gdm_display_is_local (display, &is_local, NULL);
if (is_local) {
+ /* We could just use FamilyWild here except xauth
+ * (and by extension su and ssh) doesn't support it yet
+ *
+ * https://bugs.freedesktop.org/show_bug.cgi?id=43425
+ */
char localhost[HOST_NAME_MAX + 1] = "";
*family = FamilyLocal;
if (gethostname (localhost, HOST_NAME_MAX) == 0) {
@@ -538,6 +543,18 @@ gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile *file,
display_added = TRUE;
}
+ /* If we wrote a FamilyLocal entry, we still want a FamilyWild
+ * entry, because it's more resiliant against hostname changes
+ *
+ */
+ if (auth_entry.family == FamilyLocal) {
+ auth_entry.family = FamilyWild;
+
+ if (XauWriteAuth (file->priv->fp, &auth_entry)
+ && fflush (file->priv->fp) != EOF) {
+ display_added = TRUE;
+ }
+ }
g_free (auth_entry.address);
g_free (auth_entry.number);
@@ -560,6 +577,7 @@ gdm_display_access_file_remove_display (GdmDisplayAccessFile *file,
unsigned short name_length;
char *name;
+ gboolean result = FALSE;
g_return_val_if_fail (file != NULL, FALSE);
g_return_val_if_fail (file->priv->path != NULL, FALSE);
@@ -584,25 +602,44 @@ gdm_display_access_file_remove_display (GdmDisplayAccessFile *file,
g_free (number);
g_free (name);
- if (auth_entry == NULL) {
+ if (auth_entry != NULL) {
+ XauDisposeAuth (auth_entry);
+ result = TRUE;
+ }
+
+ /* If FamilyLocal, we also added a FamilyWild entry,
+ * so we need to clean that up too
+ */
+ if (family == FamilyLocal) {
+ auth_entry = XauGetAuthByAddr (FamilyWild,
+ address_length,
+ address,
+ number_length,
+ number,
+ name_length,
+ name);
+
+ if (auth_entry != NULL) {
+ XauDisposeAuth (auth_entry);
+ result = TRUE;
+ }
+ }
+
+
+ if (result == FALSE) {
g_set_error (error,
GDM_DISPLAY_ACCESS_FILE_ERROR,
GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
"could not find authorization entry");
- return FALSE;
- }
-
- XauDisposeAuth (auth_entry);
-
- if (fflush (file->priv->fp) == EOF) {
+ } else if (fflush (file->priv->fp) == EOF) {
g_set_error (error,
G_FILE_ERROR,
g_file_error_from_errno (errno),
"%s", g_strerror (errno));
- return FALSE;
+ result = FALSE;
}
- return TRUE;
+ return result;
}
void
--
1.8.0.2