Re: [gdm-list] [RFC PATCH] Support for PAM_XDISPLAY and PAM_XAUTH_DATA
- From: Eamon Walsh <ewalsh tycho nsa gov>
- To: gdm-list gnome org
- Cc: Brian Cameron Sun COM
- Subject: Re: [gdm-list] [RFC PATCH] Support for PAM_XDISPLAY and PAM_XAUTH_DATA
- Date: Thu, 24 Jan 2008 15:38:29 -0500
Oswald Buddenhagen wrote:
On Thu, Jan 17, 2008 at 01:27:53AM -0500, Eamon Walsh wrote:
I am considering going back to the Linux-PAM list and asking to change
PAM_XAUTH_DATA (if it's not too late) to just take the name of an
authority file instead of a raw Xauth structure.
+1
PAM_XAUTH_FILE for a name would be more obvoius and cause a less broken
transition if PAM_XAUTH_DATA is already actively used.
one thing to consider about a file are access rights. shouldn't be a
problem, but one never knows.
I've gone ahead and removed the PAM pieces from the patch. It's a moot
point anyway since PAM has not had a release yet with support for the
new items. But this part of the patch should go in as soon as possible
because it modifies two of the D-BUS messages in the
DisplayManager.Session interface. Please review and apply!
Brian: you mentioned in another thread that SELinux audit support is on
the to-do list. I would be happy to take a look at this if you like.
===
This patch adds the display's X authority file name to the list of items
which are sent from the SessionDirect object to the SessionWorker
object. This is needed to allow future support for PAM options which
pass the X authority data to session modules for use in setting up the
user's X session.
Signed-off-by: Eamon Walsh <ewalsh tycho nsa gov>
---
gdm-product-slave.c | 3 +++
gdm-session-direct.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
gdm-session-direct.h | 1 +
gdm-session-worker.c | 9 +++++++++
gdm-simple-slave.c | 3 +++
test-session.c | 1 +
6 files changed, 61 insertions(+)
Index: daemon/gdm-product-slave.c
===================================================================
--- daemon/gdm-product-slave.c (revision 5631)
+++ daemon/gdm-product-slave.c (working copy)
@@ -676,6 +676,7 @@
char *display_name;
char *display_hostname;
char *display_device;
+ char *display_x11_authority_file;
g_debug ("GdmProductSlave: Creating new session");
@@ -683,6 +684,7 @@
"display-name", &display_name,
"display-hostname", &display_hostname,
"display-is-local", &display_is_local,
+ "display-x11-authority-file", &display_x11_authority_file,
NULL);
/* FIXME: we don't yet have a display device! */
@@ -691,6 +693,7 @@
slave->priv->session = gdm_session_direct_new (display_name,
display_hostname,
display_device,
+ display_x11_authority_file,
display_is_local);
g_free (display_name);
g_free (display_hostname);
Index: daemon/test-session.c
===================================================================
--- daemon/test-session.c (revision 5631)
+++ daemon/test-session.c (working copy)
@@ -248,6 +248,7 @@
session = gdm_session_direct_new (":0",
g_get_host_name (),
ttyname (STDIN_FILENO),
+ getenv("XAUTHORITY"),
TRUE);
g_debug ("GdmSessionDirect object created successfully");
Index: daemon/gdm-session-worker.c
===================================================================
--- daemon/gdm-session-worker.c (revision 5631)
+++ daemon/gdm-session-worker.c (working copy)
@@ -94,6 +94,7 @@
/* from Setup */
char *service;
char *x11_display_name;
+ char *x11_authority_file;
char *display_device;
char *hostname;
char *username;
@@ -811,6 +812,7 @@
const char *username,
const char *hostname,
const char *x11_display_name,
+ const char *x11_authority_file,
const char *display_device,
GError **error)
{
@@ -1531,6 +1533,7 @@
worker->priv->username,
worker->priv->hostname,
worker->priv->x11_display_name,
+ worker->priv->x11_authority_file,
worker->priv->display_device,
&error);
if (! res) {
@@ -1788,6 +1791,7 @@
DBusError error;
const char *service;
const char *x11_display_name;
+ const char *x11_authority_file;
const char *console;
const char *hostname;
dbus_bool_t res;
@@ -1801,10 +1805,12 @@
DBUS_TYPE_STRING, &x11_display_name,
DBUS_TYPE_STRING, &console,
DBUS_TYPE_STRING, &hostname,
+ DBUS_TYPE_STRING, &x11_authority_file,
DBUS_TYPE_INVALID);
if (res) {
worker->priv->service = g_strdup (service);
worker->priv->x11_display_name = g_strdup (x11_display_name);
+ worker->priv->x11_authority_file = g_strdup (x11_authority_file);
worker->priv->display_device = g_strdup (console);
worker->priv->hostname = g_strdup (hostname);
worker->priv->username = NULL;
@@ -1824,6 +1830,7 @@
DBusError error;
const char *service;
const char *x11_display_name;
+ const char *x11_authority_file;
const char *console;
const char *hostname;
const char *username;
@@ -1838,11 +1845,13 @@
DBUS_TYPE_STRING, &x11_display_name,
DBUS_TYPE_STRING, &console,
DBUS_TYPE_STRING, &hostname,
+ DBUS_TYPE_STRING, &x11_authority_file,
DBUS_TYPE_STRING, &username,
DBUS_TYPE_INVALID);
if (res) {
worker->priv->service = g_strdup (service);
worker->priv->x11_display_name = g_strdup (x11_display_name);
+ worker->priv->x11_authority_file = g_strdup (x11_authority_file);
worker->priv->display_device = g_strdup (console);
worker->priv->hostname = g_strdup (hostname);
worker->priv->username = g_strdup (username);
Index: daemon/gdm-session-direct.c
===================================================================
--- daemon/gdm-session-direct.c (revision 5631)
+++ daemon/gdm-session-direct.c (working copy)
@@ -82,6 +82,7 @@
char *display_name;
char *display_hostname;
char *display_device;
+ char *display_x11_authority_file;
gboolean display_is_local;
DBusServer *server;
@@ -95,6 +96,7 @@
PROP_DISPLAY_HOSTNAME,
PROP_DISPLAY_IS_LOCAL,
PROP_DISPLAY_DEVICE,
+ PROP_DISPLAY_X11_AUTHORITY_FILE,
PROP_USER_X11_AUTHORITY_FILE,
};
@@ -909,12 +911,14 @@
" <arg name=\"x11_display_name\" type=\"s\"/>\n"
" <arg name=\"display_device\" type=\"s\"/>\n"
" <arg name=\"hostname\" type=\"s\"/>\n"
+ " <arg name=\"x11_authority_file\" type=\"s\"/>\n"
" </signal>\n"
" <signal name=\"SetupForUser\">\n"
" <arg name=\"service_name\" type=\"s\"/>\n"
" <arg name=\"x11_display_name\" type=\"s\"/>\n"
" <arg name=\"display_device\" type=\"s\"/>\n"
" <arg name=\"hostname\" type=\"s\"/>\n"
+ " <arg name=\"x11_authority_file\" type=\"s\"/>\n"
" <arg name=\"username\" type=\"s\"/>\n"
" </signal>\n"
" <signal name=\"Authenticate\">\n"
@@ -1292,6 +1296,7 @@
const char *display_name;
const char *display_device;
const char *display_hostname;
+ const char *display_x11_authority_file;
if (session->priv->display_name != NULL) {
display_name = session->priv->display_name;
@@ -1308,6 +1313,11 @@
} else {
display_device = "";
}
+ if (session->priv->display_x11_authority_file != NULL) {
+ display_x11_authority_file = session->priv->display_x11_authority_file;
+ } else {
+ display_x11_authority_file = "";
+ }
g_debug ("GdmSessionDirect: Beginning setup");
@@ -1320,6 +1330,7 @@
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_name);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_device);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_hostname);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_x11_authority_file);
if (! send_dbus_message (session->priv->worker_connection, message)) {
g_debug ("GdmSessionDirect: Could not send %s signal", "Setup");
@@ -1336,6 +1347,7 @@
const char *display_name;
const char *display_device;
const char *display_hostname;
+ const char *display_x11_authority_file;
const char *selected_user;
if (session->priv->display_name != NULL) {
@@ -1353,6 +1365,11 @@
} else {
display_device = "";
}
+ if (session->priv->display_x11_authority_file != NULL) {
+ display_x11_authority_file = session->priv->display_x11_authority_file;
+ } else {
+ display_x11_authority_file = "";
+ }
if (session->priv->selected_user != NULL) {
selected_user = session->priv->selected_user;
} else {
@@ -1370,6 +1387,7 @@
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_name);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_device);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_hostname);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &display_x11_authority_file);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &selected_user);
if (! send_dbus_message (session->priv->worker_connection, message)) {
@@ -1885,6 +1903,14 @@
}
static void
+_gdm_session_direct_set_display_x11_authority_file (GdmSessionDirect *session,
+ const char *name)
+{
+ g_free (session->priv->display_x11_authority_file);
+ session->priv->display_x11_authority_file = g_strdup (name);
+}
+
+static void
_gdm_session_direct_set_display_is_local (GdmSessionDirect *session,
gboolean is)
{
@@ -1914,6 +1940,9 @@
case PROP_USER_X11_AUTHORITY_FILE:
_gdm_session_direct_set_user_x11_authority_file (self, g_value_get_string (value));
break;
+ case PROP_DISPLAY_X11_AUTHORITY_FILE:
+ _gdm_session_direct_set_display_x11_authority_file (self, g_value_get_string (value));
+ break;
case PROP_DISPLAY_IS_LOCAL:
_gdm_session_direct_set_display_is_local (self, g_value_get_boolean (value));
break;
@@ -1946,6 +1975,9 @@
case PROP_USER_X11_AUTHORITY_FILE:
g_value_set_string (value, self->priv->user_x11_authority_file);
break;
+ case PROP_DISPLAY_X11_AUTHORITY_FILE:
+ g_value_set_string (value, self->priv->display_x11_authority_file);
+ break;
case PROP_DISPLAY_IS_LOCAL:
g_value_set_boolean (value, self->priv->display_is_local);
break;
@@ -1978,6 +2010,9 @@
g_free (session->priv->display_device);
session->priv->display_device = NULL;
+ g_free (session->priv->display_x11_authority_file);
+ session->priv->display_x11_authority_file = NULL;
+
g_free (session->priv->server_address);
session->priv->server_address = NULL;
@@ -2065,6 +2100,13 @@
"display is local",
TRUE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+ g_object_class_install_property (object_class,
+ PROP_DISPLAY_X11_AUTHORITY_FILE,
+ g_param_spec_string ("display-x11-authority-file",
+ "display x11 authority file",
+ "display x11 authority file",
+ NULL,
+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
/* not construct only */
g_object_class_install_property (object_class,
PROP_USER_X11_AUTHORITY_FILE,
@@ -2088,6 +2130,7 @@
gdm_session_direct_new (const char *display_name,
const char *display_hostname,
const char *display_device,
+ const char *display_x11_authority_file,
gboolean display_is_local)
{
GdmSessionDirect *session;
@@ -2096,6 +2139,7 @@
"display-name", display_name,
"display-hostname", display_hostname,
"display-device", display_device,
+ "display-x11-authority-file", display_x11_authority_file,
"display-is-local", display_is_local,
NULL);
Index: daemon/gdm-session-direct.h
===================================================================
--- daemon/gdm-session-direct.h (revision 5631)
+++ daemon/gdm-session-direct.h (working copy)
@@ -51,6 +51,7 @@
GdmSessionDirect * gdm_session_direct_new (const char *display_name,
const char *display_hostname,
const char *display_device,
+ const char *display_x11_authority_file,
gboolean display_is_local) G_GNUC_MALLOC;
char * gdm_session_direct_get_username (GdmSessionDirect *session_direct);
Index: daemon/gdm-simple-slave.c
===================================================================
--- daemon/gdm-simple-slave.c (revision 5631)
+++ daemon/gdm-simple-slave.c (working copy)
@@ -326,6 +326,7 @@
char *display_name;
char *display_hostname;
char *display_device;
+ char *display_x11_authority_file;
g_debug ("GdmSimpleSlave: Creating new session");
@@ -333,6 +334,7 @@
"display-name", &display_name,
"display-hostname", &display_hostname,
"display-is-local", &display_is_local,
+ "display-x11-authority-file", &display_x11_authority_file,
NULL);
display_device = NULL;
@@ -343,6 +345,7 @@
slave->priv->session = gdm_session_direct_new (display_name,
display_hostname,
display_device,
+ display_x11_authority_file,
display_is_local);
g_free (display_name);
g_free (display_device);
--
Eamon Walsh <ewalsh tycho nsa gov>
National Security Agency
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]