From 84db1b79e635f385c985be0e8885f55ac71f2e2a Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Mon, 8 Mar 2021 17:54:29 +0000 Subject: Remove code writing .Xauthority in /tmp if it cannot write it in ${HOME}. Discussed with deraadt@ and zhuk@ --- include/dm.h | 1 - man/xenodm.man | 14 +------------- xenodm/auth.c | 46 +++++----------------------------------------- xenodm/dpylist.c | 2 -- xenodm/resource.c | 5 ----- 5 files changed, 6 insertions(+), 62 deletions(-) diff --git a/include/dm.h b/include/dm.h index ab67e33..a07af64 100644 --- a/include/dm.h +++ b/include/dm.h @@ -122,7 +122,6 @@ struct display { char **authNames; /* authorization protocol names */ unsigned short *authNameLens; /* authorization protocol name lens */ char *clientAuthFile;/* client specified auth file */ - char *userAuthDir; /* backup directory for tickets */ int authComplain; /* complain when no auth for XDMCP */ /* information potentially derived from resources */ diff --git a/man/xenodm.man b/man/xenodm.man index 3ba85dc..071f600 100644 --- a/man/xenodm.man +++ b/man/xenodm.man @@ -23,7 +23,7 @@ .\" from The Open Group. .\" .\" -.Dd $Mdocdate: August 15 2019 $ +.Dd $Mdocdate: March 8 2021 $ .Dt XENODM 1 .Os __xorgversion__ .Sh NAME @@ -582,18 +582,6 @@ to occur, during which time the new authorization information will be read. The default is .Cm false , which will work for all MIT servers. -.It Ic DisplayManager. Ns Ar DISPLAY Ns Ic .userAuthDir -When -.Nm -is unable to write to the usual user authorization file -.Pq Pa $HOME/.Xauthority , -it creates a unique file name in this directory and points the environment -variable -.Ev XAUTHORITY -at the created file. -It uses -.Pa /tmp -by default. .El .Sh CONFIGURATION FILE First, the diff --git a/xenodm/auth.c b/xenodm/auth.c index b2e29b3..39703c1 100644 --- a/xenodm/auth.c +++ b/xenodm/auth.c @@ -752,7 +752,7 @@ void SetUserAuthorization (struct display *d, struct verify_info *verify) { FILE *old = NULL, *new; - char home_name[1024], backup_name[1024], new_name[1024]; + char home_name[1024], new_name[1024]; char *name = NULL; char *home; char *envname = NULL; @@ -762,7 +762,6 @@ SetUserAuthorization (struct display *d, struct verify_info *verify) struct stat statb; int i; int magicCookie; - int fd; Debug ("SetUserAuthorization\n"); auths = d->authorizations; @@ -793,45 +792,10 @@ SetUserAuthorization (struct display *d, struct verify_info *verify) } } if (lockStatus != LOCK_SUCCESS) { - snprintf (backup_name, sizeof(backup_name), - "%s/.XauthXXXXXX", d->userAuthDir); - fd = mkstemp (backup_name); - if (fd >= 0) { - old = fdopen (fd, "r"); - if (old == NULL) - (void) close(fd); - } - - if (old != NULL) - { - lockStatus = XauLockAuth (backup_name, 1, 2, 10); - Debug ("backup lock is %d\n", lockStatus); - if (lockStatus == LOCK_SUCCESS) { - if (openFiles (backup_name, new_name, sizeof(new_name), - &old, &new) - && (old != NULL) && (new != NULL)) { - name = backup_name; - setenv = 1; - } else { - XauUnlockAuth (backup_name); - lockStatus = LOCK_ERROR; - if (old != NULL) { - (void) fclose (old); - old = NULL; - } - if (new != NULL) - (void) fclose (new); - } - } else { - (void) fclose (old); - } - } - } - if (lockStatus != LOCK_SUCCESS) { - Debug ("can't lock auth file %s or backup %s\n", - home_name, backup_name); - LogError ("can't lock authorization file %s or backup %s\n", - home_name, backup_name); + Debug ("can't lock auth file %s\n", + home_name); + LogError ("can't lock authorization file %s\n", + home_name); return; } initAddrs (); diff --git a/xenodm/dpylist.c b/xenodm/dpylist.c index f70086b..0d773e5 100644 --- a/xenodm/dpylist.c +++ b/xenodm/dpylist.c @@ -128,7 +128,6 @@ RemoveDisplay (struct display *old) if (d->authFile) (void) unlink (d->authFile); free (d->authFile); - free (d->userAuthDir); for (x = d->authNames; x && *x; x++) free (*x); free (d->authNames); @@ -195,7 +194,6 @@ NewDisplay (char *name, char *class) d->authNameNum = 0; d->clientAuthFile = NULL; d->authFile = NULL; - d->userAuthDir = NULL; d->authNames = NULL; d->authNameLens = NULL; d->authComplain = 1; diff --git a/xenodm/resource.c b/xenodm/resource.c index c661046..3166f38 100644 --- a/xenodm/resource.c +++ b/xenodm/resource.c @@ -91,9 +91,6 @@ char **exportList; #ifndef DEF_AUTH_DIR # define DEF_AUTH_DIR "/usr/lib/X11/xenodm" #endif -#ifndef DEF_USER_AUTH_DIR -# define DEF_USER_AUTH_DIR "/tmp" -#endif #ifndef DEF_ACCESS_FILE # define DEF_ACCESS_FILE "" #endif @@ -200,8 +197,6 @@ struct displayResource sessionResources[] = { DEF_SYSTEM_SHELL }, { "failsafeClient","FailsafeClient", DM_STRING, boffset(failsafeClient), DEF_FAILSAFE_CLIENT }, -{ "userAuthDir","UserAuthDir", DM_STRING, boffset(userAuthDir), - DEF_USER_AUTH_DIR }, }; #define NUM_SESSION_RESOURCES (sizeof sessionResources/\ -- cgit v1.2.3