diff options
author | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2021-03-13 12:11:11 +0000 |
---|---|---|
committer | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2021-03-13 12:11:11 +0000 |
commit | 740b76c6555240306ef25ce1bd4a0f5b58febce1 (patch) | |
tree | 1a239a70e74eba7e700e504b0e5e05c9053f609f /app | |
parent | dcce4ecf87ab076398531ec11a2f2fd4cad8ac34 (diff) |
Don't add authorizations for TCP connections by default.
Add a new resource 'listenTcp' (false by default) to explicitely
add authorizations for existing IP addresses on startup (and pass
-listen tcp to the X server).
ok kettenis@
Diffstat (limited to 'app')
-rw-r--r-- | app/xenodm/include/dm.h | 1 | ||||
-rw-r--r-- | app/xenodm/man/xenodm.man | 17 | ||||
-rw-r--r-- | app/xenodm/xenodm/auth.c | 22 | ||||
-rw-r--r-- | app/xenodm/xenodm/resource.c | 2 | ||||
-rw-r--r-- | app/xenodm/xenodm/server.c | 2 |
5 files changed, 39 insertions, 5 deletions
diff --git a/app/xenodm/include/dm.h b/app/xenodm/include/dm.h index a07af640a..a7ba732f5 100644 --- a/app/xenodm/include/dm.h +++ b/app/xenodm/include/dm.h @@ -123,6 +123,7 @@ struct display { unsigned short *authNameLens; /* authorization protocol name lens */ char *clientAuthFile;/* client specified auth file */ int authComplain; /* complain when no auth for XDMCP */ + int listenTcp; /* assume server is listening on TCP */ /* information potentially derived from resources */ int authNameNum; /* number of protocol names */ diff --git a/app/xenodm/man/xenodm.man b/app/xenodm/man/xenodm.man index 071f60028..69f808b56 100644 --- a/app/xenodm/man/xenodm.man +++ b/app/xenodm/man/xenodm.man @@ -23,7 +23,7 @@ .\" from The Open Group. .\" .\" -.Dd $Mdocdate: March 8 2021 $ +.Dd $Mdocdate: March 13 2021 $ .Dt XENODM 1 .Os __xorgversion__ .Sh NAME @@ -582,6 +582,21 @@ to occur, during which time the new authorization information will be read. The default is .Cm false , which will work for all MIT servers. +.It Ic DisplayManager. Ns Ar DISPLAY Ns Ic .listenTcp +If set to +.Cm true , +enable the +.Ic listen Ic tcp +option for the given X server. +When this setting is set to +.Cm false , +.Nm +will only generate authorizations for the local (ie Unix socket) +transport mechanism. +Otherwise full authorization for all possible transport mechanisms +will be generated. +The default is +.Cm false . .El .Sh CONFIGURATION FILE First, the diff --git a/app/xenodm/xenodm/auth.c b/app/xenodm/xenodm/auth.c index 39703c12b..b90782674 100644 --- a/app/xenodm/xenodm/auth.c +++ b/app/xenodm/xenodm/auth.c @@ -736,13 +736,14 @@ setAuthNumber (Xauth *auth, char *name) } static void -writeLocalAuth (FILE *file, Xauth *auth, char *name) +writeLocalAuth (FILE *file, Xauth *auth, char *name, int listenTcp) { Debug ("writeLocalAuth: %s %.*s\n", name, auth->name_length, auth->name); setAuthNumber (auth, name); #ifdef TCPCONN - DefineSelf (file, auth); + if (listenTcp) + DefineSelf (file, auth); #endif DefineLocal (file, auth); } @@ -762,8 +763,21 @@ SetUserAuthorization (struct display *d, struct verify_info *verify) struct stat statb; int i; int magicCookie; + char **arg; + int foundListen = 0; Debug ("SetUserAuthorization\n"); + for (arg = d->argv; *arg!= NULL; arg++) { + if (strcmp(*arg, "tcp") == 0 && foundListen) { + Debug("setUserAuthorization: found listenTcp \n"); + d->listenTcp = 1; + break; + } + if (strcmp(*arg, "-listen") == 0) + foundListen = 1; + else + foundListen = 0; + } auths = d->authorizations; if (auths) { home = getEnv (verify->userEnviron, "HOME"); @@ -813,7 +827,7 @@ SetUserAuthorization (struct display *d, struct verify_info *verify) !strncmp (auths[i]->name, "MIT-MAGIC-COOKIE-1", 18)) { magicCookie = i; - writeLocalAuth (new, auths[i], d->name); + writeLocalAuth (new, auths[i], d->name, d->listenTcp); break; } } @@ -893,7 +907,7 @@ RemoveUserAuthorization (struct display *d, struct verify_info *verify) initAddrs (); doWrite = 0; for (i = 0; i < d->authNum; i++) - writeLocalAuth (new, auths[i], d->name); + writeLocalAuth (new, auths[i], d->name, d->listenTcp); doWrite = 1; if (old) { if (fstat (fileno (old), &statb) != -1) diff --git a/app/xenodm/xenodm/resource.c b/app/xenodm/xenodm/resource.c index 3166f389b..f1b220b69 100644 --- a/app/xenodm/xenodm/resource.c +++ b/app/xenodm/xenodm/resource.c @@ -169,6 +169,8 @@ struct displayResource serverResources[] = { "" }, { "autoLogin", "AutoLogin", DM_STRING, boffset(autoLogin), "" }, +{ "listenTcp", "ListenTcp", DM_BOOL, boffset(listenTcp), + "false" }, }; #define NUM_SERVER_RESOURCES (sizeof serverResources/\ diff --git a/app/xenodm/xenodm/server.c b/app/xenodm/xenodm/server.c index f247a1da0..e4f3f69fa 100644 --- a/app/xenodm/xenodm/server.c +++ b/app/xenodm/xenodm/server.c @@ -86,6 +86,8 @@ StartServerOnce (struct display *d) snprintf (arg, sizeof(arg), "-auth %s", d->authFile); argv = parseArgs (argv, arg); } + if (d->listenTcp) + argv = parseArgs(argv, "-listen tcp"); if (!argv) { LogError ("StartServer: no arguments\n"); sleep ((unsigned) d->openDelay); |