summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorMatthieu Herrb <matthieu@cvs.openbsd.org>2021-03-08 17:54:29 +0000
committerMatthieu Herrb <matthieu@cvs.openbsd.org>2021-03-08 17:54:29 +0000
commit9acbe405757d1c061fe0a711e5b79d385dd18e7b (patch)
tree96238e1d5c25de1a50a63116da240cc35ee07249 /app
parent21bd9a3db87fad3596e91fdc68324d90edcebdda (diff)
Remove code writing .Xauthority in /tmp if it cannot write it in ${HOME}.
Discussed with deraadt@ and zhuk@
Diffstat (limited to 'app')
-rw-r--r--app/xenodm/include/dm.h1
-rw-r--r--app/xenodm/man/xenodm.man14
-rw-r--r--app/xenodm/xenodm/auth.c46
-rw-r--r--app/xenodm/xenodm/dpylist.c2
-rw-r--r--app/xenodm/xenodm/resource.c5
5 files changed, 6 insertions, 62 deletions
diff --git a/app/xenodm/include/dm.h b/app/xenodm/include/dm.h
index ab67e33f9..a07af640a 100644
--- a/app/xenodm/include/dm.h
+++ b/app/xenodm/include/dm.h
@@ -122,7 +122,6 @@ struct display {
char **authNames; /* authorization protocol names */
unsigned short *authNameLens; /* authorization protocol name lens */
char *clientAuthFile;/* client specified auth file */
- char *userAuthDir; /* backup directory for tickets */
int authComplain; /* complain when no auth for XDMCP */
/* information potentially derived from resources */
diff --git a/app/xenodm/man/xenodm.man b/app/xenodm/man/xenodm.man
index 3ba85dc23..071f60028 100644
--- a/app/xenodm/man/xenodm.man
+++ b/app/xenodm/man/xenodm.man
@@ -23,7 +23,7 @@
.\" from The Open Group.
.\"
.\"
-.Dd $Mdocdate: August 15 2019 $
+.Dd $Mdocdate: March 8 2021 $
.Dt XENODM 1
.Os __xorgversion__
.Sh NAME
@@ -582,18 +582,6 @@ to occur, during which time the new authorization information will be read.
The default is
.Cm false ,
which will work for all MIT servers.
-.It Ic DisplayManager. Ns Ar DISPLAY Ns Ic .userAuthDir
-When
-.Nm
-is unable to write to the usual user authorization file
-.Pq Pa $HOME/.Xauthority ,
-it creates a unique file name in this directory and points the environment
-variable
-.Ev XAUTHORITY
-at the created file.
-It uses
-.Pa /tmp
-by default.
.El
.Sh CONFIGURATION FILE
First, the
diff --git a/app/xenodm/xenodm/auth.c b/app/xenodm/xenodm/auth.c
index b2e29b3ba..39703c12b 100644
--- a/app/xenodm/xenodm/auth.c
+++ b/app/xenodm/xenodm/auth.c
@@ -752,7 +752,7 @@ void
SetUserAuthorization (struct display *d, struct verify_info *verify)
{
FILE *old = NULL, *new;
- char home_name[1024], backup_name[1024], new_name[1024];
+ char home_name[1024], new_name[1024];
char *name = NULL;
char *home;
char *envname = NULL;
@@ -762,7 +762,6 @@ SetUserAuthorization (struct display *d, struct verify_info *verify)
struct stat statb;
int i;
int magicCookie;
- int fd;
Debug ("SetUserAuthorization\n");
auths = d->authorizations;
@@ -793,45 +792,10 @@ SetUserAuthorization (struct display *d, struct verify_info *verify)
}
}
if (lockStatus != LOCK_SUCCESS) {
- snprintf (backup_name, sizeof(backup_name),
- "%s/.XauthXXXXXX", d->userAuthDir);
- fd = mkstemp (backup_name);
- if (fd >= 0) {
- old = fdopen (fd, "r");
- if (old == NULL)
- (void) close(fd);
- }
-
- if (old != NULL)
- {
- lockStatus = XauLockAuth (backup_name, 1, 2, 10);
- Debug ("backup lock is %d\n", lockStatus);
- if (lockStatus == LOCK_SUCCESS) {
- if (openFiles (backup_name, new_name, sizeof(new_name),
- &old, &new)
- && (old != NULL) && (new != NULL)) {
- name = backup_name;
- setenv = 1;
- } else {
- XauUnlockAuth (backup_name);
- lockStatus = LOCK_ERROR;
- if (old != NULL) {
- (void) fclose (old);
- old = NULL;
- }
- if (new != NULL)
- (void) fclose (new);
- }
- } else {
- (void) fclose (old);
- }
- }
- }
- if (lockStatus != LOCK_SUCCESS) {
- Debug ("can't lock auth file %s or backup %s\n",
- home_name, backup_name);
- LogError ("can't lock authorization file %s or backup %s\n",
- home_name, backup_name);
+ Debug ("can't lock auth file %s\n",
+ home_name);
+ LogError ("can't lock authorization file %s\n",
+ home_name);
return;
}
initAddrs ();
diff --git a/app/xenodm/xenodm/dpylist.c b/app/xenodm/xenodm/dpylist.c
index f70086bd0..0d773e54b 100644
--- a/app/xenodm/xenodm/dpylist.c
+++ b/app/xenodm/xenodm/dpylist.c
@@ -128,7 +128,6 @@ RemoveDisplay (struct display *old)
if (d->authFile)
(void) unlink (d->authFile);
free (d->authFile);
- free (d->userAuthDir);
for (x = d->authNames; x && *x; x++)
free (*x);
free (d->authNames);
@@ -195,7 +194,6 @@ NewDisplay (char *name, char *class)
d->authNameNum = 0;
d->clientAuthFile = NULL;
d->authFile = NULL;
- d->userAuthDir = NULL;
d->authNames = NULL;
d->authNameLens = NULL;
d->authComplain = 1;
diff --git a/app/xenodm/xenodm/resource.c b/app/xenodm/xenodm/resource.c
index c66104628..3166f389b 100644
--- a/app/xenodm/xenodm/resource.c
+++ b/app/xenodm/xenodm/resource.c
@@ -91,9 +91,6 @@ char **exportList;
#ifndef DEF_AUTH_DIR
# define DEF_AUTH_DIR "/usr/lib/X11/xenodm"
#endif
-#ifndef DEF_USER_AUTH_DIR
-# define DEF_USER_AUTH_DIR "/tmp"
-#endif
#ifndef DEF_ACCESS_FILE
# define DEF_ACCESS_FILE ""
#endif
@@ -200,8 +197,6 @@ struct displayResource sessionResources[] = {
DEF_SYSTEM_SHELL },
{ "failsafeClient","FailsafeClient", DM_STRING, boffset(failsafeClient),
DEF_FAILSAFE_CLIENT },
-{ "userAuthDir","UserAuthDir", DM_STRING, boffset(userAuthDir),
- DEF_USER_AUTH_DIR },
};
#define NUM_SESSION_RESOURCES (sizeof sessionResources/\