Bugzilla – Attachment 3048 Details for
Bug 2440
X11 connection will fail if user's home directory is read-only
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
create xauth file in temp directory
bz2501_xauth.diff (text/plain), 2.55 KB, created by
Damien Miller
on 2017-09-01 14:55:40 AEST
(
hide
)
Description:
create xauth file in temp directory
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2017-09-01 14:55:40 AEST
Size:
2.55 KB
patch
obsolete
>commit b4e07cee66db7c62a626e4768f6144039a6cf247 >Author: Damien Miller <djm@mindrot.org> >Date: Fri Sep 1 14:51:15 2017 +1000 > > create a dedicated XAUTHORITY file in /tmp > >diff --git a/session.c b/session.c >index 56695d2..290cb46 100644 >--- a/session.c >+++ b/session.c >@@ -152,6 +152,9 @@ static char *private_temp_dir = NULL; > /* Path for authentication agent forwarding socket. */ > static char *auth_sock_name = NULL; > >+/* Path for XAUTHORITY file */ >+static char *xauthority_path = NULL; >+ > /* removes the per-session temporary directory */ > static void > cleanup_private_temp_dir(struct passwd *pw) >@@ -254,6 +257,51 @@ auth_input_request_forwarding(struct passwd * pw) > return 0; > } > >+/* removes the xauthority file */ >+static void >+xauthority_cleanup_proc(struct passwd *pw) >+{ >+ if (xauthority_path != NULL) { >+ temporarily_use_uid(pw); >+ unlink(xauthority_path); >+ free(xauthority_path); >+ xauthority_path = NULL; >+ restore_uid(); >+ } >+} >+ >+static void >+prepare_xauthority_file(struct passwd *pw) >+{ >+ char *path; >+ int fd; >+ >+ /* >+ * Failures here are mostly-harmless: if we don't create the >+ * file or directory then XAUTHORITY won't be get set later and >+ * xauth should fall back to its default location. >+ */ >+ >+ if (make_private_temp_dir(pw) != 0) { >+ debug("Failed to create directory for xauth data"); >+ return; >+ } >+ >+ xasprintf(&path, "%s/xauth.XXXXXXXXXX", private_temp_dir); >+ temporarily_use_uid(pw); >+ fd = mkstemp(path); >+ restore_uid(); >+ >+ if (fd == -1) { >+ debug("%s: mkstemp: %s", __func__, strerror(errno)); >+ free(path); >+ return; >+ } >+ debug3("%s: xauthority file at %s", __func__, path); >+ close(fd); /* just wanted to create it */ >+ xauthority_path = path; >+} >+ > static void > display_loginmsg(void) > { >@@ -843,6 +891,9 @@ do_setup_env(Session *s, const char *shell) > if (getenv("TZ")) > child_set_env(&env, &envsize, "TZ", getenv("TZ")); > >+ if (xauthority_path != NULL) >+ child_set_env(&env, &envsize, "XAUTHORITY", xauthority_path); >+ > /* Set custom environment options from RSA authentication. */ > while (custom_environment) { > struct envstring *ce = custom_environment; >@@ -1635,7 +1686,9 @@ session_x11_req(Session *s) > success = 0; > error("Invalid X11 forwarding data"); > } >- if (!success) { >+ if (success) >+ prepare_xauthority_file(s->pw); >+ else { > free(s->auth_proto); > free(s->auth_data); > s->auth_proto = NULL; >@@ -2185,6 +2238,8 @@ do_cleanup(Authctxt *authctxt) > auth_info_file = NULL; > } > >+ xauthority_cleanup_proc(authctxt->pw); >+ > /* > * Cleanup ptys/utmp only if privsep is disabled, > * or if running in monitor.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3048">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2440
:
2680
|
2809
|
3047
| 3048