home *** CD-ROM | disk | FTP | other *** search
- Also, I thought that I would share my changes to xdm. I have changed
- xdm to write an authorization record for root. I feel that this does
- not compromise security at all. root could also setuid to the user
- to gain access to the display. I have written a daemon that catches
- console message and displays them in a window. Also, we have a system
- that submits jobs on idle workstations. This system can connect to
- the X display to check the idle time. Anyway, here is my patch to xdm:
-
- NOTE: This patch applies to X11R4 xdm. It is not required for X11R5 xdm.
-
-
- *** /tmp/,RCSt1a23628 Sun Jul 8 14:39:22 1990
- --- auth.c Wed Jun 13 14:03:25 1990
- ***************
- *** 201,206 ****
- --- 201,207 ----
- ret = TRUE;
- fclose (auth_file);
- }
- + SetRootAuthorization (d, auth);
- return ret;
- }
-
- ***************
- *** 778,781 ****
- --- 779,849 ----
- }
- }
- Debug ("done SetUserAuthorization\n");
- + }
- +
- + SetRootAuthorization (d, auth)
- + struct display *d;
- + Xauth *auth;
- + {
- + FILE *old, *new;
- + char *home_name;
- + char new_name[1024];
- + int lockStatus;
- + Xauth *entry;
- + struct stat statb;
- +
- + Debug ("SetRootAuthorization\n");
- + if (auth) {
- + lockStatus = LOCK_ERROR;
- + home_name = "/.Xauthority";
- + Debug ("XauLockAuth %s\n", home_name);
- + lockStatus = XauLockAuth (home_name, 1, 2, 10);
- + Debug ("Lock is %d\n", lockStatus);
- + if (lockStatus == LOCK_SUCCESS) {
- + if (!openFiles (home_name, new_name, &old, &new)) {
- + Debug ("openFiles failed\n");
- + XauUnlockAuth (home_name);
- + lockStatus = LOCK_ERROR;
- + }
- + }
- + if (lockStatus != LOCK_SUCCESS) {
- + Debug ("can't lock auth file %s\n", home_name);
- + LogError ("can't lock authorization file %s\n", home_name);
- + return;
- + }
- + initAddrs ();
- + if (d->displayType.location == Local)
- + writeLocalAuth (new, auth, d->name);
- + else
- + writeRemoteAuth (new, auth, d->peer, d->peerlen, d->name);
- + if (old) {
- + if (fstat (fileno (old), &statb) != -1)
- + chmod (new_name, (int) (statb.st_mode & 0777));
- + while (entry = XauReadAuth (old)) {
- + if (!checkAddr (entry->family,
- + entry->address_length, entry->address,
- + entry->number_length, entry->number))
- + {
- + Debug ("Saving an entry\n");
- + dumpAuth (entry);
- + writeAuth (new, entry);
- + }
- + XauDisposeAuth (entry);
- + }
- + fclose (old);
- + }
- + doneAddrs ();
- + fclose (new);
- + if (unlink (home_name) == -1)
- + Debug ("unlink %s failed\n", home_name);
- + if (link (new_name, home_name) == -1) {
- + Debug ("link failed %s %s\n", new_name, home_name);
- + LogError ("Can't move authorization into place\n");
- + } else {
- + Debug ("new is in place, go for it!\n");
- + unlink (new_name);
- + }
- + XauUnlockAuth (home_name);
- + }
- + Debug ("done SetRootAuthorization\n");
- }
-