Browse Source

added Xauth authentication, prepare for release 1.2.5

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/slim/trunk@101 7c53e7cc-98ea-0310-8f1f-a0b24da60408
sip 15 years ago
parent
commit
44129bd68d
11 changed files with 82 additions and 11 deletions
  1. 7 1
      ChangeLog
  2. 1 1
      Makefile
  3. 1 1
      Makefile.freebsd
  4. 1 1
      Makefile.netbsd
  5. 1 1
      Makefile.openbsd
  6. 42 1
      app.cpp
  7. 5 3
      app.h
  8. 2 0
      cfg.cpp
  9. 9 0
      slim.conf
  10. 11 1
      switchuser.cpp
  11. 2 1
      switchuser.h

+ 7 - 1
ChangeLog

@@ -1,7 +1,13 @@
-X.X.X - XXXX.XX.XX
+1.2.5 - XXXX.XX.XX
     * hiding of the cursor is now an option (disabled
       by default) since some WMs does not re-initialize
       the root window cursor.
+    * The X server is restarted when the user logs out.
+      This fixes potential security issues with user-launched
+      apps staying attached to the root window after logout.
+    * Bug #7432 : Added proper Xauth authentication: the X server
+      is started with the -auth option and the user who logs
+      in has his .Xauthority file initializated.
 
 1.2.4 - 2006.01.18
     * Added commands for session start and stop

+ 1 - 1
Makefile

@@ -16,7 +16,7 @@ DESTDIR=
 #######################################################
 
 NAME=slim
-VERSION=1.2.4
+VERSION=1.2.5
 
 DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
 		-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"

+ 1 - 1
Makefile.freebsd

@@ -16,7 +16,7 @@ DESTDIR=
 #######################################################
 
 NAME=slim
-VERSION=1.2.4
+VERSION=1.2.5
 
 DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
 		-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"

+ 1 - 1
Makefile.netbsd

@@ -16,7 +16,7 @@ DESTDIR=
 #######################################################
 
 NAME=slim
-VERSION=1.2.4
+VERSION=1.2.5
 
 DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
 		-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"

+ 1 - 1
Makefile.openbsd

@@ -16,7 +16,7 @@ DESTDIR=
 #######################################################
 
 NAME=slim
-VERSION=1.2.4
+VERSION=1.2.5
 
 DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
 		-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"

+ 42 - 1
app.cpp

@@ -59,6 +59,7 @@ App::App(int argc, char** argv) {
     int tmp;
     ServerPID = -1;
     testing = false;
+    mcookie = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
 
     // Parse command line
     while((tmp = getopt(argc, argv, "vhp:d?")) != EOF) {
@@ -181,6 +182,7 @@ void App::Run() {
             }
         }
 
+        CreateServerAuth();
         StartServer();
         alarm(2);
 #endif
@@ -328,7 +330,7 @@ void App::Login() {
             replaceVariables(sessStart, USER_VAR, pw->pw_name);
             system(sessStart.c_str());
         }
-        Su.Login(loginCommand.c_str());
+        Su.Login(loginCommand.c_str(), mcookie.c_str());
         exit(OK_EXIT);
     }
 
@@ -540,6 +542,8 @@ int App::StartServer() {
     static char* server[MAX_XSERVER_ARGS+2] = { NULL };
     server[0] = (char *)cfg.getOption("default_xserver").c_str();
     string argOption = cfg.getOption("xserver_arguments");
+    /* Add mandatory -xauth option */
+    argOption = argOption + " -auth " + cfg.getOption("authfile");
     char* args = new char[argOption.length()+2]; // NULL plus vt
     strcpy(args, argOption.c_str());
 
@@ -840,3 +844,40 @@ void App::replaceVariables(string& input,
         input = input.substr(0, pos) + value + input.substr(pos+len);
     }
 }
+
+
+void App::CreateServerAuth() {
+	/* create mit cookie */
+	int i, r;
+	int hexcount = 0;
+        string authfile;
+	string cmd;
+	char *digits = "0123456789abcdef";
+        srand( time(NULL) );
+	for ( i = 0; i < 31; i++ ) {
+		r = rand()%16;
+                mcookie[i] = digits[r];
+                if (r>9)
+                        hexcount++;
+	}
+        /* MIT-COOKIE: even occurrences of digits and hex digits */
+        if ((hexcount%2) == 0) {
+                r = rand()%10;
+        } else {
+                r = rand()%5+10;
+        }
+        mcookie[31] = digits[r];
+	/* reinitialize auth file */
+	authfile = cfg.getOption("authfile");
+	remove(authfile.c_str());
+        putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
+        cmd = cfg.getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie;
+        system(cmd.c_str());
+}
+
+char* App::StrConcat(const char* str1, const char* str2) {
+    char* tmp = new char[strlen(str1) + strlen(str2) + 1];
+    strcpy(tmp, str1);
+    strcat(tmp, str2);
+    return tmp;
+}

+ 5 - 3
app.h

@@ -30,7 +30,7 @@ public:
     void Run();
     int GetServerPID();
     void StopServer();
-
+	
     // Lock functions
     void GetLock();
     void RemoveLock();
@@ -48,7 +48,9 @@ private:
     void OpenLog();
     void CloseLog();
     void HideCursor();
-
+    void CreateServerAuth();
+    char* StrConcat(const char* str1, const char* str2);
+ 
     static std::string findValidRandomTheme(const std::string& set);
     static void replaceVariables(std::string& input,
                                  const std::string& var,
@@ -84,7 +86,7 @@ private:
     bool testing;
     
     std::string themeName;
-
+    std::string mcookie;
 };
 
 

+ 2 - 0
cfg.cpp

@@ -26,6 +26,7 @@ Cfg::Cfg() {
     options.insert(option("xserver_arguments",""));
     options.insert(option("numlock",""));
     options.insert(option("daemon",""));
+    options.insert(option("xauth_path","/usr/X11R6/bin/xauth"));
     options.insert(option("login_cmd","exec /bin/bash -login ~/.xinitrc %session"));
     options.insert(option("halt_cmd","/sbin/shutdown -h now"));
     options.insert(option("reboot_cmd","/sbin/shutdown -r now"));
@@ -39,6 +40,7 @@ Cfg::Cfg() {
     options.insert(option("current_theme","default"));
     options.insert(option("lockfile","/var/run/slim.lock"));
     options.insert(option("logfile","/var/log/slim.log"));
+    options.insert(option("authfile","/var/run/slim.auth"));
     options.insert(option("shutdown_msg","The system is halting..."));
     options.insert(option("reboot_msg","The system is rebooting..."));
     options.insert(option("sessions","wmaker,blackbox,icewm"));

+ 9 - 0
slim.conf

@@ -1,4 +1,5 @@
 # Path, X server and arguments (if needed)
+# Note: -xauth $authfile is automatically appended
 default_path        ./:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 default_xserver     /usr/X11R6/bin/X
 #xserver_arguments   -dpi 75
@@ -9,6 +10,13 @@ reboot_cmd          /sbin/shutdown -r now
 console_cmd         /usr/X11R6/bin/xterm -C -fg white -bg black +sb -T "Console login" -e /bin/sh -c "/bin/cat /etc/issue; exec /bin/login"
 #suspend_cmd        /usr/sbin/suspend
 
+# Full path to the xauth binary
+xauth_path         /usr/X11R6/bin/xauth 
+
+# Xauth file for server
+authfile           /var/run/slim.auth
+
+
 # Activate numlock when slim starts. Valid values: on|off
 # numlock             on
 
@@ -68,3 +76,4 @@ lockfile            /var/run/slim.lock
 
 # Log file
 logfile             /var/log/slim.log
+

+ 11 - 1
switchuser.cpp

@@ -26,9 +26,10 @@ SwitchUser::~SwitchUser() {
 }
 
 
-void SwitchUser::Login(const char* cmd) {
+void SwitchUser::Login(const char* cmd, const char* mcookie) {
     SetEnvironment();
     SetUserId();
+    SetClientAuth(mcookie);
     Execute(cmd);
 }
 
@@ -47,6 +48,8 @@ void SwitchUser::SetEnvironment() {
     putenv(StrConcat("PATH=", cfg->getOption("default_path").c_str()));
     putenv(StrConcat("DISPLAY=", displayName.c_str()));
     putenv(StrConcat("MAIL="_PATH_MAILDIR"/", Pw->pw_name));
+    putenv(StrConcat("XAUTHORITY=", StrConcat(Pw->pw_dir,"/.Xauthority")));
+    /* putenv("XAUTHORITY=/tmp/serverauth"); */
     chdir(Pw->pw_dir);
 }
 
@@ -99,3 +102,10 @@ char* SwitchUser::StrConcat(const char* str1, const char* str2) {
     return tmp;
 }
 
+void SwitchUser::SetClientAuth(const char* mcookie) {
+        int r;
+        string authfile = StrConcat(Pw->pw_dir,"/.Xauthority");
+        remove(authfile.c_str());
+        string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie;
+        r = system(cmd.c_str());
+}

+ 2 - 1
switchuser.h

@@ -27,7 +27,7 @@ class SwitchUser {
 public:
     SwitchUser(struct passwd *pw, Cfg *c, const std::string& display);
     ~SwitchUser();
-    void Login(const char* cmd);
+    void Login(const char* cmd, const char* mcookie);
 
 private:
     SwitchUser();
@@ -36,6 +36,7 @@ private:
     void Execute(const char* cmd);
     char* BaseName(const char* name);
     char* StrConcat(const char* str1, const char* str2);
+    void SetClientAuth(const char* mcookie);
     Cfg* cfg;
     struct passwd *Pw;