20788N/A@@ -135,8 +135,10 @@ uninstall-hook:
20788N/A $(DESTDIR)$(workingdir)/.config/dconf \
20788N/A+ rm -rf $(DESTDIR)$(xauthdir) \
20788N/A if test '!' -d $(DESTDIR)$(xauthdir); then \
20788N/A- $(mkinstalldirs) $(DESTDIR)$(xauthdir); \
20788N/A- chmod 0711 $(DESTDIR)$(xauthdir); \
20788N/A- chown root:gdm $(DESTDIR)$(xauthdir) || : ; \
20788N/A+ $(mkinstalldirs) $(DESTDIR)$(xauthdir); \
20788N/A+ chmod 0711 $(DESTDIR)$(xauthdir); \
20788N/A+ chown root:gdm $(DESTDIR)$(xauthdir) || : ; \
20788N/A if test '!' -d $(DESTDIR)$(screenshotdir); then \
20788N/A@@ -83,6 +83,7 @@ gboolean gdm_display_access
20788N/A void gdm_display_access_file_close (GdmDisplayAccessFile *file);
20788N/A char *gdm_display_access_file_get_path (GdmDisplayAccessFile *file);
20788N/A+void gdm_display_access_file_cleanup_xauth (void);
20788N/A #endif /* __GDM_DISPLAY_ACCESS_FILE_H__ */
20788N/A+static const char *xauth_dir_name = NULL;
20788N/A struct _GdmDisplayAccessFilePrivate
20788N/A@@ -221,13 +223,24 @@ _get_uid_and_gid_for_user (const char *u
20788N/A+gdm_display_access_file_cleanup_xauth (void)
20788N/A+ /* Clean up any xauth_dir_name when shutting down */
20788N/A+ if (strcmp (GDM_XAUTH_DIR, "/tmp") == 0 && xauth_dir_name != NULL) {
20788N/A+ g_debug ("GdmDisplayAccessFile: Unlinking xauth directory %s", xauth_dir_name);
20788N/A-clean_up_stale_auth_subdirs (void)
20788N/A+clean_up_stale_auth_subdirs (const char * xauth_dir_name)
20788N/A- dir = g_dir_open (GDM_XAUTH_DIR, 0, NULL);
20788N/A+ dir = g_dir_open (xauth_dir_name, 0, NULL);
20788N/A@@ -236,7 +249,7 @@ clean_up_stale_auth_subdirs (void)
20788N/A while ((filename = g_dir_read_name (dir)) != NULL) {
20788N/A- path = g_build_filename (GDM_XAUTH_DIR, filename, NULL);
20788N/A+ path = g_build_filename (xauth_dir_name, filename, NULL);
20788N/A /* Will only succeed if the directory is empty
20788N/A@@ -251,11 +264,14 @@ _create_xauth_file_for_user (const char
20788N/A@@ -268,10 +284,36 @@ _create_xauth_file_for_user (const char
20788N/A+ if (strcmp (GDM_XAUTH_DIR, "/tmp") == 0) {
20788N/A+ xauth_dir_name = gdm_make_temp_dir (template);
20788N/A+ g_debug ("GdmDisplayAccessFile: Creating xauth directory %s", xauth_dir_name);
20788N/A+ g_chmod (xauth_dir_name, 0711);
20788N/A+ _get_uid_and_gid_for_user (GDM_USERNAME, &uid, &gid);
20788N/A+ if (chown (xauth_dir_name, 0, gid) != 0) {
20788N/A+ g_warning ("Unable to change owner of '%s'",
20788N/A+ xauth_dir_name = GDM_XAUTH_DIR;
20788N/A+ * Note: if GDM_XAUTH_DIR is "/tmp", we never fall into the next if-case, since
20788N/A+ * gdm_make_temp_dir calls mkdtemp() which creates the directory.
20788N/A /* Create directory if not exist, then set permission 0711 and ownership root:gdm */
20788N/A- if (g_file_test (GDM_XAUTH_DIR, G_FILE_TEST_IS_DIR) == FALSE) {
20788N/A- if (g_mkdir (GDM_XAUTH_DIR, 0711) != 0) {
20788N/A+ if (g_file_test (xauth_dir_name, G_FILE_TEST_IS_DIR) == FALSE) {
20788N/A+ if (g_mkdir (xauth_dir_name, 0711) != 0) {
20788N/A g_file_error_from_errno (errno),
20788N/A@@ -279,18 +321,70 @@ _create_xauth_file_for_user (const char
20788N/A- g_chmod (GDM_XAUTH_DIR, 0711);
20788N/A+ g_chmod (xauth_dir_name, 0711);
20788N/A _get_uid_and_gid_for_user (GDM_USERNAME, &uid, &gid);
20788N/A- if (chown (GDM_XAUTH_DIR, 0, gid) != 0) {
20788N/A+ if (chown (xauth_dir_name, 0, gid) != 0) {
20788N/A g_warning ("Unable to change owner of '%s'",
20788N/A+ /* Do sanity testing on the Xauth directory */
20788N/A+ if ((xauth_dir_fp = open (xauth_dir_name, O_RDONLY | O_NOFOLLOW)) == -1) {
20788N/A+ /* If it is a symlink, open fails with O_NOFOLLOW. */
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR,
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
20788N/A+ _("GDM authorization directory %s cannot be opened."),
20788N/A+ if (fstat (xauth_dir_fp, &statbuf) == 0) {
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR,
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
20788N/A+ _("GDM authorization directory %s is not a directory."),
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR,
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
20788N/A+ _("GDM authorization directory %s: uid is not root"),
20788N/A+ _get_uid_and_gid_for_user (GDM_USERNAME, &uid, &gid);
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR,
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
20788N/A+ _("GDM authorization directory %s: gid is not the GDM user"),
20788N/A- /* if it does exist make sure it has correct mode 0711 */
20788N/A- g_chmod (GDM_XAUTH_DIR, 0711);
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR,
20788N/A+ GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY,
20788N/A+ _("Cannot fstat() the GDM authorization directory"),
20788N/A+ /* If we did not create the directory, do some cleanup */
20788N/A+ /* Make sure it has correct mode 0711 */
20788N/A+ g_chmod (xauth_dir_name, 0711);
20788N/A /* and clean up any stale auth subdirs */
20788N/A- clean_up_stale_auth_subdirs ();
20788N/A+ clean_up_stale_auth_subdirs (xauth_dir_name);
20788N/A if (!_get_uid_and_gid_for_user (username, &uid, &gid)) {
20788N/A@@ -303,9 +397,8 @@ _create_xauth_file_for_user (const char
20788N/A- template = g_strdup_printf (GDM_XAUTH_DIR
20788N/A g_debug ("GdmDisplayAccessFile: creating xauth directory %s", template);
20788N/A /* Initially create with mode 01700 then later chmod after we create database */
20788N/A@@ -686,6 +687,8 @@ main (int argc,
20788N/A gdm_settings_direct_shutdown ();
20788N/A+ gdm_display_access_file_cleanup_xauth ();