On Tue, Jan 13, 2004 at 02:58:34PM -0500, Rick Beldin wrote: >I was looking over some recent changes to xdm in policy.c: > > Revision 3.9 / (download) - annotate - [select for diffs], Thu Jan 1 17:12:34 >2004 UTC (12 days, 2 hours ago) by herrb >Branch: MAIN >CVS Tags: HEAD >Changes since 3.8: +23 -2 lines >Diff to previous 3.8 (unified) > >When handling a request paquet, select a supported connection type >if possible. If no supported connection is proposed, dont reject the >connection. Problem noticed by Mario Klebsch, fix by me. > >I've been working on similar problems where the client system (requestor) >has multiple lan interfaces that are visible to the OS, yet are not >configured. Such a situation can easily exist on a laptop with both >wired and wireless configurations and a VPN or a workstation with multiple >interfaces, one or more which are not configured. > >Such a situation will generate a request that appears to originate from >0.0.0.0. This situation is apparently what drove the -from option in >XFree86 Xserver.
I'm assuming you mean that there is a 0.0.0.0 address in the connectionAddresses list passed from the X server to the xdm server? The -from option was motivated by machines with multiple configured addresses. If an unconfigured interface address is getting added to the list of addresses, then I'd say that this is a bug in the X server. There may be similar bugs in other places that get a list of local addresses. >While the -from is a viable workaround, I am curious as to real need for >this. Consider that in xdm's xdmcp.c request_respond(): The -from option probably could be avoided in most cases, but there are still some configurations where it would remain useful. > /* Check this Display against the Manager's policy */ > reason = Accept (from, fromlen, displayNumber); > if (reason) > goto decline; > > /* Check the Display's stream services against Manager's policy */ > i = SelectConnectionTypeIndex (&connectionTypes, > &connectionAddresses); > >The from variable contains information about the requestor. It has >the correct ip address of the machine that sent the request. Why >aren't we simply using that address to reply back to? Why go through >all the various connections? Would you want to get a request from one >IP address (from) and then respond to something else (in the connectionAddresses)? The X server passes xdm a list of addresses, and xdm chooses one based on its policy. The policy should probably be fixed to favour the address the request comes from. As it is now, there is no guarantee that the address it picks is even reachable (which I think was the real motivation for the -from option). While this should be corrected, other xdm-derived display managers probably have the same problem. For your specific problem, the best immediate solution might be to make sure that the X server doesn't include unconfigured interfaces in the list of addresses it passes to xdm. David -- David Dawes developer/release engineer The XFree86 Project www.XFree86.org/~dawes _______________________________________________ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
