Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
On Wed, May 20, 2009 at 05:39:08PM +0200, Mike Massonnet wrote: > Wow, nice! I didn't take time yet to investigate, thanks for a lot for > providing this patch. I will make a package for stable asap. Hi Mike, this issue doesn't warrant a stable-security update through a DSA. However, you could fix this through a stable point update. If you want to do that please send a proposed debdiff to debian-rele...@lists.debian.org so that the stable release managers can review it. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Nico, good day.
Thu, May 21, 2009 at 11:00:23AM +0200, Nico Golde wrote:
> * Eygene Ryabinkin [2009-05-21 10:24]:
> > Thu, May 21, 2009 at 09:50:12AM +0400, Eygene Ryabinkin wrote:
> > > Wed, May 20, 2009 at 05:39:08PM +0200, Mike Massonnet wrote:
> > > > Wow, nice! I didn't take time yet to investigate, thanks for a lot for
> > > > providing this patch. I will make a package for stable asap.
> > >
> > > Erm, sorry, sent old patch variant that doesn't produce .Xauthority:
> > > 'quit' should be replaced with 'exit'. Sorry, wasn't updated the
> > > patchfile. Here is the proper one:
> >
> > And found one more issue -- mcookie was weakened because I am blindly
> > substituted 'int r' for 'bool r'. Fixed now.
>
> Thanks very much, the patch looks good! While you're at it, mind to
> fix the insecure "random" hexstring generation as well?
Sure, did it already, tested and just wanted to send it out.
From 5beb217296e3074cadc5bcb3e40355f54ee705f0 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin
Date: Thu, 21 May 2009 11:56:27 +0400
Subject: [PATCH] Create interface for random number generator and use it
everywhere
Don't use rand()/srand() at all -- they are very weak. Provide our
wrappers for random()/srandom() and make utility function that will
generate seed for srandom.
Rework MIT magic cookie generation: consume 4 bytes of input in one
pass -- random() should produce values that are usable for this purpose.
Signed-off-by: Eygene Ryabinkin
---
app.cpp | 49 ++---
app.h|2 ++
util.cpp | 37 +
util.h |5 +
4 files changed, 70 insertions(+), 23 deletions(-)
diff --git a/app.cpp b/app.cpp
index 04caaa1..0ac8c3a 100644
--- a/app.cpp
+++ b/app.cpp
@@ -129,15 +129,18 @@ void User1Signal(int sig) {
#ifdef USE_PAM
-App::App(int argc, char** argv):
-pam(conv, static_cast(&LoginPanel)){
+App::App(int argc, char** argv)
+ : pam(conv, static_cast(&LoginPanel)),
#else
-App::App(int argc, char** argv){
+App::App(int argc, char** argv)
+ :
#endif
+mcookiesize(32)// Must be divisible by 4
+{
int tmp;
ServerPID = -1;
testing = false;
-mcookie = "";
+mcookie = string(App::mcookiesize, 'a');
daemonmode = false;
force_nodaemon = false;
firstlogin = true;
@@ -1128,13 +1131,13 @@ string App::findValidRandomTheme(const string& set)
name = name.substr(0, name.length() - 1);
}
-srandom(getpid()+time(NULL));
+Util::srandom(Util::makeseed());
vector themes;
string themefile;
Cfg::split(themes, name, ',');
do {
-int sel = random() % themes.size();
+int sel = Util::random() % themes.size();
name = Cfg::Trim(themes[sel]);
themefile = string(THEMESDIR) +"/" + name + THEMESFILE;
@@ -1161,27 +1164,27 @@ void App::replaceVariables(string& input,
}
+/*
+ * We rely on the fact that all bits generated by Util::random()
+ * are usable, so we are taking full words from its output.
+ */
void App::CreateServerAuth() {
/* create mit cookie */
-int i, r;
-int hexcount = 0;
-string authfile;
-string cmd;
+uint16_t word;
+uint8_t hi, lo;
+int i;
+string authfile;
const char *digits = "0123456789abcdef";
-srand( time(NULL) );
-for ( i = 0; i < 31; i++ ) {
-r = rand()%16;
-mcookie[i] = digits[r];
-if (r>9)
-hexcount++;
+Util::srandom(Util::makeseed());
+for (i = 0; i < App::mcookiesize; i+=4) {
+word = Util::random() & 0x;
+lo = word & 0xff;
+hi = word >> 8;
+mcookie[i] = digits[lo & 0x0f];
+mcookie[i+1] = digits[lo >> 4];
+mcookie[i+2] = digits[hi & 0x0f];
+mcookie[i+3] = digits[hi >> 4];
}
-/* MIT-COOKIE: even occurrences of digits and hex digits */
-if ((hexcount%2) == 0) {
-r = rand()%10;
-} else {
-r = rand()%5+10;
-}
-mcookie[31] = digits[r];
/* reinitialize auth file */
authfile = cfg->getOption("authfile");
remove(authfile.c_str());
diff --git a/app.h b/app.h
index 7b4bd10..9a44269 100644
--- a/app.h
+++ b/app.h
@@ -101,6 +101,8 @@ private:
std::string themeName;
std::string mcookie;
+
+const int mcookiesize;
};
diff --git a/util.cpp b/util.cpp
index 309ce4f..5ed972f 100644
--- a/util.cpp
+++ b/util.cpp
@@ -7,7 +7,13 @@
(at your option) any later version.
*/
+#include
+
#include
+#include
+#include
+#include
+
#include "util.h"
/*
@@ -30,3 +36,34 @@ bool Util::add_mcookie(const std::string &mcookie, const
char *display,
pclose(fp);
return true;
}
+
+/*
+ * Interface for random number generator. Just now it uses ordinary
+ * random/srandom routines and serves as a wrapper for them.
+ */
+void Util::srandom(unsig
Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Hi, * Eygene Ryabinkin [2009-05-21 10:24]: > Thu, May 21, 2009 at 09:50:12AM +0400, Eygene Ryabinkin wrote: > > Wed, May 20, 2009 at 05:39:08PM +0200, Mike Massonnet wrote: > > > Wow, nice! I didn't take time yet to investigate, thanks for a lot for > > > providing this patch. I will make a package for stable asap. > > > > Erm, sorry, sent old patch variant that doesn't produce .Xauthority: > > 'quit' should be replaced with 'exit'. Sorry, wasn't updated the > > patchfile. Here is the proper one: > > And found one more issue -- mcookie was weakened because I am blindly > substituted 'int r' for 'bool r'. Fixed now. Thanks very much, the patch looks good! While you're at it, mind to fix the insecure "random" hexstring generation as well? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp0AWtMpc2Ks.pgp Description: PGP signature
Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Thu, May 21, 2009 at 09:50:12AM +0400, Eygene Ryabinkin wrote:
> Wed, May 20, 2009 at 05:39:08PM +0200, Mike Massonnet wrote:
> > Wow, nice! I didn't take time yet to investigate, thanks for a lot for
> > providing this patch. I will make a package for stable asap.
>
> Erm, sorry, sent old patch variant that doesn't produce .Xauthority:
> 'quit' should be replaced with 'exit'. Sorry, wasn't updated the
> patchfile. Here is the proper one:
And found one more issue -- mcookie was weakened because I am blindly
substituted 'int r' for 'bool r'. Fixed now.
From 72625a9dacfbd448ba7a84725d66bb2bfc9801f0 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin
Date: Wed, 20 May 2009 18:44:57 +0400
Subject: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Instead, open xauth as a pipe and feed commands via its stdin.
Signed-off-by: Eygene Ryabinkin
---
Makefile |3 ++-
Makefile.freebsd |3 ++-
Makefile.netbsd |3 ++-
Makefile.openbsd |3 ++-
app.cpp |5 +++--
switchuser.cpp |7 ---
util.cpp | 32
util.h | 19 +++
8 files changed, 66 insertions(+), 9 deletions(-)
create mode 100644 util.cpp
create mode 100644 util.h
diff --git a/Makefile b/Makefile
index f7d3d2d..240669d 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
ifdef USE_PAM
OBJECTS+=PAM.o
endif
diff --git a/Makefile.freebsd b/Makefile.freebsd
index 3ff326e..c925a39 100644
--- a/Makefile.freebsd
+++ b/Makefile.freebsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
diff --git a/Makefile.netbsd b/Makefile.netbsd
index ad8bb8b..45f33e6 100644
--- a/Makefile.netbsd
+++ b/Makefile.netbsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
diff --git a/Makefile.openbsd b/Makefile.openbsd
index b1829f8..1205b84 100644
--- a/Makefile.openbsd
+++ b/Makefile.openbsd
@@ -20,7 +20,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ util.o panel.o
.SUFFIXES: .c.o .cpp.o
diff --git a/app.cpp b/app.cpp
index 83ae947..04caaa1 100644
--- a/app.cpp
+++ b/app.cpp
@@ -24,6 +24,7 @@
#include
#include "app.h"
#include "numlock.h"
+#include "util.h"
#ifdef HAVE_SHADOW
@@ -1185,8 +1186,8 @@ void App::CreateServerAuth() {
authfile = cfg->getOption("authfile");
remove(authfile.c_str());
putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
-cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " +
mcookie;
-system(cmd.c_str());
+Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
char* App::StrConcat(const char* str1, const char* str2) {
diff --git a/switchuser.cpp b/switchuser.cpp
index e72a8fc..ec298e1 100644
--- a/switchuser.cpp
+++ b/switchuser.cpp
@@ -10,6 +10,7 @@
*/
#include "switchuser.h"
+#include "util.h"
using namespace std;
@@ -53,10 +54,10 @@ void SwitchUser::Execute(const char* cmd) {
}
void SwitchUser::SetClientAuth(const char* mcookie) {
-int r;
+bool r;
string home = string(Pw->pw_dir);
string authfile = home + "/.Xauthority";
remove(authfile.c_str());
-string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add
:0 . " + mcookie;
-r = system(cmd.c_str());
+r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
diff --git a/util.cpp b/util.cpp
new file mode 100644
index 000..309ce4f
--- /dev/null
+++ b/util.cpp
@@ -0,0 +1,32 @@
+/* SLiM - Simple Login Manager
+ Copyright (C) 2009 Eygene Ryabinkin
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Softwa
Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Wed, May 20, 2009 at 05:39:08PM +0200, Mike Massonnet wrote:
> Wow, nice! I didn't take time yet to investigate, thanks for a lot for
> providing this patch. I will make a package for stable asap.
Erm, sorry, sent old patch variant that doesn't produce .Xauthority:
'quit' should be replaced with 'exit'. Sorry, wasn't updated the
patchfile. Here is the proper one:
From 91a9c953723d602c3da0e375785a9c62401781c2 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin
Date: Wed, 20 May 2009 18:44:57 +0400
Subject: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Instead, open xauth as a pipe and feed commands via its stdin.
Signed-off-by: Eygene Ryabinkin
---
Makefile |3 ++-
Makefile.freebsd |3 ++-
Makefile.netbsd |3 ++-
Makefile.openbsd |3 ++-
app.cpp |8 +---
switchuser.cpp |7 ---
util.cpp | 32
util.h | 19 +++
8 files changed, 68 insertions(+), 10 deletions(-)
create mode 100644 util.cpp
create mode 100644 util.h
diff --git a/Makefile b/Makefile
index f7d3d2d..240669d 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
ifdef USE_PAM
OBJECTS+=PAM.o
endif
diff --git a/Makefile.freebsd b/Makefile.freebsd
index 3ff326e..c925a39 100644
--- a/Makefile.freebsd
+++ b/Makefile.freebsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
diff --git a/Makefile.netbsd b/Makefile.netbsd
index ad8bb8b..45f33e6 100644
--- a/Makefile.netbsd
+++ b/Makefile.netbsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
diff --git a/Makefile.openbsd b/Makefile.openbsd
index b1829f8..1205b84 100644
--- a/Makefile.openbsd
+++ b/Makefile.openbsd
@@ -20,7 +20,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ util.o panel.o
.SUFFIXES: .c.o .cpp.o
diff --git a/app.cpp b/app.cpp
index 83ae947..2502b0b 100644
--- a/app.cpp
+++ b/app.cpp
@@ -24,6 +24,7 @@
#include
#include "app.h"
#include "numlock.h"
+#include "util.h"
#ifdef HAVE_SHADOW
@@ -1162,7 +1163,8 @@ void App::replaceVariables(string& input,
void App::CreateServerAuth() {
/* create mit cookie */
-int i, r;
+bool r;
+int i;
int hexcount = 0;
string authfile;
string cmd;
@@ -1185,8 +1187,8 @@ void App::CreateServerAuth() {
authfile = cfg->getOption("authfile");
remove(authfile.c_str());
putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
-cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " +
mcookie;
-system(cmd.c_str());
+r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
char* App::StrConcat(const char* str1, const char* str2) {
diff --git a/switchuser.cpp b/switchuser.cpp
index e72a8fc..ec298e1 100644
--- a/switchuser.cpp
+++ b/switchuser.cpp
@@ -10,6 +10,7 @@
*/
#include "switchuser.h"
+#include "util.h"
using namespace std;
@@ -53,10 +54,10 @@ void SwitchUser::Execute(const char* cmd) {
}
void SwitchUser::SetClientAuth(const char* mcookie) {
-int r;
+bool r;
string home = string(Pw->pw_dir);
string authfile = home + "/.Xauthority";
remove(authfile.c_str());
-string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add
:0 . " + mcookie;
-r = system(cmd.c_str());
+r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
diff --git a/util.cpp b/util.cpp
new file mode 100644
index 000..309ce4f
--- /dev/null
+++ b/util.cpp
@@ -0,0 +1,32 @@
+/* SLiM - Simple Login Manager
+ Copyright (C) 2009 Eygene Ryabinkin
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Pub
Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Wow, nice! I didn't take time yet to investigate, thanks for a lot for
providing this patch. I will make a package for stable asap.
Mike
2009/5/20 Eygene Ryabinkin :
> Instead, open xauth as a pipe and feed commands via its stdin.
>
> Signed-off-by: Eygene Ryabinkin
> ---
> Makefile | 3 ++-
> Makefile.freebsd | 3 ++-
> Makefile.netbsd | 3 ++-
> Makefile.openbsd | 3 ++-
> app.cpp | 8 +---
> switchuser.cpp | 7 ---
> util.cpp | 32
> util.h | 19 +++
> 8 files changed, 68 insertions(+), 10 deletions(-)
> create mode 100644 util.cpp
> create mode 100644 util.h
>
> diff --git a/Makefile b/Makefile
> index f7d3d2d..240669d 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -25,7 +25,8 @@ VERSION=1.3.1
> DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
> -DPKGDATADIR=\"$(PREFIX)/share/slim\"
> -DSYSCONFDIR=\"$(CFGDIR)\"
>
> -OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o
> panel.o
> +OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
> + panel.o util.o
> ifdef USE_PAM
> OBJECTS+=PAM.o
> endif
> diff --git a/Makefile.freebsd b/Makefile.freebsd
> index 3ff326e..c925a39 100644
> --- a/Makefile.freebsd
> +++ b/Makefile.freebsd
> @@ -24,7 +24,8 @@ VERSION=1.3.1
> DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
> -DPKGDATADIR=\"$(PREFIX)/share/slim\"
> -DSYSCONFDIR=\"$(CFGDIR)\"
>
> -OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o
> panel.o
> +OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
> + panel.o util.o
> .ifdef USE_PAM
> OBJECTS+=PAM.o
> .endif
> diff --git a/Makefile.netbsd b/Makefile.netbsd
> index ad8bb8b..45f33e6 100644
> --- a/Makefile.netbsd
> +++ b/Makefile.netbsd
> @@ -24,7 +24,8 @@ VERSION=1.3.1
> DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
> -DPKGDATADIR=\"$(PREFIX)/share/slim\"
> -DSYSCONFDIR=\"$(CFGDIR)\"
>
> -OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o
> panel.o
> +OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
> + panel.o util.o
> .ifdef USE_PAM
> OBJECTS+=PAM.o
> .endif
> diff --git a/Makefile.openbsd b/Makefile.openbsd
> index b1829f8..1205b84 100644
> --- a/Makefile.openbsd
> +++ b/Makefile.openbsd
> @@ -20,7 +20,8 @@ VERSION=1.3.1
> DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
> -DPKGDATADIR=\"$(PREFIX)/share/slim\"
> -DSYSCONFDIR=\"$(CFGDIR)\"
>
> -OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o
> panel.o
> +OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
> + util.o panel.o
>
> .SUFFIXES: .c.o .cpp.o
>
> diff --git a/app.cpp b/app.cpp
> index 83ae947..2502b0b 100644
> --- a/app.cpp
> +++ b/app.cpp
> @@ -24,6 +24,7 @@
> #include
> #include "app.h"
> #include "numlock.h"
> +#include "util.h"
>
>
> #ifdef HAVE_SHADOW
> @@ -1162,7 +1163,8 @@ void App::replaceVariables(string& input,
>
> void App::CreateServerAuth() {
> /* create mit cookie */
> - int i, r;
> + bool r;
> + int i;
> int hexcount = 0;
> string authfile;
> string cmd;
> @@ -1185,8 +1187,8 @@ void App::CreateServerAuth() {
> authfile = cfg->getOption("authfile");
> remove(authfile.c_str());
> putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
> - cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . "
> + mcookie;
> - system(cmd.c_str());
> + r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
> + authfile);
> }
>
> char* App::StrConcat(const char* str1, const char* str2) {
> diff --git a/switchuser.cpp b/switchuser.cpp
> index e72a8fc..ec298e1 100644
> --- a/switchuser.cpp
> +++ b/switchuser.cpp
> @@ -10,6 +10,7 @@
> */
>
> #include "switchuser.h"
> +#include "util.h"
>
> using namespace std;
>
> @@ -53,10 +54,10 @@ void SwitchUser::Execute(const char* cmd) {
> }
>
> void SwitchUser::SetClientAuth(const char* mcookie) {
> - int r;
> + bool r;
> string home = string(Pw->pw_dir);
> string authfile = home + "/.Xauthority";
> remove(authfile.c_str());
> - string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add
> :0 . " + mcookie;
> - r = system(cmd.c_str());
> + r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
> + authfile);
> }
> diff --git a/util.cpp b/util.cpp
> new file mode 100644
> index 000..050d83d
> --- /dev/null
> +++ b/util.cpp
> @@ -0,0 +1,32 @@
> +/* SLiM - Simple Login Manager
> + Copyright (C) 2009 Eygene Ryabinkin
> +
> + This program is free software; you can redistribute it and/or modify
> + it under the terms of the GNU General Public License as published by
> + the Free Software Foundation; either version 2 of the License, or
> + (at your option) any later version.
> +*/
> +
>
Bug#529306: [PATCH] Do not specify magic cookie for xauth in the xauth command line
Instead, open xauth as a pipe and feed commands via its stdin.
Signed-off-by: Eygene Ryabinkin
---
Makefile |3 ++-
Makefile.freebsd |3 ++-
Makefile.netbsd |3 ++-
Makefile.openbsd |3 ++-
app.cpp |8 +---
switchuser.cpp |7 ---
util.cpp | 32
util.h | 19 +++
8 files changed, 68 insertions(+), 10 deletions(-)
create mode 100644 util.cpp
create mode 100644 util.h
diff --git a/Makefile b/Makefile
index f7d3d2d..240669d 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
ifdef USE_PAM
OBJECTS+=PAM.o
endif
diff --git a/Makefile.freebsd b/Makefile.freebsd
index 3ff326e..c925a39 100644
--- a/Makefile.freebsd
+++ b/Makefile.freebsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
diff --git a/Makefile.netbsd b/Makefile.netbsd
index ad8bb8b..45f33e6 100644
--- a/Makefile.netbsd
+++ b/Makefile.netbsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
diff --git a/Makefile.openbsd b/Makefile.openbsd
index b1829f8..1205b84 100644
--- a/Makefile.openbsd
+++ b/Makefile.openbsd
@@ -20,7 +20,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ util.o panel.o
.SUFFIXES: .c.o .cpp.o
diff --git a/app.cpp b/app.cpp
index 83ae947..2502b0b 100644
--- a/app.cpp
+++ b/app.cpp
@@ -24,6 +24,7 @@
#include
#include "app.h"
#include "numlock.h"
+#include "util.h"
#ifdef HAVE_SHADOW
@@ -1162,7 +1163,8 @@ void App::replaceVariables(string& input,
void App::CreateServerAuth() {
/* create mit cookie */
-int i, r;
+bool r;
+int i;
int hexcount = 0;
string authfile;
string cmd;
@@ -1185,8 +1187,8 @@ void App::CreateServerAuth() {
authfile = cfg->getOption("authfile");
remove(authfile.c_str());
putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
-cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " +
mcookie;
-system(cmd.c_str());
+r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
char* App::StrConcat(const char* str1, const char* str2) {
diff --git a/switchuser.cpp b/switchuser.cpp
index e72a8fc..ec298e1 100644
--- a/switchuser.cpp
+++ b/switchuser.cpp
@@ -10,6 +10,7 @@
*/
#include "switchuser.h"
+#include "util.h"
using namespace std;
@@ -53,10 +54,10 @@ void SwitchUser::Execute(const char* cmd) {
}
void SwitchUser::SetClientAuth(const char* mcookie) {
-int r;
+bool r;
string home = string(Pw->pw_dir);
string authfile = home + "/.Xauthority";
remove(authfile.c_str());
-string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add
:0 . " + mcookie;
-r = system(cmd.c_str());
+r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
diff --git a/util.cpp b/util.cpp
new file mode 100644
index 000..050d83d
--- /dev/null
+++ b/util.cpp
@@ -0,0 +1,32 @@
+/* SLiM - Simple Login Manager
+ Copyright (C) 2009 Eygene Ryabinkin
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+*/
+
+#include
+#include "util.h"
+
+/*
+ * Adds the given cookie to the specified Xauthority file.
+ * Returns true on success, false on fault.
+ */
+bool Util::add_mcookie(const std::string &mcookie, const char *display,
+const std::string &xauth_cmd, const std::string &authfile)
+{
+ FILE *fp;
+ std::string cmd = xauth_cmd + " -f " + authfile + " -q";
+
+ fp = popen(cmd.c_str(), "w");
+ if (!fp)
+
