Author: branden Date: 2003-09-15 15:06:51 -0500 (Mon, 15 Sep 2003) New Revision: 530
Removed: branches/4.3.0/sid/debian/patches/821_gnu-freebsd_xdm.diff Modified: branches/4.3.0/sid/debian/patches/002_xdm_fixes.diff Log: Resync xdm patches with trunk. Bring in a lot of fixes from post 4.2.1-4, including the latest fix from 4.2.1-10. Merge in GNU/FreeBSD changes and resync with upstream. Modified: branches/4.3.0/sid/debian/patches/002_xdm_fixes.diff =================================================================== --- branches/4.3.0/sid/debian/patches/002_xdm_fixes.diff 2003-09-15 08:42:56 UTC (rev 529) +++ branches/4.3.0/sid/debian/patches/002_xdm_fixes.diff 2003-09-15 20:06:51 UTC (rev 530) @@ -1,108 +1,421 @@ -Various fixes for xdm; forward-ported from 4.2.1 (patch originally by Branden -Robinson). +$Id$ -The second part of this patch fixes a few /dev/mem issues, described below. +This patch by Branden Robinson, Matthieu Herrb, and Richard Braakman. -Historically, if HASXDMAUTH was defined but neither ARC4_RANDOM nor -DEV_RANDOM were defined, xdm provided a function called sumFile() that -would read straight from /dev/mem and use that as an entropy source. -However, that's a bad idea because A) it's not very entropic and B) some -OSes have hardware registers mapped into /dev/mem, and even just reading -from them can cause machine checks. It's a Bad Thing to do. +These patches do a number of things: -* Remove no longer needed "FRAGILE_DEV_MEM" define. -* Revert meaning of DEV_RANDOM define to a simple on/off. DEF_RANDOM_FILE - is already used in resource.c for the same purpose that the old - (NetBSD-based?) code was using it. -* Have NetBSD use /dev/urandcom as its DEF_RANDOM_FILE. -* Define DEV_RANDOM for Linux and the Hurd. They both use /dev/random for - their DEF_RANDOM_FILE. -* Rewrite genauth.c to drop the sumFile() function and throw a cpp #error - if HASXDMAUTH is defined but neither ARC4_RANDOM nor DEV_RANDOM are. -* Whitespace and stylistic cleanups to genauth.c -* Have genauth.c log an error, using _SysErrorMsg(), if it cannot open the - specified randomFile. -* Change semantics of randomFile resource to refer to the device to be - opened for platforms that use DEV_RANDOM, instead of the device to be - checksummed with the now-nonexistent sumFile() function. -* Update manpage to reflect above change in meaning of randomFile resource, - and document when it's not used. -* Cleaned up whitespace and indented pre-processor conditionals in - resource.c. - Not submitted upstream yet. -diff -urN xc.orig/programs/xdm/Imakefile xc/programs/xdm/Imakefile ---- xc.orig/programs/xdm/Imakefile Wed Oct 9 05:26:16 2002 -+++ xc/programs/xdm/Imakefile Fri Dec 6 15:27:31 2002 -@@ -127,14 +127,14 @@ - SOCK_DEFINES = -DBSD44SOCKETS +* Imakefile: + Use /dev/random as the default random number generator on + Linux, Hurd, and GNU/FreeBSD. +* auth.c: + - Add a couple of comments to assuage some of the fears of security + auditors, and people who follow up on the GNU linker's ritual + complaints about mktemp(). + - Protect against race-based symlink attacks in + SaveServerAuthorizations(). + - Change openFiles() to avoid race-based symlink attacks. + - Change openFiles() to accept NULL for its third argument, and check + for a NULL value before fopen()ing the first argument. + - In SetUserAuthorization(), when falling back to /tmp for creation of + the authorization file, pass openFiles() NULL as arg 3, and set "old" + to NULL, since the we know the temp file just created to contain auth + credentials will be empty and have no authorization records in it. + - Richard Braakman observes the following about the above changes: "I + can think of only one case where the new behaviour could be a + problem: if a user already has a file ".Xauthority-n" in $HOME and + the user's home directory is not writable for self (so the unlink + fails) and the .Xauthority-n file _is_ writable then the old fopen + would have succeeded (and truncated the file), while the new code + would fail. Well, tough titties." Since "-n" files are cleaned + shortly after they are created, the existence of any such file would + be an anomaly (the result of an xdm or xinit process getting killed + at an inopportune moment). This doesn't seem like an important + concession. + - Also note that xdm is only susceptible to the aforementioned + race-condition-based symlink attacks if: + 1) the administrator configures the authDir or authFile resources to + be in publicly-writable directories; or + 2) the user's home directory is unwritable (NFS failure, over quota, + etc.) + - Change LogError() invocations to use _SysErrorMsg() where errno might + be set (and not clobbered by intermediate calls). Also make + LogError() the first thing we do after an error condition in those + cases. + - Make several LogError() and Debug() messages more informative. + - Fix typo in debug message. +* choose.c: + Use xdm's _SysErrorMsg() function instead of strerror(). +* config/Imakefile: + - Handle GNUMachArchitecture the same as LinuxArchitecture. +* config/Xres.cpp: + - Use fonts for the greeter that look good (or, at least, less + horrible). I experimented with this quite a bit to get something + that looks good when the ordinary bitmap fonts aren't scaled. + - Move some XPM-extension stuff inside the XPM #ifdef. + - Don't use a bitmap in the greeter if the root window is small. +* daemon.c: + - Use xdm's _SysErrorMsg() function instead of strerror or merely + printing the raw error number. + - Stop manipulating the standard file descriptiors, since this can + interfere with logging. + - Log error if daemon() call fails. +* dm.c: + - Matthieu Herrb rewrote the StorePid() function based on my changes; + he made it more careful with the size of Pid_t, and treats an + existing pid file as a failure. I then made some more changes: use + _SysErrorMsg() instead of strerror(), catch errors from the daemon() + function, do not close standard file descriptiors on daemonization, + add a comment explaining why, and don't assume that the process id we + write to the pidFile is 5 digits. + - Miscellaenous fixes: Add indentation to (heavily-used) preprocessor + statements. Initialize the log file sooner. Update log messages to + indicate when an immediate exit is taking place. Add log messages + for xdm startup, shutdown, and normal exit. Add a debugging message + when xdm enters its main loop. Fix a typo in a log message. Move a + "default" case in a switch() to be the final case evaluated, as is + customary in C code. Made brace usage a little more internally + consistent. Change a LogError() to a LogInfo() when we expect a + child X server process to become a zombie. Use the PID file as most + other Unix daemons do. Use _SysErrorMsg() instead of strerror(). + Wrap some code at 80 columns. +* dm_auth.h: + - Add function prototypes for exposed interfaces in xdmauth.c. + - Copy declarations from Xdmcp library's Wrap.h header. +* dm_error.h: + Remove protoype for unused Panic() function. +* error.c: + - Add timestamping to logging functions, except for LogOutOfMem(). + - Remove unused Panic() function. + - Append to the log file if it already exists. + - Style fix: put function names flush left when they're being defined. +* genauth.c: + - Include <fcntl.h> for definitions of O_ flags to open(). + - Remove partial set of delcarations from Xdmcp library's Wrap.h + header; now in dm_auth.h instead. +* greeter/verify.c: + Use _SysErrorMsg() instead of strerror(). +* session.c: + Indent pre-processor statements. Use _SysErrorMsg() instead of + strerror(). Recognize that GNU LibC-based systems as well as Linux + systems in general have the endpwent() function. Recognize that GNU + LibC-based systems as well as CSRG_BASED ones have the getpwnam() and + crypt() functions. Style fix: put function names flush left when + they're being defined. +socket.c: + Use _SysErrorMsg() instead of strerror(). +util.c: + The setpgrp define wouldn't be necessary if GlibC's setpgrp was + equivalent to setpgid as described in the GlibC (info, of course) + documentation. -- Robert Millan <[EMAIL PROTECTED]> +xdm.man: + Use dot macros instead of backslash roff sequences to mark up literals + that use __projectroot__, because cpp won't recognize them otherwise. +xdmauth.c: + - Declare functions used only internally as static. + - Delcare function prototypes for internal functions. + - Move from K&R to ANSI style function headers. +xdmcp.c: + When terminating an active session, report this fact with LogInfo() + rather than Debug(). +xdmshell.c: + #include <string.h> for strerror() prototype. (xdmshell can't use + _SysErrorMsg because it is a standalone program that doesn't include + server.c.) + +--- xc/programs/xdm/Imakefile~ 2003-09-15 14:31:57.000000000 -0500 ++++ xc/programs/xdm/Imakefile 2003-09-15 14:34:28.000000000 -0500 +@@ -137,6 +137,10 @@ + RANDOM_DEFINES = -DDEV_RANDOM=\"/dev/urandom\" #endif --#if defined(i386Architecture) || defined(AmigaArchitecture) --FRAGILE_DEFINES = -DFRAGILE_DEV_MEM --#endif -- - #if defined(NetBSDArchitecture) && \ - ((OSMajorVersion > 1) || \ - (OSMajorVersion == 1 && OSMinorVersion > 3)) --RANDOM_DEFINES = -DDEV_RANDOM=\"/dev/urandom\" -+RANDOM_DEFINES = -DDEV_RANDOM -DDEF_RANDOM_FILE="\"/dev/urandom\"" ++#if defined(LinuxArchitecture) || defined(GNUMachArchitecture) || defined(GNUFreeBSDArchitecture) ++ RANDOM_DEFINES = -DDEV_RANDOM -DDEF_RANDOM_FILE="\"/dev/random\"" +#endif + -+#if defined(LinuxArchitecture) || defined(GNUMachArchitecture) -+RANDOM_DEFINES = -DDEV_RANDOM -DDEF_RANDOM_FILE="\"/dev/random\"" + #ifdef OpenBSDArchitecture + RANDOM_DEFINES = -DARC4_RANDOM #endif +diff -urN xc/programs/xdm~/auth.c xc/programs/xdm/auth.c +--- xc/programs/xdm~/auth.c 2003-08-19 01:01:30.000000000 -0500 ++++ xc/programs/xdm/auth.c 2003-08-19 01:04:55.000000000 -0500 +@@ -46,6 +46,7 @@ + #include "dm_error.h" - #ifdef OpenBSDArchitecture -@@ -230,7 +230,7 @@ - $(SIGNAL_DEFINES) $(CRYPT_DEFINES) $(BSDAUTH_DEFINES) \ - $(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \ - $(PWD_DEFINES) $(PAM_DEFINES) $(CONN_DEFINES) \ -- $(GREET_DEFINES) $(FRAGILE_DEFINES) $(RANDOM_DEFINES) \ -+ $(GREET_DEFINES) $(RANDOM_DEFINES) \ - -DOSMAJORVERSION=$(OSMAJORVERSION) \ - -DOSMINORVERSION=$(OSMINORVERSION) \ - $(XKB_CLIENT_DEFINES) $(USER_CONTEXT_DEFINES) \ -@@ -256,9 +256,9 @@ - '-DDEF_SYSTEM_SHELL="$(BOURNE_SHELL)"' \ - '-DDEF_FAILSAFE_CLIENT="$(BINDIR)/xterm"' \ - '-DDEF_XDM_CONFIG="$(XDMDIR)/xdm-config"' \ -- '-DDEF_CHOOSER="$(XDMDIR)/chooser"' \ -- '-DDEF_AUTH_DIR="$(XDMDIR)"' \ -- '-DDEF_GREETER_LIB="$(XDMDIR)/libXdmGreet.so"' -+ '-DDEF_CHOOSER="$(BINDIR)/chooser"' \ -+ '-DDEF_AUTH_DIR="$(XDMVARDIR)"' \ -+ '-DDEF_GREETER_LIB="$(USRLIBDIR)/libXdmGreet.so"' + #include <errno.h> ++#include <fcntl.h> - ComplexProgramTarget_1(xdm,$(LOCAL_LIBRARIES),NullParameter) - LinkConfDirectory(xdm,.,xdm,.) -@@ -277,7 +277,7 @@ - #if BuildChooser - SpecialCObjectRule(chooser, $(ICONFIGFILES), $(SOCK_DEFINES)) - NormalProgramTarget(chooser,$(OBJS3),$(DEPLIBS3),$(LIBS3),NullParameter) --InstallProgram(chooser,$(XDMDIR)) -+InstallProgram(chooser,$(BINDIR)) - InstallAppDefaults(Chooser) - #endif - #if BuildBoth ---- xc/programs/xdm/config/Imakefile.orig Sun Dec 29 17:16:42 2002 -+++ xc/programs/xdm/config/Imakefile Sun Dec 29 17:20:57 2002 -@@ -22,8 +22,13 @@ - # define XdmbwPixmap XFree86bw.xpm - #endif + #include <sys/ioctl.h> -+#if LinuxDistribution && (LinuxDistribution == LinuxDebian) -+XPM_DEFINES=-DXPM -DBITMAPDIR=$(XDMDIR)/pixmaps -DXDM_PIXMAP=debian.xpm\ @@\ -+ -DXDM_BWPIXMAP=debianbw.xpm -+#else - XPM_DEFINES=-DXPM -DBITMAPDIR=$(XDMDIR)/pixmaps -DXDM_PIXMAP=XdmPixmap\ @@\ - -DXDM_BWPIXMAP=XdmbwPixmap -+#endif +@@ -319,8 +320,16 @@ + d->authFile = NULL; + return FALSE; + } +- sprintf (d->authFile, "%s/%s/%s/A%s-XXXXXX", ++ sprintf (d->authFile, "%s/%s/%s/A%s-XXXXXX", + authDir, authdir1, authdir2, cleanname); ++ /* ++ * Security auditors should note that mktemp() is not used unsafely ++ * here. The authFile is created in authDir, which defaults to ++ * a non-user-writeable location (see xdm.man). Only root, the ++ * owner of xdm's configuration files, or someone with permission ++ * to execute xdm (which is not installed setuid or setgid by ++ * default) can change the authDir or authFile resources. ++ */ + (void) mktemp (d->authFile); + } + return TRUE; +@@ -336,42 +345,50 @@ + int mask; + int ret; + int i; ++ int fd; - XDMLOGDIR = $(LOGDIRECTORY) - #ifdef VarRunDirectory -@@ -39,7 +44,11 @@ + mask = umask (0077); + if (!d->authFile && !MakeServerAuthFile (d)) + return FALSE; + (void) unlink (d->authFile); +- auth_file = fopen (d->authFile, "w"); +- umask (mask); +- if (!auth_file) { +- Debug ("Can't creat auth file %s\n", d->authFile); +- LogError ("Cannot open server authorization file %s\n", d->authFile); ++ fd = open (d->authFile, O_WRONLY | O_CREAT | O_EXCL, 0600); ++ if (fd >= 0) ++ auth_file = fdopen (fd, "w"); ++ else ++ { ++ LogError ("cannot create server authorization file %s: %s\n", ++ d->authFile, _SysErrorMsg (errno)); ++ Debug ("can't create auth file %s\n", d->authFile); ++ } ++ (void) umask (mask); ++ if (!auth_file) ++ { + free (d->authFile); + d->authFile = NULL; + ret = FALSE; + } + else + { +- Debug ("File: %s auth: %p\n", d->authFile, auths); ++ Debug ("file: %s auth: %p\n", d->authFile, auths); + ret = TRUE; + for (i = 0; i < count; i++) + { + /* +- * User-based auths may not have data until +- * a user logs in. In which case don't write +- * to the auth file so xrdb and setup programs don't fail. ++ * User-based auths may not have data until a user logs in, in ++ * which case don't write to the auth file so xrdb and setup ++ * programs don't fail. + */ + if (auths[i]->data_length > 0) + if (!XauWriteAuth (auth_file, auths[i]) || + fflush (auth_file) == EOF) + { +- LogError ("Cannot write server authorization file %s\n", ++ LogError ("cannot write to server authorization file %s\n", + d->authFile); + ret = FALSE; + free (d->authFile); + d->authFile = NULL; + } +- } ++ } + fclose (auth_file); + } + return ret; +@@ -458,19 +475,36 @@ + openFiles (char *name, char *new_name, FILE **oldp, FILE **newp) + { + int mask; ++ int newfd; + + strcpy (new_name, name); + strcat (new_name, "-n"); + mask = umask (0077); + (void) unlink (new_name); +- *newp = fopen (new_name, "w"); ++ newfd = open (new_name, O_WRONLY | O_CREAT | O_EXCL, 0600); ++ if (newfd >= 0) ++ *newp = fdopen (newfd, "w"); ++ else ++ { ++ LogError ("cannot create file %s: %s\n", new_name, ++ _SysErrorMsg (errno)); ++ Debug ("can't create file %s\n", new_name); ++ *newp = NULL; ++ } + (void) umask (mask); +- if (!*newp) { +- Debug ("can't open new file %s\n", new_name); +- return 0; ++ if (!*newp) ++ { ++ Debug ("can't open new file %s\n", new_name); ++ return 0; ++ } ++ else ++ Debug ("open succeeded: %s\n", new_name); ++ if (oldp) ++ { ++ *oldp = fopen (name, "r"); ++ if (*oldp) ++ Debug ("open succeeded: %s\n", name); + } +- *oldp = fopen (name, "r"); +- Debug ("opens succeeded %s %s\n", name, new_name); + return 1; + } + +@@ -804,10 +838,11 @@ + struct in_ifaddr ifaddr; + struct strioctl str; + unsigned char *addr; +- int len, ipfd; ++ int len, ipfd; + + if ((ipfd = open ("/dev/ip", O_RDWR, 0 )) < 0) +- LogError ("Getting interface configuration"); ++ LogError ("cannot get interface configuration; cannot open /dev/ip: " ++ "%s\n", _SysErrorMsg (errno)); + + /* Indicate that we want to start at the begining */ + ifnet.ib_next = (struct ipb *) 1; +@@ -821,8 +856,9 @@ + + if (ioctl (ipfd, (int) I_STR, (char *) &str) < 0) + { ++ LogError ("cannot get interface configuration; ioctl failed: %s\n", ++ _SysErrorMsg (errno)); + close (ipfd); +- LogError ("Getting interface configuration"); + } + + ifaddr.ia_next = (struct in_ifaddr *) ifnet.if_addrlist; +@@ -833,8 +869,9 @@ + + if (ioctl (ipfd, (int) I_STR, (char *) &str) < 0) + { ++ LogError ("cannot get interface configuration; ioctl failed: %s\n", ++ _SysErrorMsg (errno)); + close (ipfd); +- LogError ("Getting interface configuration"); + } + + /* +@@ -874,11 +911,11 @@ + char *addr; + int family; + register struct ifreq *ifr; +- ++ + ifc.ifc_len = sizeof (buf); + ifc.ifc_buf = buf; + if (ifioctl (fd, SIOCGIFCONF, (char *) &ifc) < 0) +- LogError ("Trouble getting network interface configuration"); ++ LogError ("trouble getting network interface configuration"); + + #ifdef ISC + #define IFC_IFC_REQ (struct ifreq *) ifc.ifc_buf +@@ -1096,28 +1133,47 @@ + Debug ("openFiles failed\n"); + XauUnlockAuth (home_name); + lockStatus = LOCK_ERROR; +- } ++ } + } + } + if (lockStatus != LOCK_SUCCESS) { ++ /* log the fact that we're having trouble with authorization */ ++ if (home) { ++ LogInfo ("unable to lock authority file in %s for display %s\n", ++ home, d->name); ++ } else { ++ LogInfo ("unable to determine home directory for authority " ++ "file locking on display %s\n", d->name); ++ } + snprintf (backup_name, sizeof(backup_name), "%s/.XauthXXXXXX", d->userAuthDir); ++ /* ++ * Security auditors should note that mktemp() is not used ++ * unsafely here. XauLockAuth() is very careful about opening ++ * the authority file, using O_CREAT and O_EXCL. ++ * ++ * However, note that the file backup_name will likely never be ++ * unlinked, since the user's home directory was unwritable and we ++ * will have to use backup_name as the authority file for the entire ++ * session. ++ */ + (void) mktemp (backup_name); + lockStatus = XauLockAuth (backup_name, 1, 2, 10); + Debug ("backup lock is %d\n", lockStatus); + if (lockStatus == LOCK_SUCCESS) { +- if (openFiles (backup_name, new_name, &old, &new)) { ++ if (openFiles (backup_name, new_name, NULL, &new)) { ++ old = NULL; + name = backup_name; + setenv = 1; + } else { + XauUnlockAuth (backup_name); + lockStatus = LOCK_ERROR; +- } ++ } + } + } + if (lockStatus != LOCK_SUCCESS) { + Debug ("can't lock auth file %s or backup %s\n", + home_name, backup_name); +- LogError ("can't lock authorization file %s or backup %s\n", ++ LogError ("cannot lock authorization file %s or backup %s\n", + home_name, backup_name); + return; + } +@@ -1186,8 +1242,9 @@ + Debug ("unlink %s failed\n", name); + envname = name; + if (link (new_name, name) == -1) { ++ LogError ("cannot move authorization file into place: %s\n", ++ _SysErrorMsg (errno)); + Debug ("link failed %s %s\n", new_name, name); +- LogError ("Can't move authorization into place\n"); + setenv = 1; + envname = new_name; + } else { +@@ -1263,12 +1320,14 @@ + if (unlink (name) == -1) + Debug ("unlink %s failed\n", name); + if (link (new_name, name) == -1) { ++ LogError ("cannot move authorization file into place: %s\n", ++ _SysErrorMsg (errno)); + Debug ("link failed %s %s\n", new_name, name); +- LogError ("Can't move authorization into place\n"); + } else { + Debug ("new is in place, go for it!\n"); + unlink (new_name); + } + } + XauUnlockAuth (name); ++ Debug ("done RemoveUserAuthorization\n"); + } +diff -urN xc/programs/xdm~/choose.c xc/programs/xdm/choose.c +--- xc/programs/xdm~/choose.c 2001-12-14 15:01:20.000000000 -0500 ++++ xc/programs/xdm/choose.c 2003-02-23 17:04:20.000000000 -0500 +@@ -480,7 +480,7 @@ + } + else + { +- LogError ("Choice response read error: %s\n", strerror(errno)); ++ LogError ("Choice response read error: %s\n", _SysErrorMsg (errno)); + } + + #if defined(STREAMSCONN) +diff -urN xc/programs/xdm~/config/Imakefile xc/programs/xdm/config/Imakefile +--- xc/programs/xdm~/config/Imakefile 2003-02-23 17:03:35.000000000 -0500 ++++ xc/programs/xdm/config/Imakefile 2003-02-23 17:04:20.000000000 -0500 +@@ -39,7 +39,11 @@ #endif CppFileTarget(Xservers.ws,Xserv.ws.cpp,-DBINDIR=$(BINDIR) -DDEFAULTVT=$(DEFAULTVT),NullParameter) @@ -110,12 +423,12 @@ +CppFileTarget(xdm-config,xdm-conf.cpp,-DXDMDIR=$(XDMDIR) -DXDMLOGDIR=$(XDMLOGDIR) -DXDMPIDDIR=$(XDMPIDDIR) -DXDMVARDIR=$(XDMVARDIR) -DSU=$(SU),NullParameter) +#else CppFileTarget(xdm-config,xdm-conf.cpp,-DXDMDIR=$(XDMDIR) -DXDMLOGDIR=$(XDMLOGDIR) -DXDMPIDDIR=$(XDMPIDDIR) -DSU=$(SU),NullParameter) -+#endif /* (LinuxArchitecture || GNUMachArchitecture) */ ++#endif /* LinuxArchitecture || GNUMachArchitecture */ CppFileTarget(Xresources,Xres.cpp,$(XPM_DEFINES),NullParameter) LinkFile(Xservers,Xservers.$(SERVERSTYPE)) ---- xc/programs/xdm/config/Xres.cpp.orig Sun Dec 29 17:21:08 2002 -+++ xc/programs/xdm/config/Xres.cpp Sun Dec 29 17:28:23 2002 +--- xc/programs/xdm~/config/Xres.cpp 2003-09-15 14:17:05.000000000 -0500 ++++ xc/programs/xdm/config/Xres.cpp 2003-09-15 14:23:34.000000000 -0500 @@ -28,22 +28,25 @@ #endif /* XPM */ xlogin*fail: Login incorrect @@ -126,22 +439,22 @@ -xlogin*promptFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1 -xlogin*failFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1 +/**/#if WIDTH >= 1024 -+xlogin*greetFont: -adobe-helvetica-bold-o-normal--25-180-75-75-p-138-iso8859-1 -+xlogin*font: -adobe-helvetica-medium-r-normal--20-140-75-75-p-98-iso8859-1 -+xlogin*promptFont: -adobe-helvetica-bold-r-normal--20-140-75-75-p-103-iso8859-1 -+xlogin*failFont: -adobe-helvetica-bold-r-normal--20-140-75-75-p-103-iso8859-1 ++xlogin*greetFont: -adobe-helvetica-bold-o-normal--25-180-100-100-p-138-iso8859-1 ++xlogin*font: -adobe-helvetica-medium-r-normal--20-140-100-100-p-100-iso8859-1 ++xlogin*promptFont: -adobe-helvetica-bold-r-normal--20-140-100-100-p-105-iso8859-1 ++xlogin*failFont: -adobe-helvetica-bold-r-normal--20-140-100-100-p-105-iso8859-1 +/**/#if PLANES >= 8 +xlogin*logoFileName: BITMAPDIR/**//XDM_PIXMAP ++/**/#else ++xlogin*logoFileName: BITMAPDIR/**//XDM_BWPIXMAP ++/**/#endif /**/#else -xlogin*greetFont: -adobe-helvetica-bold-o-normal--17-120-100-100-p-92-iso8859-1 -+xlogin*logoFileName: BITMAPDIR/**//XDM_BWPIXMAP -+/**/#endif -+/**/#else -+xlogin*greetFont: -adobe-helvetica-bold-o-normal--14-140-100-100-p-92-iso8859-1 ++xlogin*greetFont: -adobe-helvetica-bold-o-normal--14-140-75-75-p-82-iso8859-1 xlogin*font: -adobe-helvetica-medium-r-normal--12-120-75-75-p-67-iso8859-1 xlogin*promptFont: -adobe-helvetica-bold-r-normal--12-120-75-75-p-70-iso8859-1 -xlogin*failFont: -adobe-helvetica-bold-o-normal--14-140-75-75-p-82-iso8859-1 -+xlogin*failFont: -adobe-helvetica-bold-o-normal--12-120-75-75-p-82-iso8859-1 ++xlogin*failFont: -adobe-helvetica-bold-r-normal--12-120-75-75-p-70-iso8859-1 /**/#endif #endif /* XPM */ /**/#ifdef COLOR @@ -173,57 +486,193 @@ xlogin*useShape: true xlogin*logoPadding: 10 #endif /* XPM */ ---- xc/programs/xdm/config/xdm-conf.cpp.orig Sun Dec 29 17:28:54 2002 -+++ xc/programs/xdm/config/xdm-conf.cpp Sun Dec 29 17:32:40 2002 -@@ -10,19 +10,21 @@ - DisplayManager.keyFile: XDMDIR/xdm-keys - DisplayManager.servers: XDMDIR/Xservers - DisplayManager.accessFile: XDMDIR/Xaccess -+DisplayManager.authDir: XDMVARDIR - DisplayManager.willing: SU nobody -c XDMDIR/Xwilling - ! All displays should use authorization, but we cannot be sure - ! X terminals may not be configured that way, so they will require - ! individual resource settings. - DisplayManager*authorize: true --! The following three resources set up display :0 as the console. --DisplayManager._0.setup: XDMDIR/Xsetup_0 --DisplayManager._0.startup: XDMDIR/GiveConsole --DisplayManager._0.reset: XDMDIR/TakeConsole --! -+DisplayManager*setup: XDMDIR/Xsetup -+DisplayManager*startup: XDMDIR/Xstartup -+DisplayManager*reset: XDMDIR/Xreset - DisplayManager*resources: XDMDIR/Xresources - DisplayManager*session: XDMDIR/Xsession - DisplayManager*authComplain: true -+! -+DisplayManager*userPath: /usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games -+DisplayManager*systemPath: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 - #ifdef XPM - DisplayManager*loginmoveInterval: 10 - #endif /* XPM */ ---- xc/programs/xdm/dm.c.orig Sun Dec 29 17:35:59 2002 -+++ xc/programs/xdm/dm.c Sun Dec 29 17:41:22 2002 -@@ -40,6 +40,7 @@ - # include "dm_error.h" +--- xc/programs/xdm~/daemon.c 2002-12-04 11:53:39.000000000 -0500 ++++ xc/programs/xdm/daemon.c 2003-09-15 14:28:21.000000000 -0500 +@@ -87,7 +87,7 @@ + break; + case -1: + /* error */ +- LogError ("daemon fork failed, errno = %d\n", errno); ++ LogError ("daemon fork failed: %s\n", _SysErrorMsg (errno)); + break; - # include <stdio.h> -+# include <string.h> + default: { +@@ -107,7 +107,7 @@ + #endif + if (stat != 0) + LogError ("setting process group for daemon failed: %s\n", +- strerror(errno)); ++ _SysErrorMsg (errno)); + #endif /* ! (CSRG_BASED || SYSV || SVR4 || __QNXNTO__ || __GLIBC__) */ + } + exit (0); +@@ -118,28 +118,29 @@ + BecomeDaemon (void) + { + /* +- * Close standard file descriptors and get rid of controlling tty ++ * Get rid of controlling tty. We would close standard file ++ * descriptors as well, but that interferes with our logging. + */ + + /* If our C library has the daemon() function, just use it. */ + #if defined(__GLIBC__) || defined(CSRG_BASED) +- daemon (0, 0); ++ if ((daemon (0, 1)) == -1) { ++ if (errno) { ++ LogError ("unable to daemonize: %s\n", _SysErrorMsg (errno)); ++ } else { ++ LogError ("unable to daemonize\n"); ++ } ++ } + #else +- int i; +- + # if defined(SYSV) || defined(SVR4) || defined(__QNXNTO__) + setpgrp (); + # else + setpgrp (0, getpid ()); + # endif + +- close (0); +- close (1); +- close (2); +- + # if !defined(__UNIXOS2__) && !defined(__CYGWIN__) + # if !((defined(SYSV) || defined(SVR4)) && defined(i386)) +- if ((i = open ("/dev/tty", O_RDWR)) >= 0) { /* did open succeed? */ ++ if ((int i = open ("/dev/tty", O_RDWR)) >= 0) { /* did open succeed? */ + # if defined(USG) && defined(TCCLRCTTY) + int zero = 0; + (void) ioctl (i, TCCLRCTTY, &zero); +@@ -148,19 +149,12 @@ + int zero = 0; + (void) ioctl (i, TIOCTTY, &zero); + # else +- (void) ioctl (i, TIOCNOTTY, (char *) 0); /* detach, BSD style */ ++ (void) ioctl (i, TIOCNOTTY, (char *) 0); /* detach, BSD style */ + # endif + # endif + (void) close (i); + } + # endif /* !((SYSV || SVR4) && i386) */ + # endif /* !__UNIXOS2__ && !__CYGWIN__*/ +- +- /* +- * Set up the standard file descriptors. +- */ +- (void) open ("/", O_RDONLY); /* root inode already in core */ +- (void) dup2 (0, 1); +- (void) dup2 (0, 2); + #endif + } +diff -urN xc/programs/xdm~/dm.c xc/programs/xdm/dm.c +--- xc/programs/xdm~/dm.c 2003-02-23 17:03:35.000000000 -0500 ++++ xc/programs/xdm/dm.c 2003-02-23 17:04:25.000000000 -0500 +@@ -35,41 +35,42 @@ + * display manager + */ + +-# include "dm.h" +-# include "dm_auth.h" +-# include "dm_error.h" ++#include "dm.h" ++#include "dm_auth.h" ++#include "dm_error.h" + +-# include <stdio.h> ++#include <stdio.h> ++#include <string.h> #ifdef X_POSIX_C_SOURCE - #define _POSIX_C_SOURCE X_POSIX_C_SOURCE - #include <signal.h> +-#define _POSIX_C_SOURCE X_POSIX_C_SOURCE +-#include <signal.h> +-#undef _POSIX_C_SOURCE +-#else +-#if defined(X_NOT_POSIX) || defined(_POSIX_SOURCE) +-#include <signal.h> +-#else +-#define _POSIX_SOURCE +-#include <signal.h> +-#undef _POSIX_SOURCE +-#endif ++# define _POSIX_C_SOURCE X_POSIX_C_SOURCE ++# include <signal.h> ++# undef _POSIX_C_SOURCE ++#else ++# if defined(X_NOT_POSIX) || defined(_POSIX_SOURCE) ++# include <signal.h> ++# else ++# define _POSIX_SOURCE ++# include <signal.h> ++# undef _POSIX_SOURCE ++# endif + #endif + #ifdef __NetBSD__ +-#include <sys/param.h> ++# include <sys/param.h> + #endif + + #ifndef sigmask +-#define sigmask(m) (1 << ((m - 1))) ++# define sigmask(m) (1 << ((m - 1))) + #endif + +-# include <sys/stat.h> +-# include <errno.h> +-# include <X11/Xfuncproto.h> +-# include <stdarg.h> ++#include <sys/stat.h> ++#include <errno.h> ++#include <X11/Xfuncproto.h> ++#include <stdarg.h> + + #ifndef F_TLOCK +-#ifndef X_NOT_POSIX ++# ifndef X_NOT_POSIX + # include <unistd.h> +-#endif ++# endif + #endif + + @@ -100,7 +101,9 @@ static SIGVAL ChildNotify (int n); #endif -static int StorePid (void); -+static int pidFd; -+static FILE *pidFilePtr; -+static int StorePid (void); ++static int pidFd; ++static FILE *pidFilePtr; ++static long StorePid (void); static int parent_pid = -1; /* PID of parent xdm process */ -@@ -138,7 +141,6 @@ +@@ -124,34 +127,42 @@ + InitResources (argc, argv); + SetConfigFileTime (); + LoadDMResources (); ++ if (debugLevel == 0) ++ { ++ if (getuid() != 0) ++ { + /* +- * Only allow root to run in non-debug mode to avoid problems ++ * only allow root to run in non-debug mode to avoid problems + */ +- if (debugLevel == 0 && getuid() != 0) +- { +- fprintf (stderr, "Only root wants to run %s\n", argv[0]); ++ LogError ("only root run can run %s in non-debug mode; exiting\n", ++ argv[0]); + exit (1); + } ++ /* ++ * if not debugging, send messages to the log file ++ */ ++ InitErrorLog (); ++ } + if (debugLevel == 0 && daemonMode) + BecomeOrphan (); + if (debugLevel >= 10) nofork_session = 1; if (debugLevel == 0 && daemonMode) BecomeDaemon (); @@ -231,27 +680,317 @@ if ((oldpid = StorePid ())) { if (oldpid == -1) -@@ -761,9 +763,6 @@ +- LogError ("Can't create/lock pid file %s\n", pidFile); ++ LogError ("error opening process-id file %s; exiting\n", pidFile); + else +- LogError ("Can't lock pid file %s, another xdm is running (pid %d)\n", +- pidFile, oldpid); ++ LogError ("process-id file %s indicates another xdm is " ++ "running (pid %d); exiting\n", pidFile, oldpid); + exit (1); + } +- if (debugLevel == 0) +- InitErrorLog (); + +- if (nofork_session == 0) { ++ LogInfo ("starting\n"); ++ ++ if (nofork_session == 0) ++ { + /* Clean up any old Authorization files */ + /* AUD: all good? */ + snprintf(cmdbuf, sizeof(cmdbuf), "/bin/rm -f %s/authdir/authfiles/A*", authDir); +@@ -184,6 +195,7 @@ + #ifndef UNRELIABLE_SIGNALS + (void) Signal (SIGCHLD, ChildNotify); + #endif ++ Debug ("startup successful; entering main loop\n"); + while ( + #ifdef XDMCP + AnyWellKnownSockets() || +@@ -202,7 +214,8 @@ + #endif + } + Debug ("Nothing left to do, exiting\n"); +- exit(0); ++ LogInfo ("exiting\n"); ++ exit (0); + /*NOTREACHED*/ + } + +@@ -363,13 +376,14 @@ + * + * See defect XWSog08655 for more information. + */ +- Debug ("Child xdm caught SIGTERM before it remove that signal.\n"); ++ Debug ("Child xdm caught SIGTERM before it removed that signal.\n"); + (void) Signal (n, SIG_DFL); + TerminateProcess (getpid(), SIGTERM); + errno = olderrno; + return; + } + Debug ("Shutting down entire manager\n"); ++ LogInfo ("shutting down\n"); + #ifdef XDMCP + DestroyWellKnownSockets (); + #endif +@@ -420,43 +434,45 @@ + /* XXX classic System V signal race condition here with RescanNotify */ + if ((pid = wait (&status)) != -1) + #else +-#ifndef X_NOT_POSIX ++# ifndef X_NOT_POSIX + sigemptyset(&mask); + sigaddset(&mask, SIGCHLD); + sigaddset(&mask, SIGHUP); + sigprocmask(SIG_BLOCK, &mask, &omask); + Debug ("signals blocked\n"); +-#else ++# else + omask = sigblock (sigmask (SIGCHLD) | sigmask (SIGHUP)); + Debug ("signals blocked, mask was 0x%x\n", omask); +-#endif ++# endif + if (!ChildReady && !Rescan) +-#ifndef X_NOT_POSIX ++# ifndef X_NOT_POSIX + sigsuspend(&omask); +-#else ++# else + sigpause (omask); +-#endif ++# endif + ChildReady = 0; +-#ifndef X_NOT_POSIX ++# ifndef X_NOT_POSIX + sigprocmask(SIG_SETMASK, &omask, (sigset_t *)NULL); +-#else ++# else + sigsetmask (omask); +-#endif +-#ifndef X_NOT_POSIX ++# endif ++# ifndef X_NOT_POSIX + while ((pid = waitpid (-1, &status, WNOHANG)) > 0) +-#else ++# else + while ((pid = wait3 (&status, WNOHANG, (struct rusage *) 0)) > 0) +-#endif +-#endif ++# endif ++#endif /* UNRELIABLE_SIGNALS */ + { + Debug ("Manager wait returns pid: %d sig %d core %d code %d\n", + pid, waitSig(status), waitCore(status), waitCode(status)); + if (autoRescan) + RescanIfMod (); + /* SUPPRESS 560 */ +- if ((d = FindDisplayByPid (pid))) { ++ if ((d = FindDisplayByPid (pid))) ++ { + d->pid = -1; +- switch (waitVal (status)) { ++ switch (waitVal (status)) ++ { + case UNMANAGE_DISPLAY: + Debug ("Display exited with UNMANAGE_DISPLAY\n"); + StopDisplay (d); +@@ -470,12 +486,6 @@ + else + RestartDisplay (d, FALSE); + break; +- default: +- Debug ("Display exited with unknown status %d\n", waitVal(status)); +- LogError ("Unknown session exit code %d from process %d\n", +- waitVal (status), pid); +- StopDisplay (d); +- break; + case OPENFAILED_DISPLAY: + Debug ("Display exited with OPENFAILED_DISPLAY, try %d of %d\n", + d->startTries, d->startAttempts); +@@ -492,7 +502,7 @@ + d->status == zombie || + ++d->startTries >= d->startAttempts) + { +- LogError ("Display %s is being disabled\n", d->name); ++ LogError ("display %s is being disabled\n", d->name); + StopDisplay (d); + } + else +@@ -512,13 +522,15 @@ + time(&Time); + Debug("time %i %i\n",Time,d->lastCrash); + if (d->lastCrash && +- ((Time - d->lastCrash) < XDM_BROKEN_INTERVAL)) { ++ ((Time - d->lastCrash) < XDM_BROKEN_INTERVAL)) ++ { + Debug("Server crash frequency too high:" + " removing display %s\n",d->name); + LogError("Server crash rate too high:" + " removing display %s\n",d->name); + RemoveDisplay (d); +- } else ++ } ++ else + d->lastCrash = Time; + } + break; +@@ -527,10 +539,20 @@ + d->startTries, d->startAttempts); + if (d->displayType.origin == FromXDMCP || + d->status == zombie || +- ++d->startTries >= d->startAttempts) { +- LogError ("Display %s is being disabled\n", d->name); ++ ++d->startTries >= d->startAttempts) ++ { ++ /* ++ * During normal xdm shutdown, killed local X servers ++ * can be zombies; this is not an error. ++ */ ++ if (d->status == zombie && ++ (d->startTries < d->startAttempts)) ++ LogInfo ("display %s is being disabled\n", d->name); ++ else ++ LogError ("display %s is being disabled\n", d->name); + StopDisplay(d); +- } else ++ } ++ else + RestartDisplay (d, TRUE); + break; + case REMANAGE_DISPLAY: +@@ -545,6 +567,13 @@ + else + RestartDisplay (d, FALSE); + break; ++ default: ++ Debug ("Display %s exited with unknown status %d\n", ++ d->name, waitVal(status)); ++ LogError ("display %s (pid %ld) exited with unexpected status " ++ "%d\n", d->name, waitVal (status), (long) pid); ++ StopDisplay (d); ++ break; + } + } + /* SUPPRESS 560 */ +@@ -558,12 +587,15 @@ + RemoveDisplay (d); + break; + case phoenix: +- Debug ("Phoenix server arises, restarting display %s\n", d->name); ++ Debug ("Phoenix server arises, restarting display %s\n", ++ d->name); + d->status = notRunning; + break; + case running: +- Debug ("Server for display %s terminated unexpectedly, status %d %d\n", d->name, waitVal (status), status); +- LogError ("Server for display %s terminated unexpectedly: %d\n", d->name, waitVal (status)); ++ Debug ("Server for display %s terminated unexpectedly, " ++ "status %d %d\n", d->name, waitVal (status), status); ++ LogError ("Server for display %s terminated unexpectedly: %d\n", ++ d->name, waitVal (status)); + if (d->pid != -1) + { + Debug ("Terminating session pid %d\n", d->pid); +@@ -571,7 +603,8 @@ + } + break; + case notRunning: +- Debug ("Server exited for notRunning session on display %s\n", d->name); ++ Debug ("Server exited for notRunning session on display %s\n", ++ d->name); + break; + } + } +@@ -588,7 +621,8 @@ + { + if (d->displayType.origin == FromFile) + { +- switch (d->state) { ++ switch (d->state) ++ { + case MissingEntry: + StopDisplay (d); + break; +@@ -614,10 +648,12 @@ + int pid; + + Debug ("StartDisplay %s\n", d->name); ++ LogInfo ("starting X server on %s\n", d->name); + LoadServerResources (d); + if (d->displayType.location == Local) + { +- /* don't bother pinging local displays; we'll ++ /* ++ * don't bother pinging local displays; we'll + * certainly notice when they exit + */ + d->pingInterval = 0; +@@ -637,7 +673,8 @@ + } + if (d->serverPid == -1 && !StartServer (d)) + { +- LogError ("Server for display %s can't be started, session disabled\n", d->name); ++ LogError ("Server for display %s can't be started, session " ++ "disabled\n", d->name); + RemoveDisplay (d); + return; + } +@@ -655,7 +692,8 @@ + switch (pid) + { + case 0: +- if (!nofork_session) { ++ if (!nofork_session) ++ { + CleanUpChild (); + (void) Signal (SIGPIPE, SIG_IGN); + } +@@ -739,7 +777,8 @@ + ClearCloseOnFork (int fd) + { + FD_CLR (fd, &CloseMask); +- if (fd == max) { ++ if (fd == max) ++ { + while (--fd >= 0) + if (FD_ISSET (fd, &CloseMask)) + break; +@@ -761,100 +800,68 @@ max = 0; } -static int pidFd; -static FILE *pidFilePtr; - - static int +-static int ++static long StorePid (void) { -@@ -779,77 +778,24 @@ - pidFile); - return -1; - } +- int oldpid; ++ long oldpid; ++ char pidstr[11]; /* enough space for a 32-bit pid plus \0 */ ++ size_t pidstrlen; + +- if (pidFile[0] != '\0') { +- pidFd = open (pidFile, O_RDWR); +- if (pidFd == -1 && errno == ENOENT) +- pidFd = open (pidFile, O_RDWR|O_CREAT, 0666); +- if (pidFd == -1 || !(pidFilePtr = fdopen (pidFd, "r+"))) ++ if (pidFile[0] != '\0') ++ { ++ pidFd = open (pidFile, O_WRONLY|O_CREAT|O_EXCL, 0666); ++ if (pidFd == -1) + { +- LogError ("process-id file %s cannot be opened\n", +- pidFile); +- return -1; +- } - if (fscanf (pidFilePtr, "%d\n", &oldpid) != 1) -+ if (fscanf(pidFilePtr, "%d\n", &oldpid) != 1) - oldpid = -1; +- oldpid = -1; - fseek (pidFilePtr, 0l, 0); - if (lockPidFile) -+ if (fseek(pidFilePtr, 0L, SEEK_SET) == -1) - { +- { -#ifdef F_SETLK -#ifndef SEEK_SET -#define SEEK_SET 0 @@ -261,48 +1000,73 @@ - lock_data.l_whence = SEEK_SET; - lock_data.l_start = lock_data.l_len = 0; - if (fcntl(pidFd, F_SETLK, &lock_data) == -1) -- { ++ if (errno == EEXIST) + { - if (errno == EAGAIN) - return oldpid; - else -- return -1; -- } ++ /* pidFile already exists; see if we can open it */ ++ pidFilePtr = fopen (pidFile, "r"); ++ if (pidFilePtr == NULL) ++ { ++ LogError ("cannot open process-id file %s for reading: " ++ "%s\n", pidFile, _SysErrorMsg (errno)); + return -1; ++ } ++ if (fscanf (pidFilePtr, "%ld\n", &oldpid) != 1) ++ { ++ LogError ("existing process-id file %s empty or contains " ++ "garbage\n", pidFile); ++ oldpid = -1; ++ } ++ fclose (pidFilePtr); ++ return oldpid; + } -#else -#ifdef LOCK_EX - if (flock (pidFd, LOCK_EX|LOCK_NB) == -1) - { - if (errno == EWOULDBLOCK) - return oldpid; -- else + else - return -1; - } -#else - if (lockf (pidFd, F_TLOCK, 0) == -1) -- { + { - if (errno == EACCES) - return oldpid; - else - return -1; -- } ++ LogError ("cannot fdopen process-id file %s for writing: " ++ "%s\n", pidFile, _SysErrorMsg (errno)); ++ return -1; + } -#endif -#endif -+ LogError("cannot seek PID file %s: %s\n", pidFile, -+ strerror(errno)); -+ return -1; -+ } -+ if (fprintf(pidFilePtr, "%5ld\n", (long)getpid()) != 6) { -+ LogError("cannot write to PID file %s: %s\n", pidFile, -+ strerror(errno)); -+ return -1; } - fprintf (pidFilePtr, "%5ld\n", (long)getpid ()); ++ if ((pidFilePtr = fdopen (pidFd, "w")) == NULL) ++ { ++ LogError ("cannot open process-id file %s for writing: %s\n", ++ pidFile, _SysErrorMsg (errno)); ++ return -1; ++ } ++ (void) snprintf (pidstr, 11, "%ld", (long) getpid ()); ++ pidstrlen = strlen (pidstr); ++ if (fprintf (pidFilePtr, "%s\n", pidstr) != ( pidstrlen + 1)) ++ { ++ LogError ("cannot write to process-id file %s: %s\n", pidFile, ++ _SysErrorMsg (errno)); ++ return -1; ++ } (void) fflush (pidFilePtr); - RegisterCloseOnFork (pidFd); + (void) fclose (pidFilePtr); } return 0; } -- + -#if 0 -void -UnlockPidFile (void) @@ -327,336 +1091,865 @@ - fclose (pidFilePtr); -} -#endif - +- #ifndef HAS_SETPROCTITLE void SetTitle (char *name, ...) - ---- xc/programs/xdm~/genauth.c 2002-11-06 00:03:23.000000000 -0500 -+++ xc/programs/xdm/genauth.c 2002-11-06 00:06:42.000000000 -0500 -@@ -66,52 +66,27 @@ + { +-#ifndef NOXDMTITLE ++# ifndef NOXDMTITLE + char *p = Title; + int left = TitleLen; + char *s; +@@ -879,6 +886,6 @@ + --left; + } + va_end(args); +-#endif ++# endif /* NOXDMTITLE */ + } +-#endif ++#endif /* HAS_SETPROCTITLE */ +diff -urN xc/programs/xdm~/dm_auth.h xc/programs/xdm/dm_auth.h +--- xc/programs/xdm~/dm_auth.h 2000-05-31 02:15:11.000000000 -0500 ++++ xc/programs/xdm/dm_auth.h 2003-02-23 17:04:25.000000000 -0500 +@@ -42,18 +42,40 @@ + extern void MitInitAuth (unsigned short name_len, char *name); + extern Xauth *MitGetAuth (unsigned short namelen, char *name); - #endif ++/* xdmauth.c */ + #ifdef HASXDMAUTH + extern void XdmInitAuth (unsigned short name_len, char *name); + extern Xauth *XdmGetAuth (unsigned short namelen, char *name); +-#ifdef XDMCP ++# ifdef XDMCP + extern void XdmGetXdmcpAuth ( + struct protoDisplay *pdpy, + unsigned short authorizationNameLen, + char *authorizationName); +-#else +-#define XdmGetXdmcpAuth NULL +-#endif +-#endif ++ ++extern int XdmCheckAuthentication ( ++ struct protoDisplay *pdpy, ++ ARRAY8Ptr displayID, ++ ARRAY8Ptr authenticationName, ++ ARRAY8Ptr authenticationData); ++ ++typedef unsigned char auth_cblock[8]; /* block size */ ++ ++typedef struct auth_ks_struct { auth_cblock _; } auth_wrapper_schedule[16]; ++ ++extern void _XdmcpAuthSetup (auth_cblock key, ++ auth_wrapper_schedule schedule); ++ ++extern void _XdmcpAuthDoIt (auth_cblock input, ++ auth_cblock output, ++ auth_wrapper_schedule schedule, ++ int edflag); ++ ++extern void _XdmcpWrapperToOddParity (unsigned char *in, ++ unsigned char *out); ++# else ++# define XdmGetXdmcpAuth NULL ++# endif ++#endif /* HASXDMAUTH */ --# define FILE_LIMIT 1024 /* no more than this many buffers */ -+#define FILE_LIMIT 1024 /* no more than this many buffers */ + #ifdef SECURE_RPC + extern void SecureRPCInitAuth (unsigned short name_len, char *name); +@@ -68,15 +90,12 @@ + /* auth.c */ + extern int ValidAuthorization (unsigned short name_length, char *name); --#if !defined(ARC4_RANDOM) && !defined(DEV_RANDOM) --static int --sumFile (char *name, long sum[2]) --{ -- long buf[1024*2]; -- int cnt; -- int fd; -- int loops; -- int reads; -- int i; -- int ret_status = 0; - -- fd = open (name, O_RDONLY); -- if (fd < 0) { -- LogError("Cannot open randomFile \"%s\", errno = %d\n", name, errno); -- return 0; -- } --#ifdef FRAGILE_DEV_MEM -- if (strcmp(name, "/dev/mem") == 0) lseek (fd, (off_t) 0x100000, SEEK_SET); --#endif -- reads = FILE_LIMIT; -- sum[0] = 0; -- sum[1] = 0; -- while ((cnt = read (fd, (char *) buf, sizeof (buf))) > 0 && --reads > 0) { -- loops = cnt / (2 * sizeof (long)); -- for (i = 0; i < loops; i+= 2) { -- sum[0] += buf[i]; -- sum[1] += buf[i+1]; -- ret_status = 1; -- } -- } -- if (cnt < 0) -- LogError("Cannot read randomFile \"%s\", errno = %d\n", name, errno); -- close (fd); -- return ret_status; --} -+/* -+ * Historically, if HASXDMAUTH was defined but neither ARC4_RANDOM nor -+ * DEV_RANDOM were defined, xdm provided a function called sumFile() that -+ * would read straight from /dev/mem and use that as an entropy source. -+ * However, that's a bad idea because A) it's not very entropic and B) some -+ * OSes have hardware registers mapped into /dev/mem, and even just reading -+ * from them can cause machine checks. It's a Bad Thing to do. -+ */ -+#ifdef HASXDMAUTH -+# if !defined(ARC4_RANDOM) && !defined(DEV_RANDOM) -+# error neither ARC4_RANDOM nor DEV_RANDOM defined; no entropy collection mechanism available -+# endif - #endif + #ifdef XDMCP +- + extern void + SetProtoDisplayAuthorization ( + struct protoDisplay *pdpy, + unsigned short authorizationNameLen, + char *authorizationName); +- + #endif /* XDMCP */ - #ifdef HASXDMAUTH - static void - InitXdmcpWrapper (void) + extern int SaveServerAuthorizations (struct display *d, Xauth **auths, int count); +diff -urN xc/programs/xdm~/dm_error.h xc/programs/xdm/dm_error.h +--- xc/programs/xdm~/dm_error.h 1998-10-10 10:25:33.000000000 -0500 ++++ xc/programs/xdm/dm_error.h 2003-02-23 17:04:25.000000000 -0500 +@@ -50,7 +50,6 @@ + extern void LogInfo (char * fmt, ...) GCC_PRINTFLIKE(1,2); + extern void LogOutOfMem (char * fmt, ...) GCC_PRINTFLIKE(1,2); + extern void LogPanic (char * fmt, ...) GCC_PRINTFLIKE(1,2); +-extern void Panic (char * mesg); + + + #endif /* _DM_ERROR_H_ */ +diff -urN xc/programs/xdm~/error.c xc/programs/xdm/error.c +--- xc/programs/xdm~/error.c 2003-02-23 17:03:35.000000000 -0500 ++++ xc/programs/xdm/error.c 2003-02-23 17:41:04.000000000 -0500 +@@ -34,23 +34,41 @@ + * + * error.c + * +- * Log display manager errors to a file as +- * we generally do not have a terminal to talk to ++ * Log display manager errors to a file as we generally do not have a ++ * terminal to talk to. ++ * ++ * Because we have child processes, and chatty things like X servers, we do ++ * not use syslog(). + */ + +-# include <stdio.h> +-# include <stdarg.h> ++#include <errno.h> ++#include <stdio.h> ++#include <stdarg.h> ++#include <time.h> + +-# include "dm.h" +-# include "dm_error.h" ++#include "dm.h" ++#include "dm_error.h" + + #define WRITES(fd, buf) write(fd, buf, strlen(buf)) + +-void LogInfo(char * fmt, ...) ++void ++LogInfo(char * fmt, ...) { -- --#ifdef ARC4_RANDOM -+# ifdef ARC4_RANDOM - u_int32_t sum[2]; + char buf[1024]; - sum[0] = arc4random(); -@@ -119,42 +95,30 @@ - *(u_char *)sum = 0; +- snprintf(buf, sizeof buf, "xdm info (pid %ld): ", (long)getpid()); ++ time_t seconds; ++ struct tm *timestamp = NULL; ++ char timebuf[256]; ++ ++ if (time(&seconds) > (time_t) -1) ++ timestamp = localtime(&seconds); ++ ++ strcpy(timebuf, "(time unavailable)"); ++ ++ if (timestamp != NULL) ++ strftime(timebuf, 255, "%c", timestamp); ++ ++ snprintf(buf, sizeof buf, "%s xdm info (pid %ld): ", timebuf, (long)getpid()); + WRITES(STDERR_FILENO, buf); + { + va_list args; +@@ -61,11 +79,24 @@ + WRITES(STDERR_FILENO, buf); + } - _XdmcpWrapperToOddParity(sum, key); -- --#elif defined(DEV_RANDOM) -+# elif defined(DEV_RANDOM) - int fd; - unsigned char tmpkey[8]; -- -- if ((fd = open(DEV_RANDOM, O_RDONLY)) >= 0) { +-void LogError (char * fmt, ...) ++void ++LogError (char * fmt, ...) + { + char buf[1024]; + +- snprintf (buf, sizeof buf, "xdm error (pid %ld): ", (long)getpid()); ++ time_t seconds; ++ struct tm *timestamp = NULL; ++ char timebuf[256]; + -+ if ((fd = open(randomFile, O_RDONLY)) >= 0) { - if (read(fd, tmpkey, 8) == 8) { - tmpkey[0] = 0; - _XdmcpWrapperToOddParity(tmpkey, key); - close(fd); -- return; -+ return; - } else { - close(fd); - } -+ } else { -+ LogError("cannot open random device \"%s\": %s\n", randomFile, -+ _SysErrorMsg (errno)); - } --#else -- long sum[2]; -- unsigned char tmpkey[8]; -- -- if (!sumFile (randomFile, sum)) { -- sum[0] = time ((Time_t *) 0); -- sum[1] = time ((Time_t *) 0); -- } -- longtochars (sum[0], tmpkey+0); -- longtochars (sum[1], tmpkey+4); -- tmpkey[0] = 0; -- _XdmcpWrapperToOddParity (tmpkey, key); --#endif -+# endif /* ARC4_RANDOM, DEV_RANDOM */ ++ if (time(&seconds) > (time_t) -1) ++ timestamp = localtime(&seconds); ++ ++ strcpy(timebuf, "(time unavailable)"); ++ ++ if (timestamp != NULL) ++ strftime(timebuf, 255, "%c", timestamp); ++ ++ snprintf (buf, sizeof buf, "%s xdm error (pid %ld): ", timebuf, (long)getpid()); + WRITES(STDERR_FILENO, buf); + { + va_list args; +@@ -76,11 +107,24 @@ + WRITES(STDERR_FILENO, buf); } + +-void LogPanic (char * fmt, ...) ++void ++LogPanic (char * fmt, ...) + { + char buf[1024]; + +- snprintf (buf, sizeof buf, "xdm panic (pid %ld): ", (long)getpid()); ++ time_t seconds; ++ struct tm *timestamp = NULL; ++ char timebuf[256]; ++ ++ if (time(&seconds) > (time_t) -1) ++ timestamp = localtime(&seconds); ++ ++ strcpy(timebuf, "(time unavailable)"); ++ ++ if (timestamp != NULL) ++ strftime(timebuf, 255, "%c", timestamp); ++ ++ snprintf (buf, sizeof buf, "%s xdm panic (pid %ld): ", timebuf, (long)getpid()); + WRITES(STDERR_FILENO, buf); + { + va_list args; +@@ -92,8 +136,14 @@ + _exit (1); + } + +-void LogOutOfMem (char * fmt, ...) ++void ++LogOutOfMem (char * fmt, ...) + { ++ /* ++ * No point messing with allocation of timeval structs and static ++ * buffers for the timestamp string if we're already out of memory... ++ */ ++ + fprintf (stderr, "xdm: out of memory in routine "); + { + va_list args; +@@ -104,23 +154,12 @@ + fflush (stderr); + } + +-void Panic (char *mesg) +-{ +- int i; - --#endif +- i = creat ("/dev/console", 0666); +- write (i, "panic: ", 7); +- write (i, mesg, strlen (mesg)); +- exit (1); +-} - --#ifndef HASXDMAUTH --/* A random number generator that is more unpredictable -- than that shipped with some systems. -- This code is taken from the C standard. */ -+#else -+/* -+ * This is a random number generator that is more unpredictable than that -+ * shipped with some systems. This code is taken from the C standard. -+ */ +- +-void Debug (char * fmt, ...) ++void ++Debug (char * fmt, ...) + { + char buf[1024]; - static unsigned long int next = 1; +- if (debugLevel > 0) +- { ++ if (debugLevel > 0) { + va_list args; + va_start(args, fmt); + vsnprintf (buf, sizeof buf, fmt, args); +@@ -129,17 +168,26 @@ + } + } -@@ -170,12 +134,12 @@ +-void InitErrorLog (void) ++void ++InitErrorLog (void) { - next = seed; +- int i; +- if (errorLogFile[0]) { +- i = creat (errorLogFile, 0666); +- if (i != -1) { +- if (i != 2) { +- dup2 (i, 2); +- close (i); +- } +- } else +- LogError ("Cannot open errorLogFile %s\n", errorLogFile); +- } ++ int fd; ++ ++ if (errorLogFile[0]) { ++ /* create the log file if it doesn't already exist */ ++ fd = open (errorLogFile, O_WRONLY|O_CREAT|O_EXCL, 0666); ++ if (fd == -1) ++ if (errno == EEXIST) ++ /* log file already exists; append to it */ ++ fd = open (errorLogFile, O_WRONLY|O_APPEND); ++ if (fd != -1) { ++ /* redirect stderr to the log file */ ++ if (fd != 2) { ++ dup2 (fd, 2); ++ close (fd); ++ } ++ } else ++ fprintf (stderr, "cannot open log file %s: %s\n", errorLogFile, ++ _SysErrorMsg (errno)); ++ } } --#endif /* no HASXDMAUTH */ -+#endif /* HASXDMAUTH */ +diff -urN xc/programs/xdm~/genauth.c xc/programs/xdm/genauth.c +--- xc/programs/xdm~/genauth.c 2003-02-23 17:03:31.000000000 -0500 ++++ xc/programs/xdm/genauth.c 2003-02-23 17:04:25.000000000 -0500 +@@ -41,6 +41,7 @@ + # include "dm_error.h" - void - GenerateAuthData (char *auth, int len) + #include <errno.h> ++#include <fcntl.h> + + #include <time.h> + #define Time_t time_t +@@ -49,12 +50,6 @@ + + #ifdef HASXDMAUTH + +-typedef unsigned char auth_cblock[8]; /* block size */ +- +-typedef struct auth_ks_struct { auth_cblock _; } auth_wrapper_schedule[16]; +- +-extern void _XdmcpWrapperToOddParity(); +- + static void + longtochars (long l, unsigned char *c) { -- long ldata[2]; -+ long ldata[2]; +diff -urN xc/programs/xdm~/greeter/verify.c xc/programs/xdm/greeter/verify.c +--- xc/programs/xdm~/greeter/verify.c 2003-02-23 17:03:35.000000000 -0500 ++++ xc/programs/xdm/greeter/verify.c 2003-02-23 17:04:25.000000000 -0500 +@@ -367,7 +367,7 @@ + errno = 0; + sp = getspnam(greet->name); + if (sp == NULL) { +- Debug ("getspnam() failed, errno=%d. Are you root?\n", errno); ++ Debug ("getspnam() failed: %s", _SysErrorMsg (errno)); + } else { + user_pass = sp->sp_pwdp; + } +diff -urN xc/programs/xdm~/session.c xc/programs/xdm/session.c +--- xc/programs/xdm~/session.c 2001-12-14 15:01:23.000000000 -0500 ++++ xc/programs/xdm/session.c 2003-02-23 17:04:25.000000000 -0500 +@@ -60,17 +60,17 @@ + #endif - #ifdef ITIMER_REAL - { -@@ -187,53 +151,53 @@ - } - #else - { --#ifndef __UNIXOS2__ -- long time (); + #ifndef GREET_USER_STATIC +-#include <dlfcn.h> +-#ifndef RTLD_NOW +-#define RTLD_NOW 1 -#endif -+# ifndef __UNIXOS2__ -+ long time (); ++# include <dlfcn.h> ++# ifndef RTLD_NOW ++# define RTLD_NOW 1 +# endif + #endif - ldata[0] = time ((long *) 0); - ldata[1] = getpid (); - } + static int runAndWait (char **args, char **environ); + +-#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) +-#include <sys/types.h> +-#include <grp.h> ++#if defined(CSRG_BASED) || defined(__osf__) || defined(__DARWIN__) || defined(__QNXNTO__) || defined(__GLIBC__) ++# include <sys/types.h> ++# include <grp.h> + #else + /* should be in <grp.h> */ + extern void setgrent(void); +@@ -82,28 +82,34 @@ + extern struct spwd *getspnam(GETSPNAM_ARGS); + extern void endspent(void); + #endif +-#if defined(CSRG_BASED) +-#include <pwd.h> +-#include <unistd.h> ++ ++#if defined(CSRG_BASED) || defined(__GLIBC__) ++# include <pwd.h> ++# include <unistd.h> + #else + extern struct passwd *getpwnam(GETPWNAM_ARGS); +-#ifdef linux ++# ifdef linux + extern void endpwent(void); -#endif -+#endif /* ITIMER_REAL */ ++# endif ++# ifndef __GLIBC__ + extern char *crypt(CRYPT_ARGS); ++# endif + #endif + - #ifdef HASXDMAUTH - { -- int bit; -- int i; -- auth_wrapper_schedule schedule; -- unsigned char data[8]; -- static int xdmcpAuthInited; -- -+ int bit; -+ int i; -+ auth_wrapper_schedule schedule; -+ unsigned char data[8]; -+ static int xdmcpAuthInited; -+ - longtochars (ldata[0], data+0); - longtochars (ldata[1], data+4); -- if (!xdmcpAuthInited) + #ifdef USE_PAM +-pam_handle_t **thepamhp() ++pam_handle_t ** ++thepamhp () + { + static pam_handle_t *pamh = NULL; + return &pamh; + } + +-pam_handle_t *thepamh() ++pam_handle_t * ++thepamh () + { + pam_handle_t **pamhp; + +- pamhp = thepamhp(); ++ pamhp = thepamhp (); + if (pamhp) + return *pamhp; + else +@@ -136,12 +142,12 @@ + endgrent, + #ifdef USESHADOW + getspnam, +-#ifndef QNX4 ++# ifndef QNX4 + endspent, +-#endif /* QNX4 doesn't use endspent */ ++# endif /* QNX4 doesn't use endspent */ + #endif + getpwnam, +-#ifdef linux ++#if defined(linux) || defined(__GLIBC__) + endpwent, + #endif + crypt, +@@ -189,7 +195,7 @@ + } + + #if defined(_POSIX_SOURCE) || defined(SYSV) || defined(SVR4) +-#define killpg(pgrp, sig) kill(-(pgrp), sig) ++# define killpg(pgrp, sig) kill(-(pgrp), sig) + #endif + + static void +@@ -577,35 +583,33 @@ + + #ifndef AIXV3 + #ifndef HAS_SETUSERCONTEXT +- if (setgid(verify->gid) < 0) - { -+ if (!xdmcpAuthInited) { - InitXdmcpWrapper (); - xdmcpAuthInited = 1; +- LogError("setgid %d (user \"%s\") failed, errno=%d\n", +- verify->gid, name, errno); ++ if (setgid (verify->gid) < 0) { ++ LogError ("setgid %d (user \"%s\") failed: %s\n", ++ verify->gid, name, _SysErrorMsg (errno)); + return (0); } - _XdmcpAuthSetup (key, schedule); -- for (i = 0; i < len; i++) { -+ for (i = 0; i < len; i++) { - auth[i] = 0; - for (bit = 1; bit < 256; bit <<= 1) { - _XdmcpAuthDoIt (data, data, schedule, 1); - if ((data[0] + data[1]) & 0x4) - auth[i] |= bit; + #if defined(BSD) && (BSD >= 199103) +- if (setlogin(name) < 0) +- { +- LogError("setlogin for \"%s\" failed, errno=%d", name, errno); +- return(0); ++ if (setlogin (name) < 0) { ++ LogError ("setlogin for \"%s\" failed: %s\n", name, ++ _SysErrorMsg (errno)); ++ return (0); + } + #endif + #ifndef QNX4 +- if (initgroups(name, verify->gid) < 0) +- { +- LogError("initgroups for \"%s\" failed, errno=%d\n", name, errno); ++ if (initgroups (name, verify->gid) < 0) { ++ LogError ("initgroups for \"%s\" failed: %s\n", name, ++ _SysErrorMsg (errno)); + return (0); + } + #endif /* QNX4 doesn't support multi-groups, no initgroups() */ + #ifdef USE_PAM +- if (thepamh()) { +- pam_setcred(thepamh(), PAM_ESTABLISH_CRED); ++ if (thepamh ()) { ++ pam_setcred (thepamh (), PAM_ESTABLISH_CRED); + } + #endif +- if (setuid(verify->uid) < 0) +- { +- LogError("setuid %d (user \"%s\") failed, errno=%d\n", +- verify->uid, name, errno); ++ if (setuid (verify->uid) < 0) { ++ LogError ("setuid %d (user \"%s\") failed: %s\n", ++ verify->uid, name, _SysErrorMsg (errno)); + return (0); + } + #else /* HAS_SETUSERCONTEXT */ +@@ -613,20 +617,17 @@ + * Set the user's credentials: uid, gid, groups, + * environment variables, resource limits, and umask. + */ +- pwd = getpwnam(name); +- if (pwd) +- { +- if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) +- { +- LogError("setusercontext for \"%s\" failed, errno=%d\n", name, +- errno); ++ pwd = getpwnam (name); ++ if (pwd) { ++ if (setusercontext (NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) { ++ LogError ("setusercontext for \"%s\" failed: %s\n", name, ++ _SysErrorMsg (errno)); + return (0); } -- } -+ } +- endpwent(); +- } +- else +- { +- LogError("getpwnam for \"%s\" failed, errno=%d\n", name, errno); ++ endpwent (); ++ } else { ++ LogError ("getpwnam for \"%s\" failed: %s\n", name, ++ _SysErrorMsg (errno)); + return (0); + } + #endif /* HAS_SETUSERCONTEXT */ +@@ -635,9 +636,9 @@ + * Set the user's credentials: uid, gid, groups, + * audit classes, user limits, and umask. + */ +- if (setpcred(name, NULL) == -1) +- { +- LogError("setpcred for \"%s\" failed, errno=%d\n", name, errno); ++ if (setpcred (name, NULL) == -1) { ++ LogError ("setpcred for \"%s\" failed: %s\n", name, ++ _SysErrorMsg (errno)); + return (0); + } + #endif /* AIXV3 */ +@@ -751,13 +752,13 @@ + execute (failsafeArgv, verify->userEnviron); + exit (1); + case -1: +- bzero(passwd, strlen(passwd)); ++ bzero (passwd, strlen (passwd)); + Debug ("StartSession, fork failed\n"); +- LogError ("can't start session on \"%s\", fork failed, errno=%d\n", +- d->name, errno); ++ LogError ("can't start session on \"%s\", fork failed: %s\n", ++ d->name, _SysErrorMsg (errno)); + return 0; + default: +- bzero(passwd, strlen(passwd)); ++ bzero (passwd, strlen (passwd)); + Debug ("StartSession, fork succeeded %d\n", pid); + *pidp = pid; + return 1; +@@ -924,9 +925,10 @@ + return env; + } + +-#if (defined(Lynx) && !defined(HAS_CRYPT)) || defined(SCO) && !defined(SCO_USA) && !defined(_SCO_DS) +-char *crypt(char *s1, char *s2) ++#if (defined(Lynx) && !defined(HAS_CRYPT)) || (defined(SCO) && !defined(SCO_USA) && !defined(_SCO_DS)) ++char * ++crypt (char *s1, char *s2) + { +- return(s2); ++ return (s2); + } + #endif +diff -urN xc/programs/xdm~/socket.c xc/programs/xdm/socket.c +--- xc/programs/xdm~/socket.c 2001-12-14 15:01:24.000000000 -0500 ++++ xc/programs/xdm/socket.c 2003-02-23 17:04:25.000000000 -0500 +@@ -71,7 +71,7 @@ + Debug ("creating socket %d\n", request_port); + xdmcpFd = socket (AF_INET, SOCK_DGRAM, 0); + if (xdmcpFd == -1) { +- LogError ("XDMCP socket creation failed, errno %d\n", errno); ++ LogError ("XDMCP socket creation failed: %s\n", _SysErrorMsg (errno)); + return; } - #else + name = localHostname (); +@@ -87,7 +87,8 @@ + sock_addr.sin_addr.s_addr = htonl (INADDR_ANY); + if (bind (xdmcpFd, (struct sockaddr *)&sock_addr, sizeof (sock_addr)) == -1) { -- int seed; -- int value; -- int i; -+ int seed; -+ int value; -+ int i; - static long localkey[2] = {0,0}; -- +- LogError ("error %d binding socket address %d\n", errno, request_port); ++ LogError ("error binding socket address %d: %s\n", request_port, ++ _SysErrorMsg (errno)); + close (xdmcpFd); + xdmcpFd = -1; + return; +@@ -99,7 +100,7 @@ + Debug ("Created chooser socket %d\n", chooserFd); + if (chooserFd == -1) + { +- LogError ("chooser socket creation failed, errno %d\n", errno); ++ LogError ("chooser socket creation failed: %s\n", _SysErrorMsg (errno)); + return; + } + listen (chooserFd, 5); +diff -Nur xc/programs/xdm.old/util.c xc/programs/xdm/util.c +--- xc/programs/xdm.old/util.c 2002-05-31 20:46:10.000000000 +0200 ++++ xc/programs/xdm/util.c 2003-05-31 15:05:02.000000000 +0200 +@@ -55,7 +55,7 @@ + #undef _POSIX_SOURCE + #endif + #endif +-#if defined(__osf__) || defined(linux) || defined(__QNXNTO__) || defined(__GNU__) ++#if defined(__osf__) || defined(linux) || defined(__QNXNTO__) || defined(__GNU__) || defined(__GLIBC__) + #define setpgrp setpgid + #endif + +--- xc/programs/xdm/xdm.man~ 2003-02-23 18:01:10.000000000 -0500 ++++ xc/programs/xdm/xdm.man 2003-02-23 18:03:47.000000000 -0500 +@@ -144,8 +144,9 @@ + At the end of the session, the \fIXreset\fP script is run to clean up, + the X server is reset, and the cycle starts over. + .PP +-The file \fI__projectroot__/lib/X11/xdm/xdm-errors\fP will contain error +-messages from ++The file ++.I __projectroot__/lib/X11/xdm/xdm-errors ++will contain error messages from + .I xdm + and anything output to stderr by \fIXsetup, Xstartup, Xsession\fP + or \fIXreset\fP. +@@ -305,7 +306,8 @@ + This names a directory under which + .I xdm + stores authorization files while initializing the session. The +-default value is \fI__projectroot__/lib/X11/xdm.\fP ++default value is ++.IR __projectroot__/lib/X11/xdm . + Can be overridden for specific displays by + DisplayManager.\fIDISPLAY\fP.authFile. + .IP \fBDisplayManager.autoRescan\fP +@@ -352,7 +354,7 @@ + .IP \fBDisplayManager.greeterLib\fP + On systems that support a dynamically-loadable greeter library, the + name of the library. The default is +-\fI__projectroot__/lib/X11/xdm/libXdmGreet.so\fP. ++.IR __projectroot__/lib/X11/xdm/libXdmGreet.so . + .IP \fBDisplayManager.choiceTimeout\fP + Number of seconds to wait for display to respond after user has + selected a host from the chooser. If the display sends an XDMCP +@@ -384,17 +386,19 @@ + which describes the various + resources that are appropriate to place in this file. + There is no default value for this resource, but +-\fI__projectroot__/lib/X11/xdm/Xresources\fP ++.I __projectroot__/lib/X11/xdm/Xresources + is the conventional name. + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.chooser\fP" + Specifies the program run to offer a host menu for Indirect queries + redirected to the special host name CHOOSER. +-\fI__projectroot__/lib/X11/xdm/chooser\fP is the default. +-See the sections \fBXDMCP Access Control\fP and \fBChooser\fP. ++.I __projectroot__/lib/X11/xdm/chooser ++is the default. See the sections \fBXDMCP Access Control\fP and ++\fBChooser\fP. + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.xrdb\fP" + Specifies the program used to load the resources. By default, + .I xdm +-uses \fI__projectroot__/bin/xrdb\fP. ++uses ++.IR __projectroot__/bin/xrdb . + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.cpp\fP" + This specifies the name of the C preprocessor which is used by \fIxrdb\fP. + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.setup\fP" +@@ -412,8 +416,9 @@ + See the section \fBStartup Program.\fP + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.session\fP" + This specifies the session to be executed (not running as root). +-By default, \fI__projectroot__/bin/xterm\fP is +-run. The conventional name is \fIXsession\fP. ++By default, ++.I __projectroot__/bin/xterm ++is run. The conventional name is \fIXsession\fP. + See the section + .B "Session Program." + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.reset\fP" +@@ -498,7 +503,9 @@ + will fall back to this program. This program is executed with no + arguments, but executes using the same environment variables as + the session would have had (see the section \fBSession Program\fP). +-By default, \fI__projectroot__/bin/xterm\fP is used. ++By default, ++.I __projectroot__/bin/xterm ++is used. + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabServer\fP" + .IP "\fBDisplayManager.\fP\fIDISPLAY\fP\fB.grabTimeout\fP" + To improve security, +@@ -577,8 +584,9 @@ + First, the + .I xdm + configuration file should be set up. +-Make a directory (usually \fI__projectroot__/lib/X11/xdm\fP) to contain all +-of the relevant files. ++Make a directory (usually ++.IR __projectroot__/lib/X11/xdm ) ++to contain all of the relevant files. + .LP + Here is a reasonable configuration file, which could be + named \fIxdm-config\fP: +diff -urN xc/programs/xdm~/xdmauth.c xc/programs/xdm/xdmauth.c +--- xc/programs/xdm~/xdmauth.c 2001-12-14 15:01:25.000000000 -0500 ++++ xc/programs/xdm/xdmauth.c 2003-02-23 17:04:25.000000000 -0500 +@@ -45,11 +45,20 @@ + static char auth_name[256]; + static int auth_name_len; + +-void +-XdmPrintDataHex (s, a, l) +- char *s; +- char *a; +- int l; ++static void XdmPrintDataHex (char *s, char *a, int l); ++# ifdef XDMCP ++static void XdmPrintArray8Hex (char *s, ARRAY8Ptr a); ++# endif ++static Xauth *XdmGetAuthHelper (unsigned short namelen, ++ char *name, ++ int includeRho); ++# ifdef XDMCP ++static int HexToBinary (char *key); ++static int XdmGetKey (struct protoDisplay *pdpy, ARRAY8Ptr displayID); ++# endif + - if ( (localkey[0] == 0) && (localkey[1] == 0) ) { --#ifdef ARC4_RANDOM -+# ifdef ARC4_RANDOM - localkey[0] = arc4random(); - localkey[1] = arc4random(); --#elif defined(DEV_RANDOM) -+# elif defined(DEV_RANDOM) - int fd; -- -+ - if ((fd = open(DEV_RANDOM, O_RDONLY)) >= 0) { - if (read(fd, (char *)localkey, 8) != 8) { - localkey[0] = 1; -@@ -242,24 +206,19 @@ - } else { - localkey[0] = 1; - } --#else -- if (!sumFile (randomFile, localkey)) { -- localkey[0] = 1; /* To keep from continually calling sumFile() */ -- } --#endif -+# endif /* ARC4_RANDOM, DEV_RANDOM */ - } ++static void ++XdmPrintDataHex (char *s, char *a, int l) + { + int i; -- seed = (ldata[0]+localkey[0]) + ((ldata[1]+localkey[1]) << 16); -- xdm_srand (seed); -- for (i = 0; i < len; i++) -- { -+ seed = (ldata[0]+localkey[0]) + ((ldata[1]+localkey[1]) << 16); -+ xdm_srand (seed); -+ for (i = 0; i < len; i++) { - value = xdm_rand (); - auth[i] = (value & 0xff00) >> 8; -- } -+ } - value = len; - if (value > sizeof (key)) - value = sizeof (key); -- memmove( (char *) key, auth, value); -+ memmove( (char *) key, auth, value); - } --#endif -+#endif /* HASXDMAUTH */ +@@ -59,7 +68,7 @@ + Debug ("\n"); } -diff -urN xc/programs/xdm~/resource.c xc/programs/xdm/resource.c ---- xc/programs/xdm~/resource.c 2002-11-02 13:03:25.000000000 -0500 -+++ xc/programs/xdm/resource.c 2002-11-02 13:19:52.000000000 -0500 -@@ -35,11 +35,11 @@ - * resource.c - */ --# include "dm.h" --# include "dm_error.h" -+#include "dm.h" -+#include "dm_error.h" +-#ifdef notdef /* not used */ ++#if 0 /* not used */ + void + XdmPrintKey (s, k) + char *s; +@@ -69,20 +78,16 @@ + } + #endif --# include <X11/Intrinsic.h> --# include <X11/Xmu/CharSet.h> -+#include <X11/Intrinsic.h> -+#include <X11/Xmu/CharSet.h> +-#ifdef XDMCP +-void +-XdmPrintArray8Hex (s, a) +- char *s; +- ARRAY8Ptr a; ++# ifdef XDMCP ++static void ++XdmPrintArray8Hex (char *s, ARRAY8Ptr a) + { + XdmPrintDataHex (s, (char *) a->data, a->length); + } +-#endif ++# endif - char *config; + void +-XdmInitAuth (name_len, name) +- unsigned short name_len; +- char *name; ++XdmInitAuth (unsigned short name_len, char *name) + { + if (name_len > 256) + name_len = 256; +@@ -91,7 +96,7 @@ + } -@@ -62,10 +62,10 @@ - char *willing; - int choiceTimeout; /* chooser choice timeout */ + /* +- * Generate authorization for XDM-AUTHORIZATION-1 ++ * Generate authorization for XDM-AUTHORIZATION-1 + * + * When being used with XDMCP, 8 bytes are generated for the session key + * (sigma), as the random number (rho) is already shared between xdm and +@@ -99,11 +104,8 @@ + * between xdm and the server (16 bytes total) + */ --# define DM_STRING 0 --# define DM_INT 1 --# define DM_BOOL 2 --# define DM_ARGV 3 -+#define DM_STRING 0 -+#define DM_INT 1 -+#define DM_BOOL 2 -+#define DM_ARGV 3 +-Xauth * +-XdmGetAuthHelper (namelen, name, includeRho) +- unsigned short namelen; +- char *name; +- int includeRho; ++static Xauth * ++XdmGetAuthHelper (unsigned short namelen, char *name, int includeRho) + { + Xauth *new; + new = (Xauth *) malloc (sizeof (Xauth)); +@@ -146,20 +148,17 @@ + } - /* - * the following constants are supposed to be set in the makefile from -@@ -175,9 +176,9 @@ - ""} , - }; + Xauth * +-XdmGetAuth (namelen, name) +- unsigned short namelen; +- char *name; ++XdmGetAuth (unsigned short namelen, char *name) + { + return XdmGetAuthHelper (namelen, name, TRUE); + } --# define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0]) -+#define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0]) +-#ifdef XDMCP ++# ifdef XDMCP --# define boffset(f) XtOffsetOf(struct display, f) -+#define boffset(f) XtOffsetOf(struct display, f) + void +-XdmGetXdmcpAuth (pdpy,authorizationNameLen, authorizationName) +- struct protoDisplay *pdpy; +- unsigned short authorizationNameLen; +- char *authorizationName; ++XdmGetXdmcpAuth (struct protoDisplay *pdpy, ++ unsigned short authorizationNameLen, ++ char *authorizationName) + { + Xauth *fileauth, *xdmcpauth; - struct displayResource { - char *name, *class; -@@ -225,7 +226,7 @@ - "" }, - }; +@@ -200,7 +199,9 @@ + XdmPrintDataHex ("Accept packet auth", xdmcpauth->data, xdmcpauth->data_length); + XdmPrintDataHex ("Auth file auth", fileauth->data, fileauth->data_length); + /* encrypt the session key for its trip back to the server */ +- XdmcpWrap (xdmcpauth->data, (unsigned char *)&pdpy->key, xdmcpauth->data, 8); ++ XdmcpWrap ((unsigned char *)&xdmcpauth->data, ++ (unsigned char *)&pdpy->key, ++ (unsigned char *)&xdmcpauth->data, 8); + pdpy->fileAuthorization = fileauth; + pdpy->xdmcpAuthorization = xdmcpauth; + } +@@ -210,8 +211,7 @@ + 'A' <= c && c <= 'F' ? c - 'A' + 10 : -1) --# define NUM_SERVER_RESOURCES (sizeof serverResources/\ -+#define NUM_SERVER_RESOURCES (sizeof serverResources/\ - sizeof serverResources[0]) + static int +-HexToBinary (key) +- char *key; ++HexToBinary (char *key) + { + char *out, *in; + int top, bottom; +@@ -240,10 +240,8 @@ + * routine accepts either plain ascii strings for keys, or hex-encoded numbers + */ - /* resources which control the session behaviour */ -@@ -257,7 +258,7 @@ - DEF_CHOOSER }, - }; +-int +-XdmGetKey (pdpy, displayID) +- struct protoDisplay *pdpy; +- ARRAY8Ptr displayID; ++static int ++XdmGetKey (struct protoDisplay *pdpy, ARRAY8Ptr displayID) + { + FILE *keys; + char line[1024], id[1024], key[1024]; +@@ -305,5 +303,5 @@ + return TRUE; + } --# define NUM_SESSION_RESOURCES (sizeof sessionResources/\ -+#define NUM_SESSION_RESOURCES (sizeof sessionResources / \ - sizeof sessionResources[0]) +-#endif /* XDMCP */ ++# endif /* XDMCP */ + #endif /* HASXDMAUTH (covering the entire file) */ +diff -urN xc/programs/xdm~/xdmcp.c xc/programs/xdm/xdmcp.c +--- xc/programs/xdm~/xdmcp.c 2003-02-23 17:03:35.000000000 -0500 ++++ xc/programs/xdm/xdmcp.c 2003-02-23 17:04:25.000000000 -0500 +@@ -966,7 +966,7 @@ + d = FindDisplayByName (name); + if (d) + { +- Debug ("Terminating active session for %s\n", d->name); ++ LogInfo ("Terminating active session for %s\n", d->name); + StopDisplay (d); + } + class = malloc (displayClass.length + 1); +diff -urN xc/programs/xdm~/xdmshell.c xc/programs/xdm/xdmshell.c +--- xc/programs/xdm~/xdmshell.c 2001-12-14 15:01:26.000000000 -0500 ++++ xc/programs/xdm/xdmshell.c 2003-02-23 17:04:25.000000000 -0500 +@@ -41,6 +41,7 @@ + #include <stdio.h> + #include "dm.h" + #include <errno.h> ++#include <string.h> - XrmDatabase DmResourceDB; -diff -urN xc/programs/xdm~/xdm.man xc/programs/xdm/xdm.man ---- xc/programs/xdm~/xdm.man 2002-11-02 13:03:25.000000000 -0500 -+++ xc/programs/xdm/xdm.man 2002-11-02 13:03:51.000000000 -0500 -@@ -346,9 +346,11 @@ - to pass on to the \fIXsetup\fP, - \fIXstartup\fP, \fIXsession\fP, and \fIXreset\fP programs. - .IP \fBDisplayManager.randomFile\fP --A file to checksum to generate the seed of authorization keys. --This should be a file that changes frequently. --The default is \fI/dev/mem\fP. -+A file from which to gather entropy for the generation of authorization -+keys. This resource is only used if -+.B xdm -+was compiled with support for the XDM-AUTHORIZATION-1 protocol and the -+\(oqrandom\(cq device. The default is \fI/dev/random\fP. - .IP \fBDisplayManager.greeterLib\fP - On systems that support a dynamically-loadable greeter library, the - name of the library. The default is + #ifdef macII + #define ON_CONSOLE_ONLY +@@ -193,7 +194,7 @@ + args[4] = NULL; + if (exec_args (cmdbuf, args) == -1) { + fprintf (stderr, "%s: unable to execute %s (error %d, %s)\r\n", +- ProgramName, cmdbuf, errno, strerror(errno)); ++ ProgramName, cmdbuf, errno, strerror (errno)); + exit (1); + } + Property changes on: branches/4.3.0/sid/debian/patches/002_xdm_fixes.diff ___________________________________________________________________ Name: svn:keywords + Id Deleted: branches/4.3.0/sid/debian/patches/821_gnu-freebsd_xdm.diff =================================================================== --- branches/4.3.0/sid/debian/patches/821_gnu-freebsd_xdm.diff 2003-09-15 08:42:56 UTC (rev 529) +++ branches/4.3.0/sid/debian/patches/821_gnu-freebsd_xdm.diff 2003-09-15 20:06:51 UTC (rev 530) @@ -1,29 +0,0 @@ - - the setpgrp define shouldn't be necessary if Glibc's setpgrp was - equivalent to setpgid as described in the Glibc (info, of course) - documentation. --Robert Millan <[EMAIL PROTECTED]> - -diff -Nur xc/programs/xdm.old/Imakefile xc/programs/xdm/Imakefile ---- xc/programs/xdm.old/Imakefile 2003-05-31 14:55:26.000000000 +0200 -+++ xc/programs/xdm/Imakefile 2003-05-31 15:05:02.000000000 +0200 -@@ -133,7 +133,7 @@ - RANDOM_DEFINES = -DDEV_RANDOM -DDEF_RANDOM_FILE="\"/dev/urandom\"" - #endif - --#if defined(LinuxArchitecture) || defined(GNUMachArchitecture) -+#if defined(LinuxArchitecture) || defined(GNUMachArchitecture) || defined(GNUFreeBSDArchitecture) - RANDOM_DEFINES = -DDEV_RANDOM -DDEF_RANDOM_FILE="\"/dev/random\"" - #endif - -diff -Nur xc/programs/xdm.old/util.c xc/programs/xdm/util.c ---- xc/programs/xdm.old/util.c 2002-05-31 20:46:10.000000000 +0200 -+++ xc/programs/xdm/util.c 2003-05-31 15:05:02.000000000 +0200 -@@ -55,7 +55,7 @@ - #undef _POSIX_SOURCE - #endif - #endif --#if defined(__osf__) || defined(linux) || defined(__QNXNTO__) || defined(__GNU__) -+#if defined(__osf__) || defined(linux) || defined(__QNXNTO__) || defined(__GNU__) || defined(__GLIBC__) - #define setpgrp setpgid - #endif -