сб, 6 мар. 2021 г. в 23:14, Matthieu Herrb <matth...@herrb.eu>:
>
> On Sat, Mar 06, 2021 at 09:52:58PM +0300, Vadim Zhukov wrote:
> > сб, 6 мар. 2021 г. в 21:30, Theo de Raadt <dera...@openbsd.org>:
> > >
> > > Matthieu Herrb <matth...@openbsd.org> wrote:
> > >
> > > > Linux, systemd and XDG have inventend this /run/user/$uid tmpfs that
> > > > is created automagically and they use that in place of /tmp for
> > > > volatile things that don't beloing to $HOME, but this is not a can of
> > > > worms I want to open now.
> > >
> > > Awesome, another directory to drop stuff and run a filesystem out of space
> > > with unclear consequences...
> > >
> > > This does not fit with our direction either.
> >
> > So this code appeared in X11R4. There was no VCS repo, I suppose, so no
> > history.
> >
> > There are basically four cases why xdm may fail to create ~/.Xauthority:
> >
> > a) home directory doesn't exist
> > b) home directory is non-writeable due to permissions
> > c) /home is full
> > d) /home is on NFS and there are locking/network issues.
> >
> > I'm not sure if (a) is a valid case. (b) is a variant of my case, as I
> > said, I can live without this feature. In the case of (c) users
> > (non-admins) won't be able to do something anyway. Can't speak for NFS
> > (I've quit the job where /home on NFS has been set up a few years ago)
> > so no opinion on (d).
> >
>
> I think 4 his not an issue anymore.the locking mecanism used by xauth
> is working with all current NFS implementations (including
> OpenBSD's).
>
> Here is a patch to remve the backup authorization file. Unfortunatly
> there is no simple way to display an explicit error message. One will
> need to check the xenodm.log file.
>
> Xsession can be patched too to remove the fallback to /tmp/xes- log
> file if ~/.xsession-errors cannot be writen. This will be a separate
> diff.
>
> Index: include/dm.h
> ===================================================================
> RCS file: /cvs/OpenBSD/xenocara/app/xenodm/include/dm.h,v
> retrieving revision 1.15
> diff -u -p -u -r1.15 dm.h
> --- include/dm.h 10 Jan 2021 09:18:30 -0000 1.15
> +++ include/dm.h 6 Mar 2021 17:53:44 -0000
> @@ -122,7 +122,6 @@ struct display {
> char **authNames; /* authorization protocol names */
> unsigned short *authNameLens; /* authorization protocol name lens */
> char *clientAuthFile;/* client specified auth file */
> - char *userAuthDir; /* backup directory for tickets */
> int authComplain; /* complain when no auth for XDMCP */
>
> /* information potentially derived from resources */
> Index: man/xenodm.man
> ===================================================================
> RCS file: /cvs/OpenBSD/xenocara/app/xenodm/man/xenodm.man,v
> retrieving revision 1.11
> diff -u -p -u -r1.11 xenodm.man
> --- man/xenodm.man 15 Aug 2019 16:23:33 -0000 1.11
> +++ man/xenodm.man 6 Mar 2021 17:53:44 -0000
> @@ -582,18 +582,6 @@ to occur, during which time the new auth
> The default is
> .Cm false ,
> which will work for all MIT servers.
> -.It Ic DisplayManager. Ns Ar DISPLAY Ns Ic .userAuthDir
> -When
> -.Nm
> -is unable to write to the usual user authorization file
> -.Pq Pa $HOME/.Xauthority ,
> -it creates a unique file name in this directory and points the environment
> -variable
> -.Ev XAUTHORITY
> -at the created file.
> -It uses
> -.Pa /tmp
> -by default.
> .El
> .Sh CONFIGURATION FILE
> First, the
> Index: xenodm/auth.c
> ===================================================================
> RCS file: /cvs/OpenBSD/xenocara/app/xenodm/xenodm/auth.c,v
> retrieving revision 1.15
> diff -u -p -u -r1.15 auth.c
> --- xenodm/auth.c 1 Jan 2021 18:09:07 -0000 1.15
> +++ xenodm/auth.c 6 Mar 2021 17:53:44 -0000
> @@ -752,7 +752,7 @@ void
> SetUserAuthorization (struct display *d, struct verify_info *verify)
> {
> FILE *old = NULL, *new;
> - char home_name[1024], backup_name[1024], new_name[1024];
> + char home_name[1024], new_name[1024];
> char *name = NULL;
> char *home;
> char *envname = NULL;
> @@ -762,7 +762,6 @@ SetUserAuthorization (struct display *d,
> struct stat statb;
> int i;
> int magicCookie;
> - int fd;
>
> Debug ("SetUserAuthorization\n");
> auths = d->authorizations;
> @@ -793,45 +792,10 @@ SetUserAuthorization (struct display *d,
> }
> }
> if (lockStatus != LOCK_SUCCESS) {
> - snprintf (backup_name, sizeof(backup_name),
> - "%s/.XauthXXXXXX", d->userAuthDir);
> - fd = mkstemp (backup_name);
> - if (fd >= 0) {
> - old = fdopen (fd, "r");
> - if (old == NULL)
> - (void) close(fd);
> - }
> -
> - if (old != NULL)
> - {
> - lockStatus = XauLockAuth (backup_name, 1, 2, 10);
> - Debug ("backup lock is %d\n", lockStatus);
> - if (lockStatus == LOCK_SUCCESS) {
> - if (openFiles (backup_name, new_name, sizeof(new_name),
> - &old, &new)
> - && (old != NULL) && (new != NULL)) {
> - name = backup_name;
> - setenv = 1;
> - } else {
> - XauUnlockAuth (backup_name);
> - lockStatus = LOCK_ERROR;
> - if (old != NULL) {
> - (void) fclose (old);
> - old = NULL;
> - }
> - if (new != NULL)
> - (void) fclose (new);
> - }
> - } else {
> - (void) fclose (old);
> - }
> - }
> - }
> - if (lockStatus != LOCK_SUCCESS) {
> - Debug ("can't lock auth file %s or backup %s\n",
> - home_name, backup_name);
> - LogError ("can't lock authorization file %s or backup %s\n",
> - home_name, backup_name);
> + Debug ("can't lock auth file %s\n",
> + home_name);
> + LogError ("can't lock authorization file %s\n",
> + home_name);
> return;
> }
> initAddrs ();
> Index: xenodm/dpylist.c
> ===================================================================
> RCS file: /cvs/OpenBSD/xenocara/app/xenodm/xenodm/dpylist.c,v
> retrieving revision 1.3
> diff -u -p -u -r1.3 dpylist.c
> --- xenodm/dpylist.c 10 Jan 2021 09:18:30 -0000 1.3
> +++ xenodm/dpylist.c 6 Mar 2021 17:53:44 -0000
> @@ -128,7 +128,6 @@ RemoveDisplay (struct display *old)
> if (d->authFile)
> (void) unlink (d->authFile);
> free (d->authFile);
> - free (d->userAuthDir);
> for (x = d->authNames; x && *x; x++)
> free (*x);
> free (d->authNames);
> @@ -195,7 +194,6 @@ NewDisplay (char *name, char *class)
> d->authNameNum = 0;
> d->clientAuthFile = NULL;
> d->authFile = NULL;
> - d->userAuthDir = NULL;
> d->authNames = NULL;
> d->authNameLens = NULL;
> d->authComplain = 1;
> Index: xenodm/resource.c
> ===================================================================
> RCS file: /cvs/OpenBSD/xenocara/app/xenodm/xenodm/resource.c,v
> retrieving revision 1.5
> diff -u -p -u -r1.5 resource.c
> --- xenodm/resource.c 3 Nov 2018 18:04:45 -0000 1.5
> +++ xenodm/resource.c 6 Mar 2021 17:53:44 -0000
> @@ -200,8 +200,6 @@ struct displayResource sessionResources[
> DEF_SYSTEM_SHELL },
> { "failsafeClient","FailsafeClient", DM_STRING,
> boffset(failsafeClient),
> DEF_FAILSAFE_CLIENT },
> -{ "userAuthDir","UserAuthDir", DM_STRING, boffset(userAuthDir),
> - DEF_USER_AUTH_DIR },
> };
>
> #define NUM_SESSION_RESOURCES (sizeof sessionResources/\
There is also the DEF_USER_AUTH_DIR definition left in resource.c.
Is there any point in keeping XAUTHORITY envvar handling at all, since
it only gets set in the non-default case, which is being removed?
--
WBR,
Vadim Zhukov
