сб, 6 мар. 2021 г. в 23:14, Matthieu Herrb <matth...@herrb.eu>: > > On Sat, Mar 06, 2021 at 09:52:58PM +0300, Vadim Zhukov wrote: > > сб, 6 мар. 2021 г. в 21:30, Theo de Raadt <dera...@openbsd.org>: > > > > > > Matthieu Herrb <matth...@openbsd.org> wrote: > > > > > > > Linux, systemd and XDG have inventend this /run/user/$uid tmpfs that > > > > is created automagically and they use that in place of /tmp for > > > > volatile things that don't beloing to $HOME, but this is not a can of > > > > worms I want to open now. > > > > > > Awesome, another directory to drop stuff and run a filesystem out of space > > > with unclear consequences... > > > > > > This does not fit with our direction either. > > > > So this code appeared in X11R4. There was no VCS repo, I suppose, so no > > history. > > > > There are basically four cases why xdm may fail to create ~/.Xauthority: > > > > a) home directory doesn't exist > > b) home directory is non-writeable due to permissions > > c) /home is full > > d) /home is on NFS and there are locking/network issues. > > > > I'm not sure if (a) is a valid case. (b) is a variant of my case, as I > > said, I can live without this feature. In the case of (c) users > > (non-admins) won't be able to do something anyway. Can't speak for NFS > > (I've quit the job where /home on NFS has been set up a few years ago) > > so no opinion on (d). > > > > I think 4 his not an issue anymore.the locking mecanism used by xauth > is working with all current NFS implementations (including > OpenBSD's). > > Here is a patch to remve the backup authorization file. Unfortunatly > there is no simple way to display an explicit error message. One will > need to check the xenodm.log file. > > Xsession can be patched too to remove the fallback to /tmp/xes- log > file if ~/.xsession-errors cannot be writen. This will be a separate > diff. > > Index: include/dm.h > =================================================================== > RCS file: /cvs/OpenBSD/xenocara/app/xenodm/include/dm.h,v > retrieving revision 1.15 > diff -u -p -u -r1.15 dm.h > --- include/dm.h 10 Jan 2021 09:18:30 -0000 1.15 > +++ include/dm.h 6 Mar 2021 17:53:44 -0000 > @@ -122,7 +122,6 @@ struct display { > char **authNames; /* authorization protocol names */ > unsigned short *authNameLens; /* authorization protocol name lens */ > char *clientAuthFile;/* client specified auth file */ > - char *userAuthDir; /* backup directory for tickets */ > int authComplain; /* complain when no auth for XDMCP */ > > /* information potentially derived from resources */ > Index: man/xenodm.man > =================================================================== > RCS file: /cvs/OpenBSD/xenocara/app/xenodm/man/xenodm.man,v > retrieving revision 1.11 > diff -u -p -u -r1.11 xenodm.man > --- man/xenodm.man 15 Aug 2019 16:23:33 -0000 1.11 > +++ man/xenodm.man 6 Mar 2021 17:53:44 -0000 > @@ -582,18 +582,6 @@ to occur, during which time the new auth > The default is > .Cm false , > which will work for all MIT servers. > -.It Ic DisplayManager. Ns Ar DISPLAY Ns Ic .userAuthDir > -When > -.Nm > -is unable to write to the usual user authorization file > -.Pq Pa $HOME/.Xauthority , > -it creates a unique file name in this directory and points the environment > -variable > -.Ev XAUTHORITY > -at the created file. > -It uses > -.Pa /tmp > -by default. > .El > .Sh CONFIGURATION FILE > First, the > Index: xenodm/auth.c > =================================================================== > RCS file: /cvs/OpenBSD/xenocara/app/xenodm/xenodm/auth.c,v > retrieving revision 1.15 > diff -u -p -u -r1.15 auth.c > --- xenodm/auth.c 1 Jan 2021 18:09:07 -0000 1.15 > +++ xenodm/auth.c 6 Mar 2021 17:53:44 -0000 > @@ -752,7 +752,7 @@ void > SetUserAuthorization (struct display *d, struct verify_info *verify) > { > FILE *old = NULL, *new; > - char home_name[1024], backup_name[1024], new_name[1024]; > + char home_name[1024], new_name[1024]; > char *name = NULL; > char *home; > char *envname = NULL; > @@ -762,7 +762,6 @@ SetUserAuthorization (struct display *d, > struct stat statb; > int i; > int magicCookie; > - int fd; > > Debug ("SetUserAuthorization\n"); > auths = d->authorizations; > @@ -793,45 +792,10 @@ SetUserAuthorization (struct display *d, > } > } > if (lockStatus != LOCK_SUCCESS) { > - snprintf (backup_name, sizeof(backup_name), > - "%s/.XauthXXXXXX", d->userAuthDir); > - fd = mkstemp (backup_name); > - if (fd >= 0) { > - old = fdopen (fd, "r"); > - if (old == NULL) > - (void) close(fd); > - } > - > - if (old != NULL) > - { > - lockStatus = XauLockAuth (backup_name, 1, 2, 10); > - Debug ("backup lock is %d\n", lockStatus); > - if (lockStatus == LOCK_SUCCESS) { > - if (openFiles (backup_name, new_name, sizeof(new_name), > - &old, &new) > - && (old != NULL) && (new != NULL)) { > - name = backup_name; > - setenv = 1; > - } else { > - XauUnlockAuth (backup_name); > - lockStatus = LOCK_ERROR; > - if (old != NULL) { > - (void) fclose (old); > - old = NULL; > - } > - if (new != NULL) > - (void) fclose (new); > - } > - } else { > - (void) fclose (old); > - } > - } > - } > - if (lockStatus != LOCK_SUCCESS) { > - Debug ("can't lock auth file %s or backup %s\n", > - home_name, backup_name); > - LogError ("can't lock authorization file %s or backup %s\n", > - home_name, backup_name); > + Debug ("can't lock auth file %s\n", > + home_name); > + LogError ("can't lock authorization file %s\n", > + home_name); > return; > } > initAddrs (); > Index: xenodm/dpylist.c > =================================================================== > RCS file: /cvs/OpenBSD/xenocara/app/xenodm/xenodm/dpylist.c,v > retrieving revision 1.3 > diff -u -p -u -r1.3 dpylist.c > --- xenodm/dpylist.c 10 Jan 2021 09:18:30 -0000 1.3 > +++ xenodm/dpylist.c 6 Mar 2021 17:53:44 -0000 > @@ -128,7 +128,6 @@ RemoveDisplay (struct display *old) > if (d->authFile) > (void) unlink (d->authFile); > free (d->authFile); > - free (d->userAuthDir); > for (x = d->authNames; x && *x; x++) > free (*x); > free (d->authNames); > @@ -195,7 +194,6 @@ NewDisplay (char *name, char *class) > d->authNameNum = 0; > d->clientAuthFile = NULL; > d->authFile = NULL; > - d->userAuthDir = NULL; > d->authNames = NULL; > d->authNameLens = NULL; > d->authComplain = 1; > Index: xenodm/resource.c > =================================================================== > RCS file: /cvs/OpenBSD/xenocara/app/xenodm/xenodm/resource.c,v > retrieving revision 1.5 > diff -u -p -u -r1.5 resource.c > --- xenodm/resource.c 3 Nov 2018 18:04:45 -0000 1.5 > +++ xenodm/resource.c 6 Mar 2021 17:53:44 -0000 > @@ -200,8 +200,6 @@ struct displayResource sessionResources[ > DEF_SYSTEM_SHELL }, > { "failsafeClient","FailsafeClient", DM_STRING, > boffset(failsafeClient), > DEF_FAILSAFE_CLIENT }, > -{ "userAuthDir","UserAuthDir", DM_STRING, boffset(userAuthDir), > - DEF_USER_AUTH_DIR }, > }; > > #define NUM_SESSION_RESOURCES (sizeof sessionResources/\
There is also the DEF_USER_AUTH_DIR definition left in resource.c. Is there any point in keeping XAUTHORITY envvar handling at all, since it only gets set in the non-default case, which is being removed? -- WBR, Vadim Zhukov