mikew@wyse.wyse.com (Mike Wexler) (11/22/88)
Submitted-by: keith@expo.lcs.mit.edu (Keith Packard)
Posting-number: Volume 2, Issue 16
Archive-name: x11.3/patch2
Here is the second official patch for Xv11r3. I'll be mailing each
fix directly to you for distribution on comp.sources.x.
Keith Packard
MIT X Consortium
(617) 253-1428
keith@EXPO.LCS.MIT.EDU
The security patches here are IMPORTANT. Please make your users aware
of the SECURITY section of the xterm manual page, once installed.
This patch fixes problems in the following files:
server/os/4.2bsd/osinit.c rgb.dir corruption
server/dix/window.c core dump on no-op UnmapSubwindows
clients/xterm/xterm.man provide Secure Keyboard mode and
ptyx.h allowSendEvents resource
button.c
charproc.c
Tekproc.c
menu.c
misc.c
clients/xdm/Login.c fix some security problems, make sure
display.c error log is on fd 2, fix font nits
dm.c
dm.h
error.c
greet.c
pseudoreset.c
resource.c
session.c
verify.c
xdm.man
*** /tmp/,RCSt1a03944 Fri Nov 18 16:35:03 1988
--- server/os/4.2bsd/osinit.c Mon Nov 14 18:11:44 1988
***************
*** 21,27 ****
SOFTWARE.
******************************************************************/
! /* $XConsortium: osinit.c,v 1.19 88/10/12 11:12:37 jim Exp $ */
#include "os.h"
#include "opaque.h"
#undef NULL
--- 21,27 ----
SOFTWARE.
******************************************************************/
! /* $XConsortium: osinit.c,v 1.21 88/11/14 18:12:26 rws Exp $ */
#include "os.h"
#include "opaque.h"
#undef NULL
***************
*** 60,70 ****
{
long t;
char *ctime();
fclose(stdin);
fclose(stdout);
sprintf (fname, ADMPATH, display);
! if (!freopen (fname, "a+", stderr))
! freopen ("/dev/null", "w", stderr);
#if defined(macII) || defined(hpux)
{
static char buf[BUFSIZ];
--- 60,80 ----
{
long t;
char *ctime();
+ FILE *err;
fclose(stdin);
fclose(stdout);
sprintf (fname, ADMPATH, display);
! /*
! * uses stdio to avoid os dependencies here,
! * a real os would use
! * open (fname, O_WRONLY|O_APPEND|O_CREAT, 0666)
! */
! if (!(err = fopen (fname, "a+")))
! err = fopen ("/dev/null", "w");
! if (err && (fileno(err) != 2)) {
! dup2 (fileno (err), 2);
! fclose (err);
! }
#if defined(macII) || defined(hpux)
{
static char buf[BUFSIZ];
*** /tmp/,RCSt1a03951 Fri Nov 18 16:36:42 1988
--- server/dix/window.c Fri Nov 11 09:51:37 1988
***************
*** 22,28 ****
******************************************************************/
! /* $XConsortium: window.c,v 1.220 88/10/22 13:27:56 keith Exp $ */
#include "X.h"
#define NEED_REPLIES
--- 22,28 ----
******************************************************************/
! /* $XConsortium: window.c,v 1.221 88/11/11 09:52:30 rws Exp $ */
#include "X.h"
#define NEED_REPLIES
***************
*** 3273,3278 ****
--- 3273,3280 ----
Bool anyMarked;
BoxPtr box;
+ if (!pWin->firstChild)
+ return;
if (wasViewable)
{
box = (* pWin->drawable.pScreen->RegionExtents)(pWin->winSize);
*** /tmp/,RCSt1a03187 Thu Nov 17 17:07:50 1988
--- clients/xterm/xterm.man Thu Nov 17 16:00:33 1988
***************
*** 406,411 ****
--- 406,418 ----
The following resources are specified as part of the ``vt100'' widget (class
``VT100''):
.TP 8
+ .B "allowSendEvents (\fPclass\fB AllowSendEvents)"
+ Specifies whether or not synthetic key and button events (generated using
+ the X protocol SendEvent request) should be interpreted or discarded.
+ The default is ``false'' meaning they are discarded. Note that allowing
+ such events creates a very large security hole.
+ .sp
+ .TP 8
.B "alwaysHighlight (\fPclass\fB AlwaysHighlight)"
Specifies whether or not \fIxterm\fP should always display a highlighted
text cursor. By default, a hollow text cursor is displayed whenever the
***************
*** 730,735 ****
--- 737,746 ----
pressed in a window.
The modes section contains items that apply to both the VT102 and Tektronix
windows.
+ The
+ .B Secure Keyboard
+ mode should be used when typing in passwords or other sensitive data;
+ see \fBSECURITY\fP below.
Notable entries in the command section of the menu are the
.BR Continue ,
.BR Suspend ,
***************
*** 769,774 ****
--- 780,830 ----
The
.B PAGE
entry in the command section clears the Tektronix window.
+ .SH SECURITY
+ .PP
+ X environments differ in their security conciousness. The servers provided
+ by MIT use a host-based mechanism to control access to the server (see
+ \fIxhost(1)\fP). If you enable access for a host, and other users are
+ also permitted to run clients on that host, there is the possibility that
+ someone will run an application that will attempt to use the basic services
+ of the X protocol to snoop on your activities, and potentially capture a
+ transcript of everything you type at the keyboard. This is of particular
+ concern when you want to type in a password or other sensitive data.
+ The best solution to this problem is for the industry to choose a standard
+ authorization mechanism, with the necessary operating system support,
+ and to incorporate this into the X protocol (which is already designed to
+ handle such a mechanism). In the mean time, since passwords are most
+ commonly typed to something running in an \fIxterm\fP window, a simple
+ mechanism exists for protecting keyboard input in \fIxterm\fP.
+ .PP
+ The \fBxterm\fP menu (see \fBMENUS\fP above) contains a \fBSecure Keyboard\fP
+ entry which, when enabled, ensures that all keyboard input is directed
+ \fIonly\fP to \fIxterm\fP (using the GrabKeyboard protocol request).
+ When an application prompts you for a password
+ (or other sensitive data), you can enable \fBSecure Keyboard\fP using the
+ menu, type in the data, and then disable \fBSecure Keyboard\fP using
+ the menu again. Only one X client at a time can secure the keyboard,
+ so when you attempt to enable \fBSecure Keyboard\fP it may fail. In
+ this case, the bell will sound. If the \fBSecure Keyboard\fP succeeds,
+ the foreground and background colors will be exchanged (as if you
+ selected the \fBReverse Video\fP entry in the \fBModes\fP menu);
+ they will be exchanged again when you exit secure mode. If the colors
+ do \fInot\fP switch, then
+ you should be \fIvery\fP suspicious that you are being spoofed. If
+ the application you are running displays a prompt before asking for
+ the password, it is safest to enter secure mode \fIbefore\fP the
+ prompt gets displayed, and to make sure that the prompt gets displayed
+ correctly (in the new colors), to minimize the probability of
+ spoofing. You can also bring up the menu again and make sure that a check
+ mark appears next to the entry.
+ .PP
+ \fBSecure Keyboard\fP mode will be disabled automatically if your xterm
+ window becomes iconified (or otherwise unmapped), or if you start up
+ a reparenting window manager (that places a title bar or other decoration
+ around the window) while in \fBSecure Keyboard\fP mode. (This is a
+ feature of the X protocol not easily overcome.) When this happens,
+ the foreground and background colors will be switched back and the bell
+ will sound in warning.
.SH "CHARACTER CLASSES"
Clicking the middle mouse button twice in rapid succession will cause all
characters of the same class (e.g. letters, white space, punctuation) to be
***************
*** 835,840 ****
--- 891,899 ----
is not expected, and will cause unpredictable behavior.
.PP
The actions available for key translations are:
+ .TP 15
+ .B secure()
+ Toggles the \fBSecure Keyboard\fP mode; see \fBSECURITY\fP.
.TP 15
.B insert()
Processes the key in the normal way; i.e. inserts the
*** /tmp/,RCSt1a03192 Thu Nov 17 17:08:04 1988
--- clients/xterm/ptyx.h Wed Nov 16 18:12:31 1988
***************
*** 1,5 ****
/*
! * $XConsortium: ptyx.h,v 1.18 88/10/07 14:12:29 swick Exp $
*/
#include <X11/copyright.h>
--- 1,5 ----
/*
! * $XConsortium: ptyx.h,v 1.20 88/11/16 18:13:26 rws Exp $
*/
#include <X11/copyright.h>
***************
*** 220,225 ****
--- 220,227 ----
int select; /* xterm selected */
Boolean visualbell; /* visual bell mode */
int logging; /* logging mode */
+ Boolean allowSendEvents;/* SendEvent mode */
+ Boolean grabbedKbd; /* keyboard is grabbed */
int logfd; /* file descriptor of log */
char *logfile; /* log file name */
char *logstart; /* current start of log buffer */
*** /tmp/,RCSt1a03197 Thu Nov 17 17:08:16 1988
--- clients/xterm/button.c Thu Nov 17 15:51:45 1988
***************
*** 1,5 ****
/*
! * $XConsortium: button.c,v 1.22 88/10/17 20:10:47 swick Exp $
*/
--- 1,5 ----
/*
! * $XConsortium: button.c,v 1.24 88/11/16 13:48:39 rws Exp $
*/
***************
*** 35,41 ****
J. Gettys.
*/
#ifndef lint
! static char rcs_id[] = "$XConsortium: button.c,v button.c,v 1.22 88/10/17 20:10:47 swick Exp $";
#endif /* lint */
#include <X11/Xos.h>
#include <X11/Xlib.h>
--- 35,41 ----
J. Gettys.
*/
#ifndef lint
! static char rcs_id[] = "$XConsortium: button.c,v 1.24 88/11/16 13:48:39 rws Exp $";
#endif /* lint */
#include <X11/Xos.h>
#include <X11/Xlib.h>
***************
*** 1246,1253 ****
TrackMenu(menu, event); /* MenuButtonReleased calls FinishModeMenu */
}
! FinishModeMenu(item)
register int item;
{
TScreen *screen = &term->screen;
--- 1246,1254 ----
TrackMenu(menu, event); /* MenuButtonReleased calls FinishModeMenu */
}
! FinishModeMenu(item, time)
register int item;
+ Time time;
{
TScreen *screen = &term->screen;
***************
*** 1262,1268 ****
}
switch(type) {
case XTERMMENU:
! xdomenufunc(item);
break;
case VTMENU:
domenufunc(item);
--- 1263,1269 ----
}
switch(type) {
case XTERMMENU:
! xdomenufunc(item, time);
break;
case VTMENU:
domenufunc(item);
***************
*** 1281,1287 ****
xevents();
}
! #define XMENU_VISUALBELL 0
#define XMENU_LOG (XMENU_VISUALBELL+1)
#define XMENU_REDRAW (XMENU_LOG+1)
#define XMENU_LINE (XMENU_REDRAW+1)
--- 1282,1289 ----
xevents();
}
! #define XMENU_GRABKBD 0
! #define XMENU_VISUALBELL (XMENU_GRABKBD+1)
#define XMENU_LOG (XMENU_VISUALBELL+1)
#define XMENU_REDRAW (XMENU_LOG+1)
#define XMENU_LINE (XMENU_REDRAW+1)
***************
*** 1295,1300 ****
--- 1297,1303 ----
#define XMENU_EXIT (XMENU_LINE2+1)
static char *xtext[] = {
+ "Secure Keyboard",
"Visual Bell",
"Logging",
"Redraw",
***************
*** 1312,1317 ****
--- 1315,1321 ----
static int xbell;
static int xlog;
+ static int xkgrab;
Menu *xsetupmenu(menu)
register Menu **menu;
***************
*** 1325,1330 ****
--- 1329,1336 ----
return(NULL);
for(cp = xtext ; *cp ; cp++)
AddMenuItem(*menu, *cp);
+ if(xkgrab = screen->grabbedKbd)
+ CheckItem(*menu, XMENU_GRABKBD);
if(xbell = screen->visualbell)
CheckItem(*menu, XMENU_VISUALBELL);
if(xlog = screen->logging)
***************
*** 1346,1351 ****
--- 1352,1360 ----
/* if login window, check for completed login */
if (!(L_flag && !checklogin()) && !(screen->inhibit & I_LOG))
EnableItem(*menu, XMENU_LOG);
+ if (xkgrab != screen->grabbedKbd)
+ SetItemCheck(*menu, XMENU_GRABKBD, (xkgrab =
+ screen->grabbedKbd));
if (xbell != screen->visualbell)
SetItemCheck(*menu, XMENU_VISUALBELL, (xbell =
screen->visualbell));
***************
*** 1354,1365 ****
return(*menu);
}
! xdomenufunc(item)
int item;
{
register TScreen *screen = &term->screen;
switch (item) {
case XMENU_VISUALBELL:
screen->visualbell = !screen->visualbell;
break;
--- 1363,1393 ----
return(*menu);
}
! xdomenufunc(item, time)
int item;
+ Time time;
{
register TScreen *screen = &term->screen;
switch (item) {
+ case XMENU_GRABKBD:
+ if (screen->grabbedKbd) {
+ XUngrabKeyboard(screen->display, time);
+ ReverseVideo(term);
+ screen->grabbedKbd = FALSE;
+ } else {
+ if (XGrabKeyboard(screen->display,
+ term->core.parent->core.window,
+ True, GrabModeAsync, GrabModeAsync, time)
+ != GrabSuccess) {
+ XBell(screen->display, 100);
+ } else {
+ ReverseVideo(term);
+ screen->grabbedKbd = TRUE;
+ }
+ }
+ break;
+
case XMENU_VISUALBELL:
screen->visualbell = !screen->visualbell;
break;
***************
*** 1489,1492 ****
--- 1517,1538 ----
XButtonEvent *event;
{
Bell();
+ }
+
+ /* ARGSUSED */
+ void HandleSecure(w, event, params, param_count)
+ Widget w;
+ XEvent *event; /* unused */
+ String *params; /* [0] = volume */
+ Cardinal *param_count; /* 0 or 1 */
+ {
+ Time time = CurrentTime;
+
+ if ((event->xany.type == KeyPress) ||
+ (event->xany.type == KeyRelease))
+ time = event->xkey.time;
+ else if ((event->xany.type == ButtonPress) ||
+ (event->xany.type == ButtonRelease))
+ time = event->xbutton.time;
+ xdomenufunc(XMENU_GRABKBD, time);
}
*** /tmp/,RCSt1a03202 Thu Nov 17 17:09:11 1988
--- clients/xterm/charproc.c Wed Nov 16 18:14:30 1988
***************
*** 1,5 ****
/*
! * $XConsortium: charproc.c,v 1.60 88/10/10 13:02:12 swick Exp $
*/
--- 1,5 ----
/*
! * $XConsortium: charproc.c,v 1.62 88/11/16 18:15:34 rws Exp $
*/
***************
*** 100,105 ****
--- 100,106 ----
#define XtNtekStartup "tekStartup"
#define XtNtiteInhibit "titeInhibit"
#define XtNvisualBell "visualBell"
+ #define XtNallowSendEvents "allowSendEvents"
#define XtCAlwaysHighlight "AlwaysHighlight"
#define XtCC132 "C132"
***************
*** 128,138 ****
#define XtCTekStartup "TekStartup"
#define XtCTiteInhibit "TiteInhibit"
#define XtCVisualBell "VisualBell"
#define doinput() (bcnt-- > 0 ? *bptr++ : in_put())
#ifndef lint
! static char rcs_id[] = "$XConsortium: charproc.c,v 1.60 88/10/10 13:02:12 swick Exp $";
#endif /* lint */
static long arg;
--- 129,140 ----
#define XtCTekStartup "TekStartup"
#define XtCTiteInhibit "TiteInhibit"
#define XtCVisualBell "VisualBell"
+ #define XtCAllowSendEvents "AllowSendEvents"
#define doinput() (bcnt-- > 0 ? *bptr++ : in_put())
#ifndef lint
! static char rcs_id[] = "$XConsortium: charproc.c,v 1.62 88/11/16 18:15:34 rws Exp $";
#endif /* lint */
static long arg;
***************
*** 170,175 ****
--- 172,178 ----
extern void HandleStartExtend();
void HandleBell();
void HandleIgnore();
+ extern void HandleSecure();
/*
* NOTE: VTInitialize zeros out the entire ".screen" component of the
***************
*** 208,213 ****
--- 211,217 ----
{ "insert-selection", HandleInsertSelection },
{ "keymap", HandleKeymapChange },
{ "mode-menu", HandleModeMenu },
+ { "secure", HandleSecure },
{ "select-start", HandleSelectStart },
{ "select-extend", HandleSelectExtend },
{ "select-end", HandleSelectEnd },
***************
*** 323,328 ****
--- 327,335 ----
XtRBoolean, (caddr_t) &defaultFALSE},
{XtNvisualBell, XtCVisualBell, XtRBoolean, sizeof(Boolean),
XtOffset(XtermWidget, screen.visualbell),
+ XtRBoolean, (caddr_t) &defaultFALSE},
+ {XtNallowSendEvents, XtCAllowSendEvents, XtRBoolean, sizeof(Boolean),
+ XtOffset(XtermWidget, screen.allowSendEvents),
XtRBoolean, (caddr_t) &defaultFALSE}
};
*** /tmp/,RCSt1a03209 Thu Nov 17 17:09:20 1988
--- clients/xterm/Tekproc.c Wed Nov 16 13:43:58 1988
***************
*** 1,5 ****
/*
! * $XConsortium: Tekproc.c,v 1.43 88/10/07 13:28:23 jim Exp $
*
* Warning, there be crufty dragons here.
*/
--- 1,5 ----
/*
! * $XConsortium: Tekproc.c,v 1.44 88/11/16 13:45:06 rws Exp $
*
* Warning, there be crufty dragons here.
*/
***************
*** 121,127 ****
#define unput(c) *Tpushback++ = c
#ifndef lint
! static char rcs_id[] = "$XConsortium: Tekproc.c,v 1.43 88/10/07 13:28:23 jim Exp $";
#endif /* lint */
static XPoint *T_box[TEKNUMFONTS] = {
--- 121,127 ----
#define unput(c) *Tpushback++ = c
#ifndef lint
! static char rcs_id[] = "$XConsortium: Tekproc.c,v 1.44 88/11/16 13:45:06 rws Exp $";
#endif /* lint */
static XPoint *T_box[TEKNUMFONTS] = {
***************
*** 168,173 ****
--- 168,174 ----
extern void HandleEnterWindow();
extern void HandleLeaveWindow();
extern void HandleFocusChange();
+ extern void HandleSecure();
extern void TekButtonPressed();
static char defaultTranslations[] =
***************
*** 176,181 ****
--- 177,183 ----
static XtActionsRec actionsList[] = {
{ "string", HandleStringEvent },
{ "insert", HandleKeyPressed },
+ { "secure", HandleSecure }
};
static Dimension defOne = 1;
*** /tmp/,RCSt1a03215 Thu Nov 17 17:09:25 1988
--- clients/xterm/menu.c Wed Nov 16 13:46:22 1988
***************
*** 2,8 ****
static char sccsid[]="@(#)menu.c 1.7 Stellar 87/10/16";
#endif
/*
! * $XConsortium: menu.c,v 1.10 88/10/05 11:16:29 jim Exp $
*/
#include <X11/copyright.h>
--- 2,8 ----
static char sccsid[]="@(#)menu.c 1.7 Stellar 87/10/16";
#endif
/*
! * $XConsortium: menu.c,v 1.11 88/11/16 13:47:32 rws Exp $
*/
#include <X11/copyright.h>
***************
*** 45,51 ****
#include "data.h"
#ifndef lint
! static char rcs_id[] = "$XConsortium: menu.c,v 1.10 88/10/05 11:16:29 jim Exp $";
#endif lint
#define DEFMENUBORDER 2
--- 45,51 ----
#include "data.h"
#ifndef lint
! static char rcs_id[] = "$XConsortium: menu.c,v 1.11 88/11/16 13:47:32 rws Exp $";
#endif lint
#define DEFMENUBORDER 2
***************
*** 489,497 ****
Unmap_Menu(menu);
drawn = 0;
if(hilited_item)
! FinishModeMenu(menu->menuInitialItem = hilited_n);
else
! FinishModeMenu(-1);
}
/*
--- 489,498 ----
Unmap_Menu(menu);
drawn = 0;
if(hilited_item)
! FinishModeMenu(menu->menuInitialItem = hilited_n,
! event->time);
else
! FinishModeMenu(-1, event->time);
}
/*
*** /tmp/,RCSt1a03220 Thu Nov 17 17:09:30 1988
--- clients/xterm/misc.c Thu Nov 17 16:06:48 1988
***************
*** 1,5 ****
/*
! * $XConsortium: misc.c,v 1.24 88/10/07 13:25:28 jim Exp $
*/
--- 1,5 ----
/*
! * $XConsortium: misc.c,v 1.28 88/11/17 16:07:46 rws Exp $
*/
***************
*** 53,59 ****
extern void abort();
#ifndef lint
! static char rcs_id[] = "$XConsortium: misc.c,v 1.24 88/10/07 13:25:28 jim Exp $";
#endif /* lint */
xevents()
--- 53,59 ----
extern void abort();
#ifndef lint
! static char rcs_id[] = "$XConsortium: misc.c,v 1.28 88/11/17 16:07:46 rws Exp $";
#endif /* lint */
xevents()
***************
*** 68,74 ****
if (waitingForTrackInfo)
return;
XNextEvent (screen->display, &event);
! XtDispatchEvent(&event);
} while (QLength(screen->display) > 0);
}
--- 68,80 ----
if (waitingForTrackInfo)
return;
XNextEvent (screen->display, &event);
! if (!event.xany.send_event ||
! screen->allowSendEvents ||
! ((event.xany.type != KeyPress) &&
! (event.xany.type != KeyRelease) &&
! (event.xany.type != ButtonPress) &&
! (event.xany.type != ButtonRelease)))
! XtDispatchEvent(&event);
} while (QLength(screen->display) > 0);
}
***************
*** 184,192 ****
register TScreen *screen = &term->screen;
if(event->type == FocusIn)
! selectwindow(screen, FOCUS);
! else
! unselectwindow(screen, FOCUS);
}
--- 190,208 ----
register TScreen *screen = &term->screen;
if(event->type == FocusIn)
! selectwindow(screen,
! (event->detail == NotifyPointer) ? INWINDOW :
! FOCUS);
! else {
! unselectwindow(screen,
! (event->detail == NotifyPointer) ? INWINDOW :
! FOCUS);
! if (screen->grabbedKbd && (event->mode == NotifyUngrab)) {
! screen->grabbedKbd = FALSE;
! ReverseVideo(term);
! XBell(screen->display, 100);
! }
! }
}
*** /tmp/,RCSt1a03978 Fri Nov 18 16:45:30 1988
--- clients/xdm/Login.c Thu Nov 17 17:04:42 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: Login.c,v 1.9 88/10/22 10:41:01 rws Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: Login.c,v 1.11 88/11/17 17:04:15 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 50,62 ****
{XtNfailColor, XtCForeground, XtRPixel, sizeof (Pixel),
offset(failpixel), XtRString, "Black"},
{XtNfont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (font), XtRString, "*-new century schoolbook-medium-r-normal-*-18-*"},
{XtNpromptFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (promptFont), XtRString, "*-new century schoolbook-bold-r-normal-*-18-*"},
{XtNgreetFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (greetFont), XtRString, "*-new century schoolbook-bold-i-normal-*-24-*"},
{XtNfailFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (failFont), XtRString, "*-new century schoolbook-bold-r-normal-*-18-*"},
{XtNgreeting, XtCGreeting, XtRString, sizeof (char *),
offset(greeting), XtRString, "Welcome to the X Window System"},
{XtNnamePrompt, XtCNamePrompt, XtRString, sizeof (char *),
--- 50,62 ----
{XtNfailColor, XtCForeground, XtRPixel, sizeof (Pixel),
offset(failpixel), XtRString, "Black"},
{XtNfont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (font), XtRString, "*-new century schoolbook-medium-r-normal-*-180-*"},
{XtNpromptFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (promptFont), XtRString, "*-new century schoolbook-bold-r-normal-*-180-*"},
{XtNgreetFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (greetFont), XtRString, "*-new century schoolbook-bold-i-normal-*-240-*"},
{XtNfailFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
! offset (failFont), XtRString, "*-new century schoolbook-bold-r-normal-*-180-*"},
{XtNgreeting, XtCGreeting, XtRString, sizeof (char *),
offset(greeting), XtRString, "Welcome to the X Window System"},
{XtNnamePrompt, XtCNamePrompt, XtRString, sizeof (char *),
***************
*** 271,277 ****
DrawFail (w);
DrawName (w, 0);
XorCursor (w);
! XSetInputFocus (XtDisplay (w), XtWindow (w), RevertToPointerRoot, CurrentTime);
}
static void
--- 271,290 ----
DrawFail (w);
DrawName (w, 0);
XorCursor (w);
! /*
! * The GrabKeyboard here is needed only because of
! * a bug in the R3 server -- the keyboard is grabbed on
! * the root window, and the server won't dispatch events
! * to the focus window unless the focus window is a ancestor
! * of the grab window. Bug in server already found and fixed,
! * compatibility until at least R4.
! */
! if (XGrabKeyboard (XtDisplay (w), XtWindow (w), False, GrabModeAsync,
! GrabModeAsync, CurrentTime) != GrabSuccess)
! {
! XSetInputFocus (XtDisplay (w), XtWindow (w),
! RevertToPointerRoot, CurrentTime);
! }
}
static void
*** /tmp/,RCSt1a03985 Fri Nov 18 16:48:02 1988
--- clients/xdm/display.c Thu Nov 17 17:04:47 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: display.c,v 1.9 88/10/22 21:49:08 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: display.c,v 1.10 88/11/17 17:04:43 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 78,87 ****
Debug ("manage display %s\n", d->name);
if (setjmp (terminated)) {
Debug ("processing SIGTERM\n");
- TerminateServer (d, serverPid);
if (sessionPid < 2)
abort ();
(void) killpg (sessionPid, SIGTERM);
exit (OBEYSESS_DISPLAY);
}
(void) signal (SIGTERM, CatchTerm);
--- 78,87 ----
Debug ("manage display %s\n", d->name);
if (setjmp (terminated)) {
Debug ("processing SIGTERM\n");
if (sessionPid < 2)
abort ();
(void) killpg (sessionPid, SIGTERM);
+ TerminateServer (d, serverPid);
exit (OBEYSESS_DISPLAY);
}
(void) signal (SIGTERM, CatchTerm);
***************
*** 351,357 ****
--- 351,359 ----
#ifdef UDP_SOCKET
Debug ("sending TERMINATE message through network\n");
if (!serverMessage (d, TERMINATE) && dpy)
+ pseudoReset (dpy);
#else
+ if (dpy)
pseudoReset (dpy);
#endif
if (dpy) {
*** /tmp/,RCSt1a03992 Fri Nov 18 16:48:52 1988
--- clients/xdm/dm.c Thu Nov 17 17:04:52 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: dm.c,v 1.9 88/10/22 21:48:44 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: dm.c,v 1.10 88/11/17 17:04:50 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 41,46 ****
--- 41,47 ----
if (debugLevel == 0 && daemonMode)
BecomeDaemon ();
InitErrorLog ();
+ StorePid ();
signal (SIGTERM, TerminateAll);
signal (SIGINT, TerminateAll);
/*
***************
*** 276,279 ****
--- 277,296 ----
close (fd);
FD_ZERO (&CloseMask);
max = 0;
+ }
+
+ StorePid ()
+ {
+ FILE *f;
+
+ if (pidFile[0] != '\0') {
+ f = fopen (pidFile, "w");
+ if (!f) {
+ LogError ("process-id file %s cannot be opened\n",
+ pidFile);
+ } else {
+ fprintf (f, "%d\n", getpid ());
+ fclose (f);
+ }
+ }
}
*** /tmp/,RCSt1a03999 Fri Nov 18 16:49:28 1988
--- clients/xdm/dm.h Thu Nov 17 17:04:55 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: dm.h,v 1.8 88/10/22 21:49:03 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: dm.h,v 1.9 88/11/17 17:04:53 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 96,101 ****
--- 96,102 ----
FileState state; /* state during HUP processing */
char *resources; /* resource file */
char *xrdb; /* xrdb program */
+ char *cpp; /* cpp program */
char *startup; /* Xstartup program */
char *reset; /* Xreset program */
char *session; /* Xsession program */
***************
*** 107,112 ****
--- 108,114 ----
int openRepeat; /* open attempts to make */
int openTimeout; /* abort open attempt timeout */
int terminateServer;/* restart for each session */
+ int grabTimeout; /* time to wait for grab */
DisplayType displayType; /* method to handle with */
#ifdef UDP_SOCKET
struct sockaddr_in addr; /* address used in connection */
***************
*** 150,155 ****
--- 152,158 ----
extern int debugLevel;
extern char *errorLogFile;
extern int daemonMode;
+ extern char *pidFile;
extern struct display *FindDisplayByName (),
*FindDisplayByPid (),
*** /tmp/,RCSt1a03960 Fri Nov 18 16:38:14 1988
--- clients/xdm/error.c Mon Nov 14 12:29:33 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: error.c,v 1.5 88/10/15 19:09:58 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: error.c,v 1.6 88/11/14 12:29:19 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 34,41 ****
if (errorLogFile[0]) {
i = creat (errorLogFile, 0666);
if (i != -1) {
! close (i);
! freopen (errorLogFile, "a+", stderr);
} else
LogError ("Cannot open errorLogFile %s\n", errorLogFile);
}
--- 34,43 ----
if (errorLogFile[0]) {
i = creat (errorLogFile, 0666);
if (i != -1) {
! if (i != 2) {
! dup2 (i, 2);
! close (i);
! }
} else
LogError ("Cannot open errorLogFile %s\n", errorLogFile);
}
*** /tmp/,RCSt1a04006 Fri Nov 18 16:50:50 1988
--- clients/xdm/greet.c Thu Nov 17 17:04:57 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: greet.c,v 1.6 88/10/20 17:37:02 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: greet.c,v 1.7 88/11/17 17:04:56 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 41,46 ****
--- 41,47 ----
static Widget login;
static Widget logoToplevel;
static Widget logo;
+ static XtAppContext context;
GreetDone (w, data, status)
Widget w;
***************
*** 66,71 ****
--- 67,73 ----
}
}
+ Display *
InitGreet (d)
struct display *d;
{
***************
*** 72,91 ****
Arg arglist[10];
int i;
int argc;
static char *argv[] = { "xlogin", "-display", 0, 0 };
Debug ("greet %s\n", d->name);
argv[2] = d->name;
argc = 3;
! toplevel = XtInitialize ("main", "Xlogin", 0, 0, &argc, argv);
! Debug ("top level shell created\n");
i = 0;
! XtSetArg (arglist[i], XtNnotifyDone, GreetDone); i++;
login = XtCreateManagedWidget ("login", loginWidgetClass, toplevel,
arglist, i);
XtRealizeWidget (toplevel);
#ifdef DRAWLOGO
i = 0;
XtSetArg (arglist[i], XtNgeometry, "100x100-0-0"); i++;
--- 74,108 ----
Arg arglist[10];
int i;
int argc;
+ Screen *scrn;
static char *argv[] = { "xlogin", "-display", 0, 0 };
+ Display *dpy;
Debug ("greet %s\n", d->name);
argv[2] = d->name;
argc = 3;
! XtToolkitInitialize ();
! context = XtCreateApplicationContext();
! dpy = XtOpenDisplay (context, d->name, "xlogin", "Xlogin", 0,0,
! &argc, argv);
+ SecureDisplay (d, dpy);
+
i = 0;
! scrn = DefaultScreenOfDisplay(dpy);
! XtSetArg(arglist[i], XtNscreen, scrn); i++;
! XtSetArg(arglist[i], XtNargc, argc); i++;
! XtSetArg(arglist[i], XtNargv, argv); i++;
+ toplevel = XtAppCreateShell ((String) NULL, "Xlogin",
+ applicationShellWidgetClass, dpy, arglist, i);
+
+ i = 0;
+ XtSetArg (arglist[i], XtNnotifyDone, GreetDone); i++;
login = XtCreateManagedWidget ("login", loginWidgetClass, toplevel,
arglist, i);
XtRealizeWidget (toplevel);
+
#ifdef DRAWLOGO
i = 0;
XtSetArg (arglist[i], XtNgeometry, "100x100-0-0"); i++;
***************
*** 96,106 ****
--- 113,125 ----
arglist, i);
XtRealizeWidget (logoToplevel);
#endif
+ return dpy;
}
CloseGreet (d)
struct display *d;
{
+ UnsecureDisplay (d, XtDisplay (toplevel));
XCloseDisplay (XtDisplay (toplevel));
}
***************
*** 109,127 ****
struct greet_info *greet;
{
XEvent event;
! Arg args[1];
Debug ("dispatching\n");
done = 0;
while (!done) {
! XtAppNextEvent (_XtDefaultAppContext(), &event);
XtDispatchEvent (&event);
}
XFlush (XtDisplay (toplevel));
greet->name = name;
greet->password = password;
! XtSetArg (args[0], XtNsessionArgument, (char *) &(greet->string));
! XtGetValues (login, args, 1);
Debug ("sessionArgument: %s\n", greet->string ? greet->string : "<NULL>");
}
--- 128,146 ----
struct greet_info *greet;
{
XEvent event;
! Arg arglist[1];
Debug ("dispatching\n");
done = 0;
while (!done) {
! XtAppNextEvent (context, &event);
XtDispatchEvent (&event);
}
XFlush (XtDisplay (toplevel));
greet->name = name;
greet->password = password;
! XtSetArg (arglist[0], XtNsessionArgument, (char *) &(greet->string));
! XtGetValues (login, arglist, 1);
Debug ("sessionArgument: %s\n", greet->string ? greet->string : "<NULL>");
}
*** /tmp/,RCSt1a04013 Fri Nov 18 16:51:27 1988
--- clients/xdm/pseudoreset.c Thu Nov 17 17:05:00 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: pseudoreset.c,v 1.1 88/10/15 19:06:00 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: pseudoreset.c,v 1.2 88/11/17 17:04:58 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 31,36 ****
--- 31,37 ----
Display *dpy;
XErrorEvent *event;
{
+ Debug ("ignoring error\n");
}
/*
***************
*** 50,57 ****
while (XQueryTree (dpy, window, &root, &parent, &children, &nchildren)
&& nchildren > 0)
{
! for (child = 0; child < nchildren; child++)
XKillClient (dpy, children[child]);
XFree (children);
}
}
--- 51,60 ----
while (XQueryTree (dpy, window, &root, &parent, &children, &nchildren)
&& nchildren > 0)
{
! for (child = 0; child < nchildren; child++) {
! Debug ("XKillClient 0x%x\n", children[child]);
XKillClient (dpy, children[child]);
+ }
XFree (children);
}
}
***************
*** 68,76 ****
--- 71,82 ----
XSetErrorHandler (ignoreErrors);
for (screen = 0; screen < ScreenCount (dpy); screen++) {
+ Debug ("pseudoReset screen %d\n", screen);
root = RootWindow (dpy, screen);
killWindows (dpy, root);
}
+ Debug ("before XSync\n");
XSync (dpy, False);
XSetErrorHandler ((int (*)) 0);
+ Debug ("pseudoReset done\n");
}
*** /tmp/,RCSt1a04020 Fri Nov 18 16:52:06 1988
--- clients/xdm/resource.c Thu Nov 17 17:05:04 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: resource.c,v 1.9 88/10/25 11:48:47 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: resource.c,v 1.10 88/11/17 17:05:01 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 33,38 ****
--- 33,39 ----
int debugLevel;
char *errorLogFile;
int daemonMode;
+ char *pidFile;
# define DM_STRING 0
# define DM_INT 1
***************
*** 67,74 ****
#ifndef DEF_XDM_CONFIG
#define DEF_XDM_CONFIG "/usr/lib/X11/xdm/xdm-config"
#endif
-
struct dmResources {
char *name, *class;
int type;
--- 68,77 ----
#ifndef DEF_XDM_CONFIG
#define DEF_XDM_CONFIG "/usr/lib/X11/xdm/xdm-config"
#endif
+ #ifndef CPP_PROGRAM
+ #define CPP_PROGRAM "/lib/cpp"
+ #endif
struct dmResources {
char *name, *class;
int type;
***************
*** 84,90 ****
"errorLogFile", "ErrorLogFile", DM_STRING, &errorLogFile,
"",
"daemonMode", "DaemonMode", DM_BOOL, (char **) &daemonMode,
! "true"
};
# define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0])
--- 87,95 ----
"errorLogFile", "ErrorLogFile", DM_STRING, &errorLogFile,
"",
"daemonMode", "DaemonMode", DM_BOOL, (char **) &daemonMode,
! "true",
! "pidFile", "PidFile", DM_STRING, &pidFile,
! "",
};
# define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0])
***************
*** 101,106 ****
--- 106,113 ----
"",
"xrdb", "Xrdb", DM_STRING, boffset(xrdb),
XRDB_PROGRAM,
+ "cpp", "Cpp", DM_STRING, boffset(cpp),
+ CPP_PROGRAM,
"startup", "Startup", DM_STRING, boffset(startup),
"",
"reset", "Reset", DM_STRING, boffset(reset),
***************
*** 123,128 ****
--- 130,137 ----
DEF_SYSTEM_SHELL,
"failsafeClient","FailsafeClient", DM_STRING, boffset(failsafeClient),
DEF_FAILSAFE_CLIENT,
+ "grabTimeout", "GrabTimeout", DM_INT, boffset(grabTimeout),
+ "3",
};
# define NUM_DISPLAY_RESOURCES (sizeof DisplayResources/\
*** /tmp/,RCSt1a04030 Fri Nov 18 16:53:09 1988
--- clients/xdm/session.c Thu Nov 17 19:13:52 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: session.c,v 1.7 88/10/22 21:49:29 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: session.c,v 1.9 88/11/17 19:13:42 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 25,30 ****
--- 25,32 ----
# include "dm.h"
# include <X11/Xlib.h>
# include <signal.h>
+ # include <X11/Xatom.h>
+ # include <setjmp.h>
static int clientPid;
***************
*** 34,45 ****
struct greet_info greet;
struct verify_info verify;
int pid;
/*
* Step 5: Load system default Resources
*/
LoadXloginResources (d);
! InitGreet (d);
for (;;) {
/*
* Step 6: Greet user, requesting name/password
--- 36,49 ----
struct greet_info greet;
struct verify_info verify;
int pid;
+ Display *dpy, *InitGreet ();
+ Debug ("ManageSession %s\n", d->name);
/*
* Step 5: Load system default Resources
*/
LoadXloginResources (d);
! dpy = InitGreet (d);
for (;;) {
/*
* Step 6: Greet user, requesting name/password
***************
*** 53,58 ****
--- 57,63 ----
else
FailedLogin (d, &greet);
}
+ DeleteXloginResources (d, dpy);
CloseGreet (d);
Debug ("Greet loop finished\n");
/*
***************
*** 59,65 ****
* Step 8: Run system-wide initialization file
*/
if (source (&verify, d->startup) != 0)
! exit (OBEYTERM_DISPLAY);
/*
* Step 9: Start the clients, changing uid/groups
* setting up environment and running the session
--- 64,70 ----
* Step 8: Run system-wide initialization file
*/
if (source (&verify, d->startup) != 0)
! SessionExit (OBEYTERM_DISPLAY);
/*
* Step 9: Start the clients, changing uid/groups
* setting up environment and running the session
***************
*** 81,87 ****
* Step 15: run system-wide reset file
*/
source (&verify, d->reset);
! exit (OBEYTERM_DISPLAY);
}
LoadXloginResources (d)
--- 86,92 ----
* Step 15: run system-wide reset file
*/
source (&verify, d->reset);
! SessionExit (OBEYTERM_DISPLAY);
}
LoadXloginResources (d)
***************
*** 90,96 ****
char cmd[1024];
if (d->resources[0] && access (d->resources, 4) == 0) {
! sprintf (cmd, "%s -display %s -merge %s",
d->xrdb, d->name, d->resources);
Debug ("Loading resource file: %s\n", cmd);
system (cmd);
--- 95,101 ----
char cmd[1024];
if (d->resources[0] && access (d->resources, 4) == 0) {
! sprintf (cmd, "%s -display %s -load %s",
d->xrdb, d->name, d->resources);
Debug ("Loading resource file: %s\n", cmd);
system (cmd);
***************
*** 97,102 ****
--- 102,165 ----
}
}
+ DeleteXloginResources (d, dpy)
+ struct display *d;
+ Display *dpy;
+ {
+ XDeleteProperty(dpy, RootWindow (dpy, 0), XA_RESOURCE_MANAGER);
+ }
+
+ static jmp_buf syncJump;
+
+ static
+ syncTimeout ()
+ {
+ longjmp (syncJump, 1);
+ }
+
+ SecureDisplay (d, dpy)
+ struct display *d;
+ Display *dpy;
+ {
+ Debug ("SecureDisplay\n");
+ signal (SIGALRM, syncTimeout);
+ if (setjmp (syncJump)) {
+ LogError ("WARNING: display %s could not be secured\n",
+ d->name);
+ SessionExit (ABORT_DISPLAY);
+ }
+ alarm (d->grabTimeout);
+ Debug ("Before XGrabServer\n");
+ XGrabServer (dpy);
+ if (XGrabKeyboard (dpy, DefaultRootWindow (dpy), True, GrabModeAsync,
+ GrabModeAsync, CurrentTime) != GrabSuccess)
+ {
+ alarm (0);
+ signal (SIGALRM, SIG_DFL);
+ LogError ("WARNING: keyboard on display %s could not be secured\n",
+ d->name);
+ SessionExit (ABORT_DISPLAY);
+ }
+ Debug ("XGrabKeyboard succeeded\n");
+ alarm (0);
+ signal (SIGALRM, SIG_DFL);
+ pseudoReset (dpy);
+ }
+
+ UnsecureDisplay (d, dpy)
+ struct display *d;
+ Display *dpy;
+ {
+ Debug ("Unsecure display %s\n", d->name);
+ XUngrabServer (dpy);
+ XSync (dpy, 0);
+ }
+
+ SessionExit (status)
+ {
+ exit (status);
+ }
+
StartClient (verify, d, pidp)
struct verify_info *verify;
struct display *d;
***************
*** 119,126 ****
setpgrp (0, getpid ());
#ifdef NGROUPS
- setgroups (verify->ngroups, verify->groups);
setgid (verify->groups[0]);
#else
setgid (verify->gid);
#endif
--- 182,189 ----
setpgrp (0, getpid ());
#ifdef NGROUPS
setgid (verify->groups[0]);
+ setgroups (verify->ngroups, verify->groups);
#else
setgid (verify->gid);
#endif
*** /tmp/,RCSt1a04058 Fri Nov 18 17:12:58 1988
--- clients/xdm/verify.c Thu Nov 17 19:14:01 1988
***************
*** 1,7 ****
/*
* xdm - display manager daemon
*
! * $XConsortium: verify.c,v 1.5 88/10/20 17:37:57 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
--- 1,7 ----
/*
* xdm - display manager daemon
*
! * $XConsortium: verify.c,v 1.6 88/11/17 19:13:52 keith Exp $
*
* Copyright 1988 Massachusetts Institute of Technology
*
***************
*** 49,55 ****
char **argv;
p = getpwnam (greet->name);
! if (!p)
p = &joeblow;
Debug ("Verify %s %s\n", greet->name, greet->password);
if (strcmp (crypt (greet->password, p->pw_passwd), p->pw_passwd)) {
--- 49,55 ----
char **argv;
p = getpwnam (greet->name);
! if (!p || strlen (greet->name) == 0)
p = &joeblow;
Debug ("Verify %s %s\n", greet->name, greet->password);
if (strcmp (crypt (greet->password, p->pw_passwd), p->pw_passwd)) {
*** /tmp/,RCSt1a04037 Fri Nov 18 16:53:46 1988
--- clients/xdm/xdm.man Thu Nov 17 17:11:42 1988
***************
*** 209,214 ****
--- 209,227 ----
this behaviour may seem arbitrary, it has been empirically developed and
works quite well on most systems. The default values are
5 for \fBopenDelay\fP, 5 for \fBopenRepeat\fP and 30 for \fBopenTimeout\fP.
+ .IP "\fBDisplayManager.DISPLAY.grabTimeout\fP"
+ To eliminate obvious security shortcomings in the X protocol,
+ .I xdm
+ grabs the server and keyboard while reading the name/password. This
+ resource specifies the maximum time
+ .I xdm
+ will wait for the grab to succeed. The grab may fail if some other
+ client has the server grabbed, or possibly if the network latencies
+ are very high. This resource has a default value of 3 seconds; you
+ should be cautious when raising it as a user can be spoofed by a
+ look-alike window on the display. If the grab fails,
+ .I xdm
+ kills and restarts the server.
.IP "\fBDisplayManager.DISPLAY.terminateServer\fP"
This boolean resource specifies whether the X server should be terminated
when a session terminates (instead of resetting it). This option
--
Mike Wexler(wyse!mikew) Phone: (408)433-1000 x1330
Moderator of comp.sources.x