rpms/gdm/devel gdm-2.17.3-reset-pam.patch, NONE, 1.1 gdm-2.17.3-security-tokens.patch, NONE, 1.1 gdm.spec, 1.214, 1.215
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Dec 5 20:30:33 UTC 2006
Author: mclasen
Update of /cvs/dist/rpms/gdm/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27727
Modified Files:
gdm.spec
Added Files:
gdm-2.17.3-reset-pam.patch gdm-2.17.3-security-tokens.patch
Log Message:
2.17.3
gdm-2.17.3-reset-pam.patch:
daemon/gdm.c | 8 ++++++++
daemon/gdm.h | 4 ++++
daemon/slave.c | 34 +++++++++++++++++++++++++++-------
gui/greeter/greeter.c | 16 ++++------------
4 files changed, 43 insertions(+), 19 deletions(-)
--- NEW FILE gdm-2.17.3-reset-pam.patch ---
--- gdm-2.17.3/daemon/gdm.c.reset-pam 2006-12-04 13:28:12.000000000 -0500
+++ gdm-2.17.3/daemon/gdm.c 2006-12-05 15:29:53.000000000 -0500
@@ -2550,6 +2550,14 @@
TRUE /* handled */,
FALSE /* chooser */,
NULL, 0, NULL, NULL);
+ } else if (strcmp (msg, GDM_SOP_CANCEL_LOGIN_REQUESTS) == 0) {
+ GSList *li;
+ for (li = displays; li != NULL; li = li->next) {
+ GdmDisplay *d = li->data;
+ if (!d->logged_in) {
+ send_slave_command (d, GDM_NOTIFY_RESET);
+ }
+ }
} else if (strncmp (msg, "opcode="GDM_SOP_SHOW_ERROR_DIALOG,
strlen ("opcode="GDM_SOP_SHOW_ERROR_DIALOG)) == 0) {
GdmDisplay *d;
--- gdm-2.17.3/daemon/gdm.h.reset-pam 2006-12-04 13:28:13.000000000 -0500
+++ gdm-2.17.3/daemon/gdm.h 2006-12-05 15:00:39.000000000 -0500
@@ -747,6 +747,9 @@
#define GDM_SOP_SHOW_QUESTION_DIALOG "SHOW_QUESTION_DIALOG" /* show the question dialog from daemon */
#define GDM_SOP_SHOW_ASKBUTTONS_DIALOG "SHOW_ASKBUTTON_DIALOG" /* show the askbutton dialog from daemon */
+/* Reset any in progress authentication conversations */
+#define GDM_SOP_CANCEL_LOGIN_REQUESTS "CANCEL_LOGIN_REQUESTS" /* no arguments */
+
/* Notification protocol */
/* keys */
#define GDM_NOTIFY_ALLOW_REMOTE_ROOT "AllowRemoteRoot" /* <true/false as int> */
@@ -774,6 +777,7 @@
#define GDM_NOTIFY_SOFT_RESTART_SERVERS "SOFT_RESTART_SERVERS"
#define GDM_NOTIFY_GO "GO"
#define GDM_NOTIFY_TWIDDLE_POINTER "TWIDDLE_POINTER"
+#define GDM_NOTIFY_RESET "RESET"
/* Ack for a slave message */
/* Note that an extra response can follow an 'ack' */
--- gdm-2.17.3/daemon/slave.c.reset-pam 2006-12-05 15:00:39.000000000 -0500
+++ gdm-2.17.3/daemon/slave.c 2006-12-05 15:00:39.000000000 -0500
@@ -133,6 +133,12 @@
static int greeter_fd_out = -1;
static int greeter_fd_in = -1;
+/* a dup of the other side of greeter_fd_in so that
+ * the slave can talk to itself from its sig handler
+ * using the greeter ipc mechanism
+ */
+static int slave_fd_out = -1;
+
#ifdef HAVE_TSOL
static gboolean have_suntsol_extension = FALSE;
#endif
@@ -626,7 +632,7 @@
}
static void
-whack_greeter_fds (void)
+whack_greeter_and_slave_fds (void)
{
if (greeter_fd_out > 0)
VE_IGNORE_EINTR (close (greeter_fd_out));
@@ -634,6 +640,9 @@
if (greeter_fd_in > 0)
VE_IGNORE_EINTR (close (greeter_fd_in));
greeter_fd_in = -1;
+ if (slave_fd_out > 0)
+ VE_IGNORE_EINTR (close (slave_fd_out));
+ slave_fd_out = -1;
}
static void
@@ -1084,7 +1093,7 @@
d->greetpid = 0;
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
gdm_slave_send_num (GDM_SOP_GREETPID, 0);
@@ -1865,7 +1874,7 @@
d->greetpid = 0;
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
gdm_slave_send_num (GDM_SOP_GREETPID, 0);
}
@@ -2097,6 +2106,12 @@
break;
}
+ if (do_cancel) {
+ gdm_debug ("canceling...");
+ gdm_slave_greeter_ctl_no_ret (GDM_RESETOK, "");
+ continue;
+ }
+
if (login == NULL) {
char *failuresound = gdm_get_value_string (GDM_KEY_SOUND_ON_LOGIN_FAILURE_FILE);
@@ -2695,9 +2710,9 @@
default:
VE_IGNORE_EINTR (close (pipe1[0]));
- VE_IGNORE_EINTR (close (pipe2[1]));
+ whack_greeter_and_slave_fds ();
- whack_greeter_fds ();
+ slave_fd_out = pipe2[1];
greeter_fd_out = pipe1[1];
greeter_fd_in = pipe2[0];
@@ -4751,7 +4766,7 @@
greet = FALSE;
d->greetpid = 0;
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
gdm_slave_send_num (GDM_SOP_GREETPID, 0);
do_restart_greeter = TRUE;
@@ -4763,7 +4778,7 @@
continue;
}
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
/* if greet is TRUE, then the greeter died outside of our
* control really, so clean up and die, something is wrong
@@ -4906,6 +4921,11 @@
gdm_wait_for_go = FALSE;
} else if (strcmp (&s[1], GDM_NOTIFY_TWIDDLE_POINTER) == 0) {
gdm_twiddle_pointer (d);
+ } else if (strcmp (&s[1], GDM_NOTIFY_RESET) == 0) {
+ if (!d->logged_in) {
+ gdm_fdprintf (slave_fd_out, "%c%c%c\n",
+ STX, BEL, GDM_INTERRUPT_CANCEL);
+ }
}
} else if (s[0] == GDM_SLAVE_NOTIFY_RESPONSE) {
gdm_got_ack = TRUE;
--- gdm-2.17.3/gui/greeter/greeter.c.reset-pam 2006-10-30 15:59:44.000000000 -0500
+++ gdm-2.17.3/gui/greeter/greeter.c 2006-12-05 15:00:39.000000000 -0500
@@ -170,7 +170,6 @@
GtkWidget *dlg;
char *tmp;
char *session;
- GreeterItemInfo *conversation_info;
static GnomeCanvasItem *disabled_cover = NULL;
gchar *language;
gchar *selected_user = NULL;
@@ -330,17 +329,10 @@
if (gtk_start_again_button != NULL)
gtk_widget_set_sensitive (gtk_start_again_button, FALSE);
- conversation_info = greeter_lookup_id ("pam-conversation");
-
- if (conversation_info)
- {
- tmp = ve_locale_to_utf8 (args);
- g_object_set (G_OBJECT (conversation_info->item),
- "text", tmp,
- NULL);
- g_free (tmp);
- }
-
+ greeter_item_ulist_unset_selected_user ();
+ greeter_item_pam_prompt ("", PW_ENTRY_SIZE, TRUE);
+ greeter_item_pam_message ("");
+
printf ("%c\n", STX);
fflush (stdout);
greeter_ignore_buttons (FALSE);
gdm-2.17.3-security-tokens.patch:
config/Makefile.am | 31
config/gdm.conf.in | 4
config/securitytokens.conf.in | 3
configure.ac | 3
daemon/Makefile.am | 7
daemon/gdm.c | 93 ++
daemon/securitytoken.c | 680 ++++++++++++++++
daemon/securitytoken.h | 94 ++
daemon/securitytokenmonitor.c | 1743 ++++++++++++++++++++++++++++++++++++++++++
daemon/securitytokenmonitor.h | 84 ++
10 files changed, 2737 insertions(+), 5 deletions(-)
--- NEW FILE gdm-2.17.3-security-tokens.patch ---
--- gdm-2.17.3/configure.ac.security-tokens 2006-12-05 15:30:40.000000000 -0500
+++ gdm-2.17.3/configure.ac 2006-12-05 15:30:40.000000000 -0500
@@ -20,6 +20,7 @@
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
+NSS_REQUIRED=3.11.1
dnl
dnl Let the user configure where to look for the configuration files.
@@ -161,7 +162,7 @@
AC_SUBST(VICIOUS_CFLAGS)
AC_SUBST(VICIOUS_LIBS)
-PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED dbus-glib-1 >= $DBUS_REQUIRED)
+PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED dbus-glib-1 >= $DBUS_REQUIRED nss >= $NSS_REQUIRED)
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
--- /dev/null 2006-12-04 15:17:50.882870258 -0500
+++ gdm-2.17.3/daemon/securitytoken.h 2006-12-05 15:30:40.000000000 -0500
@@ -0,0 +1,94 @@
+/* securitytoken.h - api for reading and writing data to a security token
+ *
+ * Copyright (C) 2006 Ray Strode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+#ifndef SC_SECURITY_TOKEN_H
+#define SC_SECURITY_TOKEN_H
+
+#include <glib.h>
+#include <glib-object.h>
+
+#include <secmod.h>
+
+G_BEGIN_DECLS
+#define SC_TYPE_SECURITY_TOKEN (sc_security_token_get_type ())
+#define SC_SECURITY_TOKEN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), SC_TYPE_SECURITY_TOKEN, ScSecurityToken))
+#define SC_SECURITY_TOKEN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), SC_TYPE_SECURITY_TOKEN, ScSecurityTokenClass))
+#define SC_IS_SECURITY_TOKEN(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), SC_TYPE_SECURITY_TOKEN))
+#define SC_IS_SECURITY_TOKEN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), SC_TYPE_SECURITY_TOKEN))
+#define SC_SECURITY_TOKEN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), SC_TYPE_SECURITY_TOKEN, ScSecurityTokenClass))
+#define SC_SECURITY_TOKEN_ERROR (sc_security_token_error_quark ())
+typedef struct _ScSecurityTokenClass ScSecurityTokenClass;
+typedef struct _ScSecurityToken ScSecurityToken;
+typedef struct _ScSecurityTokenPrivate ScSecurityTokenPrivate;
+typedef enum _ScSecurityTokenError ScSecurityTokenError;
+typedef enum _ScSecurityTokenState ScSecurityTokenState;
+
+typedef struct _ScSecurityTokenRequest ScSecurityTokenRequest;
+
+struct _ScSecurityToken {
+ GObject parent;
+
+ /*< private > */
+ ScSecurityTokenPrivate *priv;
+};
+
+struct _ScSecurityTokenClass {
+ GObjectClass parent_class;
+
+ void (* inserted) (ScSecurityToken *token);
+ void (* removed) (ScSecurityToken *token);
+};
+
+enum _ScSecurityTokenError {
+ SC_SECURITY_TOKEN_ERROR_GENERIC = 0,
+};
+
+enum _ScSecurityTokenState {
+ SC_SECURITY_TOKEN_STATE_INSERTED = 0,
+ SC_SECURITY_TOKEN_STATE_REMOVED,
+};
+
+GType sc_security_token_get_type (void) G_GNUC_CONST;
+GQuark sc_security_token_error_quark (void) G_GNUC_CONST;
+
+CK_SLOT_ID sc_security_token_get_slot_id (ScSecurityToken *token);
+gint sc_security_token_get_slot_series (ScSecurityToken *token);
+ScSecurityTokenState sc_security_token_get_state (ScSecurityToken *token);
+
+gchar *sc_security_token_get_name (ScSecurityToken *token);
+gboolean sc_security_token_is_login_token (ScSecurityToken *token);
+
+gboolean sc_security_token_unlock (ScSecurityToken *token,
+ const gchar *password);
+
+/* don't under any circumstances call these functions */
+#ifdef SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+
+ScSecurityToken *_sc_security_token_new (SECMODModule *module,
+ CK_SLOT_ID slot_id,
+ gint slot_series);
+ScSecurityToken *_sc_security_token_new_from_name (SECMODModule *module,
+ const gchar *name);
+
+void _sc_security_token_set_state (ScSecurityToken *token,
+ ScSecurityTokenState state);
+#endif
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_H */
--- /dev/null 2006-12-04 15:17:50.882870258 -0500
+++ gdm-2.17.3/daemon/securitytokenmonitor.c 2006-12-05 15:30:40.000000000 -0500
@@ -0,0 +1,1743 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
+ *
+ * Copyright (C) 2006 Ray Strode <rstrode at redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * TODO: - doing this per project is a bad idea i think.
+ * We should probably make this a system service
+ * and use dbus.
+ */
+#define _GNU_SOURCE
+#include "securitytokenmonitor.h"
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+#include "securitytoken.h"
+
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <poll.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/resource.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <glib.h>
+#include <glib/gi18n.h>
+
+#include <prerror.h>
+#include <nss.h>
+#include <pk11func.h>
+#include <secmod.h>
+#include <secerr.h>
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_DRIVER
+#define SC_SECURITY_TOKEN_MONITOR_DRIVER LIBDIR"/pkcs11/libcoolkeypk11.so"
+#endif
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_NSS_DB
+#define SC_SECURITY_TOKEN_MONITOR_NSS_DB SYSCONFDIR"/pki/nssdb"
+#endif
+
+#ifndef SC_MAX_OPEN_FILE_DESCRIPTORS
+#define SC_MAX_OPEN_FILE_DESCRIPTORS 1024
+#endif
+
+#ifndef SC_OPEN_FILE_DESCRIPTORS_DIR
+#define SC_OPEN_FILE_DESCRIPTORS_DIR "/proc/self/fd"
+#endif
+
+#ifndef sc_debug
+#if defined (SC_SECURITY_TOKEN_MONITOR_ENABLE_TEST)
+#define sc_debug(fmt, args...) g_printerr("[%u] " fmt " \n", getpid(), ##args)
+#else
+#define sc_debug(fmt, args...)
+#endif
+#endif
+
+typedef enum _ScSecurityTokenMonitorState ScSecurityTokenMonitorState;
+typedef struct _ScSecurityTokenMonitorWorker ScSecurityTokenMonitorWorker;
+
+enum _ScSecurityTokenMonitorState {
[...2480 lines suppressed...]
+ g_message ("destroying previously created 'security token' object...");
+ g_object_unref (token);
+ token = NULL;
+ g_message ("'security token' object destroyed successfully");
+
+ return 0;
+}
+#endif
--- gdm-2.17.3/daemon/Makefile.am.security-tokens 2006-11-01 10:17:43.000000000 -0500
+++ gdm-2.17.3/daemon/Makefile.am 2006-12-05 15:30:40.000000000 -0500
@@ -9,6 +9,7 @@
-DAUTHDIR=\"$(authdir)\" \
-DBINDIR=\"$(bindir)\" \
-DDATADIR=\"$(datadir)\" \
+ -DSYSCONFDIR=\"$(sysconfdir)\" \
-DDMCONFDIR=\"$(dmconfdir)\" \
-DGDMCONFDIR=\"$(gdmconfdir)\" \
-DGDMLOCALEDIR=\"$(gdmlocaledir)\" \
@@ -71,7 +72,11 @@
gdm-net.c \
gdm-net.h \
getvt.c \
- getvt.h
+ getvt.h \
+ securitytoken.c \
+ securitytoken.h \
+ securitytokenmonitor.c \
+ securitytokenmonitor.h
EXTRA_gdm_binary_SOURCES = verify-pam.c verify-crypt.c verify-shadow.c
--- /dev/null 2006-12-04 15:17:50.882870258 -0500
+++ gdm-2.17.3/daemon/securitytokenmonitor.h 2006-12-05 15:30:40.000000000 -0500
@@ -0,0 +1,84 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
+ *
+ * Copyright (C) 2006 Ray Strode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+#ifndef SC_SECURITY_TOKEN_MONITOR_H
+#define SC_SECURITY_TOKEN_MONITOR_H
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+#include "securitytoken.h"
+
+#include <glib.h>
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+#define SC_TYPE_SECURITY_TOKEN_MONITOR (sc_security_token_monitor_get_type ())
+#define SC_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitor))
+#define SC_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_IS_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_IS_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_SECURITY_TOKEN_MONITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_SECURITY_TOKEN_MONITOR_ERROR (sc_security_token_monitor_error_quark ())
+typedef struct _ScSecurityTokenMonitor ScSecurityTokenMonitor;
+typedef struct _ScSecurityTokenMonitorClass ScSecurityTokenMonitorClass;
+typedef struct _ScSecurityTokenMonitorPrivate ScSecurityTokenMonitorPrivate;
+typedef enum _ScSecurityTokenMonitorError ScSecurityTokenMonitorError;
+
+struct _ScSecurityTokenMonitor {
+ GObject parent;
+
+ /*< private > */
+ ScSecurityTokenMonitorPrivate *priv;
+};
+
+struct _ScSecurityTokenMonitorClass {
+ GObjectClass parent_class;
+
+ /* Signals */
+ void (*security_token_inserted) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*security_token_removed) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*error) (ScSecurityTokenMonitor *monitor,
+ GError *error);
+};
+
+enum _ScSecurityTokenMonitorError {
+ SC_SECURITY_TOKEN_MONITOR_ERROR_GENERIC = 0,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WITH_NSS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_LOADING_DRIVER,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WATCHING_FOR_EVENTS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_REPORTING_EVENTS
+};
+
+GType sc_security_token_monitor_get_type (void) G_GNUC_CONST;
+GQuark sc_security_token_monitor_error_quark (void) G_GNUC_CONST;
+
+ScSecurityTokenMonitor *sc_security_token_monitor_new (const gchar *module);
+
+gboolean sc_security_token_monitor_start (ScSecurityTokenMonitor *monitor,
+ GError **error);
+
+void sc_security_token_monitor_stop (ScSecurityTokenMonitor *monitor);
+
+gchar *sc_security_token_monitor_get_module_path (ScSecurityTokenMonitor *monitor);
+gboolean sc_security_token_monitor_login_token_is_inserted (ScSecurityTokenMonitor *monitor);
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_MONITOR_H */
--- /dev/null 2006-12-04 15:17:50.882870258 -0500
+++ gdm-2.17.3/config/securitytokens.conf.in 2006-12-05 15:30:40.000000000 -0500
@@ -0,0 +1,3 @@
+[SecurityTokens]
+Enable=true
+#Driver=@libdir@/pkcs11/libcoolkeypk11.so
--- gdm-2.17.3/config/gdm.conf.in.security-tokens 2006-12-05 15:30:40.000000000 -0500
+++ gdm-2.17.3/config/gdm.conf.in 2006-12-05 15:30:40.000000000 -0500
@@ -198,6 +198,10 @@
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
+# Whether or not to listen for smart card insertion/removal events
+SecurityTokensEnable=true
+SecurityTokensDriver=
+
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
--- gdm-2.17.3/config/Makefile.am.security-tokens 2006-05-18 14:39:13.000000000 -0400
+++ gdm-2.17.3/config/Makefile.am 2006-12-05 15:30:40.000000000 -0500
@@ -34,9 +34,10 @@
XKeepsCrashing \
gettextfoo.h \
gdmprefetchlist.in \
+ securitytokens.conf.in \
extract-shell.sh
-CLEANFILES = Xsession gdm.conf default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist
+CLEANFILES = Xsession gdm.conf default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist securitytokens.conf
Xsession: $(srcdir)/Xsession.in
sed -e 's,[@]XSESSION_SHELL[@],$(XSESSION_SHELL),g' \
@@ -67,6 +68,31 @@
-e 's,[@]sbindir[@],$(sbindir),g' \
<$(srcdir)/gdm.conf.in >gdm.conf
+securitytokens.conf: $(srcdir)/securitytokens.conf.in
+ sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
+ -e 's,[@]GDM_USER_PATH[@],$(GDM_USER_PATH),g' \
+ -e 's,[@]HALT_COMMAND[@],$(HALT_COMMAND),g' \
+ -e 's,[@]REBOOT_COMMAND[@],$(REBOOT_COMMAND),g' \
+ -e 's,[@]SOUND_PROGRAM[@],$(SOUND_PROGRAM),g' \
+ -e 's,[@]SUSPEND_COMMAND[@],$(SUSPEND_COMMAND),g' \
+ -e 's,[@]XEVIE_OPTION[@],$(XEVIE_OPTION),g' \
+ -e 's,[@]X_CONFIG_OPTIONS[@],$(X_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_SERVER[@],$(X_SERVER),g' \
+ -e 's,[@]X_XNEST_CONFIG_OPTIONS[@],$(X_XNEST_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_XNEST_PATH[@],$(X_XNEST_PATH),g' \
+ -e 's,[@]authdir[@],$(authdir),g' \
+ -e 's,[@]datadir[@],$(datadir),g' \
+ -e 's,[@]dmconfdir[@],$(dmconfdir),g' \
+ -e 's,[@]gdmconfdir[@],$(gdmconfdir),g' \
+ -e 's,[@]libdir[@],$(libdir),g' \
+ -e 's,[@]libexecdir[@],$(libexecdir),g' \
+ -e 's,[@]localedir[@],$(libexecdir),g' \
+ -e 's,[@]logdir[@],$(logdir),g' \
+ -e 's,[@]pixmapdir[@],$(pixmapdir),g' \
+ -e 's,[@]sbindir[@],$(sbindir),g' \
+ <$(srcdir)/securitytokens.conf.in >securitytokens.conf
+
+
gettextfoo.h: XKeepsCrashing Xsession.in
cat $^ | $(srcdir)/extract-shell.sh > gettextfoo.h
@@ -95,7 +121,7 @@
$(DESTDIR)$(predir)/Default \
$(DESTDIR)$(postdir)/Default
-install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST)
+install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST) securitytokens.conf
if test '!' -d $(DESTDIR)$(confdir); then \
$(mkinstalldirs) $(DESTDIR)$(confdir); \
chmod 755 $(DESTDIR)$(confdir); \
@@ -128,6 +154,7 @@
chmod 644 $(DESTDIR)$(GDM_CUSTOM_CONF); \
fi
$(INSTALL_DATA) gdm.conf `dirname $(DESTDIR)$(GDM_DEFAULTS_CONF)`/factory-`basename $(DESTDIR)$(GDM_DEFAULTS_CONF)`
+ $(INSTALL_DATA) securitytokens.conf $(DESTDIR)$(confdir)/securitytokens.conf
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
Index: gdm.spec
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- gdm.spec 7 Nov 2006 21:11:26 -0000 1.214
+++ gdm.spec 5 Dec 2006 20:30:26 -0000 1.215
@@ -15,7 +15,7 @@
Summary: The GNOME Display Manager.
Name: gdm
-Version: 2.17.2
+Version: 2.17.3
Release: 1%{?dist}
Epoch: 1
License: LGPL/GPL
@@ -40,8 +40,8 @@
# http://bugzilla.gnome.org/show_bug.cgi?id=347798
Patch19: gdm-2.17.1-move-default-message.patch
-Patch20: gdm-2.17.1-reset-pam.patch
-Patch21: gdm-2.16.0-security-tokens.patch
+Patch20: gdm-2.17.3-reset-pam.patch
+Patch21: gdm-2.17.3-security-tokens.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347871
Patch24: gdm-2.16.0-wtmp.patch
@@ -309,6 +309,10 @@
%attr(1770, root, gdm) %dir %{_localstatedir}/gdm
%changelog
+* Tue Dec 5 2006 Matthias Clasen <mclasen at redhat.com> - 1:2.17.3-1
+- Update to 2.17.3
+- Update some patches
+
* Tue Nov 7 2006 Matthias Clasen <mclasen at redhat.com> - 1:2.17.2-1
- Update to 2.17.2
More information about the fedora-cvs-commits
mailing list