rpms/gdm/devel gdm-2.19.1-a11y-fixes-for-themed-greeter.patch, NONE, 1.1 gdm-2.19.1-audit-login.patch, NONE, 1.1 gdm-2.19.1-change-defaults.patch, NONE, 1.1 gdm-2.19.1-clean-up-xsession-errors.patch, NONE, 1.1 gdm-2.19.1-hide-uninstalled-languages.patch, NONE, 1.1 gdm-2.19.1-move-default-message.patch, NONE, 1.1 gdm-2.19.1-pass-ats-to-session.patch, NONE, 1.1 gdm-2.19.1-reset-pam.patch, NONE, 1.1 gdm-2.19.1-security-tokens.patch, NONE, 1.1 gdm-2.19.1-wtmp.patch, NONE, 1.1 .cvsignore, 1.45, 1.46 gdm.spec, 1.251, 1.252 sources, 1.47, 1.48 gdm-2.16.0-wtmp.patch, 1.3, NONE gdm-2.17.6-audit-login.patch, 1.1, NONE gdm-2.17.7-move-default-message.patch, 1.1, NONE gdm-2.17.7-pass-at-to-session-4.patch, 1.1, NONE gdm-2.17.7-reset-pam.patch, 1.1, NONE gdm-2.17.8-a11y-fixes-for-themed-greeter.patch, 1.1, NONE gdm-2.17.8-hide-uninstalled-languages.patch, 1.2, NONE gdm-2.18.0-add-lowres-fix.patch, 1.1, NONE gdm-2.18.0-change-defaults.patch, 1.1, NONE gdm-2.18.0-dont-expect-utf8.patch, 1.3, NONE gdm-2.18.0-dont-strcpy-overlapping-strings.patch, 1.1, NONE gdm-2.18.0-security-tokens.patch, 1.1, NONE gdm-2.8.0.2-clean-up-xsession-errors.patch, 1.1, NONE
Matthias Clasen (mclasen)
fedora-extras-commits at redhat.com
Mon May 21 18:00:54 UTC 2007
- Previous message (by thread): rpms/pidgin-libnotify/devel pidgin-libnotify-renamed-to-pidgin.patch, NONE, 1.1 pidgin-libnotify.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/rrdtool/devel rrdtool.spec,1.37,1.38
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mclasen
Update of /cvs/extras/rpms/gdm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12556
Modified Files:
.cvsignore gdm.spec sources
Added Files:
gdm-2.19.1-a11y-fixes-for-themed-greeter.patch
gdm-2.19.1-audit-login.patch gdm-2.19.1-change-defaults.patch
gdm-2.19.1-clean-up-xsession-errors.patch
gdm-2.19.1-hide-uninstalled-languages.patch
gdm-2.19.1-move-default-message.patch
gdm-2.19.1-pass-ats-to-session.patch
gdm-2.19.1-reset-pam.patch gdm-2.19.1-security-tokens.patch
gdm-2.19.1-wtmp.patch
Removed Files:
gdm-2.16.0-wtmp.patch gdm-2.17.6-audit-login.patch
gdm-2.17.7-move-default-message.patch
gdm-2.17.7-pass-at-to-session-4.patch
gdm-2.17.7-reset-pam.patch
gdm-2.17.8-a11y-fixes-for-themed-greeter.patch
gdm-2.17.8-hide-uninstalled-languages.patch
gdm-2.18.0-add-lowres-fix.patch
gdm-2.18.0-change-defaults.patch
gdm-2.18.0-dont-expect-utf8.patch
gdm-2.18.0-dont-strcpy-overlapping-strings.patch
gdm-2.18.0-security-tokens.patch
gdm-2.8.0.2-clean-up-xsession-errors.patch
Log Message:
Update tons of patches
gdm-2.19.1-a11y-fixes-for-themed-greeter.patch:
--- NEW FILE gdm-2.19.1-a11y-fixes-for-themed-greeter.patch ---
--- gdm-2.19.1/gui/greeter/greeter_item_ulist.c.a11y-fixes 2007-05-21 13:32:04.000000000 -0400
+++ gdm-2.19.1/gui/greeter/greeter_item_ulist.c 2007-05-21 13:32:04.000000000 -0400
@@ -236,17 +236,40 @@ greeter_populate_user_list (GtkTreeModel
void
greeter_item_ulist_select_user (gchar *login)
{
- printf ("%c%c%c%s\n", STX, BEL,
- GDM_INTERRUPT_SELECT_USER, login);
+ /*printf ("%c%c%c%s\n", STX, BEL,
+ GDM_INTERRUPT_SELECT_USER, login);*/
+ printf ("%c%s\n", STX, login);
fflush (stdout);
}
+
+static GTimeVal last_key_press = {0, 0};
+static GTimeVal last_button_press = {0, 0};
+
static void
user_selected (GtkTreeSelection *selection, gpointer data)
{
GtkTreeModel *tm = NULL;
GtkTreeIter iter = {0};
+ gboolean is_button_press;
+ guint64 button_msec;
+ guint64 key_msec;
+
+ /* HACK: determine whether selection changed because of key or
+ * button press
+ *
+ * The rationale is this: if a face is pressed with the mouse
+ * we should start authenticating that user right away. But if
+ * the user uses keynav in the user list (think accessibility
+ * and blind users) we shouldn't.
+ */
+ button_msec = last_button_press.tv_sec * 1000 + last_button_press.tv_usec / 1000;
+ key_msec = last_key_press.tv_sec * 1000 + last_key_press.tv_usec / 1000;
+ is_button_press = FALSE;
+ if (button_msec > key_msec) {
+ is_button_press = TRUE;
+ }
if (gtk_tree_selection_get_selected (selection, &tm, &iter)) {
char *login;
@@ -255,14 +278,19 @@ user_selected (GtkTreeSelection *selecti
&login, -1);
if (login != NULL) {
if (selecting_user && greeter_probably_login_prompt) {
- gtk_entry_set_text (GTK_ENTRY (pam_entry), login);
+ if (is_button_press) {
+ gtk_entry_set_text (GTK_ENTRY (pam_entry), login);
+ } else {
+ gtk_entry_set_text (GTK_ENTRY (pam_entry), "");
+ }
}
if (selecting_user) {
GreeterItemInfo *pamlabel = greeter_lookup_id ("pam-message");
if (pamlabel == NULL) {
gdm_common_warning ("Theme broken: must have pam-message label!");
}
- greeter_item_ulist_select_user (login);
+ if (is_button_press)
+ greeter_item_ulist_select_user (login);
if (selected_user != NULL)
g_free (selected_user);
selected_user = g_strdup (login);
@@ -272,9 +300,26 @@ user_selected (GtkTreeSelection *selecti
}
static void
-browser_change_focus (GtkWidget *widget, GdkEventButton *event, gpointer data)
+row_activated (GtkTreeView *tree_view, GtkTreePath *path, GtkTreeViewColumn *column, gpointer data)
+{
+ if (selecting_user && greeter_probably_login_prompt) {
+ greeter_item_ulist_select_user (selected_user);
+ }
+}
+
+static gboolean
+tv_key_press (GtkWidget *entry, GdkEventKey *event, gpointer data)
{
- gtk_widget_grab_focus (pam_entry);
+ g_get_current_time (&last_key_press);
+ return FALSE;
+}
+
+
+static gboolean
+tv_button_press (GtkWidget *entry, GdkEventKey *event, gpointer data)
+{
+ g_get_current_time (&last_button_press);
+ return FALSE;
}
static void
@@ -285,6 +330,12 @@ greeter_generate_userlist (GtkWidget *tv
GtkTreeSelection *selection;
GList *list, *li;
+ AtkObject *atk_widget;
+ atk_widget = gtk_widget_get_accessible (tv);
+ if (atk_widget != NULL) {
+ atk_object_set_name (atk_widget, _("Select user to log in"));
+ }
+
gdm_greeter_users_init ();
check_for_displays ();
@@ -297,10 +348,13 @@ greeter_generate_userlist (GtkWidget *tv
g_signal_connect (selection, "changed",
G_CALLBACK (user_selected),
NULL);
-
- g_signal_connect (GTK_TREE_VIEW (tv), "button_release_event",
- G_CALLBACK (browser_change_focus),
+ g_signal_connect (G_OBJECT (tv), "row-activated",
+ G_CALLBACK (row_activated),
NULL);
+ g_signal_connect (G_OBJECT (tv), "key-press-event",
+ G_CALLBACK (tv_key_press), user_list);
+ g_signal_connect (G_OBJECT (tv), "button-press-event",
+ G_CALLBACK (tv_button_press), user_list);
tm = (GtkTreeModel *)gtk_list_store_new (4,
GDK_TYPE_PIXBUF,
gdm-2.19.1-audit-login.patch:
--- NEW FILE gdm-2.19.1-audit-login.patch ---
--- gdm-2.19.1/daemon/verify-pam.c.audit-login 2007-05-13 22:08:24.000000000 -0400
+++ gdm-2.19.1/daemon/verify-pam.c 2007-05-21 11:59:00.000000000 -0400
@@ -55,6 +55,14 @@
#include <bsm/adt_event.h>
#endif /* HAVE_ADT */
+#define AU_FAILED 0
+#define AU_SUCCESS 1
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#else
+#define log_to_audit_system(l,h,d,s) do { ; } while (0)
+#endif
+
/* Evil, but this way these things are passed to the child session */
static pam_handle_t *pamh = NULL;
@@ -789,6 +797,54 @@ create_pamh (GdmDisplay *d,
}
/**
+ * log_to_audit_system:
+ * @login: Name of user
+ * @hostname: Name of host machine
+ * @tty: Name of display
+ * @success: 1 for success, 0 for failure
+ *
+ * Logs the success or failure of the login attempt with the linux kernel
+ * audit system. The intent is to capture failed events where the user
+ * fails authentication or otherwise is not permitted to login. There are
+ * many other places where pam could potentially fail and cause login to
+ * fail, but these are system failures rather than the signs of an account
+ * being hacked.
+ *
+ * Returns nothing.
+ */
+
+#ifdef HAVE_LIBAUDIT
+static void
+log_to_audit_system(const char *login,
+ const char *hostname,
+ const char *tty,
+ gboolean success)
+{
+ struct passwd *pw;
+ char buf[64];
+ int audit_fd;
+
+ audit_fd = audit_open();
+ if (login)
+ pw = getpwnam(login);
+ else {
+ login = "unknown";
+ pw = NULL;
+ }
+ if (pw) {
+ snprintf(buf, sizeof(buf), "uid=%d", pw->pw_uid);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty, (int)success);
+ } else {
+ snprintf(buf, sizeof(buf), "acct=%s", login);
+ audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, NULL, tty, (int)success);
+ }
+ close(audit_fd);
+}
+#endif
+
+/**
* gdm_verify_user:
* @username: Name of user or NULL if we should ask
* @display: Name of display to register with the authentication system
@@ -910,6 +966,8 @@ gdm_verify_user (GdmDisplay *d,
/* Start authentication session */
did_we_ask_for_password = FALSE;
if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) {
+ /* Log the failed login attempt */
+ log_to_audit_system(login, d->hostname, display, AU_FAILED);
if ( ! ve_string_empty (selected_user)) {
pam_handle_t *tmp_pamh;
@@ -1030,6 +1088,8 @@ gdm_verify_user (GdmDisplay *d,
( ! gdm_daemon_config_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
pwent != NULL &&
pwent->pw_uid == 0) {
+ /* Log the failed login attempt */
+ log_to_audit_system(login, d->hostname, display, AU_FAILED);
gdm_error (_("Root login disallowed on display '%s'"),
display);
gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
@@ -1063,6 +1123,8 @@ gdm_verify_user (GdmDisplay *d,
break;
case PAM_NEW_AUTHTOK_REQD :
if ((pamerr = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK)) != PAM_SUCCESS) {
+ /* Log the failed login attempt */
+ log_to_audit_system(login, d->hostname, display, AU_FAILED);
gdm_error (_("Authentication token change failed for user %s"), login);
gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
_("\nThe change of the authentication token failed. "
@@ -1080,18 +1142,24 @@ gdm_verify_user (GdmDisplay *d,
#endif /* HAVE_ADT */
break;
case PAM_ACCT_EXPIRED :
+ /* Log the failed login attempt */
+ log_to_audit_system(login, d->hostname, display, AU_FAILED);
gdm_error (_("User %s no longer permitted to access the system"), login);
gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
_("\nThe system administrator has disabled your account."));
error_msg_given = TRUE;
goto pamerr;
case PAM_PERM_DENIED :
+ /* Log the failed login attempt */
+ log_to_audit_system(login, d->hostname, display, AU_FAILED);
gdm_error (_("User %s not permitted to gain access at this time"), login);
gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
_("\nThe system administrator has disabled access to the system temporarily."));
error_msg_given = TRUE;
goto pamerr;
default :
+ /* Log the failed login attempt */
+ log_to_audit_system(login, d->hostname, display, AU_FAILED);
if (gdm_slave_action_pending ())
gdm_error (_("Couldn't set acct. mgmt for %s"), login);
goto pamerr;
@@ -1143,6 +1211,8 @@ gdm_verify_user (GdmDisplay *d,
gdm_error (_("Couldn't open session for %s"), login);
goto pamerr;
}
+ /* Login succeeded */
+ log_to_audit_system(login, d->hostname, display, AU_SUCCESS);
/* Workaround to avoid gdm messages being logged as PAM_pwdb */
gdm_log_shutdown ();
--- gdm-2.19.1/configure.ac.audit-login 2007-05-13 22:08:48.000000000 -0400
+++ gdm-2.19.1/configure.ac 2007-05-21 11:37:59.000000000 -0400
@@ -837,6 +837,10 @@ else
fi
AC_SUBST(logdir, $GDM_LOG_DIR)
+AC_ARG_WITH(libaudit,
+ [ --with-libaudit=[auto/yes/no] Add Linux audit support [default=auto]],,
+ with_libaudit=auto)
+
withval=""
AC_ARG_WITH(at-bindir,
[ --with-at-bindir=<PATH> PATH to Accessible Technology programs [default=BINDIR]],)
@@ -948,6 +952,24 @@ else
AC_MSG_RESULT(no)
fi
+# Check for Linux auditing API
+#
+# libaudit detection
+if test x$with_libaudit = xno ; then
+ have_libaudit=no;
+else
+ # See if we have audit daemon library
+ AC_CHECK_LIB(audit, audit_log_user_message,
+ have_libaudit=yes, have_libaudit=no)
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+ EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -laudit"
+ AC_DEFINE(HAVE_LIBAUDIT,1,[linux audit support])
+fi
+
# Check for Solaris auditing API
# Note, Solaris auditing not supported for Solaris 9 or earlier and
# should not be used on these versions of Solaris if auditing is
gdm-2.19.1-change-defaults.patch:
--- NEW FILE gdm-2.19.1-change-defaults.patch ---
--- gdm-2.19.1/config/gdm.conf.in.change-defaults 2007-05-13 22:08:25.000000000 -0400
+++ gdm-2.19.1/config/gdm.conf.in 2007-05-21 11:16:43.000000000 -0400
@@ -66,9 +66,9 @@ TimedLoginDelay=30
# should leave this alone.
#Chooser=@libexecdir@/gdmchooser
-# The greeter for local (non-xdmcp) logins. Change gdmlogin to gdmgreeter to
-# get the new graphical greeter.
-#Greeter=@libexecdir@/gdmlogin
+# The greeter for local (non-xdmcp) logins. Change gdmgreeter to gdmlogin to
+# get the boring greeter.
+Greeter=@libexecdir@/gdmgreeter
# The greeter for xdmcp logins, usually you want a less graphically intensive
# greeter here so it's better to leave this with gdmlogin
@@ -78,23 +78,23 @@ TimedLoginDelay=30
# This is useful for enabling additional feature support e.g. GNOME
# accessibility framework. Only "trusted" modules should be allowed to minimize
# security holes
-#AddGtkModules=false
+AddGtkModules=true
# By default, these are the accessibility modules.
-#GtkModulesList=gail:atk-bridge:@libdir@/gtk-2.0/modules/libdwellmouselistener:@libdir@/gtk-2.0/modules/libkeymouselistener
+GtkModulesList=gail:atk-bridge:@libdir@/gtk-2.0/modules/libdwellmouselistener:@libdir@/gtk-2.0/modules/libkeymouselistener
# Default path to set. The profile scripts will likely override this value.
# This value will be overridden with the value from /etc/default/login if it
# contains "ROOT=<pathvalue>".
-#DefaultPath=@GDM_USER_PATH@
+DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin
# Default path for root. The profile scripts will likely override this value.
# This value will be overridden with the value from /etc/default/login if it
# contains "SUROOT=<pathvalue>".
-#RootPath=/sbin:/usr/sbin:@GDM_USER_PATH@
+RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
# If you are having trouble with using a single server for a long time and want
# GDM to kill/restart the server, turn this on. On Solaris, this value is
# always true and this configuration setting is ignored.
-#AlwaysRestartServer=@ALWAYS_RESTART_SERVER@
+AlwaysRestartServer=true
# User and group used for running GDM GUI applications. By default this is set
# to user "gdm" and group "gdm". This user/group should have very limited
@@ -126,9 +126,9 @@ XKeepsCrashing=@gdmconfdir@/XKeepsCrashi
#
# Reboot, Halt and suspend commands, you can add different commands separated
# by a semicolon. GDM will use the first one it can find.
-RebootCommand=@REBOOT_COMMAND@
-HaltCommand=@HALT_COMMAND@
-SuspendCommand=@SUSPEND_COMMAND@
+#
+RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot
+HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff
# The following options specify how GDM system commands are supported.
#
@@ -158,14 +158,14 @@ ServAuthDir=@authdir@
# This is our standard startup script. A bit different from a normal X
# session, but it shares a lot of stuff with that. See the provided default
# for more information.
-BaseXsession=@gdmconfdir@/Xsession
+BaseXsession=/etc/X11/xinit/Xsession
# This is a directory where .desktop files describing the sessions live. It is
# really a PATH style variable since 2.4.4.2 to allow actual interoperability
# with KDM. Note that <dmconfdir>/Sessions is there for backwards
# compatibility reasons with 2.4.4.x.
#SessionDesktopDir=/etc/X11/sessions/:@dmconfdir@/Sessions/:@datadir@/gdm/BuiltInSessions/:@datadir@/xsessions/
# This is the default .desktop session. One of the ones in SessionDesktopDir
-#DefaultSession=gnome.desktop
+DefaultSession=default.desktop
# Better leave this blank and HOME will be used. You can use syntax ~/ below
# to indicate home directory of the user. You can also set this to something
# like /tmp if you don't want the authorizations to be in home directories.
@@ -173,11 +173,11 @@ BaseXsession=@gdmconfdir@/Xsession
# is the home directory the UserAuthFBDir will still be used in case the home
# directory is NFS, see security/NeverPlaceCookiesOnNFS to override this
# behavior.
-UserAuthDir=
+UserAuthDir=/tmp
# Fallback directory for writing authorization file if user's home directory
# is not writable.
UserAuthFBDir=/tmp
-UserAuthFile=.Xauthority
+#UserAuthFile=.Xauthority
# The X server to use if we can't figure out what else to run.
StandardXServer=@X_SERVER@
# The maximum number of flexible X servers to run.
@@ -209,7 +209,7 @@ XnestUnscaledFontPath=@X_XNEST_UNSCALED_
#DoubleLoginWarning=true
# Should a second login always resume the current session and switch VT's on
# Linux and FreeBSD systems for console logins
-#AlwaysLoginCurrentSession=true
+AlwaysLoginCurrentSession=true
# If true then the last login information is printed to the user before being
# prompted for password. While this gives away some info on what users are on
@@ -333,7 +333,7 @@ Enable=false
#GtkRC=@datadir@/themes/Default/gtk-2.0/gtkrc
# The GTK+ theme to use for the GUI.
-#GtkTheme=Default
+GtkTheme=Clearlooks
# If to allow changing the GTK+ (widget) theme from the greeter. Currently
# this only affects the standard greeter as the graphical greeter does not yet
# have this ability.
@@ -354,7 +354,7 @@ Enable=false
# themed login (gdmgreeter).
#
# The standard login has a title bar that the user can move.
-#TitleBar=true
+TitleBar=false
# Don't allow user to move the standard login window. Only makes sense if
# TitleBar is on.
#LockPosition=false
@@ -378,7 +378,7 @@ Browser=false
# User ID's less than the MinimalUID value will not be included in the face
# browser or in the gdmselection list for Automatic/Timed login. They will not
# be displayed regardless of the settings for Include and Exclude.
-#MinimalUID=100
+MinimalUID=500
# Users listed in Include will be included in the face browser and in the
# gdmsetup selection list for Automatic/Timed login. Users should be separated
# by commas.
@@ -395,7 +395,7 @@ Browser=false
# large numbers of users and this feature should not be used in such
# environments. The setting of IncludeAll does nothing if Include is set to a
# non-empty value.
-#IncludeAll=false
+IncludeAll=true
# If user or user.png exists in this dir it will be used as his picture.
#GlobalFaceDir=@datadir@/pixmaps/faces/
@@ -404,7 +404,7 @@ Browser=false
# file, although GDM will be able to read a standard locale.alias file as well.
#LocaleFile=@gdmlocaledir@/locale.alias
# Logo shown in the standard greeter.
-#Logo=@pixmapdir@/gdm-foot-logo.png
+Logo=
# Logo shown on file chooser button in gdmsetup (do not modify this value).
#ChooserButtonLogo=@pixmapdir@/gdm-foot-logo.png
# The standard greeter should shake if a user entered the wrong username or
@@ -451,8 +451,9 @@ DefaultRemoteWelcome=true
# The Standard greeter (gdmlogin) uses BackgroundColor as the background
# color, while the themed greeter (gdmgreeter) uses GraphicalThemedColor
# as the background color.
-BackgroundColor=#76848F
-GraphicalThemedColor=#76848F
+BackgroundColor=#20305a
+GraphicalThemedColor=#000000
+
# XDMCP session should only get a color, this is the sanest setting since you
# don't want to take up too much bandwidth
#BackgroundRemoteOnlyColor=true
@@ -473,8 +474,8 @@ GraphicalThemedColor=#76848F
# Show the Failsafe sessions. These are much MUCH nicer (focus for xterm for
# example) and more failsafe then those supplied by scripts so distros should
# use this rather then just running an xterm from a script.
-#ShowGnomeFailsafeSession=true
-#ShowXtermFailsafeSession=true
+ShowGnomeFailsafeSession=false
+ShowXtermFailsafeSession=false
# Normally there is a session type called 'Last' that is shown which refers to
# the last session the user used. If off, we will be in 'switchdesk' mode
# where the session saving stuff is disabled in GDM
@@ -493,7 +494,7 @@ GraphicalThemedColor=#76848F
# list then provide a list that is delimited by /: to the GraphicalThemes
# key and set GraphicalThemeRand to true. Otherwise use GraphicalTheme
# and specify just one theme.
-#GraphicalTheme=circles
+GraphicalTheme=FedoraFlyingHigh
#GraphicalThemes=circles/:happygnome
GraphicalThemeDir=@datadir@/gdm/themes/
GraphicalThemeRand=false
@@ -597,7 +598,7 @@ Gestures=false
# Definition of the standard X server.
[server-Standard]
name=Standard server
-command=@X_SERVER@ @X_CONFIG_OPTIONS@ @XEVIE_OPTION@
+command=@X_SERVER@ -br @X_CONFIG_OPTIONS@ @XEVIE_OPTION@
flexible=true
# Indicates that the X server should be started at a different process
# priority. Values can be any integer value accepted by the setpriority C
gdm-2.19.1-clean-up-xsession-errors.patch:
--- NEW FILE gdm-2.19.1-clean-up-xsession-errors.patch ---
--- gdm-2.19.1/daemon/slave.c.clean-up-xsession-errors 2007-05-13 22:08:25.000000000 -0400
+++ gdm-2.19.1/daemon/slave.c 2007-05-21 11:27:27.000000000 -0400
@@ -4523,6 +4523,11 @@ gdm_slave_session_stop (gboolean run_pos
finish_session_output (run_post_session /* do_read */);
+ /* If successfully exited then clear the log file
+ */
+ if (d->xsession_errors_filename != NULL)
+ VE_IGNORE_EINTR (unlink (d->xsession_errors_filename)
+
if (local_login == NULL)
pwent = NULL;
else
gdm-2.19.1-hide-uninstalled-languages.patch:
--- NEW FILE gdm-2.19.1-hide-uninstalled-languages.patch ---
--- gdm-2.19.1/gui/gdmcommon.c.hide-uninstalled-languages 2007-05-13 22:08:15.000000000 -0400
+++ gdm-2.19.1/gui/gdmcommon.c 2007-05-21 13:24:20.000000000 -0400
@@ -32,6 +32,8 @@
#include <sys/types.h>
#include <signal.h>
+#include <fontconfig/fontconfig.h>
+
#include <glib/gi18n.h>
#include <gdk/gdkx.h>
#include <gtk/gtk.h>
@@ -928,3 +930,95 @@ gdm_common_expand_text (const gchar *tex
return g_string_free (str, FALSE);
}
+typedef enum
+{
+ LOCALE_UP_TO_LANGUAGE = 0,
+ LOCALE_UP_TO_COUNTRY,
+ LOCALE_UP_TO_ENCODING,
+ LOCALE_UP_TO_MODIFIER,
+} LocaleScope;
+
+static char *
+get_less_specific_locale (const char *locale,
+ LocaleScope scope)
+{
+ char *generalized_locale;
+ char *end;
+
+ generalized_locale = strdup (locale);
+
+ end = strchr (generalized_locale, '_');
+
+ if (end != NULL && scope <= LOCALE_UP_TO_LANGUAGE)
+ {
+ *end = '\0';
+ return generalized_locale;
+ }
+
+ end = strchr (generalized_locale, '.');
+
+ if (end != NULL && scope <= LOCALE_UP_TO_COUNTRY)
+ {
+ *end = '\0';
+ return generalized_locale;
+ }
+
+ end = strchr (generalized_locale, '@');
+
+ if (end != NULL && scope <= LOCALE_UP_TO_ENCODING)
+ {
+ *end = '\0';
+ return generalized_locale;
+ }
+
+ return generalized_locale;
+}
+
+gboolean
+gdm_common_locale_is_displayable (const gchar *locale)
+{
+ char *language_code;
+ gboolean is_displayable;
+
+ FcPattern *pattern;
+ FcObjectSet *object_set;
+ FcFontSet *font_set;
+
+ is_displayable = FALSE;
+ pattern = NULL;
+ object_set = NULL;
+ font_set = NULL;
+
+ language_code = get_less_specific_locale (locale, LOCALE_UP_TO_LANGUAGE);
+
+ pattern = FcPatternBuild (NULL, FC_LANG, FcTypeString, language_code, NULL);
+
+ if (pattern == NULL)
+ goto done;
+
+ object_set = FcObjectSetBuild (NULL, NULL);
+
+ if (object_set == NULL)
+ goto done;
+
+ font_set = FcFontList (NULL, pattern, object_set);
+
+ if (font_set == NULL)
+ goto done;
+
+ is_displayable = (font_set->nfont > 0);
+
+done:
+
+ if (font_set != NULL)
+ FcFontSetDestroy (font_set);
+
+ if (object_set != NULL)
+ FcObjectSetDestroy (object_set);
+
+ if (pattern != NULL)
+ FcPatternDestroy (pattern);
+
+ g_free (language_code);
+ return is_displayable;
+}
--- gdm-2.19.1/gui/gdmlanguages.c.hide-uninstalled-languages 2007-05-21 13:29:38.000000000 -0400
+++ gdm-2.19.1/gui/gdmlanguages.c 2007-05-21 13:30:28.000000000 -0400
@@ -705,6 +705,11 @@ gdm_lang_initialize_model (gchar * local
li->data = NULL;
+ if (!gdm_common_locale_is_displayable (lang)) {
+ g_free (lang);
+ continue;
+ }
+
name = gdm_lang_name (lang,
FALSE /* never_encoding */,
TRUE /* no_group */,
--- gdm-2.19.1/gui/gdmcommon.h.hide-uninstalled-languages 2007-05-13 22:08:15.000000000 -0400
+++ gdm-2.19.1/gui/gdmcommon.h 2007-05-21 13:24:20.000000000 -0400
@@ -70,5 +70,5 @@ void gdm_common_pre_fetch_launch
void gdm_common_atspi_launch (void);
gchar* gdm_common_expand_text (const gchar *text);
gchar* gdm_common_get_clock (struct tm **the_tm);
-
+gboolean gdm_common_locale_is_displayable (const gchar *locale);
#endif /* GDM_COMMON_H */
gdm-2.19.1-move-default-message.patch:
--- NEW FILE gdm-2.19.1-move-default-message.patch ---
--- gdm-2.19.1/gui/greeter/greeter_item_pam.c.move-default-message 2007-05-13 22:08:14.000000000 -0400
+++ gdm-2.19.1/gui/greeter/greeter_item_pam.c 2007-05-21 12:05:21.000000000 -0400
@@ -47,6 +47,7 @@ gchar *greeter_current_user = NULL;
gboolean require_quarter = FALSE;
extern gboolean greeter_probably_login_prompt;
+static gboolean using_fallback_message = FALSE;
extern GtkButton *gtk_ok_button;
extern GtkButton *gtk_start_again_button;
@@ -249,13 +250,35 @@ greeter_item_pam_prompt (const char *mes
int entry_len,
gboolean entry_visible)
{
+ GreeterItemInfo *message_info;
GreeterItemInfo *conversation_info;
GreeterItemInfo *entry_info;
GtkWidget *entry;
+ message_info = greeter_lookup_id ("pam-message");
conversation_info = greeter_lookup_id ("pam-prompt");
entry_info = greeter_lookup_id ("user-pw-entry");
+ if (strcmp (message, _("Username:")) == 0 && message_info)
+ {
+ gchar *text;
+ text = NULL;
+ g_object_get (G_OBJECT (message_info->item),
+ "text", &text,
+ NULL);
+ if (ve_string_empty (text))
+ {
+ set_text (message_info, _("Please enter your username"));
+ using_fallback_message = TRUE;
+ }
+ g_free (text);
+ }
+ else if (using_fallback_message)
+ {
+ set_text (message_info, "");
+ using_fallback_message = FALSE;
+ }
+
if (conversation_info)
{
set_text (conversation_info, message);
@@ -320,6 +343,7 @@ greeter_item_pam_message (const char *me
* we try to collect them until the next prompt or reset or
* whatnot */
if ( ! replace_msg &&
+ ! using_fallback_message &&
/* empty message is for clearing */
! ve_string_empty (message))
{
@@ -339,6 +363,7 @@ greeter_item_pam_message (const char *me
set_text (message_info, message);
}
replace_msg = FALSE;
+ using_fallback_message = FALSE;
}
--- gdm-2.19.1/gui/gdmlogin.c.move-default-message 2007-05-13 22:08:15.000000000 -0400
+++ gdm-2.19.1/gui/gdmlogin.c 2007-05-21 12:05:21.000000000 -0400
@@ -169,6 +169,7 @@ extern gchar *default_session;
extern const gchar *current_session;
extern gboolean session_dir_whacked_out;
extern gint gdm_timed_delay;
+static gboolean using_fallback_message = FALSE;
static gboolean first_prompt = TRUE;
@@ -1357,9 +1358,20 @@ process_operation (guchar op_code,
gdm_config_get_string (GDM_KEY_SOUND_ON_LOGIN_FILE),
gdm_config_get_bool (GDM_KEY_SOUND_ON_LOGIN));
gtk_label_set_text_with_mnemonic (GTK_LABEL (label), _("_Username:"));
+ if (ve_string_empty (gtk_label_get_text (GTK_LABEL (msg)))) {
+ gtk_label_set_text (GTK_LABEL (msg),
+ _("Please enter your username"));
+ using_fallback_message = TRUE;
+ }
+
} else {
if (tmp != NULL)
gtk_label_set_text (GTK_LABEL (label), tmp);
+ if (using_fallback_message) {
+ gtk_label_set_text (GTK_LABEL (msg), "");
+ using_fallback_message = FALSE;
+ }
+
}
g_free (tmp);
@@ -1447,6 +1459,7 @@ process_operation (guchar op_code,
g_free (tmp);
}
replace_msg = FALSE;
+ using_fallback_message = FALSE;
gtk_widget_show (GTK_WIDGET (msg));
printf ("%c\n", STX);
@@ -1625,9 +1638,7 @@ process_operation (guchar op_code,
if (browser_ok && gdm_config_get_bool (GDM_KEY_BROWSER))
gtk_widget_set_sensitive (GTK_WIDGET (browser), TRUE);
- tmp = ve_locale_to_utf8 (args);
- gtk_label_set_text (GTK_LABEL (msg), tmp);
- g_free (tmp);
+ gtk_label_set_text (GTK_LABEL (msg), "");
gtk_widget_show (GTK_WIDGET (msg));
printf ("%c\n", STX);
--- gdm-2.19.1/daemon/verify-pam.c.move-default-message 2007-05-21 12:05:21.000000000 -0400
+++ gdm-2.19.1/daemon/verify-pam.c 2007-05-21 12:07:50.000000000 -0400
@@ -539,12 +539,6 @@ gdm_verify_pam_conv (int num_msg, struct
case PAM_PROMPT_ECHO_ON:
if (strcmp (m, _("Username:")) == 0) {
if ( ve_string_empty (selected_user)) {
- /* this is an evil hack, but really there is no way we'll
- know this is a username prompt. However we SHOULD NOT
- rely on this working. The pam modules can set their
- prompt to whatever they wish to */
- gdm_slave_greeter_ctl_no_ret
- (GDM_MSG, _("Please enter your username"));
s = gdm_slave_greeter_ctl (GDM_PROMPT, m);
/* this will clear the message */
gdm_slave_greeter_ctl_no_ret (GDM_MSG, "");
--- gdm-2.19.1/daemon/verify-shadow.c.move-default-message 2007-05-13 22:08:24.000000000 -0400
+++ gdm-2.19.1/daemon/verify-shadow.c 2007-05-21 12:11:06.000000000 -0400
@@ -127,7 +127,6 @@ gdm_verify_user (GdmDisplay *d,
authenticate_again:
/* Ask for the user's login */
gdm_verify_select_user (NULL);
- gdm_slave_greeter_ctl_no_ret (GDM_MSG, _("Please enter your username"));
login = gdm_slave_greeter_ctl (GDM_PROMPT, _("Username:"));
if (login == NULL ||
gdm_slave_greeter_check_interruption ()) {
--- gdm-2.19.1/daemon/verify-crypt.c.move-default-message 2007-05-13 22:08:24.000000000 -0400
+++ gdm-2.19.1/daemon/verify-crypt.c 2007-05-21 12:10:33.000000000 -0400
@@ -125,7 +125,6 @@ gdm_verify_user (GdmDisplay *d,
authenticate_again:
/* Ask for the user's login */
gdm_verify_select_user (NULL);
- gdm_slave_greeter_ctl_no_ret (GDM_MSG, _("Please enter your username"));
login = gdm_slave_greeter_ctl (GDM_PROMPT, _("Username:"));
if (login == NULL ||
gdm_slave_greeter_check_interruption ()) {
gdm-2.19.1-pass-ats-to-session.patch:
--- NEW FILE gdm-2.19.1-pass-ats-to-session.patch ---
--- gdm-2.19.1/gui/gdmlogin.c.pass-ats-to-session 2007-05-21 13:38:32.000000000 -0400
+++ gdm-2.19.1/gui/gdmlogin.c 2007-05-21 13:38:32.000000000 -0400
@@ -1576,6 +1576,19 @@ process_operation (guchar op_code,
fflush (stdout);
break;
+ case GDM_A11Y:
+ {
+ const char *ats_launched;
+ /* print out the assistive technologies that we've started for the user */
+ ats_launched = g_getenv ("GDM_ATS");
+ if (ats_launched != NULL)
+ printf ("%c%s\n", STX, ats_launched);
+ else
+ printf ("%c\n", STX);
+ fflush (stdout);
+ break;
+ }
+
case GDM_LANG:
gdm_lang_op_lang (args);
break;
--- gdm-2.19.1/gui/modules/dwellmouselistener.c.pass-ats-to-session 2007-05-13 22:08:12.000000000 -0400
+++ gdm-2.19.1/gui/modules/dwellmouselistener.c 2007-05-21 13:38:32.000000000 -0400
@@ -678,6 +678,8 @@ leave_enter_emission_hook (GSignalInvoca
G_CALLBACK (gtk_widget_destroy), NULL);
gtk_widget_show (dialog);
} else {
+ const char *at_name;
+ const char *ats_launched;
GdkCursor *cursor = gdk_cursor_new (GDK_WATCH);
gdk_window_set_cursor (gdk_get_default_root_window (),
cursor);
@@ -686,6 +688,26 @@ leave_enter_emission_hook (GSignalInvoca
latch_core_pointer = FALSE;
/* once we've recognized a gesture, we need to *
* leave the pointer alone */
+
+ at_name = strstr (action, "#AT_TYPE=");
+ if (at_name != NULL) {
+ int i;
+ char **v;
+ at_name += 9;
+ v = g_strsplit (at_name, " ", 0);
+ for (i = 0; v[i] != NULL; i++) {
+ ats_launched = g_getenv ("GDM_ATS");
+ if (ats_launched == NULL) {
+ g_setenv ("GDM_ATS", v[i], TRUE);
+ } else if (strstr (ats_launched, v[i]) == NULL) {
+ char *s;
+ s = g_strdup_printf ("%s %s", ats_launched, v[i]);
+ g_setenv ("GDM_ATS", s, TRUE);
+ g_free (s);
+ }
+ }
+ g_strfreev (v);
+ }
}
}
}
--- gdm-2.19.1/gui/modules/AccessKeyMouseEvents.in.pass-ats-to-session 2007-05-13 22:08:12.000000000 -0400
+++ gdm-2.19.1/gui/modules/AccessKeyMouseEvents.in 2007-05-21 13:43:54.000000000 -0400
@@ -78,14 +78,14 @@
#
# press ctrl-s for 1 second to launch orca in speech mode
#
-<Control>s 1 1000 10000 @AT_BINDIR@/orca -n -d main-window
+<Control>s 1 1000 10000 @AT_BINDIR@/orca -n -d main-window #AT_TYPE=screenreader
# press ctrl-m for 1 second to launch orca in mag mode
#
-<Control>m 1 1000 10000 @AT_BINDIR@/orca -n -d main-window -d speech -e magnifier
+<Control>m 1 1000 10000 @AT_BINDIR@/orca -n -d main-window -d speech -e magnifier #AT_TYPE=magnifier
# press ctrl-o or ctrl-g for 1 second to launch orca in speech and mag mode
#
-<Control>o 1 1000 10000 @AT_BINDIR@/orca -n -d main-window -e magnifier
-<Control>g 1 1000 10000 @AT_BINDIR@/orca -n -d main-window -e magnifier
+<Control>o 1 1000 10000 @AT_BINDIR@/orca -n -d main-window -e magnifier #AT_TYPE=screenreader magnifier
+<Control>g 1 1000 10000 @AT_BINDIR@/orca -n -d main-window -e magnifier #AT_TYPE=screenreader magnifier
--- gdm-2.19.1/gui/modules/AccessDwellMouseEvents.in.pass-ats-to-session 2007-05-13 22:08:12.000000000 -0400
+++ gdm-2.19.1/gui/modules/AccessDwellMouseEvents.in 2007-05-21 13:40:39.000000000 -0400
@@ -38,10 +38,10 @@
# Support several different options for different user needs. Note these
# gestures all start by moving the mouse into the top window border.
#
-TBLR I 10000 @AT_BINDIR@/gok --login --access-method=dwellselection
-TLBR I 10000 @AT_BINDIR@/gok --login --access-method=automaticscanning --scan-action=switch1 --select-action=switch1
-TRBL I 10000 @AT_BINDIR@/gok --login --access-method=inversescanning --scan-action=switch1 --select-action=switch2
-TBRL I 10000 @AT_BINDIR@/gok --login --access-method=automaticscanning --scan-action=switch3 --select-action=switch3
+TBLR I 10000 @AT_BINDIR@/gok --login --access-method=dwellselection #AT_TYPE=onscreenkeyboard
+TLBR I 10000 @AT_BINDIR@/gok --login --access-method=automaticscanning --scan-action=switch1 --select-action=switch1 #AT_TYPE=onscreenkeyboard
+TRBL I 10000 @AT_BINDIR@/gok --login --access-method=inversescanning --scan-action=switch1 --select-action=switch2 #AT_TYPE=onscreenkeyboard
+TBRL I 10000 @AT_BINDIR@/gok --login --access-method=automaticscanning --scan-action=switch3 --select-action=switch3 #AT_TYPE=onscreenkeyboard
# AT Program - ORCA
#
@@ -50,13 +50,13 @@ TBRL I 10000 @AT_BINDIR@/gok --login
#
# Speech
#
-BTRL I 10000 @AT_BINDIR@/orca -n -d main-window
+BTRL I 10000 @AT_BINDIR@/orca -n -d main-window #AT_TYPE=screenreader
# Magnifier
#
-BTLR I 10000 @AT_BINDIR@/orca -n -d main-window -d speech -e magnifier
+BTLR I 10000 @AT_BINDIR@/orca -n -d main-window -d speech -e magnifier #AT_TYPE=magnifier
# Speech and Magnifier
#
-BRTL I 10000 @AT_BINDIR@/orca -n -d main-window -e magnifier
+BRTL I 10000 @AT_BINDIR@/orca -n -d main-window -e magnifier #AT_TYPE=screenreader magnifier
--- gdm-2.19.1/gui/modules/keymouselistener.c.pass-ats-to-session 2007-05-13 22:08:12.000000000 -0400
+++ gdm-2.19.1/gui/modules/keymouselistener.c 2007-05-21 13:38:32.000000000 -0400
@@ -951,6 +951,8 @@ gestures_filter (GdkXEvent *gdk_xevent,
NULL);
gtk_widget_show (dialog);
} else {
+ char *at_name;
+ const char *ats_launched;
GdkCursor *cursor = gdk_cursor_new (GDK_WATCH);
gdk_window_set_cursor (gdk_get_default_root_window (),
cursor);
@@ -958,6 +960,26 @@ gestures_filter (GdkXEvent *gdk_xevent,
g_timeout_add (2000,
change_cursor_back,
NULL);
+
+ at_name = strstr (action, "#AT_TYPE=");
+ if (at_name != NULL) {
+ int i;
+ char **v;
+ at_name += 9;
+ v = g_strsplit (at_name, " ", 0);
+ for (i = 0; v[i] != NULL; i++) {
+ ats_launched = g_getenv ("GDM_ATS");
+ if (ats_launched == NULL) {
+ g_setenv ("GDM_ATS", v[i], TRUE);
+ } else if (strstr (ats_launched, v[i]) == NULL) {
+ char *s;
+ s = g_strdup_printf ("%s %s", ats_launched, v[i]);
+ g_setenv ("GDM_ATS", s, TRUE);
+ g_free (s);
+ }
+ }
+ g_strfreev (v);
+ }
}
}
return GDK_FILTER_CONTINUE;
--- gdm-2.19.1/gui/greeter/greeter.c.pass-ats-to-session 2007-05-21 13:38:32.000000000 -0400
+++ gdm-2.19.1/gui/greeter/greeter.c 2007-05-21 13:38:32.000000000 -0400
@@ -390,6 +390,19 @@ process_operation (guchar op_code,
g_free (session);
break;
+ case GDM_A11Y:
+ {
+ const char *ats_launched;
+ /* print out the assistive technologies that we've started for the user */
+ ats_launched = g_getenv ("GDM_ATS");
+ if (ats_launched != NULL)
+ printf ("%c%s\n", STX, ats_launched);
+ else
+ printf ("%c\n", STX);
+ fflush (stdout);
+ break;
+ }
+
case GDM_LANG:
gdm_lang_op_lang (args);
break;
--- gdm-2.19.1/daemon/gdm-socket-protocol.h.pass-ats-to-session 2007-05-21 13:44:35.000000000 -0400
+++ gdm-2.19.1/daemon/gdm-socket-protocol.h 2007-05-21 13:45:04.000000000 -0400
@@ -41,6 +41,7 @@
#define GDM_PROMPT 'N'
#define GDM_SESS 'G'
#define GDM_LANG '&'
+#define GDM_A11Y 'Z'
#define GDM_SSESS 'C'
#define GDM_SLANG 'R'
#define GDM_SETLANG 'L'
--- gdm-2.19.1/daemon/slave.c.pass-ats-to-session 2007-05-21 13:38:32.000000000 -0400
+++ gdm-2.19.1/daemon/slave.c 2007-05-21 13:50:08.000000000 -0400
@@ -3489,6 +3489,7 @@ session_child_run (struct passwd *pwent,
const char *session,
const char *save_session,
const char *language,
+ const char *a11y_ats,
const char *gnome_session,
gboolean usrcfgok,
gboolean savesess,
@@ -3579,6 +3580,9 @@ session_child_run (struct passwd *pwent,
}
#endif
g_setenv ("PWD", home_dir, TRUE);
+ if (a11y_ats != NULL) {
+ g_setenv ("GDM_ATS", a11y_ats, TRUE);
+ }
g_setenv ("GDMSESSION", session, TRUE);
g_setenv ("DESKTOP_SESSION", session, TRUE);
g_setenv ("SHELL", pwent->pw_shell, TRUE);
@@ -3989,6 +3993,7 @@ gdm_slave_session_start (void)
struct passwd *pwent;
const char *home_dir = NULL;
char *save_session = NULL, *session = NULL, *language = NULL, *usrsess, *usrlang;
+ char *a11y_ats = NULL;
char *gnome_session = NULL;
#ifdef WITH_CONSOLE_KIT
char *ck_session_cookie;
@@ -4157,9 +4162,19 @@ gdm_slave_session_start (void)
g_free (usrlang);
return;
}
+
+ a11y_ats = gdm_slave_greeter_ctl (GDM_A11Y, NULL);
+ if (a11y_ats != NULL &&
+ strcmp (a11y_ats, GDM_RESPONSE_CANCEL) == 0) {
+ gdm_debug ("User canceled login");
+ gdm_verify_cleanup (d);
+ session_started = FALSE;
+ return;
+ }
} else {
session = g_strdup (usrsess);
language = g_strdup (usrlang);
+ a11y_ats = NULL;
}
tmp = gdm_strip_extension (session, ".desktop");
@@ -4180,10 +4195,15 @@ gdm_slave_session_start (void)
language = NULL;
}
+ if G_LIKELY (ve_string_empty (a11y_ats)) {
+ g_free (a11y_ats);
+ a11y_ats = NULL;
+ }
+
g_free (usrsess);
- gdm_debug ("Initial setting: session: '%s' language: '%s'\n",
- session, ve_sure_string (language));
+ gdm_debug ("Initial setting: session: '%s' language: '%s'i ATs enabled in gdm: '%s'\n",
+ session, ve_sure_string (language), ve_sure_string (a11y_ats));
/* save this session as the users session */
save_session = g_strdup (session);
@@ -4377,6 +4397,7 @@ gdm_slave_session_start (void)
session,
save_session,
lang,
+ a11y_ats,
gnome_session,
usrcfgok,
savesess,
@@ -5893,4 +5914,4 @@ gboolean
gdm_is_user_valid (const char *username)
{
return (NULL != getpwnam (username));
-}
+
gdm-2.19.1-reset-pam.patch:
--- NEW FILE gdm-2.19.1-reset-pam.patch ---
--- gdm-2.19.1/gui/greeter/greeter.c.reset-pam 2007-05-13 22:08:14.000000000 -0400
+++ gdm-2.19.1/gui/greeter/greeter.c 2007-05-21 12:37:13.000000000 -0400
@@ -224,7 +224,6 @@ process_operation (guchar op_code,
GtkWidget *dlg;
char *tmp;
char *session;
- GreeterItemInfo *conversation_info;
static GnomeCanvasItem *disabled_cover = NULL;
gint lookup_status = SESSION_LOOKUP_SUCCESS;
gchar *firstmsg = NULL;
@@ -428,17 +427,10 @@ process_operation (guchar op_code,
first_prompt = TRUE;
- conversation_info = greeter_lookup_id ("pam-conversation");
-
- if (conversation_info)
- {
- tmp = ve_locale_to_utf8 (args);
- g_object_set (G_OBJECT (conversation_info->item),
- "text", tmp,
- NULL);
- g_free (tmp);
- }
-
+ greeter_item_ulist_unset_selected_user ();
+ greeter_item_pam_prompt ("", PW_ENTRY_SIZE, TRUE);
+ greeter_item_pam_message ("");
+
printf ("%c\n", STX);
fflush (stdout);
greeter_ignore_buttons (FALSE);
--- gdm-2.19.1/daemon/slave.c.reset-pam 2007-05-13 22:08:25.000000000 -0400
+++ gdm-2.19.1/daemon/slave.c 2007-05-21 12:39:57.000000000 -0400
@@ -146,6 +146,12 @@ static int gdm_normal_runlevel =
static pid_t extra_process = 0;
static int extra_status = 0;
+/* a dup of the other side of greeter_fd_in so that
+ * the slave can talk to itself from its sig handler
+ * using the greeter ipc mechanism
+ */
+static int slave_fd_out = -1;
+
#ifdef HAVE_TSOL
static gboolean have_suntsol_extension = FALSE;
#endif
@@ -632,7 +638,7 @@ ignore_xerror_handler (Display *disp, XE
}
static void
-whack_greeter_fds (void)
+whack_greeter_and_slave_fds (void)
{
if (greeter_fd_out > 0)
VE_IGNORE_EINTR (close (greeter_fd_out));
@@ -640,6 +646,9 @@ whack_greeter_fds (void)
if (greeter_fd_in > 0)
VE_IGNORE_EINTR (close (greeter_fd_in));
greeter_fd_in = -1;
+ if (slave_fd_out > 0)
+ VE_IGNORE_EINTR (close (slave_fd_out));
+ slave_fd_out = -1;
}
static void
@@ -1102,7 +1111,7 @@ gdm_slave_whack_greeter (void)
d->greetpid = 0;
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
gdm_slave_send_num (GDM_SOP_GREETPID, 0);
@@ -1936,7 +1945,7 @@ restart_the_greeter (void)
d->greetpid = 0;
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
gdm_slave_send_num (GDM_SOP_GREETPID, 0);
}
@@ -2177,6 +2186,12 @@ gdm_slave_wait_for_login (void)
break;
}
+ if (do_cancel) {
+ gdm_debug ("canceling...");
+ gdm_slave_greeter_ctl_no_ret (GDM_RESETOK, "");
+ continue;
+ }
+
if (login == NULL) {
const char *failuresound = gdm_daemon_config_get_value_string (GDM_KEY_SOUND_ON_LOGIN_FAILURE_FILE);
@@ -2780,10 +2795,10 @@ gdm_slave_greeter (void)
default:
VE_IGNORE_EINTR (close (pipe1[0]));
- VE_IGNORE_EINTR (close (pipe2[1]));
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
+ slave_fd_out = pipe2[1];
greeter_fd_out = pipe1[1];
greeter_fd_in = pipe2[0];
@@ -4740,7 +4755,7 @@ gdm_slave_child_handler (int sig)
greet = FALSE;
d->greetpid = 0;
- whack_greeter_fds ();
+ whack_greeter_and_slave_fds ();
gdm_slave_send_num (GDM_SOP_GREETPID, 0);
do_restart_greeter = TRUE;
@@ -4895,6 +4910,11 @@ gdm_slave_handle_usr2_message (void)
gdm_wait_for_go = FALSE;
} else if (strcmp (&s[1], GDM_NOTIFY_TWIDDLE_POINTER) == 0) {
gdm_twiddle_pointer (d);
+ } else if (strcmp (&s[1], GDM_NOTIFY_RESET) == 0) {
+ if (!d->logged_in) {
+ gdm_fdprintf (slave_fd_out, "%c%c%c\n",
+ STX, BEL, GDM_INTERRUPT_CANCEL);
+ }
}
} else if (s[0] == GDM_SLAVE_NOTIFY_RESPONSE) {
gdm_got_ack = TRUE;
--- gdm-2.19.1/daemon/gdm-daemon-config-keys.h.reset-pam 2007-05-21 12:43:21.000000000 -0400
+++ gdm-2.19.1/daemon/gdm-daemon-config-keys.h 2007-05-21 12:43:42.000000000 -0400
@@ -226,6 +226,7 @@ G_BEGIN_DECLS
#define GDM_NOTIFY_SOFT_RESTART_SERVERS "SOFT_RESTART_SERVERS"
#define GDM_NOTIFY_GO "GO"
#define GDM_NOTIFY_TWIDDLE_POINTER "TWIDDLE_POINTER"
+#define GDM_NOTIFY_RESET "RESET"
G_END_DECLS
--- gdm-2.19.1/daemon/gdm.c.reset-pam 2007-05-13 22:08:24.000000000 -0400
+++ gdm-2.19.1/daemon/gdm.c 2007-05-21 12:45:14.000000000 -0400
@@ -2585,6 +2585,14 @@ gdm_handle_message (GdmConnection *conn,
TRUE /* handled */,
FALSE /* chooser */,
NULL, 0, NULL, NULL, NULL);
+} else if (strcmp (msg, GDM_SOP_CANCEL_LOGIN_REQUESTS) == 0) {
+ GSList *li;
+ for (li = displays; li != NULL; li = li->next) {
+ GdmDisplay *d = li->data;
+ if (!d->logged_in) {
+ send_slave_command (d, GDM_NOTIFY_RESET);
+ }
+ }
} else if (strncmp (msg, "opcode="GDM_SOP_SHOW_ERROR_DIALOG,
strlen ("opcode="GDM_SOP_SHOW_ERROR_DIALOG)) == 0) {
GdmDisplay *d;
--- gdm-2.19.1/daemon/gdm-socket-protocol.h.reset-pam 2007-05-21 12:42:32.000000000 -0400
+++ gdm-2.19.1/daemon/gdm-socket-protocol.h 2007-05-21 12:42:58.000000000 -0400
@@ -155,6 +155,9 @@
#define GDM_SOP_SHOW_QUESTION_DIALOG "SHOW_QUESTION_DIALOG" /* show the question dialog from daemon */
#define GDM_SOP_SHOW_ASKBUTTONS_DIALOG "SHOW_ASKBUTTON_DIALOG" /* show the askbutton dialog from daemon */
+/* Reset any in progress authentication conversations */
+#define GDM_SOP_CANCEL_LOGIN_REQUESTS "CANCEL_LOGIN_REQUESTS" /* no arguments */
+
/* Ack for a slave message */
/* Note that an extra response can follow an 'ack' */
gdm-2.19.1-security-tokens.patch:
--- NEW FILE gdm-2.19.1-security-tokens.patch ---
--- gdm-2.19.1/configure.ac.security-tokens 2007-05-21 12:57:13.000000000 -0400
+++ gdm-2.19.1/configure.ac 2007-05-21 13:03:45.000000000 -0400
@@ -20,6 +20,7 @@ LIBRSVG_REQUIRED=1.1.1
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
+NSS_REQUIRED=3.11.1
dnl
dnl Let the user configure where to look for the configuration files.
@@ -176,7 +177,7 @@ PKG_CHECK_MODULES(COMMON, gtk+-2.0 >= $G
AC_SUBST(COMMON_CFLAGS)
AC_SUBST(COMMON_LIBS)
-PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED)
+PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED ns >= $NSS_REQUIRED)
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
--- /dev/null 2007-05-21 09:34:56.803421964 -0400
+++ gdm-2.19.1/config/securitytokens.conf.in 2007-05-21 12:57:13.000000000 -0400
@@ -0,0 +1,3 @@
+[SecurityTokens]
+Enable=true
+#Driver=@libdir@/pkcs11/libcoolkeypk11.so
--- gdm-2.19.1/config/Makefile.am.security-tokens 2007-05-13 22:08:25.000000000 -0400
+++ gdm-2.19.1/config/Makefile.am 2007-05-21 12:57:13.000000000 -0400
@@ -34,9 +34,11 @@ EXTRA_DIST = \
XKeepsCrashing \
gettextfoo.h \
gdmprefetchlist.in \
+ securitytokens.conf.in \
extract-shell.sh
-CLEANFILES = Xsession gdm.conf gdm.conf-custom default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist
+CLEANFILES = Xsession gdm.conf gdm.conf-custom default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist securitytokens.conf
+
Xsession: $(srcdir)/Xsession.in
sed -e 's,[@]XSESSION_SHELL[@],$(XSESSION_SHELL),g' \
@@ -75,6 +77,31 @@ gdm.conf-custom: $(srcdir)/gdm.conf-cust
sed -e 's,[@]GDM_DEFAULTS_CONF[@],$(GDM_DEFAULTS_CONF),g' \
<$(srcdir)/gdm.conf-custom.in >gdm.conf-custom
+securitytokens.conf: $(srcdir)/securitytokens.conf.in
+ sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
+ -e 's,[@]GDM_USER_PATH[@],$(GDM_USER_PATH),g' \
+ -e 's,[@]HALT_COMMAND[@],$(HALT_COMMAND),g' \
+ -e 's,[@]REBOOT_COMMAND[@],$(REBOOT_COMMAND),g' \
+ -e 's,[@]SOUND_PROGRAM[@],$(SOUND_PROGRAM),g' \
+ -e 's,[@]SUSPEND_COMMAND[@],$(SUSPEND_COMMAND),g' \
+ -e 's,[@]XEVIE_OPTION[@],$(XEVIE_OPTION),g' \
+ -e 's,[@]X_CONFIG_OPTIONS[@],$(X_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_SERVER[@],$(X_SERVER),g' \
+ -e 's,[@]X_XNEST_CONFIG_OPTIONS[@],$(X_XNEST_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_XNEST_PATH[@],$(X_XNEST_PATH),g' \
+ -e 's,[@]authdir[@],$(authdir),g' \
+ -e 's,[@]datadir[@],$(datadir),g' \
+ -e 's,[@]dmconfdir[@],$(dmconfdir),g' \
+ -e 's,[@]gdmconfdir[@],$(gdmconfdir),g' \
+ -e 's,[@]libdir[@],$(libdir),g' \
+ -e 's,[@]libexecdir[@],$(libexecdir),g' \
+ -e 's,[@]localedir[@],$(libexecdir),g' \
+ -e 's,[@]logdir[@],$(logdir),g' \
+ -e 's,[@]pixmapdir[@],$(pixmapdir),g' \
+ -e 's,[@]sbindir[@],$(sbindir),g' \
+ <$(srcdir)/securitytokens.conf.in >securitytokens.conf
+
+
gettextfoo.h: XKeepsCrashing Xsession.in
cat $^ | $(srcdir)/extract-shell.sh > gettextfoo.h
@@ -103,7 +130,7 @@ uninstall-hook:
$(DESTDIR)$(predir)/Default \
$(DESTDIR)$(postdir)/Default
-install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST)
+install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST) securitytokens.conf
if test '!' -d $(DESTDIR)$(confdir); then \
$(mkinstalldirs) $(DESTDIR)$(confdir); \
chmod 755 $(DESTDIR)$(confdir); \
@@ -136,6 +163,7 @@ install-data-hook: gdm.conf gdm.conf-cus
chmod 644 $(DESTDIR)$(GDM_CUSTOM_CONF); \
fi
$(INSTALL_DATA) gdm.conf `dirname $(DESTDIR)$(GDM_DEFAULTS_CONF)`/factory-`basename $(DESTDIR)$(GDM_DEFAULTS_CONF)`
+ $(INSTALL_DATA) securitytokens.conf $(DESTDIR)$(confdir)/securitytokens.conf
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
--- gdm-2.19.1/config/gdm.conf.in.security-tokens 2007-05-21 12:57:13.000000000 -0400
+++ gdm-2.19.1/config/gdm.conf.in 2007-05-21 12:57:13.000000000 -0400
@@ -239,6 +239,10 @@ AlwaysLoginCurrentSession=true
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
+# Whether or not to listen for smart card insertion/removal events
+SecurityTokensEnable=true
+SecurityTokensDriver=
+
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
--- gdm-2.19.1/daemon/gdm.c.security-tokens 2007-05-21 12:57:13.000000000 -0400
+++ gdm-2.19.1/daemon/gdm.c 2007-05-21 13:14:26.000000000 -0400
@@ -71,6 +71,8 @@
#include "cookie.h"
#include "filecheck.h"
#include "errorgui.h"
+#include "securitytokenmonitor.h"
+#include "securitytoken.h"
#include "gdm-socket-protocol.h"
#include "gdm-daemon-config.h"
@@ -93,6 +95,10 @@ static void gdm_handle_message (GdmConne
static void gdm_handle_user_message (GdmConnection *conn,
const gchar *msg,
gpointer data);
+
+static void gdm_reset_local_displays (void);
+static void gdm_watch_for_security_tokens (void);
+
static void gdm_daemonify (void);
static void gdm_safe_restart (void);
static void gdm_try_logout_action (GdmDisplay *disp);
@@ -1787,6 +1793,8 @@ main (int argc, char *argv[])
gdm_xdmcp_run ();
}
+ gdm_watch_for_security_tokens ();
+
/* We always exit via exit (), and sadly we need to g_main_quit ()
* at times not knowing if it's this main or a recursive one we're
* quitting.
@@ -4342,3 +4350,80 @@ gdm_handle_user_message (GdmConnection *
gdm_connection_close (conn);
}
}
+
+static void
+gdm_reset_local_displays (void)
+{
+ GSList *li;
+
+ for (li = displays; li != NULL; li = li->next) {
+ GdmDisplay *d = li->data;
+
+ if (d->attached)
+ send_slave_command (d, GDM_NOTIFY_RESET);
+ }
+}
+
+#ifndef GDM_SECURITY_TOKENS_CONF
+#define GDM_SECURITY_TOKENS_CONF GDMCONFDIR "/securitytokens.conf"
+#endif
+
+#ifndef GDM_SECURITY_TOKENS_KEY_ENABLED
+#define GDM_SECURITY_TOKENS_KEY_ENABLED "SecurityTokens/Enabled=true"
+#endif
+
+#ifndef GDM_SECURITY_TOKENS_KEY_DRIVER
+#define GDM_SECURITY_TOKENS_KEY_DRIVER "SecurityTokens/Driver"
+#endif
+
+static void
+gdm_watch_for_security_tokens (void)
+{
+ GError *error;
+ ScSecurityTokenMonitor *monitor;
+ gchar *driver;
+ VeConfig *cfg;
+
+ cfg = ve_config_new (GDM_SECURITY_TOKENS_CONF);
+
+ if (!ve_config_get_bool (cfg, GDM_SECURITY_TOKENS_KEY_ENABLED)) {
+ gdm_debug ("security token support is not enabled");
+ goto out;
+ }
+
+ gdm_debug ("watching for security token insertion and removal events");
+
+ driver = ve_config_get_string (cfg, GDM_SECURITY_TOKENS_KEY_DRIVER);
+ gdm_debug ("security tokens driver is set to '%s'",
+ ve_string_empty (driver)? "<automatic>" : driver);
+ monitor = sc_security_token_monitor_new (driver);
+ g_free (driver);
+
+ g_signal_connect (monitor,
+ "security-token-inserted",
+ G_CALLBACK (gdm_reset_local_displays),
+ NULL);
+
+ g_signal_connect (monitor,
+ "security-token-removed",
+ G_CALLBACK (gdm_reset_local_displays),
+ NULL);
+
+ error = NULL;
+ if (!sc_security_token_monitor_start (monitor, &error)) {
+ g_object_unref (monitor);
[...2449 lines suppressed...]
+}
+
+void
+_sc_security_token_set_state (ScSecurityToken *token,
+ ScSecurityTokenState state)
+{
+ /* sc_security_token_fetch_certificates (token); */
+ if (token->priv->state != state)
+ {
+ token->priv->state = state;
+
+ if (state == SC_SECURITY_TOKEN_STATE_INSERTED) {
+ g_signal_emit (token, sc_security_token_signals[INSERTED], 0);
+ } else if (state == SC_SECURITY_TOKEN_STATE_REMOVED)
+ g_signal_emit (token, sc_security_token_signals[REMOVED], 0);
+ else
+ g_assert_not_reached ();
+ }
+}
+
+/* So we could conceivably make the closure data a pointer to the token
+ * or something similiar and then emit signals when we want passwords,
+ * but it's probably easier to just get the password up front and use
+ * it. So we just take the passed in g_malloc'd (well probably, who knows)
+ * and strdup it using NSPR's memory allocation routines.
+ */
+static char *
+sc_security_token_password_handler (PK11SlotInfo *slot,
+ PRBool is_retrying,
+ const gchar *password)
+{
+ if (is_retrying)
+ return NULL;
+
+ return password != NULL? PL_strdup (password): NULL;
+}
+
+gboolean
+sc_security_token_unlock (ScSecurityToken *token,
+ const gchar *password)
+{
+ SECStatus status;
+
+ PK11_SetPasswordFunc ((PK11PasswordFunc) sc_security_token_password_handler);
+
+ /* we pass PR_TRUE to load certificates
+ */
+ status = PK11_Authenticate (token->priv->slot, PR_TRUE, (gpointer) password);
+
+ if (status != SECSuccess) {
+ sc_debug ("could not unlock token - %d", status);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static PK11SlotInfo *
+sc_security_token_find_slot_from_token_name (ScSecurityToken *token,
+ const gchar *token_name)
+{
+ int i;
+
+ for (i = 0; i < token->priv->module->slotCount; i++) {
+ const gchar *slot_token_name;
+
+ slot_token_name = PK11_GetTokenName (token->priv->module->slots[i]);
+
+ if ((slot_token_name != NULL) &&
+ (strcmp (slot_token_name, token_name) == 0))
+ return token->priv->module->slots[i];
+ }
+
+ return NULL;
+}
+
+static PK11SlotInfo *
+sc_security_token_find_slot_from_id (ScSecurityToken *token,
+ gint slot_id)
+{
+ int i;
+
+ for (i = 0; i < token->priv->module->slotCount; i++)
+ if (PK11_GetSlotID (token->priv->module->slots[i]) == slot_id)
+ return token->priv->module->slots[i];
+
+ return NULL;
+}
+
+static gboolean
+sc_security_token_fetch_certificates (ScSecurityToken *token)
+{
+ PK11SlotInfo *slot;
+ CERTCertList *certificates;
+ CERTCertListNode *node;
+ SECStatus status;
+ int i;
+
+ sc_security_token_unlock (token, "0000");
+
+ sc_debug ("fetching certificates for token in slot %lu",
+ token->priv->slot_id);
+
+ slot = sc_security_token_find_slot_from_id (token,
+ token->priv->slot_id);
+
+ g_assert (PK11_GetSlotID (slot) == token->priv->slot_id);
+
+ if (i == token->priv->module->slotCount) {
+ sc_debug ("could not find slot %lu", token->priv->slot_id);
+ return FALSE;
+ }
+
+ certificates = PK11_ListCertsInSlot (slot);
+
+ sc_debug ("filtering out non-user certificates");
+ if (CERT_FilterCertListForUserCerts (certificates) != SECSuccess) {
+ CERT_DestroyCertList (certificates);
+ sc_debug ("could not filter out non-user certificates");
+ return FALSE;
+ }
+
+ for (node = CERT_LIST_HEAD (certificates);
+ !CERT_LIST_END (node, certificates);
+ node = CERT_LIST_NEXT(node)) {
+
+ SECCertificateUsage cert_usages;
+
+ sc_debug ("verifying certificate for use");
+ status = CERT_VerifyCertificateNow (NULL, node->cert, TRUE,
+ 0, NULL, &cert_usages);
+
+ if (status != SECSuccess) {
+ sc_debug ("could not be verified, skipping...");
+ continue;
+ }
+
+ sc_debug ("got cert with usages 0x%lx", (gulong) cert_usages);
+
+ if (token->priv->encryption_certificate == NULL) {
+
+ sc_debug ("checking if certificate can be used for data "
+ "encryption");
+ status = CERT_CheckCertUsage (node->cert,
+ KU_DATA_ENCIPHERMENT);
+
+ if (status == SECSuccess) {
+ token->priv->encryption_certificate =
+ CERT_DupCertificate (node->cert);
+ } else {
+ sc_debug ("certificate can not be used for encryption");
+ }
+ }
+
+ if (token->priv->signing_certificate == NULL) {
+
+ sc_debug ("checking if certificate can be used for data "
+ "signing");
+ status = CERT_CheckCertUsage (node->cert,
+ KU_DIGITAL_SIGNATURE);
+
+ if (status == SECSuccess) {
+ token->priv->signing_certificate =
+ CERT_DupCertificate (node->cert);
+ } else {
+ sc_debug ("certificate can not be used for signing things");
+ }
+ }
+ }
+ return TRUE;
+}
+
+#ifdef SC_SECURITY_TOKEN_ENABLE_TEST
+#include <glib.h>
+
+static GMainLoop *event_loop;
+
+int
+main (int argc,
+ char *argv[])
+{
+ ScSecurityToken *token;
+ GError *error;
+
+ g_log_set_always_fatal (G_LOG_LEVEL_ERROR
+ | G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING);
+
+ g_type_init ();
+
+ g_message ("creating instance of 'security token' object...");
+ token = _sc_security_token_new (NULL, 1, 1);
+ g_message ("'security token' object created successfully");
+
+ g_message ("destroying previously created 'security token' object...");
+ g_object_unref (token);
+ token = NULL;
+ g_message ("'security token' object destroyed successfully");
+
+ return 0;
+}
+#endif
gdm-2.19.1-wtmp.patch:
--- NEW FILE gdm-2.19.1-wtmp.patch ---
--- gdm-2.19.1/config/PreSession.in.wtmp 2007-05-13 22:08:25.000000000 -0400
+++ gdm-2.19.1/config/PreSession.in 2007-05-21 13:17:09.000000000 -0400
@@ -68,17 +68,4 @@ if [ "x$XSETROOT" != "x" ] ; then
"$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
fi
-
-SESSREG=`gdmwhich sessreg`
-if [ "x$SESSREG" != "x" ] ; then
- # some output for easy debugging
- echo "$0: Registering your session with wtmp and utmp"
- echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x \"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""
-
- exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS" -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
- # this is not reached
-fi
-
-# some output for easy debugging
-echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
exit 0
--- gdm-2.19.1/daemon/slave.c.wtmp 2007-05-21 13:17:09.000000000 -0400
+++ gdm-2.19.1/daemon/slave.c 2007-05-21 13:20:51.000000000 -0400
@@ -4426,6 +4426,13 @@ gdm_slave_session_start (void)
g_free (language);
g_free (gnome_session);
+ gdm_verify_write_record (d,
+ GDM_VERIFY_RECORD_TYPE_LOGIN,
+ pwent->pw_name,
+ d->name,
+ !d->attached? d->hostname : NULL,
+ pid);
+
gdm_slave_send_num (GDM_SOP_SESSPID, pid);
gdm_sigchld_block_push ();
@@ -4488,6 +4495,17 @@ gdm_slave_session_start (void)
}
#endif
+ if ((pid != 0) && (d->last_sess_status != -1)) {
+ gdm_debug ("session '%d' exited with status '%d', recording logout",
+ pid, d->last_sess_status);
+ gdm_verify_write_record (d,
+ GDM_VERIFY_RECORD_TYPE_LOGOUT,
+ pwent->pw_name,
+ d->name,
+ !d->attached? d->hostname : NULL,
+ pid);
+ }
+
gdm_slave_session_stop (pid != 0 /* run_post_session */,
FALSE /* no_shutdown_check */);
--- gdm-2.19.1/daemon/verify-pam.c.wtmp 2007-05-21 13:17:09.000000000 -0400
+++ gdm-2.19.1/daemon/verify-pam.c 2007-05-21 13:23:28.000000000 -0400
@@ -32,6 +32,7 @@
#ifdef __sun
#include <fcntl.h>
#endif
+#include <utmp.h>
#include <glib/gi18n.h>
@@ -63,6 +64,14 @@
#define log_to_audit_system(l,h,d,s) do { ; } while (0)
#endif
+#ifndef GDM_BAD_RECORDS_FILE
+#define GDM_BAD_RECORDS_FILE "/var/log/btmp"
+#endif
+
+#ifndef GDM_NEW_RECORDS_FILE
+#define GDM_NEW_RECORDS_FILE "/var/log/wtmp"
+#endif
+
/* Evil, but this way these things are passed to the child session */
static pam_handle_t *pamh = NULL;
@@ -427,6 +436,125 @@ gdm_verify_select_user (const char *user
selected_user = g_strdup (user);
}
+void
+gdm_verify_write_record (GdmDisplay *d,
+ GdmVerifyRecordType record_type,
+ const gchar *username,
+ const gchar *console_name,
+ const gchar *host_name,
+ GPid pid)
+{
+ struct utmp record = { 0 };
+ GTimeVal now = { 0 };
+ gchar *host;
+
+ gdm_debug ("writing %s record",
+ record_type == GDM_VERIFY_RECORD_TYPE_LOGIN? "session" :
+ record_type == GDM_VERIFY_RECORD_TYPE_LOGOUT? "logout" :
+ "failed session attempt");
+
+ if (record_type != GDM_VERIFY_RECORD_TYPE_LOGOUT)
+ {
+ /* it's possible that PAM failed before
+ * it mapped the user input into a valid username
+ * so we fallback to try using "(unknown)"
+ */
+ if (username != NULL)
+ strncpy (record.ut_user,
+ username,
+ sizeof (record.ut_user));
+ else
+ strncpy (record.ut_user,
+ "(unknown)",
+ sizeof (record.ut_user));
+ }
+
+ gdm_debug ("using username %.*s",
+ sizeof (record.ut_user),
+ record.ut_user);
+
+ strncpy (record.ut_id,
+ console_name +
+ strlen (console_name) -
+ sizeof (record.ut_id),
+ sizeof (record.ut_id));
+
+ gdm_debug ("using id %.*s",
+ sizeof (record.ut_id),
+ record.ut_id);
+
+ if (g_str_has_prefix (console_name, "/dev/")) {
+ strncpy (record.ut_line,
+ console_name + strlen ("/dev/"),
+ sizeof (record.ut_line));
+ } else if (g_str_has_prefix (console_name, ":")) {
+ strncpy (record.ut_line,
+ console_name,
+ sizeof (record.ut_line));
+ }
+
+ gdm_debug ("using line %.*s",
+ sizeof (record.ut_line),
+ record.ut_line);
+
+ host = NULL;
+ if ((host_name != NULL) &&
+ g_str_has_prefix (console_name, ":"))
+ host = g_strdup_printf ("%s%s",
+ host_name,
+ console_name);
+ else if ((host_name != NULL) &&
+ !strstr (console_name, ":"))
+ host = g_strdup (host_name);
+ else if (!g_str_has_prefix (console_name, ":") &&
+ strstr (console_name, ":"))
+ host = g_strdup (console_name);
+
+ if (host)
+ {
+ strncpy (record.ut_host, host, sizeof (record.ut_host));
+ g_free (host);
+ gdm_debug ("using hostname %.*s",
+ sizeof (record.ut_host),
+ record.ut_host);
+ }
+
+ g_get_current_time (&now);
+ record.ut_tv.tv_sec = now.tv_sec;
+ record.ut_tv.tv_usec = now.tv_usec;
+
+ gdm_debug ("using time %ld", (glong) record.ut_tv.tv_sec);
+
+ record.ut_type = USER_PROCESS;
+ gdm_debug ("using type USER_PROCESS");
+
+ record.ut_pid = pid;
+
+ gdm_debug ("using pid %d", (gint) record.ut_pid);
+
+ switch (record_type)
+ {
+ case GDM_VERIFY_RECORD_TYPE_LOGIN:
+ gdm_debug ("writing session record to "
+ GDM_NEW_RECORDS_FILE);
+ updwtmp (GDM_NEW_RECORDS_FILE, &record);
+ break;
+
+ case GDM_VERIFY_RECORD_TYPE_LOGOUT:
+ gdm_debug ("writing logout record to "
+ GDM_NEW_RECORDS_FILE);
+ updwtmp (GDM_NEW_RECORDS_FILE, &record);
+ break;
+
+ case GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT:
+ gdm_debug ("writing failed session attempt record to "
+ GDM_BAD_RECORDS_FILE);
+ updwtmp (GDM_BAD_RECORDS_FILE, &record);
+ break;
+ }
+
+}
+
static const char *
perhaps_translate_message (const char *msg)
{
@@ -1234,6 +1362,11 @@ gdm_verify_user (GdmDisplay *d,
* message from the PAM subsystem */
if ( ! error_msg_given &&
gdm_slave_action_pending ()) {
+ gdm_verify_write_record (d, GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT,
+ login, display,
+ d->attached? NULL : d->hostname,
+ getpid ());
+
/*
* I'm not sure yet if I should display this message for any
* other issues - heeten
--- gdm-2.19.1/daemon/verify.h.wtmp 2007-05-13 22:08:25.000000000 -0400
+++ gdm-2.19.1/daemon/verify.h 2007-05-21 13:17:09.000000000 -0400
@@ -22,6 +22,12 @@
#include "gdm.h"
#include "display.h"
+typedef enum {
+ GDM_VERIFY_RECORD_TYPE_LOGIN,
+ GDM_VERIFY_RECORD_TYPE_LOGOUT,
+ GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT
+} GdmVerifyRecordType;
+
/* If username is NULL, we ask, if local is FALSE, don't start
* the timed login timer */
gchar *gdm_verify_user (GdmDisplay *d,
@@ -32,6 +38,13 @@ gchar *gdm_verify_user (GdmDisplay *d
void gdm_verify_cleanup (GdmDisplay *d);
void gdm_verify_check (void);
void gdm_verify_select_user (const char *user);
+void gdm_verify_write_record (GdmDisplay *d,
+ GdmVerifyRecordType record_type,
+ const gchar *username,
+ const gchar *console_name,
+ const gchar *host_name,
+ GPid pid);
+
/* used in pam */
gboolean gdm_verify_setup_env (GdmDisplay *d);
gboolean gdm_verify_setup_user (GdmDisplay *d,
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/gdm/devel/.cvsignore,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- .cvsignore 20 Mar 2007 04:08:16 -0000 1.45
+++ .cvsignore 21 May 2007 18:00:19 -0000 1.46
@@ -1,2 +1 @@
-gdm-2.18.0.tar.bz2
-fedora-faces-20070319.tar.bz2
+gdm-2.19.1.tar.bz2
Index: gdm.spec
===================================================================
RCS file: /cvs/extras/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.251
retrieving revision 1.252
diff -u -r1.251 -r1.252
--- gdm.spec 15 May 2007 15:53:43 -0000 1.251
+++ gdm.spec 21 May 2007 18:00:19 -0000 1.252
@@ -16,13 +16,13 @@
Summary: The GNOME Display Manager
Name: gdm
-Version: 2.18.0
-Release: 14%{?dist}
+Version: 2.19.1
+Release: 1%{?dist}
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
-URL: ftp://ftp.gnome.org/pub/GNOME/sources/gdm
-Source: http://ftp.gnome.org/pub/gnome/sources/gdm/2.18/gdm-%{version}.tar.bz2
+URL: ftp://download.gnome.org/sources/gdm
+Source: http://download.gnome.org/sources/gdm/2.19/gdm-%{version}.tar.bz2
Source1: gdm-pam
Source2: gdm-autologin-pam
Source3: gdmsetup-pam
@@ -30,25 +30,19 @@
Source5: fedora-faces-20070319.tar.bz2
Source6: default.desktop
-Patch1: gdm-2.18.0-change-defaults.patch
+Patch1: gdm-2.19.1-change-defaults.patch
Patch4: gdm-2.13.0.4-update-switchdesk-location.patch
-# http://bugzilla.gnome.org/show_bug.cgi?id=301817
-Patch6: gdm-2.8.0.2-clean-up-xsession-errors.patch
-
-# http://bugzilla.gnome.org/show_bug.cgi?id=301826
-Patch7: gdm-2.8.0.2-merge-resources.patch
-
# http://bugzilla.gnome.org/show_bug.cgi?id=349835
-Patch12: gdm-2.17.6-audit-login.patch
+Patch12: gdm-2.19.1-audit-login.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347798
-Patch19: gdm-2.17.7-move-default-message.patch
-Patch20: gdm-2.17.7-reset-pam.patch
-Patch21: gdm-2.18.0-security-tokens.patch
+Patch19: gdm-2.19.1-move-default-message.patch
+Patch20: gdm-2.19.1-reset-pam.patch
+Patch21: gdm-2.19.1-security-tokens.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347871
-Patch24: gdm-2.16.0-wtmp.patch
+Patch24: gdm-2.19.1-wtmp.patch
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203917
Patch25: gdm-2.16.0-indic-langs.patch
@@ -59,27 +53,18 @@
Patch29: gdm-2.17.7-greeter.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=426653
-Patch31: gdm-2.17.8-hide-uninstalled-languages.patch
+Patch31: gdm-2.19.1-hide-uninstalled-languages.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=412576
-Patch32: gdm-2.17.8-a11y-fixes-for-themed-greeter.patch
+Patch32: gdm-2.19.1-a11y-fixes-for-themed-greeter.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=411501
-Patch33: gdm-2.17.7-pass-at-to-session-4.patch
-
-# http://bugzilla.gnome.org/show_bug.cgi?id=420610
-Patch34: gdm-2.18.0-add-lowres-fix.patch
-
-# http://bugzilla.gnome.org/show_bug.cgi?id=424229
-Patch35: gdm-2.18.0-dont-strcpy-overlapping-strings.patch
-
-# http://bugzilla.gnome.org/show_bug.cgi?id=426647
-Patch36: gdm-2.18.0-dont-expect-utf8.patch
+Patch33: gdm-2.19.1-pass-ats-to-session.patch
Patch37: gdm-2.18.0-hide-disabled-users.patch
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=234567
-Patch99: gdm-2.18.0-be-more-verbose.patch
+#Patch99: gdm-2.18.0-be-more-verbose.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -154,8 +139,6 @@
%patch1 -p1 -b .change-defaults
%patch4 -p1 -b .update-switchdesk-location
-%patch6 -p1 -b .clean-up-xsession-errors
-%patch7 -p1 -b .merge-resources
%patch12 -p1 -b .audit-login
%patch19 -p1 -b .move-default-message
%patch20 -p1 -b .reset-pam
@@ -165,13 +148,10 @@
%patch28 -p1 -b .desensitize-entry
%patch29 -p0 -b .greeter
%patch31 -p1 -b .hide-uninstalled-languages
-%patch32 -p0 -b .a11y-fixes
-%patch33 -p0 -b .pass-ats-to-session
-%patch34 -p1 -b .add-lowres-fix
-%patch35 -p1 -b .dont-strcpy-overlapping-strings
-%patch36 -p1 -b .dont-expect-utf8
+%patch32 -p1 -b .a11y-fixes
+%patch33 -p1 -b .pass-ats-to-session
%patch37 -p1 -b hide-disabled-users
-%patch99 -p1 -b .be-more-verbose
+#%patch99 -p1 -b .be-more-verbose
%build
cp -f %{SOURCE1} config/gdm
@@ -394,6 +374,9 @@
%{_datadir}/pixmaps/faces/extras/*.jpg
%changelog
+* Mon May 21 2007 Matthias Clasen <mclasen at redhat.com> - 1:2.19.1-1
+- Update to 2.19.1
+
* Tue May 15 2007 Ray Strode <rstrode at redhat.com> - 1:2.18.0-14
- hide users from userlist that have disabled shells
(bug 240148)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/gdm/devel/sources,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- sources 20 Mar 2007 04:08:18 -0000 1.47
+++ sources 21 May 2007 18:00:19 -0000 1.48
@@ -1,2 +1 @@
-a569a8275f0e0396e6ef5f63c5f56ad5 gdm-2.18.0.tar.bz2
-7387935ad09f746889b58bd69bf815e1 fedora-faces-20070319.tar.bz2
+b18053fc83f66649e4c53939503c325c gdm-2.19.1.tar.bz2
--- gdm-2.16.0-wtmp.patch DELETED ---
--- gdm-2.17.6-audit-login.patch DELETED ---
--- gdm-2.17.7-move-default-message.patch DELETED ---
--- gdm-2.17.7-pass-at-to-session-4.patch DELETED ---
--- gdm-2.17.7-reset-pam.patch DELETED ---
--- gdm-2.17.8-a11y-fixes-for-themed-greeter.patch DELETED ---
--- gdm-2.17.8-hide-uninstalled-languages.patch DELETED ---
--- gdm-2.18.0-add-lowres-fix.patch DELETED ---
--- gdm-2.18.0-change-defaults.patch DELETED ---
--- gdm-2.18.0-dont-expect-utf8.patch DELETED ---
--- gdm-2.18.0-dont-strcpy-overlapping-strings.patch DELETED ---
--- gdm-2.18.0-security-tokens.patch DELETED ---
--- gdm-2.8.0.2-clean-up-xsession-errors.patch DELETED ---
- Previous message (by thread): rpms/pidgin-libnotify/devel pidgin-libnotify-renamed-to-pidgin.patch, NONE, 1.1 pidgin-libnotify.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/rrdtool/devel rrdtool.spec,1.37,1.38
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list