rpms/gdm/F-7 gdm-2.18.2-a11y-fixes.patch, NONE, 1.1 gdm-2.18.2-change-defaults.patch, NONE, 1.1 gdm-2.18.2-security-tokens.patch, NONE, 1.1 .cvsignore, 1.45, 1.46 gdm.spec, 1.251, 1.252 sources, 1.47, 1.48
Matthias Clasen (mclasen)
fedora-extras-commits at redhat.com
Wed May 30 02:54:31 UTC 2007
Author: mclasen
Update of /cvs/extras/rpms/gdm/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18844
Modified Files:
.cvsignore gdm.spec sources
Added Files:
gdm-2.18.2-a11y-fixes.patch gdm-2.18.2-change-defaults.patch
gdm-2.18.2-security-tokens.patch
Log Message:
2.18.2
gdm-2.18.2-a11y-fixes.patch:
--- NEW FILE gdm-2.18.2-a11y-fixes.patch ---
--- gdm-2.18.2/gui/greeter/greeter_item_pam.c.a11y-fixes 2007-05-29 22:42:33.000000000 -0400
+++ gdm-2.18.2/gui/greeter/greeter_item_pam.c 2007-05-29 22:42:33.000000000 -0400
@@ -185,14 +185,6 @@ pam_key_release_event (GtkWidget *entry,
const char *login_string;
GtkWidget *entry = GNOME_CANVAS_WIDGET (entry_info->item)->widget;
- if ((event->keyval == GDK_Tab ||
- event->keyval == GDK_KP_Tab) &&
- (event->state & (GDK_CONTROL_MASK|GDK_MOD1_MASK|GDK_SHIFT_MASK)) == 0)
- {
- greeter_item_pam_login (GTK_ENTRY (entry), entry_info);
- return TRUE;
- }
-
if (gtk_ok_button != NULL)
{
/*
@@ -209,6 +201,19 @@ pam_key_release_event (GtkWidget *entry,
return FALSE;
}
+/* We *never* want to lose focus when we are in the process of
+ * authenticating the user */
+static gboolean
+pam_focus_out_event (GtkWidget *widget,
+ GdkEventFocus *event,
+ gpointer user_data)
+{
+ if (!greeter_probably_login_prompt) {
+ gtk_widget_grab_focus (widget);
+ }
+ return FALSE;
+}
+
gboolean
greeter_item_pam_setup (void)
{
@@ -239,7 +244,9 @@ greeter_item_pam_setup (void)
g_signal_connect (entry, "activate",
G_CALLBACK (greeter_item_pam_login), entry_info);
g_signal_connect (G_OBJECT (entry), "key_release_event",
- G_CALLBACK (pam_key_release_event), NULL);
+ G_CALLBACK (pam_key_release_event), NULL);
+ g_signal_connect (G_OBJECT (entry), "focus-out-event",
+ G_CALLBACK (pam_focus_out_event), NULL);
}
return TRUE;
--- gdm-2.18.2/gui/greeter/greeter_item_ulist.c.a11y-fixes 2007-05-29 22:42:33.000000000 -0400
+++ gdm-2.18.2/gui/greeter/greeter_item_ulist.c 2007-05-29 22:42:33.000000000 -0400
@@ -220,17 +220,40 @@ greeter_populate_user_list (GtkTreeModel
void
greeter_item_ulist_select_user (gchar *login)
{
- printf ("%c%c%c%s\n", STX, BEL,
- GDM_INTERRUPT_SELECT_USER, login);
+ /*printf ("%c%c%c%s\n", STX, BEL,
+ GDM_INTERRUPT_SELECT_USER, login);*/
+ printf ("%c%s\n", STX, login);
fflush (stdout);
}
+
+static GTimeVal last_key_press = {0, 0};
+static GTimeVal last_button_press = {0, 0};
+
static void
user_selected (GtkTreeSelection *selection, gpointer data)
{
GtkTreeModel *tm = NULL;
GtkTreeIter iter = {0};
+ gboolean is_button_press;
+ guint64 button_msec;
+ guint64 key_msec;
+
+ /* HACK: determine whether selection changed because of key or
+ * button press
+ *
+ * The rationale is this: if a face is pressed with the mouse
+ * we should start authenticating that user right away. But if
+ * the user uses keynav in the user list (think accessibility
+ * and blind users) we shouldn't.
+ */
+ button_msec = last_button_press.tv_sec * 1000 + last_button_press.tv_usec / 1000;
+ key_msec = last_key_press.tv_sec * 1000 + last_key_press.tv_usec / 1000;
+ is_button_press = FALSE;
+ if (button_msec > key_msec) {
+ is_button_press = TRUE;
+ }
if (gtk_tree_selection_get_selected (selection, &tm, &iter)) {
char *login;
@@ -239,14 +262,19 @@ user_selected (GtkTreeSelection *selecti
&login, -1);
if (login != NULL) {
if (selecting_user && greeter_probably_login_prompt) {
- gtk_entry_set_text (GTK_ENTRY (pam_entry), login);
+ if (is_button_press) {
+ gtk_entry_set_text (GTK_ENTRY (pam_entry), login);
+ } else {
+ gtk_entry_set_text (GTK_ENTRY (pam_entry), "");
+ }
}
if (selecting_user) {
GreeterItemInfo *pamlabel = greeter_lookup_id ("pam-message");
if (pamlabel == NULL) {
gdm_common_warning ("Theme broken: must have pam-message label!");
}
- greeter_item_ulist_select_user (login);
+ if (is_button_press)
+ greeter_item_ulist_select_user (login);
if (selected_user != NULL)
g_free (selected_user);
selected_user = g_strdup (login);
@@ -256,9 +284,26 @@ user_selected (GtkTreeSelection *selecti
}
static void
-browser_change_focus (GtkWidget *widget, GdkEventButton *event, gpointer data)
+row_activated (GtkTreeView *tree_view, GtkTreePath *path, GtkTreeViewColumn *column, gpointer data)
+{
+ if (selecting_user && greeter_probably_login_prompt) {
+ greeter_item_ulist_select_user (selected_user);
+ }
+}
+
+static gboolean
+tv_key_press (GtkWidget *entry, GdkEventKey *event, gpointer data)
{
- gtk_widget_grab_focus (pam_entry);
+ g_get_current_time (&last_key_press);
+ return FALSE;
+}
+
+
+static gboolean
+tv_button_press (GtkWidget *entry, GdkEventKey *event, gpointer data)
+{
+ g_get_current_time (&last_button_press);
+ return FALSE;
}
static void
@@ -270,6 +315,12 @@ greeter_generate_userlist (GtkWidget *tv
GreeterItemInfo *info;
GList *list, *li;
+ AtkObject *atk_widget;
+ atk_widget = gtk_widget_get_accessible (tv);
+ if (atk_widget != NULL) {
+ atk_object_set_name (atk_widget, _("Select user to log in"));
+ }
+
gdm_greeter_users_init ();
check_for_displays ();
@@ -282,10 +333,13 @@ greeter_generate_userlist (GtkWidget *tv
g_signal_connect (selection, "changed",
G_CALLBACK (user_selected),
NULL);
-
- g_signal_connect (GTK_TREE_VIEW (tv), "button_release_event",
- G_CALLBACK (browser_change_focus),
+ g_signal_connect (G_OBJECT (tv), "row-activated",
+ G_CALLBACK (row_activated),
NULL);
+ g_signal_connect (G_OBJECT (tv), "key-press-event",
+ G_CALLBACK (tv_key_press), user_list);
+ g_signal_connect (G_OBJECT (tv), "button-press-event",
+ G_CALLBACK (tv_button_press), user_list);
tm = (GtkTreeModel *)gtk_list_store_new (4,
GDK_TYPE_PIXBUF,
gdm-2.18.2-change-defaults.patch:
--- NEW FILE gdm-2.18.2-change-defaults.patch ---
--- gdm-2.18.2/config/gdm.conf.in.change-defaults 2007-05-28 17:48:11.000000000 -0400
+++ gdm-2.18.2/config/gdm.conf.in 2007-05-29 22:36:19.000000000 -0400
@@ -66,9 +66,9 @@ TimedLoginDelay=30
# should leave this alone.
#Chooser=@libexecdir@/gdmchooser
-# The greeter for local (non-xdmcp) logins. Change gdmlogin to gdmgreeter to
-# get the new graphical greeter.
-#Greeter=@libexecdir@/gdmlogin
+# The greeter for local (non-xdmcp) logins. Change gdmgreeter to gdmlogin to
+# get the boring greeter.
+Greeter=@libexecdir@/gdmgreeter
# The greeter for xdmcp logins, usually you want a less graphically intensive
# greeter here so it's better to leave this with gdmlogin
@@ -78,23 +78,23 @@ TimedLoginDelay=30
# This is useful for enabling additional feature support e.g. GNOME
# accessibility framework. Only "trusted" modules should be allowed to minimize
# security holes
-#AddGtkModules=false
+AddGtkModules=true
# By default, these are the accessibility modules.
-#GtkModulesList=gail:atk-bridge:@libdir@/gtk-2.0/modules/libdwellmouselistener:@libdir@/gtk-2.0/modules/libkeymouselistener
+GtkModulesList=gail:atk-bridge:@libdir@/gtk-2.0/modules/libdwellmouselistener:@libdir@/gtk-2.0/modules/libkeymouselistener
# Default path to set. The profile scripts will likely override this value.
# This value will be overridden with the value from /etc/default/login if it
# contains "ROOT=<pathvalue>".
-#DefaultPath=@GDM_USER_PATH@
+DefaultPath=/usr/local/bin:/usr/bin:/bin
# Default path for root. The profile scripts will likely override this value.
# This value will be overridden with the value from /etc/default/login if it
# contains "SUROOT=<pathvalue>".
-#RootPath=/sbin:/usr/sbin:@GDM_USER_PATH@
+RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# If you are having trouble with using a single server for a long time and want
# GDM to kill/restart the server, turn this on. On Solaris, this value is
# always true and this configuration setting is ignored.
-#AlwaysRestartServer=@ALWAYS_RESTART_SERVER@
+AlwaysRestartServer=true
# User and group used for running GDM GUI applicaitons. By default this is set
# to user "gdm" and group "gdm". This user/group should have very limited
@@ -125,22 +125,21 @@ DisplayInitDir=@gdmconfdir@/Init
XKeepsCrashing=@gdmconfdir@/XKeepsCrashing
# Reboot, Halt and suspend commands, you can add different commands separated
# by a semicolon. GDM will use the first one it can find.
-#RebootCommand=@REBOOT_COMMAND@
-#HaltCommand=@HALT_COMMAND@
-#SuspendCommand=@SUSPEND_COMMAND@
+RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot
+HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff
# Probably should not touch the below this is the standard setup.
ServAuthDir=@authdir@
# This is our standard startup script. A bit different from a normal X
# session, but it shares a lot of stuff with that. See the provided default
# for more information.
-BaseXsession=@gdmconfdir@/Xsession
+BaseXsession=/etc/X11/xinit/Xsession
# This is a directory where .desktop files describing the sessions live. It is
# really a PATH style variable since 2.4.4.2 to allow actual interoperability
# with KDM. Note that <dmconfdir>/Sessions is there for backwards
# compatibility reasons with 2.4.4.x.
#SessionDesktopDir=/etc/X11/sessions/:@dmconfdir@/Sessions/:@datadir@/gdm/BuiltInSessions/:@datadir@/xsessions/
# This is the default .desktop session. One of the ones in SessionDesktopDir
-#DefaultSession=gnome.desktop
+DefaultSession=default.desktop
# Better leave this blank and HOME will be used. You can use syntax ~/ below
# to indicate home directory of the user. You can also set this to something
# like /tmp if you don't want the authorizations to be in home directories.
@@ -148,11 +147,11 @@ BaseXsession=@gdmconfdir@/Xsession
# is the home directory the UserAuthFBDir will still be used in case the home
# directory is NFS, see security/NeverPlaceCookiesOnNFS to override this
# behavior.
-UserAuthDir=
+UserAuthDir=/tmp
# Fallback directory for writing authorization file if user's home directory
# is not writable.
UserAuthFBDir=/tmp
-UserAuthFile=.Xauthority
+#UserAuthFile=.Xauthority
# The X server to use if we can't figure out what else to run.
StandardXServer=@X_SERVER@
# The maximum number of flexible X servers to run.
@@ -184,7 +183,7 @@ XnestUnscaledFontPath=@X_XNEST_UNSCALED_
#DoubleLoginWarning=true
# Should a second login always resume the current session and switch VT's on
# Linux and FreeBSD systems for console logins
-#AlwaysLoginCurrentSession=true
+AlwaysLoginCurrentSession=true
# If true then the last login information is printed to the user before being
# prompted for password. While this gives away some info on what users are on
@@ -308,7 +307,7 @@ Enable=false
#GtkRC=@datadir@/themes/Default/gtk-2.0/gtkrc
# The GTK+ theme to use for the GUI.
-#GtkTheme=Default
+GtkTheme=Clearlooks
# If to allow changing the GTK+ (widget) theme from the greeter. Currently
# this only affects the standard greeter as the graphical greeter does not yet
# have this ability.
@@ -329,7 +328,7 @@ Enable=false
# themed login (gdmgreeter).
#
# The standard login has a title bar that the user can move.
-#TitleBar=true
+TitleBar=false
# Don't allow user to move the standard login window. Only makes sense if
# TitleBar is on.
#LockPosition=false
@@ -353,7 +352,7 @@ Browser=false
# User ID's less than the MinimalUID value will not be included in the face
# browser or in the gdmselection list for Automatic/Timed login. They will not
# be displayed regardless of the settings for Include and Exclude.
-#MinimalUID=100
+MinimalUID=500
# Users listed in Include will be included in the face browser and in the
# gdmsetup selection list for Automatic/Timed login. Users should be separated
# by commas.
@@ -370,7 +369,7 @@ Browser=false
# large numbers of users and this feature should not be used in such
# environments. The setting of IncludeAll does nothing if Include is set to a
# non-empty value.
-#IncludeAll=false
+IncludeAll=true
# If user or user.png exists in this dir it will be used as his picture.
#GlobalFaceDir=@datadir@/pixmaps/faces/
@@ -379,7 +378,7 @@ Browser=false
# file, although GDM will be able to read a standard locale.alias file as well.
#LocaleFile=@gdmlocaledir@/locale.alias
# Logo shown in the standard greeter.
-#Logo=@pixmapdir@/gdm-foot-logo.png
+Logo=
# Logo shown on file chooser button in gdmsetup (do not modify this value).
#ChooserButtonLogo=@pixmapdir@/gdm-foot-logo.png
# The standard greeter should shake if a user entered the wrong username or
@@ -426,8 +425,9 @@ DefaultRemoteWelcome=true
# The Standard greeter (gdmlogin) uses BackgroundColor as the background
# color, while the themed greeter (gdmgreeter) uses GraphicalThemedColor
# as the background color.
-BackgroundColor=#76848F
-GraphicalThemedColor=#76848F
+BackgroundColor=#20305a
+GraphicalThemedColor=#000000
+
# XDMCP session should only get a color, this is the sanest setting since you
# don't want to take up too much bandwidth
#BackgroundRemoteOnlyColor=true
@@ -448,8 +448,8 @@ GraphicalThemedColor=#76848F
# Show the Failsafe sessions. These are much MUCH nicer (focus for xterm for
# example) and more failsafe then those supplied by scripts so distros should
# use this rather then just running an xterm from a script.
-#ShowGnomeFailsafeSession=true
-#ShowXtermFailsafeSession=true
+ShowGnomeFailsafeSession=false
+ShowXtermFailsafeSession=false
# Normally there is a session type called 'Last' that is shown which refers to
# the last session the user used. If off, we will be in 'switchdesk' mode
# where the session saving stuff is disabled in GDM
@@ -468,7 +468,7 @@ GraphicalThemedColor=#76848F
# list then provide a list that is delimited by /: to the GraphicalThemes
# key and set GraphicalThemeRand to true. Otherwise use GraphicalTheme
# and specify just one theme.
-#GraphicalTheme=circles
+GraphicalTheme=FedoraFlyingHigh
#GraphicalThemes=circles/:happygnome
GraphicalThemeDir=@datadir@/gdm/themes/
GraphicalThemeRand=false
@@ -572,7 +572,7 @@ Gestures=false
# Definition of the standard X server.
[server-Standard]
name=Standard server
-command=@X_SERVER@ @X_CONFIG_OPTIONS@ @XEVIE_OPTION@
+command=@X_SERVER@ -br @X_CONFIG_OPTIONS@ @XEVIE_OPTION@
flexible=true
# Indicates that the X server should be started at a different process
# priority. Values can be any integer value accepted by the setpriority C
gdm-2.18.2-security-tokens.patch:
--- NEW FILE gdm-2.18.2-security-tokens.patch ---
--- gdm-2.18.2/configure.ac.security-tokens 2007-05-29 22:36:59.000000000 -0400
+++ gdm-2.18.2/configure.ac 2007-05-29 22:41:39.000000000 -0400
@@ -20,6 +20,7 @@ LIBRSVG_REQUIRED=1.1.1
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
+NSS_REQUIRED=3.11.1
dnl
dnl Let the user configure where to look for the configuration files.
@@ -176,7 +177,7 @@ PKG_CHECK_MODULES(VICIOUS, gtk+-2.0 >= $
AC_SUBST(VICIOUS_CFLAGS)
AC_SUBST(VICIOUS_LIBS)
-PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED)
+PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED nss >= $NSS_REQUIRED)
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
--- /dev/null 2007-05-29 20:44:41.170015252 -0400
+++ gdm-2.18.2/config/securitytokens.conf.in 2007-05-29 22:36:59.000000000 -0400
@@ -0,0 +1,3 @@
+[SecurityTokens]
+Enable=true
+#Driver=@libdir@/pkcs11/libcoolkeypk11.so
--- gdm-2.18.2/config/Makefile.am.security-tokens 2007-05-28 17:48:11.000000000 -0400
+++ gdm-2.18.2/config/Makefile.am 2007-05-29 22:36:59.000000000 -0400
@@ -34,9 +34,11 @@ EXTRA_DIST = \
XKeepsCrashing \
gettextfoo.h \
gdmprefetchlist.in \
+ securitytokens.conf.in \
extract-shell.sh
-CLEANFILES = Xsession gdm.conf gdm.conf-custom default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist
+CLEANFILES = Xsession gdm.conf gdm.conf-custom default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist securitytokens.conf
+
Xsession: $(srcdir)/Xsession.in
sed -e 's,[@]XSESSION_SHELL[@],$(XSESSION_SHELL),g' \
@@ -74,6 +76,31 @@ gdm.conf-custom: $(srcdir)/gdm.conf-cust
sed -e 's,[@]GDM_DEFAULTS_CONF[@],$(GDM_DEFAULTS_CONF),g' \
<$(srcdir)/gdm.conf-custom.in >gdm.conf-custom
+securitytokens.conf: $(srcdir)/securitytokens.conf.in
+ sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
+ -e 's,[@]GDM_USER_PATH[@],$(GDM_USER_PATH),g' \
+ -e 's,[@]HALT_COMMAND[@],$(HALT_COMMAND),g' \
+ -e 's,[@]REBOOT_COMMAND[@],$(REBOOT_COMMAND),g' \
+ -e 's,[@]SOUND_PROGRAM[@],$(SOUND_PROGRAM),g' \
+ -e 's,[@]SUSPEND_COMMAND[@],$(SUSPEND_COMMAND),g' \
+ -e 's,[@]XEVIE_OPTION[@],$(XEVIE_OPTION),g' \
+ -e 's,[@]X_CONFIG_OPTIONS[@],$(X_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_SERVER[@],$(X_SERVER),g' \
+ -e 's,[@]X_XNEST_CONFIG_OPTIONS[@],$(X_XNEST_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_XNEST_PATH[@],$(X_XNEST_PATH),g' \
+ -e 's,[@]authdir[@],$(authdir),g' \
+ -e 's,[@]datadir[@],$(datadir),g' \
+ -e 's,[@]dmconfdir[@],$(dmconfdir),g' \
+ -e 's,[@]gdmconfdir[@],$(gdmconfdir),g' \
+ -e 's,[@]libdir[@],$(libdir),g' \
+ -e 's,[@]libexecdir[@],$(libexecdir),g' \
+ -e 's,[@]localedir[@],$(libexecdir),g' \
+ -e 's,[@]logdir[@],$(logdir),g' \
+ -e 's,[@]pixmapdir[@],$(pixmapdir),g' \
+ -e 's,[@]sbindir[@],$(sbindir),g' \
+ <$(srcdir)/securitytokens.conf.in >securitytokens.conf
+
+
gettextfoo.h: XKeepsCrashing Xsession.in
cat $^ | $(srcdir)/extract-shell.sh > gettextfoo.h
@@ -102,7 +129,7 @@ uninstall-hook:
$(DESTDIR)$(predir)/Default \
$(DESTDIR)$(postdir)/Default
-install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST)
+install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST) securitytokens.conf
if test '!' -d $(DESTDIR)$(confdir); then \
$(mkinstalldirs) $(DESTDIR)$(confdir); \
chmod 755 $(DESTDIR)$(confdir); \
@@ -135,6 +162,7 @@ install-data-hook: gdm.conf gdm.conf-cus
chmod 644 $(DESTDIR)$(GDM_CUSTOM_CONF); \
fi
$(INSTALL_DATA) gdm.conf `dirname $(DESTDIR)$(GDM_DEFAULTS_CONF)`/factory-`basename $(DESTDIR)$(GDM_DEFAULTS_CONF)`
+ $(INSTALL_DATA) securitytokens.conf $(DESTDIR)$(confdir)/securitytokens.conf
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
--- gdm-2.18.2/config/gdm.conf.in.security-tokens 2007-05-29 22:36:59.000000000 -0400
+++ gdm-2.18.2/config/gdm.conf.in 2007-05-29 22:36:59.000000000 -0400
@@ -213,6 +213,10 @@ AlwaysLoginCurrentSession=true
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
+# Whether or not to listen for smart card insertion/removal events
+SecurityTokensEnable=true
+SecurityTokensDriver=
+
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
--- gdm-2.18.2/daemon/gdm.c.security-tokens 2007-05-29 22:36:59.000000000 -0400
+++ gdm-2.18.2/daemon/gdm.c 2007-05-29 22:36:59.000000000 -0400
@@ -68,6 +68,8 @@
#include "filecheck.h"
#include "gdmconfig.h"
#include "errorgui.h"
+#include "securitytokenmonitor.h"
+#include "securitytoken.h"
#define DYNAMIC_ADD 0
#define DYNAMIC_RELEASE 1
@@ -77,6 +79,7 @@
#include <libdevinfo.h>
#endif /* HAVE_LOGINDEVPERM */
+
extern GSList *displays;
/* Local functions */
@@ -86,6 +89,10 @@ static void gdm_handle_message (GdmConne
static void gdm_handle_user_message (GdmConnection *conn,
const gchar *msg,
gpointer data);
+
+static void gdm_reset_local_displays (void);
+static void gdm_watch_for_security_tokens (void);
+
static void gdm_daemonify (void);
static void gdm_safe_restart (void);
static void gdm_try_logout_action (GdmDisplay *disp);
@@ -159,7 +166,6 @@ static GMainLoop *main_loop = NULL;
static gboolean monte_carlo_sqrt2 = FALSE;
-
/*
* lookup display number if the display number is
* exists then clear the remove flag and return TRUE
@@ -1546,6 +1552,8 @@ main (int argc, char *argv[])
g_type_init ();
+ g_type_init ();
+
ctx = g_option_context_new (_("- The GNOME login manager"));
g_option_context_add_main_entries (ctx, options, _("main options"));
@@ -1786,6 +1794,8 @@ main (int argc, char *argv[])
gdm_xdmcp_run ();
}
+ gdm_watch_for_security_tokens ();
+
/* We always exit via exit (), and sadly we need to g_main_quit ()
* at times not knowing if it's this main or a recursive one we're
* quitting.
@@ -4002,4 +4012,85 @@ gdm_handle_user_message (GdmConnection *
}
}
+static void
+gdm_reset_local_displays (void)
+{
+ GSList *li;
+
+ for (li = displays; li != NULL; li = li->next) {
+ GdmDisplay *d = li->data;
+
+ if (d->attached)
+ send_slave_command (d, GDM_NOTIFY_RESET);
+ }
+}
+
+
+
+
+
+
+
+#ifndef GDM_SECURITY_TOKENS_CONF
+#define GDM_SECURITY_TOKENS_CONF GDMCONFDIR "/securitytokens.conf"
+#endif
+
+#ifndef GDM_SECURITY_TOKENS_KEY_ENABLED
+#define GDM_SECURITY_TOKENS_KEY_ENABLED "SecurityTokens/Enabled=true"
+#endif
+
+#ifndef GDM_SECURITY_TOKENS_KEY_DRIVER
+#define GDM_SECURITY_TOKENS_KEY_DRIVER "SecurityTokens/Driver"
+#endif
+
+static void
+gdm_watch_for_security_tokens (void)
+{
+ GError *error;
+ ScSecurityTokenMonitor *monitor;
+ gchar *driver;
[...2481 lines suppressed...]
+}
+
+void
+_sc_security_token_set_state (ScSecurityToken *token,
+ ScSecurityTokenState state)
+{
+ /* sc_security_token_fetch_certificates (token); */
+ if (token->priv->state != state)
+ {
+ token->priv->state = state;
+
+ if (state == SC_SECURITY_TOKEN_STATE_INSERTED) {
+ g_signal_emit (token, sc_security_token_signals[INSERTED], 0);
+ } else if (state == SC_SECURITY_TOKEN_STATE_REMOVED)
+ g_signal_emit (token, sc_security_token_signals[REMOVED], 0);
+ else
+ g_assert_not_reached ();
+ }
+}
+
+/* So we could conceivably make the closure data a pointer to the token
+ * or something similiar and then emit signals when we want passwords,
+ * but it's probably easier to just get the password up front and use
+ * it. So we just take the passed in g_malloc'd (well probably, who knows)
+ * and strdup it using NSPR's memory allocation routines.
+ */
+static char *
+sc_security_token_password_handler (PK11SlotInfo *slot,
+ PRBool is_retrying,
+ const gchar *password)
+{
+ if (is_retrying)
+ return NULL;
+
+ return password != NULL? PL_strdup (password): NULL;
+}
+
+gboolean
+sc_security_token_unlock (ScSecurityToken *token,
+ const gchar *password)
+{
+ SECStatus status;
+
+ PK11_SetPasswordFunc ((PK11PasswordFunc) sc_security_token_password_handler);
+
+ /* we pass PR_TRUE to load certificates
+ */
+ status = PK11_Authenticate (token->priv->slot, PR_TRUE, (gpointer) password);
+
+ if (status != SECSuccess) {
+ sc_debug ("could not unlock token - %d", status);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static PK11SlotInfo *
+sc_security_token_find_slot_from_token_name (ScSecurityToken *token,
+ const gchar *token_name)
+{
+ int i;
+
+ for (i = 0; i < token->priv->module->slotCount; i++) {
+ const gchar *slot_token_name;
+
+ slot_token_name = PK11_GetTokenName (token->priv->module->slots[i]);
+
+ if ((slot_token_name != NULL) &&
+ (strcmp (slot_token_name, token_name) == 0))
+ return token->priv->module->slots[i];
+ }
+
+ return NULL;
+}
+
+static PK11SlotInfo *
+sc_security_token_find_slot_from_id (ScSecurityToken *token,
+ gint slot_id)
+{
+ int i;
+
+ for (i = 0; i < token->priv->module->slotCount; i++)
+ if (PK11_GetSlotID (token->priv->module->slots[i]) == slot_id)
+ return token->priv->module->slots[i];
+
+ return NULL;
+}
+
+static gboolean
+sc_security_token_fetch_certificates (ScSecurityToken *token)
+{
+ PK11SlotInfo *slot;
+ CERTCertList *certificates;
+ CERTCertListNode *node;
+ SECStatus status;
+ int i;
+
+ sc_security_token_unlock (token, "0000");
+
+ sc_debug ("fetching certificates for token in slot %lu",
+ token->priv->slot_id);
+
+ slot = sc_security_token_find_slot_from_id (token,
+ token->priv->slot_id);
+
+ g_assert (PK11_GetSlotID (slot) == token->priv->slot_id);
+
+ if (i == token->priv->module->slotCount) {
+ sc_debug ("could not find slot %lu", token->priv->slot_id);
+ return FALSE;
+ }
+
+ certificates = PK11_ListCertsInSlot (slot);
+
+ sc_debug ("filtering out non-user certificates");
+ if (CERT_FilterCertListForUserCerts (certificates) != SECSuccess) {
+ CERT_DestroyCertList (certificates);
+ sc_debug ("could not filter out non-user certificates");
+ return FALSE;
+ }
+
+ for (node = CERT_LIST_HEAD (certificates);
+ !CERT_LIST_END (node, certificates);
+ node = CERT_LIST_NEXT(node)) {
+
+ SECCertificateUsage cert_usages;
+
+ sc_debug ("verifying certificate for use");
+ status = CERT_VerifyCertificateNow (NULL, node->cert, TRUE,
+ 0, NULL, &cert_usages);
+
+ if (status != SECSuccess) {
+ sc_debug ("could not be verified, skipping...");
+ continue;
+ }
+
+ sc_debug ("got cert with usages 0x%lx", (gulong) cert_usages);
+
+ if (token->priv->encryption_certificate == NULL) {
+
+ sc_debug ("checking if certificate can be used for data "
+ "encryption");
+ status = CERT_CheckCertUsage (node->cert,
+ KU_DATA_ENCIPHERMENT);
+
+ if (status == SECSuccess) {
+ token->priv->encryption_certificate =
+ CERT_DupCertificate (node->cert);
+ } else {
+ sc_debug ("certificate can not be used for encryption");
+ }
+ }
+
+ if (token->priv->signing_certificate == NULL) {
+
+ sc_debug ("checking if certificate can be used for data "
+ "signing");
+ status = CERT_CheckCertUsage (node->cert,
+ KU_DIGITAL_SIGNATURE);
+
+ if (status == SECSuccess) {
+ token->priv->signing_certificate =
+ CERT_DupCertificate (node->cert);
+ } else {
+ sc_debug ("certificate can not be used for signing things");
+ }
+ }
+ }
+ return TRUE;
+}
+
+#ifdef SC_SECURITY_TOKEN_ENABLE_TEST
+#include <glib.h>
+
+static GMainLoop *event_loop;
+
+int
+main (int argc,
+ char *argv[])
+{
+ ScSecurityToken *token;
+ GError *error;
+
+ g_log_set_always_fatal (G_LOG_LEVEL_ERROR
+ | G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING);
+
+ g_type_init ();
+
+ g_message ("creating instance of 'security token' object...");
+ token = _sc_security_token_new (NULL, 1, 1);
+ g_message ("'security token' object created successfully");
+
+ g_message ("destroying previously created 'security token' object...");
+ g_object_unref (token);
+ token = NULL;
+ g_message ("'security token' object destroyed successfully");
+
+ return 0;
+}
+#endif
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/gdm/F-7/.cvsignore,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- .cvsignore 20 Mar 2007 04:08:16 -0000 1.45
+++ .cvsignore 30 May 2007 02:53:54 -0000 1.46
@@ -1,2 +1 @@
-gdm-2.18.0.tar.bz2
-fedora-faces-20070319.tar.bz2
+gdm-2.18.2.tar.bz2
Index: gdm.spec
===================================================================
RCS file: /cvs/extras/rpms/gdm/F-7/gdm.spec,v
retrieving revision 1.251
retrieving revision 1.252
diff -u -r1.251 -r1.252
--- gdm.spec 15 May 2007 15:53:43 -0000 1.251
+++ gdm.spec 30 May 2007 02:53:54 -0000 1.252
@@ -16,13 +16,13 @@
Summary: The GNOME Display Manager
Name: gdm
-Version: 2.18.0
-Release: 14%{?dist}
+Version: 2.18.2
+Release: 1%{?dist}
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
-URL: ftp://ftp.gnome.org/pub/GNOME/sources/gdm
-Source: http://ftp.gnome.org/pub/gnome/sources/gdm/2.18/gdm-%{version}.tar.bz2
+URL: http://download.gnome.org/sources/gdm
+Source: http://download.gnome.org/sources/gdm/2.18/gdm-%{version}.tar.bz2
Source1: gdm-pam
Source2: gdm-autologin-pam
Source3: gdmsetup-pam
@@ -30,7 +30,7 @@
Source5: fedora-faces-20070319.tar.bz2
Source6: default.desktop
-Patch1: gdm-2.18.0-change-defaults.patch
+Patch1: gdm-2.18.2-change-defaults.patch
Patch4: gdm-2.13.0.4-update-switchdesk-location.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=301817
@@ -45,7 +45,7 @@
# http://bugzilla.gnome.org/show_bug.cgi?id=347798
Patch19: gdm-2.17.7-move-default-message.patch
Patch20: gdm-2.17.7-reset-pam.patch
-Patch21: gdm-2.18.0-security-tokens.patch
+Patch21: gdm-2.18.2-security-tokens.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347871
Patch24: gdm-2.16.0-wtmp.patch
@@ -62,7 +62,7 @@
Patch31: gdm-2.17.8-hide-uninstalled-languages.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=412576
-Patch32: gdm-2.17.8-a11y-fixes-for-themed-greeter.patch
+Patch32: gdm-2.18.2-a11y-fixes.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=411501
Patch33: gdm-2.17.7-pass-at-to-session-4.patch
@@ -70,9 +70,6 @@
# http://bugzilla.gnome.org/show_bug.cgi?id=420610
Patch34: gdm-2.18.0-add-lowres-fix.patch
-# http://bugzilla.gnome.org/show_bug.cgi?id=424229
-Patch35: gdm-2.18.0-dont-strcpy-overlapping-strings.patch
-
# http://bugzilla.gnome.org/show_bug.cgi?id=426647
Patch36: gdm-2.18.0-dont-expect-utf8.patch
@@ -165,10 +162,9 @@
%patch28 -p1 -b .desensitize-entry
%patch29 -p0 -b .greeter
%patch31 -p1 -b .hide-uninstalled-languages
-%patch32 -p0 -b .a11y-fixes
+%patch32 -p1 -b .a11y-fixes
%patch33 -p0 -b .pass-ats-to-session
%patch34 -p1 -b .add-lowres-fix
-%patch35 -p1 -b .dont-strcpy-overlapping-strings
%patch36 -p1 -b .dont-expect-utf8
%patch37 -p1 -b hide-disabled-users
%patch99 -p1 -b .be-more-verbose
@@ -394,6 +390,10 @@
%{_datadir}/pixmaps/faces/extras/*.jpg
%changelog
+* Tue May 29 2007 Matthias Clasen <mclasen at redhat.com> - 1:2.18.2-1
+- Update to 2.18.2
+- Drop upstreamed patches
+
* Tue May 15 2007 Ray Strode <rstrode at redhat.com> - 1:2.18.0-14
- hide users from userlist that have disabled shells
(bug 240148)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/gdm/F-7/sources,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- sources 20 Mar 2007 04:08:18 -0000 1.47
+++ sources 30 May 2007 02:53:54 -0000 1.48
@@ -1,2 +1 @@
-a569a8275f0e0396e6ef5f63c5f56ad5 gdm-2.18.0.tar.bz2
-7387935ad09f746889b58bd69bf815e1 fedora-faces-20070319.tar.bz2
+40c8e0cef366ac225a7bf47178c2a7d0 gdm-2.18.2.tar.bz2
More information about the fedora-extras-commits
mailing list