rpms/gdm/devel gdm-2.15.6-wtmp.patch, NONE, 1.1 gdm-2.15.5-security-tokens.patch, 1.3, 1.4 gdm.spec, 1.174, 1.175
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jul 17 03:09:51 UTC 2006
- Previous message (by thread): rpms/m4/devel .cvsignore,1.5,1.6 m4.spec,1.21,1.22 sources,1.5,1.6
- Next message (by thread): rpms/paps/devel paps-0.6.6-cpilpi.patch, 1.1, 1.2 paps-cups.patch, 1.3, 1.4 paps.spec, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rstrode
Update of /cvs/dist/rpms/gdm/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6315
Modified Files:
gdm-2.15.5-security-tokens.patch gdm.spec
Added Files:
gdm-2.15.6-wtmp.patch
Log Message:
- add initial wtmp and btmp logging support
* Fri Jul 14 2006 Ray Strode <rstrode at redhat.com> - 1:2.15.6-4
- fix bug in security token support
gdm-2.15.6-wtmp.patch:
config/PreSession.in | 13 ----
daemon/slave.c | 21 +++++++
daemon/verify-pam.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++
daemon/verify.h | 13 ++++
4 files changed, 167 insertions(+), 14 deletions(-)
--- NEW FILE gdm-2.15.6-wtmp.patch ---
--- gdm-2.15.6/config/PreSession.in
+++ gdm-2.15.6/config/PreSession.in
@@ -68,17 +68,4 @@ if [ "x$XSETROOT" != "x" ] ; then
"$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
fi
-
-SESSREG=`gdmwhich sessreg`
-if [ "x$SESSREG" != "x" ] ; then
- # some output for easy debugging
- echo "$0: Registering your session with wtmp and utmp"
- echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x \"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""
-
- exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS" -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
- # this is not reached
-fi
-
-# some output for easy debugging
-echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
exit 0
--- gdm-2.15.6/daemon/slave.c
+++ gdm-2.15.6/daemon/slave.c
@@ -4315,6 +4315,14 @@ gdm_slave_session_start (void)
g_free (language);
g_free (gnome_session);
+ gdm_verify_write_record (d,
+ GDM_VERIFY_RECORD_TYPE_LOGIN,
+ pwent->pw_name,
+ d->name,
+ !d->attached? d->hostname : NULL,
+ pid);
+
+
gdm_slave_send_num (GDM_SOP_SESSPID, pid);
gdm_sigchld_block_push ();
@@ -4363,6 +4371,17 @@ gdm_slave_session_start (void)
uid, gid);
}
+ if ((pid != 0) && (d->last_sess_status != -1)) {
+ gdm_debug ("session '%d' exited with status '%d', recording logout",
+ pid, d->last_sess_status);
+ gdm_verify_write_record (d,
+ GDM_VERIFY_RECORD_TYPE_LOGOUT,
+ pwent->pw_name,
+ d->name,
+ !d->attached? d->hostname : NULL,
+ pid);
+ }
+
gdm_slave_session_stop (pid != 0 /* run_post_session */,
FALSE /* no_shutdown_check */);
@@ -4724,7 +4743,7 @@ gdm_slave_child_handler (int sig)
}
} else if (pid != 0 && pid == d->sesspid) {
d->sesspid = 0;
- if (WIFEXITED (status))
+ if (WIFEXITED (status))
d->last_sess_status = WEXITSTATUS (status);
else
d->last_sess_status = -1;
--- gdm-2.15.6/daemon/verify-pam.c
+++ gdm-2.15.6/daemon/verify-pam.c
@@ -30,6 +30,8 @@ #ifdef sun
#include <fcntl.h>
#endif
+#include <utmp.h>
+
#include <gligdm-2.15.6/gi18n.h>
#include "gdm.h"
@@ -47,6 +49,14 @@ #include <bsm/adt.h>
#include <bsm/adt_event.h>
#endif /* HAVE_ADT */
+#ifndef GDM_BAD_RECORDS_FILE
+#define GDM_BAD_RECORDS_FILE "/var/log/btmp"
+#endif
+
+#ifndef GDM_NEW_RECORDS_FILE
+#define GDM_NEW_RECORDS_FILE "/var/log/wtmp"
+#endif
+
/* Evil, but this way these things are passed to the child session */
static pam_handle_t *pamh = NULL;
@@ -409,6 +419,125 @@ gdm_verify_select_user (const char *user
selected_user = g_strdup (user);
}
+void
+gdm_verify_write_record (GdmDisplay *d,
+ GdmVerifyRecordType record_type,
+ const gchar *username,
+ const gchar *console_name,
+ const gchar *host_name,
+ GPid pid)
+{
+ struct utmp record = { 0 };
+ GTimeVal now = { 0 };
+ gchar *host;
+
+ gdm_debug ("writing %s record",
+ record_type == GDM_VERIFY_RECORD_TYPE_LOGIN? "session" :
+ record_type == GDM_VERIFY_RECORD_TYPE_LOGOUT? "logout" :
+ "failed session attempt");
+
+ if (record_type != GDM_VERIFY_RECORD_TYPE_LOGOUT)
+ {
+ /* it's possible that PAM failed before
+ * it mapped the user input into a valid username
+ * so we fallback to try using "(unknown)"
+ */
+ if (username != NULL)
+ strncpy (record.ut_user,
+ username,
+ sizeof (record.ut_user));
+ else
+ strncpy (record.ut_user,
+ "(unknown)",
+ sizeof (record.ut_user));
+ }
+
+ gdm_debug ("using username %.*s",
+ sizeof (record.ut_user),
+ record.ut_user);
+
+ strncpy (record.ut_id,
+ console_name +
+ strlen (console_name) -
+ sizeof (record.ut_id),
+ sizeof (record.ut_id));
+
+ gdm_debug ("using id %.*s",
+ sizeof (record.ut_id),
+ record.ut_id);
+
+ if (g_str_has_prefix (console_name, "/dev/")) {
+ strncpy (record.ut_line,
+ console_name + strlen ("/dev/"),
+ sizeof (record.ut_line));
+ } else if (g_str_has_prefix (console_name, ":")) {
+ strncpy (record.ut_line,
+ console_name,
+ sizeof (record.ut_line));
+ }
+
+ gdm_debug ("using line %.*s",
+ sizeof (record.ut_line),
+ record.ut_line);
+
+ host = NULL;
+ if ((host_name != NULL) &&
+ g_str_has_prefix (console_name, ":"))
+ host = g_strdup_printf ("%s%s",
+ host_name,
+ console_name);
+ else if ((host_name != NULL) &&
+ !strstr (console_name, ":"))
+ host = g_strdup (host_name);
+ else if (!g_str_has_prefix (console_name, ":") &&
+ strstr (console_name, ":"))
+ host = g_strdup (console_name);
+
+ if (host)
+ {
+ strncpy (record.ut_host, host, sizeof (record.ut_host));
+ g_free (host);
+ gdm_debug ("using hostname %.*s",
+ sizeof (record.ut_host),
+ record.ut_host);
+ }
+
+ g_get_current_time (&now);
+ record.ut_tv.tv_sec = now.tv_sec;
+ record.ut_tv.tv_usec = now.tv_usec;
+
+ gdm_debug ("using time %ld", (glong) record.ut_tv.tv_sec);
+
+ record.ut_type = USER_PROCESS;
+ gdm_debug ("using type USER_PROCESS");
+
+ record.ut_pid = pid;
+
+ gdm_debug ("using pid %d", (gint) record.ut_pid);
+
+ switch (record_type)
+ {
+ case GDM_VERIFY_RECORD_TYPE_LOGIN:
+ gdm_debug ("writing session record to "
+ GDM_NEW_RECORDS_FILE);
+ updwtmp (GDM_NEW_RECORDS_FILE, &record);
+ break;
+
+ case GDM_VERIFY_RECORD_TYPE_LOGOUT:
+ gdm_debug ("writing logout record to "
+ GDM_NEW_RECORDS_FILE);
+ updwtmp (GDM_NEW_RECORDS_FILE, &record);
+ break;
+
+ case GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT:
+ gdm_debug ("writing failed session attempt record to "
+ GDM_BAD_RECORDS_FILE);
+ updwtmp (GDM_BAD_RECORDS_FILE, &record);
+ break;
+ }
+
+}
+
static const char *
perhaps_translate_message (const char *msg)
{
@@ -1099,6 +1228,11 @@ #ifdef HAVE_ADT
audit_fail_login (d, pw_change, pwent, pamerr);
#endif /* HAVE_ADT */
+ gdm_verify_write_record (d, GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT,
+ login == NULL? tmp_PAM_USER : login, display,
+ d->attached? NULL : d->hostname,
+ getpid ());
+
/* The verbose authentication is turned on, output the error
* message from the PAM subsystem */
if ( ! error_msg_given &&
--- gdm-2.15.6/daemon/verify.h
+++ gdm-2.15.6/daemon/verify.h
@@ -21,6 +21,12 @@ #define GDM_VERIFY_H
#include "gdm.h"
+typedef enum {
+ GDM_VERIFY_RECORD_TYPE_LOGIN,
+ GDM_VERIFY_RECORD_TYPE_LOGOUT,
+ GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT
+} GdmVerifyRecordType;
+
/* If username is NULL, we ask, if local is FALSE, don't start
* the timed login timer */
gchar *gdm_verify_user (GdmDisplay *d,
@@ -30,6 +36,13 @@ gchar *gdm_verify_user (GdmDisplay *d
void gdm_verify_cleanup (GdmDisplay *d);
void gdm_verify_check (void);
void gdm_verify_select_user (const char *user);
+void gdm_verify_write_record (GdmDisplay *d,
+ GdmVerifyRecordType record_type,
+ const gchar *username,
+ const gchar *console_name,
+ const gchar *host_name,
+ GPid pid);
+
/* used in pam */
gboolean gdm_verify_setup_env (GdmDisplay *d);
gboolean gdm_verify_setup_user (GdmDisplay *d,
gdm-2.15.5-security-tokens.patch:
config/Makefile.am | 4
config/gdm | 17
config/gdm-autologin | 10
config/gdm-securitytokens | 11
config/gdm.conf.in | 7
configure.ac | 3
daemon/Makefile.am | 7
daemon/gdm.c | 108 +++++
daemon/gdm.h | 5
daemon/gdmconfig.c | 35 +
daemon/gdmconfig.h | 3
daemon/securitytoken.c | 579 ++++++++++++++++++++++++++++
daemon/securitytoken.h | 98 ++++
daemon/securitytokenmonitor.c | 817 +++++++++++++++++++++++++++++++++++++++
daemon/securitytokenmonitor.h | 81 +++
daemon/verify-pam.c | 5
utils/gdmsecuritytokenmonitor.c | 197 +++++++++
utils/securitytoken.c | 573 +++++++++++++++++++++++++++
utils/securitytoken.h | 97 ++++
utils/securitytokenmonitor.c | 819 ++++++++++++++++++++++++++++++++++++++++
utils/securitytokenmonitor.h | 82 ++++
21 files changed, 3543 insertions(+), 15 deletions(-)
Index: gdm-2.15.5-security-tokens.patch
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm-2.15.5-security-tokens.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- gdm-2.15.5-security-tokens.patch 14 Jul 2006 14:49:19 -0000 1.3
+++ gdm-2.15.5-security-tokens.patch 17 Jul 2006 03:09:48 -0000 1.4
@@ -1,6 +1,6 @@
--- gdm-2.15.6/config/gdm-autologin.security-tokens 2003-08-04 18:24:21.000000000 +0200
-+++ gdm-2.15.6/config/gdm-autologin 2006-07-14 10:44:47.000000000 +0200
-@@ -1,8 +1,9 @@
++++ gdm-2.15.6/config/gdm-autologin 2006-07-14 10:53:01.000000000 +0200
+@@ -1,8 +1,10 @@
#%PAM-1.0
auth required pam_env.so
-auth required pam_nologin.so
@@ -11,12 +11,13 @@
+account required pam_nologin.so
+account include system-auth
+password include system-auth
++session optional pam_keyinit.so force revoke
+session include system-auth
+session required pam_loginuid.so
session optional pam_console.so
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/config/gdm-securitytokens 2006-07-14 10:43:37.000000000 +0200
-@@ -0,0 +1,10 @@
++++ gdm-2.15.6/config/gdm-securitytokens 2006-07-14 10:53:01.000000000 +0200
+@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth required pam_env.so
+auth sufficient pam_pkcs11.so
@@ -24,12 +25,13 @@
+account required pam_nologin.so
+account include system-auth
+password include system-auth
++session optional pam_keyinit.so force revoke
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
--- gdm-2.15.6/config/gdm.security-tokens 2003-08-04 18:24:21.000000000 +0200
-+++ gdm-2.15.6/config/gdm 2006-07-14 10:43:37.000000000 +0200
-@@ -1,8 +1,10 @@
++++ gdm-2.15.6/config/gdm 2006-07-14 10:53:01.000000000 +0200
+@@ -1,8 +1,11 @@
#%PAM-1.0
-auth required pam_env.so
-auth required pam_stack.so service=system-auth
@@ -43,13 +45,14 @@
+account required pam_nologin.so
+account include system-auth
+password include system-auth
++session optional pam_keyinit.so force revoke
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
+
--- gdm-2.15.6/config/Makefile.am.security-tokens 2006-05-18 20:39:13.000000000 +0200
-+++ gdm-2.15.6/config/Makefile.am 2006-07-14 10:43:37.000000000 +0200
-@@ -26,6 +26,7 @@
++++ gdm-2.15.6/config/Makefile.am 2006-07-14 10:53:01.000000000 +0200
+@@ -26,6 +26,7 @@ EXTRA_DIST = \
Xsession.in \
gdm \
gdm-autologin \
@@ -57,7 +60,7 @@
locale.alias \
Init.in \
PreSession.in \
-@@ -237,6 +238,9 @@
+@@ -237,6 +238,9 @@ install-data-hook: gdm.conf gdm.conf-cus
if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; then \
$(INSTALL_DATA) gdm-autologin $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; \
fi; \
@@ -67,9 +70,9 @@
if test $$system = SunOS; then \
echo "Please add PAM authentication for gdm and gdm-autologin in $(PAM_PREFIX)/pam.conf!"; \
fi; \
---- gdm-2.15.6/config/gdm.conf.in.security-tokens 2006-07-14 10:43:36.000000000 +0200
-+++ gdm-2.15.6/config/gdm.conf.in 2006-07-14 10:43:37.000000000 +0200
-@@ -193,6 +193,10 @@
+--- gdm-2.15.6/config/gdm.conf.in.security-tokens 2006-07-14 10:53:00.000000000 +0200
++++ gdm-2.15.6/config/gdm.conf.in 2006-07-14 10:53:01.000000000 +0200
+@@ -193,6 +193,10 @@ Xnest=@X_XNEST_PATH@/Xnest @X_XNEST_CONF
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
@@ -80,7 +83,7 @@
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
-@@ -239,6 +243,9 @@
+@@ -239,6 +243,9 @@ CheckDirOwner=true
# Specifies the PAM Stack to use, "gdm" by default.
PamStack=gdm
@@ -91,7 +94,7 @@
# remotely (I'd never turn this on on open network, use ssh for such remote
# usage that). You can then run X with -query <thishost> to log in, or
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/utils/securitytokenmonitor.c 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/utils/securitytokenmonitor.c 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,819 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
@@ -913,7 +916,7 @@
+}
+#endif
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/utils/securitytoken.h 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/utils/securitytoken.h 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,97 @@
+/* securitytoken.h - api for reading and writing data to a security token
+ *
@@ -1013,7 +1016,7 @@
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_H */
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/utils/securitytoken.c 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/utils/securitytoken.c 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,573 @@
+/* securitytoken.c - security token
+ *
@@ -1589,7 +1592,7 @@
+}
+#endif
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/utils/securitytokenmonitor.h 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/utils/securitytokenmonitor.h 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,82 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
@@ -1674,7 +1677,7 @@
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_MONITOR_H */
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/utils/gdmsecuritytokenmonitor.c 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/utils/gdmsecuritytokenmonitor.c 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,197 @@
+/* GDM Security Token monitor
+ * Copyright (C) 2006 Ray Strode <rstrode at redhat.com>
@@ -1873,9 +1876,9 @@
+ daemon_free (daemon);
+ return 0;
+}
---- gdm-2.15.6/configure.ac.security-tokens 2006-07-14 10:43:36.000000000 +0200
-+++ gdm-2.15.6/configure.ac 2006-07-14 10:43:37.000000000 +0200
-@@ -19,6 +19,7 @@
+--- gdm-2.15.6/configure.ac.security-tokens 2006-07-14 10:53:00.000000000 +0200
++++ gdm-2.15.6/configure.ac 2006-07-14 10:53:01.000000000 +0200
+@@ -19,6 +19,7 @@ LIBRSVG_REQUIRED=1.1.1
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
@@ -1883,7 +1886,7 @@
dnl
dnl Let the user configure where to look for the configuration files.
-@@ -156,7 +157,7 @@
+@@ -156,7 +157,7 @@ PKG_CHECK_MODULES(VICIOUS, gtk+-2.0 >= $
AC_SUBST(VICIOUS_CFLAGS)
AC_SUBST(VICIOUS_LIBS)
@@ -1893,7 +1896,7 @@
AC_SUBST(DAEMON_LIBS)
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/daemon/securitytokenmonitor.c 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/daemon/securitytokenmonitor.c 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,817 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
@@ -2713,7 +2716,7 @@
+}
+#endif
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/daemon/securitytoken.h 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/daemon/securitytoken.h 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,98 @@
+/* securitytoken.h - api for reading and writing data to a security token
+ *
@@ -2813,9 +2816,9 @@
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_H */
---- gdm-2.15.6/daemon/gdm.h.security-tokens 2006-07-14 10:43:37.000000000 +0200
-+++ gdm-2.15.6/daemon/gdm.h 2006-07-14 10:43:37.000000000 +0200
-@@ -272,6 +272,10 @@
+--- gdm-2.15.6/daemon/gdm.h.security-tokens 2006-07-14 10:53:01.000000000 +0200
++++ gdm-2.15.6/daemon/gdm.h 2006-07-14 10:53:01.000000000 +0200
+@@ -272,6 +272,10 @@ enum {
/* How long to wait before assuming an Xserver has timed out */
#define GDM_KEY_XSERVER_TIMEOUT "daemon/GdmXserverTimeout=10"
@@ -2826,7 +2829,7 @@
/* Per server definitions */
#define GDM_KEY_SERVER_PREFIX "server-"
#define GDM_KEY_SERVER_NAME "name=Standard server"
-@@ -296,6 +300,7 @@
+@@ -296,6 +300,7 @@ enum {
#define GDM_KEY_RETRY_DELAY "security/RetryDelay=1"
#define GDM_KEY_DISALLOW_TCP "security/DisallowTCP=true"
#define GDM_KEY_PAM_STACK "security/PamStack=gdm"
@@ -2835,7 +2838,7 @@
#define GDM_KEY_NEVER_PLACE_COOKIES_ON_NFS "security/NeverPlaceCookiesOnNFS=true"
#define GDM_KEY_PASSWORD_REQUIRED "security/PasswordRequired=false"
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/daemon/securitytoken.c 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/daemon/securitytoken.c 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,579 @@
+/* securitytoken.c - security token
+ *
@@ -3417,8 +3420,8 @@
+}
+#endif
--- gdm-2.15.6/daemon/gdmconfig.c.security-tokens 2006-06-10 00:12:51.000000000 +0200
-+++ gdm-2.15.6/daemon/gdmconfig.c 2006-07-14 10:43:37.000000000 +0200
-@@ -136,6 +136,8 @@
++++ gdm-2.15.6/daemon/gdmconfig.c 2006-07-14 10:53:01.000000000 +0200
+@@ -136,6 +136,8 @@ static gchar *GdmSoundOnLoginSuccessFile
static gchar *GdmSoundOnLoginFailureFile = NULL;
static gchar *GdmConsoleCannotHandle = NULL;
static gchar *GdmPamStack = NULL;
@@ -3427,7 +3430,7 @@
static gint GdmXineramaScreen = 0;
static gint GdmUserMaxFile = 0;
-@@ -192,6 +194,7 @@
+@@ -192,6 +194,7 @@ static gboolean GdmSoundOnLogin = TRUE;
static gboolean GdmSoundOnLoginSuccess = FALSE;
static gboolean GdmSoundOnLoginFailure = FALSE;
static gboolean GdmConsoleNotify = TRUE;
@@ -3435,7 +3438,7 @@
/* Config options used by slave */
/* ---------------------------- */
-@@ -418,6 +421,8 @@
+@@ -418,6 +421,8 @@ gdm_config_init (void)
gdm_config_add_hash (GDM_KEY_SOUND_ON_LOGIN, &GdmSoundOnLogin, &bool_type);
gdm_config_add_hash (GDM_KEY_RESTART_BACKGROUND_PROGRAM,
&GdmRestartBackgroundProgram, &bool_type);
@@ -3444,7 +3447,7 @@
/* string values */
gdm_config_add_hash (GDM_KEY_PATH, &GdmPath, &string_type);
-@@ -503,6 +508,8 @@
+@@ -503,6 +508,8 @@ gdm_config_init (void)
gdm_config_add_hash (GDM_KEY_PRE_FETCH_PROGRAM,
&GdmPreFetchProgram, &string_type);
gdm_config_add_hash (GDM_KEY_PAM_STACK, &GdmPamStack, &string_type);
@@ -3453,7 +3456,7 @@
/* int values */
gdm_config_add_hash (GDM_KEY_XINERAMA_SCREEN, &GdmXineramaScreen, &int_type);
-@@ -1432,6 +1439,32 @@
+@@ -1432,6 +1439,32 @@ gdm_set_value (VeConfig *cfg, GdmConfigT
return FALSE;
}
@@ -3486,7 +3489,7 @@
/**
* gdm_find_xserver
*
-@@ -1648,6 +1681,8 @@
+@@ -1648,6 +1681,8 @@ gdm_update_config (gchar* key)
is_key (key, GDM_KEY_SERV_AUTHDIR) ||
is_key (key, GDM_KEY_USER_AUTHDIR) ||
is_key (key, GDM_KEY_USER_AUTHFILE) ||
@@ -3496,8 +3499,8 @@
return FALSE;
}
--- gdm-2.15.6/daemon/Makefile.am.security-tokens 2006-03-29 01:43:21.000000000 +0200
-+++ gdm-2.15.6/daemon/Makefile.am 2006-07-14 10:43:37.000000000 +0200
-@@ -9,6 +9,7 @@
++++ gdm-2.15.6/daemon/Makefile.am 2006-07-14 10:53:01.000000000 +0200
+@@ -9,6 +9,7 @@ INCLUDES = \
-DAUTHDIR=\"$(authdir)\" \
-DBINDIR=\"$(bindir)\" \
-DDATADIR=\"$(datadir)\" \
@@ -3505,7 +3508,7 @@
-DDMCONFDIR=\"$(dmconfdir)\" \
-DGDMCONFDIR=\"$(gdmconfdir)\" \
-DGDMLOCALEDIR=\"$(gdmlocaledir)\" \
-@@ -71,7 +72,11 @@
+@@ -71,7 +72,11 @@ gdm_binary_SOURCES = \
gdm-net.c \
gdm-net.h \
getvt.c \
@@ -3518,8 +3521,8 @@
EXTRA_gdm_binary_SOURCES = verify-pam.c verify-crypt.c verify-shadow.c
---- gdm-2.15.6/daemon/gdm.c.security-tokens 2006-07-14 10:43:37.000000000 +0200
-+++ gdm-2.15.6/daemon/gdm.c 2006-07-14 10:43:37.000000000 +0200
+--- gdm-2.15.6/daemon/gdm.c.security-tokens 2006-07-14 10:53:01.000000000 +0200
++++ gdm-2.15.6/daemon/gdm.c 2006-07-14 19:51:59.000000000 +0200
@@ -62,6 +62,8 @@
#include "cookie.h"
#include "filecheck.h"
@@ -3537,10 +3540,11 @@
extern GSList *displays;
/* Local functions */
-@@ -80,6 +83,13 @@
+@@ -80,6 +83,14 @@ static void gdm_handle_message (GdmConne
static void gdm_handle_user_message (GdmConnection *conn,
const gchar *msg,
gpointer data);
++static void gdm_reset_pam (void);
+
+static void gdm_handle_security_token_insertion (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
@@ -3551,7 +3555,7 @@
static void gdm_daemonify (void);
static void gdm_safe_restart (void);
static void gdm_try_logout_action (GdmDisplay *disp);
-@@ -150,7 +160,6 @@
+@@ -150,7 +161,6 @@ static GMainLoop *main_loop = NULL;
static gboolean monte_carlo_sqrt2 = FALSE;
@@ -3559,7 +3563,7 @@
/*
* lookup display number if the display number is
* exists then clear the remove flag and return TRUE
-@@ -1402,6 +1411,8 @@
+@@ -1402,6 +1412,8 @@ main (int argc, char *argv[])
/* Initialize runtime environment */
umask (022);
@@ -3568,17 +3572,19 @@
ctx = g_option_context_new (_("- The GNOME login manager"));
g_option_context_add_main_entries (ctx, options, _("main options"));
-@@ -1639,6 +1650,9 @@
+@@ -1639,6 +1651,11 @@ main (int argc, char *argv[])
gdm_xdmcp_run ();
}
++ gdm_reset_pam ();
++
+ if (gdm_get_value_bool (GDM_KEY_SECURITY_TOKENS_ENABLE))
+ gdm_watch_for_security_tokens ();
+
/* We always exit via exit (), and sadly we need to g_main_quit ()
* at times not knowing if it's this main or a recursive one we're
* quitting.
-@@ -3429,4 +3443,87 @@
+@@ -3429,4 +3446,93 @@ gdm_handle_user_message (GdmConnection *
}
}
@@ -3610,22 +3616,18 @@
+}
+
+static void
-+gdm_handle_security_token_removal (ScSecurityTokenMonitor *monitor,
-+ ScSecurityToken *token)
++gdm_reset_pam (void)
+{
+ GSList *li;
+
-+ gdm_debug ("notifying local displays about token removal");
+ for (li = displays; li != NULL; li = li->next) {
+ GdmDisplay *d = li->data;
+
+ if (SERVER_IS_LOCAL (d)) {
+ gdm_debug ("notifying display '%s'", d->name);
+ gchar *pam_stack;
-+ pam_stack = gdm_get_value_string (GDM_KEY_SECURITY_TOKENS_PAM_STACK);
-+
-+ if (ve_string_empty (pam_stack))
-+ pam_stack = gdm_get_value_string (GDM_KEY_PAM_STACK);
++ pam_stack = gdm_get_value_string (GDM_KEY_PAM_STACK);
++ gdm_debug ("setting pam stack to '%s'", pam_stack);
+ gdm_set_value_string_per_display (d->name,
+ GDM_KEY_PAM_STACK,
+ pam_stack);
@@ -3638,6 +3640,16 @@
+}
+
+static void
++gdm_handle_security_token_removal (ScSecurityTokenMonitor *monitor,
++ ScSecurityToken *token)
++{
++ GSList *li;
++
++ gdm_debug ("notifying local displays about token removal");
++ gdm_reset_pam ();
++}
++
++static void
+gdm_watch_for_security_tokens (void)
+{
+ GError *error;
@@ -3666,8 +3678,8 @@
+ }
+}
/* EOF */
---- gdm-2.15.6/daemon/verify-pam.c.security-tokens 2006-07-14 10:43:37.000000000 +0200
-+++ gdm-2.15.6/daemon/verify-pam.c 2006-07-14 10:43:37.000000000 +0200
+--- gdm-2.15.6/daemon/verify-pam.c.security-tokens 2006-07-14 10:53:01.000000000 +0200
++++ gdm-2.15.6/daemon/verify-pam.c 2006-07-14 10:53:01.000000000 +0200
@@ -55,6 +55,8 @@
#define log_to_audit_system(l,h,d,s) do { ; } while (0)
#endif
@@ -3677,7 +3689,7 @@
/* Evil, but this way these things are passed to the child session */
static pam_handle_t *pamh = NULL;
-@@ -78,7 +80,6 @@
+@@ -78,7 +80,6 @@ static gboolean did_setcred = FALSE;
static adt_session_data_t *adt_ah = NULL; /* audit session handle */
@@ -3685,7 +3697,7 @@
/*
* audit_success_login - audit successful login
*
-@@ -902,6 +903,8 @@
+@@ -902,6 +903,8 @@ authenticate_again:
*/
pam_stack = gdm_get_value_string_per_display (display, GDM_KEY_PAM_STACK);
@@ -3695,8 +3707,8 @@
if (started_timer)
gdm_slave_greeter_ctl_no_ret (GDM_STOPTIMER, "");
--- gdm-2.15.6/daemon/gdmconfig.h.security-tokens 2006-05-20 00:07:17.000000000 +0200
-+++ gdm-2.15.6/daemon/gdmconfig.h 2006-07-14 10:43:37.000000000 +0200
-@@ -41,6 +41,9 @@
++++ gdm-2.15.6/daemon/gdmconfig.h 2006-07-14 10:53:01.000000000 +0200
+@@ -41,6 +41,9 @@ void gdm_set_value_bool
gboolean value);
void gdm_set_value_int (gchar *key,
gint value);
@@ -3707,7 +3719,7 @@
(gchar *file,
gchar *key,
--- /dev/null 2006-07-14 09:12:51.334129331 +0200
-+++ gdm-2.15.6/daemon/securitytokenmonitor.h 2006-07-14 10:43:37.000000000 +0200
++++ gdm-2.15.6/daemon/securitytokenmonitor.h 2006-07-14 10:53:01.000000000 +0200
@@ -0,0 +1,81 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
Index: gdm.spec
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- gdm.spec 14 Jul 2006 22:03:50 -0000 1.174
+++ gdm.spec 17 Jul 2006 03:09:48 -0000 1.175
@@ -16,7 +16,7 @@
Summary: The GNOME Display Manager.
Name: gdm
Version: 2.15.6
-Release: 3
+Release: 5
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
@@ -49,6 +49,7 @@
Patch21: gdm-2.15.5-security-tokens.patch
Patch22: gdm-2.15.5-session-keyring.patch
Patch23: gdm-2.15.6-fix-setup-hang.patch
+Patch24: gdm-2.15.6-wtmp.patch
BuildRoot: %{_tmppath}/gdm-%{PACKAGE_VERSION}-root
@@ -129,8 +130,9 @@
%patch19 -p1 -b .move-default-message
%patch20 -p1 -b .reset-pam
%patch21 -p1 -b .security-tokens
-%patch22 -p1 -b .session-keyring
+#%patch22 -p1 -b .session-keyring
%patch23 -p1 -b .fix-setup-hang
+%patch24 -p1 -b .wtmp
# fix the time format for ja
perl -pi -e "s|^msgstr \"%a %b %d, %H:%M\"|msgstr \"%m/%d \(%a\) %H:%M\"|; s|^msgstr \"%a %b %d, %I:%M %p\"|msgstr \"%m/%d \(%a\) %p %I:%M\"|" po/ja.po
@@ -326,6 +328,12 @@
%attr(1770, root, gdm) %dir %{_localstatedir}/gdm
%changelog
+* Sun Jul 16 2006 Ray Strode <rstrode at redhat.com> - 1:2.15.6-5
+- add initial wtmp and btmp logging support
+
+* Fri Jul 14 2006 Ray Strode <rstrode at redhat.com> - 1:2.15.6-4
+- fix bug in security token support
+
* Fri Jul 14 2006 Ray Strode <rstrode at redhat.com> - 1:2.15.6-3
- fix hang in gdmsetup
- Previous message (by thread): rpms/m4/devel .cvsignore,1.5,1.6 m4.spec,1.21,1.22 sources,1.5,1.6
- Next message (by thread): rpms/paps/devel paps-0.6.6-cpilpi.patch, 1.1, 1.2 paps-cups.patch, 1.3, 1.4 paps.spec, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list