rpms/gdm/devel gdm-2.15.6-security-tokens.patch, NONE, 1.1 gdm.spec, 1.176, 1.177 gdm-2.15.5-security-tokens.patch, 1.4, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jul 18 05:46:14 UTC 2006
Author: rstrode
Update of /cvs/dist/rpms/gdm/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24659
Modified Files:
gdm.spec
Added Files:
gdm-2.15.6-security-tokens.patch
Removed Files:
gdm-2.15.5-security-tokens.patch
Log Message:
- make security token support use its own config file in
preparation for modularizing it.
gdm-2.15.6-security-tokens.patch:
config/Makefile.am | 35 +
config/gdm | 16
config/gdm-securitytokens | 10
config/gdm.conf.in | 7
configure.ac | 3
daemon/Makefile.am | 7
daemon/gdm.c | 148 +++++++
daemon/gdm.h | 5
daemon/gdmconfig.c | 26 +
daemon/gdmconfig.h | 3
daemon/securitytoken.c | 602 ++++++++++++++++++++++++++++
daemon/securitytoken.h | 101 ++++
daemon/securitytokenmonitor.c | 840 ++++++++++++++++++++++++++++++++++++++++
daemon/securitytokenmonitor.h | 81 +++
daemon/verify-pam.c | 5
utils/gdmsecuritytokenmonitor.c | 197 +++++++++
utils/securitytoken.c | 573 +++++++++++++++++++++++++++
utils/securitytoken.h | 97 ++++
utils/securitytokenmonitor.c | 819 +++++++++++++++++++++++++++++++++++++++
utils/securitytokenmonitor.h | 82 +++
20 files changed, 3644 insertions(+), 13 deletions(-)
--- NEW FILE gdm-2.15.6-security-tokens.patch ---
--- gdm-2.15.6/config/Makefile.am
+++ gdm-2.15.6/config/Makefile.am
@@ -26,6 +26,7 @@ EXTRA_DIST = \
Xsession.in \
gdm \
gdm-autologin \
+ gdm-securitytokens \
locale.alias \
Init.in \
PreSession.in \
@@ -34,9 +35,10 @@ EXTRA_DIST = \
XKeepsCrashing \
gettextfoo.h \
gdmprefetchlist.in \
+ securitytokens.conf.in \
extract-shell.sh
-CLEANFILES = Xsession gdm.conf default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist
+CLEANFILES = Xsession gdm.conf default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist securitytokens.conf
Xsession: $(srcdir)/Xsession.in
sed -e 's,[@]XSESSION_SHELL[@],$(XSESSION_SHELL),g' \
@@ -67,6 +69,31 @@ gdm.conf: $(srcdir)/gdm.conf.in
-e 's,[@]sbindir[@],$(sbindir),g' \
<$(srcdir)/gdm.conf.in >gdm.conf
+securitytokens.conf: $(srcdir)/securitytokens.conf.in
+ sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
+ -e 's,[@]GDM_USER_PATH[@],$(GDM_USER_PATH),g' \
+ -e 's,[@]HALT_COMMAND[@],$(HALT_COMMAND),g' \
+ -e 's,[@]REBOOT_COMMAND[@],$(REBOOT_COMMAND),g' \
+ -e 's,[@]SOUND_PROGRAM[@],$(SOUND_PROGRAM),g' \
+ -e 's,[@]SUSPEND_COMMAND[@],$(SUSPEND_COMMAND),g' \
+ -e 's,[@]XEVIE_OPTION[@],$(XEVIE_OPTION),g' \
+ -e 's,[@]X_CONFIG_OPTIONS[@],$(X_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_SERVER[@],$(X_SERVER),g' \
+ -e 's,[@]X_XNEST_CONFIG_OPTIONS[@],$(X_XNEST_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_XNEST_PATH[@],$(X_XNEST_PATH),g' \
+ -e 's,[@]authdir[@],$(authdir),g' \
+ -e 's,[@]datadir[@],$(datadir),g' \
+ -e 's,[@]dmconfdir[@],$(dmconfdir),g' \
+ -e 's,[@]gdmconfdir[@],$(gdmconfdir),g' \
+ -e 's,[@]libdir[@],$(libdir),g' \
+ -e 's,[@]libexecdir[@],$(libexecdir),g' \
+ -e 's,[@]localedir[@],$(libexecdir),g' \
+ -e 's,[@]logdir[@],$(logdir),g' \
+ -e 's,[@]pixmapdir[@],$(pixmapdir),g' \
+ -e 's,[@]sbindir[@],$(sbindir),g' \
+ <$(srcdir)/securitytokens.conf.in >securitytokens.conf
+
+
gettextfoo.h: XKeepsCrashing Xsession.in
cat $^ | $(srcdir)/extract-shell.sh > gettextfoo.h
@@ -95,7 +122,7 @@ uninstall-hook:
$(DESTDIR)$(predir)/Default \
$(DESTDIR)$(postdir)/Default
-install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST)
+install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST) securitytokens.conf
if test '!' -d $(DESTDIR)$(confdir); then \
$(mkinstalldirs) $(DESTDIR)$(confdir); \
chmod 755 $(DESTDIR)$(confdir); \
@@ -128,6 +155,7 @@ install-data-hook: gdm.conf gdm.conf-cus
chmod 644 $(DESTDIR)$(GDM_CUSTOM_CONF); \
fi
$(INSTALL_DATA) gdm.conf `dirname $(DESTDIR)$(GDM_DEFAULTS_CONF)`/factory-`basename $(DESTDIR)$(GDM_DEFAULTS_CONF)`
+ $(INSTALL_DATA) securitytokens.conf $(DESTDIR)$(confdir)/securitytokens.conf
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
@@ -237,6 +265,9 @@ install-data-hook: gdm.conf gdm.conf-cus
if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; then \
$(INSTALL_DATA) gdm-autologin $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; \
fi; \
+ if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-securitytokens; then \
+ $(INSTALL_DATA) gdm-securitytokens $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-securitytokens; \
+ fi; \
if test $$system = SunOS; then \
echo "Please add PAM authentication for gdm and gdm-autologin in $(PAM_PREFIX)/pam.conf!"; \
fi; \
--- gdm-2.15.6/config/gdm
+++ gdm-2.15.6/config/gdm
@@ -1,8 +1,10 @@
#%PAM-1.0
-auth required pam_env.so
-auth required pam_stack.so service=system-auth
-auth required pam_nologin.so
-account required pam_stack.so service=system-auth
-password required pam_stack.so service=system-auth
-session required pam_stack.so service=system-auth
-session optional pam_console.so
+auth required pam_env.so
+auth include system-auth
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
+
--- /dev/null
+++ gdm-2.15.6/config/gdm-securitytokens
@@ -0,0 +1,10 @@
+#%PAM-1.0
+auth required pam_env.so
+auth sufficient pam_pkcs11.so
+auth required pam_deny.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
--- gdm-2.15.6/config/gdm.conf.in
+++ gdm-2.15.6/config/gdm.conf.in
@@ -196,6 +196,10 @@ # How long gdm should wait before it ass
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
+# Whether or not to listen for smart card insertion/removal events
+SecurityTokensEnable=true
+SecurityTokensDriver=
+
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
@@ -242,6 +246,9 @@ #PasswordRequired=false
# Specifies the PAM Stack to use, "gdm" by default.
PamStack=gdm
+# Specifies the PAM Stack to use when smart cards are inserted
+SecurityTokensPamStack=gdm-securitytokens
+
# XDMCP is the protocol that allows remote login. If you want to log into GDM
# remotely (I'd never turn this on on open network, use ssh for such remote
# usage that). You can then run X with -query <thishost> to log in, or
--- gdm-2.15.6/configure.ac
+++ gdm-2.15.6/configure.ac
@@ -19,6 +19,7 @@ LIBRSVG_REQUIRED=1.1.1
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
+NSS_REQUIRED=3.11.1
dnl
dnl Let the user configure where to look for the configuration files.
@@ -156,7 +157,7 @@ PKG_CHECK_MODULES(VICIOUS, gtk+-2.0 >= $
AC_SUBST(VICIOUS_CFLAGS)
AC_SUBST(VICIOUS_LIBS)
-PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED)
+PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED nss >= $NSS_REQUIRED)
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
--- gdm-2.15.6/daemon/Makefile.am
+++ gdm-2.15.6/daemon/Makefile.am
@@ -9,6 +9,7 @@ INCLUDES = \
-DAUTHDIR=\"$(authdir)\" \
-DBINDIR=\"$(bindir)\" \
-DDATADIR=\"$(datadir)\" \
+ -DSYSCONFDIR=\"$(sysconfdir)\" \
-DDMCONFDIR=\"$(dmconfdir)\" \
-DGDMCONFDIR=\"$(gdmconfdir)\" \
-DGDMLOCALEDIR=\"$(gdmlocaledir)\" \
@@ -71,7 +72,11 @@ gdm_binary_SOURCES = \
gdm-net.c \
gdm-net.h \
getvt.c \
- getvt.h
+ getvt.h \
+ securitytoken.c \
+ securitytoken.h \
+ securitytokenmonitor.c \
+ securitytokenmonitor.h
EXTRA_gdm_binary_SOURCES = verify-pam.c verify-crypt.c verify-shadow.c
--- gdm-2.15.6/daemon/gdm.c
+++ gdm-2.15.6/daemon/gdm.c
@@ -62,6 +62,8 @@ #include "gdm-net.h"
#include "cookie.h"
#include "filecheck.h"
#include "gdmconfig.h"
+#include "securitytokenmonitor.h"
+#include "securitytoken.h"
#define DYNAMIC_ADD 0
#define DYNAMIC_RELEASE 1
@@ -71,6 +73,7 @@ #ifdef HAVE_LOGINDEVPERM
#include <libdevinfo.h>
#endif /* HAVE_LOGINDEVPERM */
+
extern GSList *displays;
/* Local functions */
@@ -80,6 +83,16 @@ static void gdm_handle_message (GdmConne
[...3493 lines suppressed...]
+static void
+sc_security_token_monitor_queue_stop (ScSecurityTokenMonitor *monitor)
+{
+
+ monitor->priv->state = SC_SECURITY_TOKEN_MONITOR_STATE_STOPPING;
+
+ g_idle_add ((GSourceFunc) sc_security_token_monitor_stop_now, monitor);
+}
+
+void
+sc_security_token_monitor_stop (ScSecurityTokenMonitor *monitor)
+{
+ if (monitor->priv->state == SC_SECURITY_TOKEN_MONITOR_STATE_STOPPED)
+ return;
+
+ if (monitor->priv->is_unstoppable) {
+ sc_security_token_monitor_queue_stop (monitor);
+ return;
+ }
+
+ sc_security_token_monitor_stop_now (monitor);
+}
+
+#ifdef SC_SECURITY_TOKEN_MONITOR_ENABLE_TEST
+#include <glib.h>
+
+static GMainLoop *event_loop;
+static gboolean should_exit_on_next_remove = FALSE;
+
+static gboolean on_timeout (ScSecurityTokenMonitor *monitor)
+{
+ GError *error;
+ g_print ("Re-enabling monitor.\n");
+
+ if (!sc_security_token_monitor_start (monitor, &error)) {
+ g_warning ("could not start security token monitor - %s",
+ error->message);
+ g_error_free (error);
+ return 1;
+ }
+ g_print ("Please re-insert security token\n");
+
+ should_exit_on_next_remove = TRUE;
+
+ return FALSE;
+}
+
+static void
+on_device_inserted (ScSecurityTokenMonitor * monitor,
+ ScSecurityToken *token)
+{
+ g_print ("security token inserted!\n");
+ g_print ("Please remove it.\n");
+}
+
+static void
+on_device_removed (ScSecurityTokenMonitor * monitor,
+ ScSecurityToken *token)
+{
+ g_print ("security token removed!\n");
+
+ if (should_exit_on_next_remove)
+ g_main_loop_quit (event_loop);
+ else {
+ g_print ("disabling monitor for 2 seconds\n");
+ sc_security_token_monitor_stop (monitor);
+ g_timeout_add (2000, (GSourceFunc) on_timeout, monitor);
+ }
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ ScSecurityTokenMonitor *monitor;
+ GError *error;
+
+ g_log_set_always_fatal (G_LOG_LEVEL_ERROR
+ | G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING);
+
+ g_type_init ();
+
+ g_message ("creating instance of 'security token monitor' object...");
+ monitor = sc_security_token_monitor_new (NULL);
+ g_message ("'security token monitor' object created successfully");
+
+ g_signal_connect (monitor, "security-token-inserted",
+ G_CALLBACK (on_device_inserted), NULL);
+
+ g_signal_connect (monitor, "security-token-removed",
+ G_CALLBACK (on_device_removed), NULL);
+
+ g_message ("starting listener...");
+
+ error = NULL;
+ if (!sc_security_token_monitor_start (monitor, &error)) {
+ g_warning ("could not start security token monitor - %s",
+ error->message);
+ g_error_free (error);
+ return 1;
+ }
+
+ event_loop = g_main_loop_new (NULL, FALSE);
+ g_main_loop_run (event_loop);
+ g_main_loop_unref (event_loop);
+ event_loop = NULL;
+
+ g_message ("destroying previously created 'security token monitor' object...");
+ g_object_unref (monitor);
+ monitor = NULL;
+ g_message ("'security token monitor' object destroyed successfully");
+
+ return 0;
+}
+#endif
--- /dev/null
+++ gdm-2.15.6/utils/securitytokenmonitor.h
@@ -0,0 +1,82 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
+ *
+ * Copyright (C) 2006 Ray Strode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+#ifndef SC_SECURITY_TOKEN_MONITOR_H
+#define SC_SECURITY_TOKEN_MONITOR_H
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+#include "securitytoken.h"
+
+#include <glib.h>
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+#define SC_TYPE_SECURITY_TOKEN_MONITOR (sc_security_token_monitor_get_type ())
+#define SC_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitor))
+#define SC_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_IS_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_IS_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_SECURITY_TOKEN_MONITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_SECURITY_TOKEN_MONITOR_ERROR (sc_security_token_monitor_error_quark ())
+typedef struct _ScSecurityTokenMonitor ScSecurityTokenMonitor;
+typedef struct _ScSecurityTokenMonitorClass ScSecurityTokenMonitorClass;
+typedef struct _ScSecurityTokenMonitorPrivate ScSecurityTokenMonitorPrivate;
+typedef enum _ScSecurityTokenMonitorError ScSecurityTokenMonitorError;
+
+struct _ScSecurityTokenMonitor {
+ GObject parent;
+
+ /*< private > */
+ ScSecurityTokenMonitorPrivate *priv;
+};
+
+struct _ScSecurityTokenMonitorClass {
+ GObjectClass parent_class;
+
+ /* Signals */
+ void (*security_token_inserted) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*security_token_removed) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*error) (ScSecurityTokenMonitor *monitor,
+ GError *error);
+};
+
+enum _ScSecurityTokenMonitorError {
+ SC_SECURITY_TOKEN_MONITOR_ERROR_GENERIC = 0,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WITH_NSS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_LOADING_DRIVER,
+};
+
+GType sc_security_token_monitor_get_type (void) G_GNUC_CONST;
+GQuark sc_security_token_monitor_error_quark (void) G_GNUC_CONST;
+
+ScSecurityTokenMonitor *sc_security_token_monitor_new (const gchar *module);
+
+
+gboolean sc_security_token_monitor_start (ScSecurityTokenMonitor *monitor,
+ GError **error);
+
+void sc_security_token_monitor_stop (ScSecurityTokenMonitor *monitor);
+
+gchar *sc_security_token_monitor_get_module_path (ScSecurityTokenMonitor *monitor);
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_MONITOR_H */
Index: gdm.spec
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.176
retrieving revision 1.177
diff -u -r1.176 -r1.177
--- gdm.spec 17 Jul 2006 23:06:11 -0000 1.176
+++ gdm.spec 18 Jul 2006 05:46:11 -0000 1.177
@@ -16,7 +16,7 @@
Summary: The GNOME Display Manager.
Name: gdm
Version: 2.15.6
-Release: 6
+Release: 7
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
@@ -46,7 +46,7 @@
Patch18: gdm-2.15.5-process-all-ops.patch
Patch19: gdm-2.15.5-move-default-message.patch
Patch20: gdm-2.15.5-reset-pam.patch
-Patch21: gdm-2.15.5-security-tokens.patch
+Patch21: gdm-2.15.6-security-tokens.patch
Patch22: gdm-2.15.5-session-keyring.patch
Patch23: gdm-2.15.6-fix-setup-hang.patch
Patch24: gdm-2.15.6-wtmp.patch
@@ -328,6 +328,10 @@
%attr(1770, root, gdm) %dir %{_localstatedir}/gdm
%changelog
+* Mon Jul 17 2006 Ray Strode <rstrode at redhat.com> - 1:2.15.6-7
+- make security token support use its own config file in
+ preparation for modularizing it.
+
* Mon Jul 17 2006 Ray Strode <rstrode at redhat.com> - 1:2.15.6-6
- fix off-by-one in the process-all-ops patch that was causing
an anoying dialog to pop up on each login
--- gdm-2.15.5-security-tokens.patch DELETED ---
More information about the fedora-cvs-commits
mailing list