rpms/gnome-screensaver/devel gnome-screensaver-2.17.2-better-pam-integration.patch, NONE, 1.1 gnome-screensaver-2.17.2-securitytoken.patch, NONE, 1.1 gnome-screensaver.spec, 1.123, 1.124 gnome-screensaver-2.16.0-securitytoken.patch, 1.10, NONE gnome-screensaver-2.17.1-better-pam-integration.patch, 1.3, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Nov 12 06:38:10 UTC 2006
- Previous message (by thread): rpms/gnome-screensaver/devel gnome-screensaver-2.17.1-better-pam-integration.patch, 1.2, 1.3 gnome-screensaver.spec, 1.122, 1.123 gnome-screensaver-2.16.0-better-pam-integration.patch, 1.2, NONE
- Next message (by thread): rpms/gnome-screensaver/devel gnome-screensaver-2.17.2-better-pam-integration.patch, 1.1, 1.2 gnome-screensaver.spec, 1.124, 1.125
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rstrode
Update of /cvs/dist/rpms/gnome-screensaver/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4302
Modified Files:
gnome-screensaver.spec
Added Files:
gnome-screensaver-2.17.2-better-pam-integration.patch
gnome-screensaver-2.17.2-securitytoken.patch
Removed Files:
gnome-screensaver-2.16.0-securitytoken.patch
gnome-screensaver-2.17.1-better-pam-integration.patch
Log Message:
update for 2.17.2
gnome-screensaver-2.17.2-better-pam-integration.patch:
data/lock-dialog-default.glade | 4
src/gnome-screensaver-dialog.c | 12 ++
src/gs-auth-pam.c | 199 ++++++++++++++++++++++++++++++++++++++---
src/gs-lock-plug.c | 96 +++++++++++++++++++
src/gs-lock-plug.h | 4
src/gs-manager.c | 9 +
src/gs-manager.h | 1
src/gs-window-x11.c | 16 +++
src/gs-window.h | 1
9 files changed, 324 insertions(+), 18 deletions(-)
--- NEW FILE gnome-screensaver-2.17.2-better-pam-integration.patch ---
--- gnome-screensaver-2.17.2/src/gs-window-x11.c.better-pam-integration 2006-10-06 23:13:40.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-window-x11.c 2006-11-12 01:15:52.000000000 -0500
@@ -1468,6 +1468,22 @@
g_signal_emit (window, signals [DIALOG_UP], 0);
}
+void
+gs_window_cancel_unlock_request (GSWindow *window)
+{
+ /* FIXME: This is a bit of a hammer approach...
+ * Maybe we should send a delete-event to
+ * the plug?
+ */
+ g_return_if_fail (GS_IS_WINDOW (window));
+
+ if (window->priv->lock_socket == NULL)
+ return;
+
+ if (window->priv->lock_pid > 0)
+ kill (window->priv->lock_pid, SIGTERM);
+}
+
void
gs_window_set_lock_enabled (GSWindow *window,
gboolean lock_enabled)
--- gnome-screensaver-2.17.2/src/gs-lock-plug.c.better-pam-integration 2006-10-12 11:35:57.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-lock-plug.c 2006-11-12 01:19:26.000000000 -0500
@@ -100,6 +100,8 @@
guint cancel_timeout_id;
guint auth_check_idle_id;
guint response_idle_id;
+
+ GList *key_events;
};
typedef struct _ResponseData ResponseData;
@@ -231,6 +233,11 @@
const char *text)
{
if (plug->priv->auth_message_label != NULL) {
+ if (strcmp (text, "") == 0)
+ gtk_widget_hide (plug->priv->auth_message_label);
+ else
+ gtk_widget_show (plug->priv->auth_message_label);
+
gtk_label_set_text (GTK_LABEL (plug->priv->auth_message_label), text);
}
}
@@ -565,6 +572,32 @@
}
}
+static void
+queue_key_event (GSLockPlug *plug,
+ GdkEventKey *event)
+{
+ GdkEvent *saved_event;
+
+ saved_event = gdk_event_copy ((GdkEvent *)event);
+ plug->priv->key_events = g_list_prepend (plug->priv->key_events,
+ saved_event);
+}
+
+static void
+forward_key_events (GSLockPlug *plug)
+{
+ plug->priv->key_events = g_list_reverse (plug->priv->key_events);
+ while (plug->priv->key_events) {
+ GdkEventKey *event = plug->priv->key_events->data;
+
+ gtk_window_propagate_key_event (GTK_WINDOW (plug), event);
+
+ gdk_event_free ((GdkEvent *)event);
+
+ plug->priv->key_events = g_list_delete_link (plug->priv->key_events,
+ plug->priv->key_events);
+ }
+}
static void
gs_lock_plug_size_request (GtkWidget *widget,
@@ -845,6 +878,32 @@
}
void
+gs_lock_plug_set_busy (GSLockPlug *plug)
+{
+ GdkCursor *cursor;
+ GtkWidget *top_level;
+
+ top_level = gtk_widget_get_toplevel (GTK_WIDGET (plug));
+
+ cursor = gdk_cursor_new (GDK_WATCH);
+ gdk_window_set_cursor (top_level->window, cursor);
+ gdk_cursor_unref (cursor);
+}
+
+void
+gs_lock_plug_set_ready (GSLockPlug *plug)
+{
+ GdkCursor *cursor;
+ GtkWidget *top_level;
+
+ top_level = gtk_widget_get_toplevel (GTK_WIDGET (plug));
+
+ cursor = gdk_cursor_new (GDK_LEFT_PTR);
+ gdk_window_set_cursor (top_level->window, cursor);
+ gdk_cursor_unref (cursor);
+}
+
+void
gs_lock_plug_show_prompt (GSLockPlug *plug,
const char *message,
gboolean visible)
@@ -853,17 +912,40 @@
gs_debug ("Setting prompt to: %s", message);
+ gtk_widget_set_sensitive (plug->priv->auth_unlock_button, TRUE);
+ gtk_widget_show (plug->priv->auth_unlock_button);
+ gtk_widget_grab_default (plug->priv->auth_unlock_button);
gtk_label_set_text (GTK_LABEL (plug->priv->auth_prompt_label), message);
+ gtk_widget_show (plug->priv->auth_prompt_label);
gtk_entry_set_visibility (GTK_ENTRY (plug->priv->auth_prompt_entry), visible);
+ gtk_widget_show (plug->priv->auth_prompt_entry);
if (! GTK_WIDGET_HAS_FOCUS (plug->priv->auth_prompt_entry)) {
gtk_widget_grab_focus (plug->priv->auth_prompt_entry);
}
+ /* were there any key events sent to the plug while the
+ * entry wasnt ready? If so, forward them along
+ */
+ forward_key_events (plug);
+
restart_cancel_timeout (plug);
}
void
+gs_lock_plug_hide_prompt (GSLockPlug *plug)
+{
+ g_return_if_fail (GS_IS_LOCK_PLUG (plug));
+
+ gtk_widget_hide (plug->priv->auth_prompt_entry);
+ gtk_widget_hide (plug->priv->auth_prompt_label);
+ gtk_widget_set_sensitive (plug->priv->auth_unlock_button, FALSE);
+ gtk_widget_hide (plug->priv->auth_unlock_button);
+
+ gtk_widget_grab_default (plug->priv->auth_cancel_button);
+}
+
+void
gs_lock_plug_show_message (GSLockPlug *plug,
const char *message)
{
@@ -899,7 +981,19 @@
capslock_update (plug, capslock_on);
}
- return FALSE;
+ /* if the input widget is visible and ready for input
+ * then just carry on as usual
+ */
+ if (GTK_WIDGET_VISIBLE (plug->priv->auth_prompt_entry) &&
+ GTK_WIDGET_IS_SENSITIVE (plug->priv->auth_prompt_entry))
+ return FALSE;
+
+ if (strcmp (event->string, "") == 0)
+ return FALSE;
+
+ queue_key_event (plug, event);
+
+ return TRUE;
}
/* adapted from gtk_dialog_add_button */
--- gnome-screensaver-2.17.2/src/gs-window.h.better-pam-integration 2006-07-31 13:54:48.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-window.h 2006-11-12 01:15:52.000000000 -0500
@@ -81,6 +81,7 @@
const char *command);
void gs_window_request_unlock (GSWindow *window);
+void gs_window_cancel_unlock_request (GSWindow *window);
GSWindow * gs_window_new (GdkScreen *screen,
int monitor,
--- gnome-screensaver-2.17.2/src/gs-manager.c.better-pam-integration 2006-09-06 15:38:08.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-manager.c 2006-11-12 01:15:52.000000000 -0500
@@ -1566,3 +1566,12 @@
return TRUE;
}
+
+void
+gs_manager_cancel_unlock_request (GSManager *manager)
+{
+ GSList *l;
+ for (l = manager->priv->windows; l; l = l->next) {
+ gs_window_cancel_unlock_request (l->data);
+ }
+}
--- gnome-screensaver-2.17.2/src/gnome-screensaver-dialog.c.better-pam-integration 2006-07-18 14:18:23.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gnome-screensaver-dialog.c 2006-11-12 01:15:52.000000000 -0500
@@ -147,6 +147,7 @@
if (response == GS_LOCK_PLUG_RESPONSE_OK) {
gs_lock_plug_get_text (plug, &text);
}
+ gs_lock_plug_hide_prompt (plug);
return text;
}
@@ -214,6 +215,9 @@
gs_profile_start (NULL);
gs_debug ("Got message style %d: '%s'", style, msg);
+ gtk_widget_show (GTK_WIDGET (plug));
+ gs_lock_plug_set_ready (plug);
+
ret = TRUE;
*response = NULL;
message = maybe_translate_message (msg);
@@ -256,6 +260,7 @@
gtk_main_iteration ();
}
+ gs_lock_plug_set_busy (plug);
gs_profile_end (NULL);
return ret;
@@ -278,6 +283,8 @@
error = NULL;
+ gs_lock_plug_hide_prompt (plug);
+ gs_lock_plug_set_busy (plug);
res = gs_auth_verify_user (g_get_user_name (), g_getenv ("DISPLAY"), auth_message_handler, plug, &error);
gs_debug ("Verify user returned: %s", res ? "TRUE" : "FALSE");
@@ -306,7 +313,8 @@
response_cb (GSLockPlug *plug,
gint response_id)
{
- if (response_id == GS_LOCK_PLUG_RESPONSE_CANCEL) {
+ if ((response_id == GS_LOCK_PLUG_RESPONSE_CANCEL) ||
+ (response_id == GTK_RESPONSE_DELETE_EVENT)) {
quit_response_cancel ();
}
}
@@ -348,7 +356,7 @@
g_signal_connect (GS_LOCK_PLUG (widget), "response", G_CALLBACK (response_cb), NULL);
- gtk_widget_show (widget);
+ gtk_widget_realize (widget);
print_id (widget);
--- gnome-screensaver-2.17.2/src/gs-auth-pam.c.better-pam-integration 2006-06-08 16:23:40.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-auth-pam.c 2006-11-12 01:15:52.000000000 -0500
@@ -28,6 +28,7 @@
# include <unistd.h>
#endif
+#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
@@ -40,6 +41,7 @@
#include <glib.h>
#include <glib/gstdio.h>
#include <glib/gi18n.h>
+#include <gtk/gtk.h>
#include "gs-auth.h"
@@ -81,8 +83,20 @@
const char *username;
GSAuthMessageFunc cb_func;
gpointer cb_data;
+ int signal_fd;
+ int result;
};
+typedef struct {
+ struct pam_closure *closure;
+ GSAuthMessageStyle style;
+ const char *msg;
+ char **resp;
+ gboolean should_interrupt_stack;
+} GsAuthMessageHandlerData;
+static GCond *message_handled_condition;
+static GMutex *message_handler_mutex;
+
GQuark
gs_auth_error_quark (void)
{
@@ -162,6 +176,48 @@
return ret;
}
+static gboolean
+gs_auth_queued_message_handler (GsAuthMessageHandlerData *data)
+{
+ g_mutex_lock (message_handler_mutex);
+ data->should_interrupt_stack =
+ data->closure->cb_func (data->style,
+ data->msg, data->resp,
+ data->closure->cb_data) == FALSE;
+ g_cond_signal (message_handled_condition);
+ g_mutex_unlock (message_handler_mutex);
+ return FALSE;
+}
+
+static gboolean
+gs_auth_run_message_handler (struct pam_closure *c,
+ GSAuthMessageStyle style,
+ const char *msg,
+ char **resp)
+{
+ GsAuthMessageHandlerData data;
+
+ data.closure = c;
+ data.style = style;
+ data.msg = msg;
+ data.resp = resp;
+ data.should_interrupt_stack = TRUE;
+
+ g_mutex_lock (message_handler_mutex);
+
+ /* Queue the callback in the gui (the main) thread
+ */
+ g_idle_add ((GSourceFunc) gs_auth_queued_message_handler, &data);
+
+ /* Wait for the response
+ */
+ g_cond_wait (message_handled_condition,
+ message_handler_mutex);
+ g_mutex_unlock (message_handler_mutex);
+
+ return data.should_interrupt_stack == FALSE;
+}
+
static int
pam_conversation (int nmsgs,
const struct pam_message **msg,
@@ -195,11 +251,12 @@
NULL);
if (c->cb_func != NULL) {
- res = c->cb_func (style,
- msg [replies]->msg,
- &reply [replies].resp,
- c->cb_data);
-
+ /* blocks until the gui responds
+ */
+ res = gs_auth_run_message_handler (c, style,
+ msg [replies]->msg,
+ &reply [replies].resp);
+
/* If the handler returns FALSE - interrupt the PAM stack */
if (res) {
reply [replies].resp_retcode = PAM_SUCCESS;
@@ -231,6 +288,16 @@
}
}
+ if (message_handled_condition != NULL) {
+ g_cond_free (message_handled_condition);
+ message_handled_condition = NULL;
+ }
+
+ if (message_handler_mutex != NULL) {
+ g_mutex_free (message_handler_mutex);
+ message_handler_mutex = NULL;
+ }
+
return TRUE;
}
@@ -296,6 +363,8 @@
}
ret = TRUE;
+ message_handled_condition = g_cond_new ();
+ message_handler_mutex = g_mutex_new ();
out:
if (status_code != NULL) {
@@ -342,6 +411,114 @@
}
+static int
+gs_auth_thread_func (int auth_operation_fd)
+{
+ static const int flags = 0;
+ int status;
+
+ status = pam_authenticate (pam_handle, flags);
+
+ /* we're done, close the fd and wake up the main
+ * loop
+ */
+ close (auth_operation_fd);
+
+ return status;
+}
+
+static gboolean
+gs_auth_loop_quit (GIOChannel *source,
+ GIOCondition condition,
+ gboolean *thread_done)
+{
+ *thread_done = TRUE;
+ gtk_main_quit ();
+ return FALSE;
+}
+
+static gboolean
+gs_auth_identify_user (pam_handle_t *handle,
+ int *status)
+{
+ GThread *auth_thread;
+ GIOChannel *channel;
+ guint watch_id;
+ int auth_operation_fds[2];
+ int auth_status;
+ gboolean thread_done;
+
+ channel = NULL;
+ watch_id = 0;
+ auth_status = PAM_INCOMPLETE;
+
+ /* This pipe gives us a set of fds we can hook into
+ * the event loop to be notified when our helper thread
+ * is ready to be reaped.
+ */
+ if (pipe (auth_operation_fds) < 0) {
+ goto out;
+ }
+
+ if (fcntl (auth_operation_fds[0], F_SETFD, FD_CLOEXEC) < 0) {
+ close (auth_operation_fds[0]);
+ close (auth_operation_fds[1]);
+ goto out;
+ }
+
+ if (fcntl (auth_operation_fds[1], F_SETFD, FD_CLOEXEC) < 0) {
+ close (auth_operation_fds[0]);
+ close (auth_operation_fds[1]);
+ goto out;
+ }
+
+ channel = g_io_channel_unix_new (auth_operation_fds[0]);
+
+ /* we use a recursive main loop to process ui events
+ * while we wait on a thread to handle the blocking parts
+ * of pam authentication.
+ */
+ thread_done = FALSE;
+ watch_id = g_io_add_watch (channel, G_IO_ERR | G_IO_HUP,
+ (GIOFunc) gs_auth_loop_quit, &thread_done);
+
+ auth_thread = g_thread_create ((GThreadFunc) gs_auth_thread_func,
+ GINT_TO_POINTER (auth_operation_fds[1]),
+ TRUE, NULL);
+
+ if (auth_thread == NULL) {
+ goto out;
+ }
+
+ gtk_main ();
+
+ /* if the event loop was quit before the thread is done then we can't
+ * reap the thread without blocking on it finishing. The
+ * thread may not ever finish though if the pam module is blocking.
+ *
+ * The only time the event loop is going to stop when the thread isn't
+ * done, however, is if the dialog quits early (from, e.g., "cancel"),
+ * so we can just exit. An alternative option would be to switch to
+ * using pthreads directly and calling pthread_cancel.
+ */
+ if (!thread_done)
+ raise (SIGTERM);
+
+ auth_status = GPOINTER_TO_INT (g_thread_join (auth_thread));
+
+out:
+ if (watch_id != 0)
+ g_source_remove (watch_id);
+
+ if (channel != NULL)
+ g_io_channel_unref (channel);
+
+ if (status)
+ *status = auth_status;
+
+ return auth_status == PAM_SUCCESS;
+}
+
gboolean
gs_auth_verify_user (const char *username,
const char *display,
@@ -356,7 +533,6 @@
sigset_t set;
struct timespec timeout;
struct passwd *pwent;
- int null_tok = 0;
const void *p;
pwent = getpwnam (username);
@@ -364,6 +540,7 @@
return FALSE;
}
+
c.username = username;
c.cb_func = func;
c.cb_data = data;
@@ -386,8 +563,6 @@
set = block_sigchld ();
did_we_ask_for_password = FALSE;
- status = pam_authenticate (pam_handle, null_tok);
-
sigtimedwait (&set, NULL, &timeout);
unblock_sigchld ();
@@ -397,9 +572,9 @@
PAM_STRERROR (pam_handle, status));
}
- if (status != PAM_SUCCESS) {
- goto DONE;
- }
+ if (!gs_auth_identify_user (pam_handle, &status)) {
+ goto DONE;
+ }
if ((status = pam_get_item (pam_handle, PAM_USER, &p)) != PAM_SUCCESS) {
/* is not really an auth problem, but it will
@@ -412,7 +587,7 @@
* but we need to run them anyway because certain pam modules
* depend on side effects of the account modules getting run.
*/
- status2 = pam_acct_mgmt (pam_handle, null_tok);
+ status2 = pam_acct_mgmt (pam_handle, 0);
if (gs_auth_get_verbose ()) {
g_message ("pam_acct_mgmt (...) ==> %d (%s)\n",
--- gnome-screensaver-2.17.2/src/gs-lock-plug.h.better-pam-integration 2006-07-18 13:49:24.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-lock-plug.h 2006-11-12 01:15:52.000000000 -0500
@@ -68,6 +68,10 @@
void gs_lock_plug_show_prompt (GSLockPlug *plug,
const char *message,
gboolean visible);
+void gs_lock_plug_hide_prompt (GSLockPlug *plug);
+void gs_lock_plug_set_busy (GSLockPlug *plug);
+void gs_lock_plug_set_ready (GSLockPlug *plug);
+
void gs_lock_plug_get_text (GSLockPlug *plug,
char **text);
void gs_lock_plug_show_message (GSLockPlug *plug,
--- gnome-screensaver-2.17.2/src/gs-manager.h.better-pam-integration 2006-08-04 15:36:03.000000000 -0400
+++ gnome-screensaver-2.17.2/src/gs-manager.h 2006-11-12 01:15:52.000000000 -0500
@@ -94,6 +94,7 @@
void gs_manager_set_mode (GSManager *manager,
GSSaverMode mode);
gboolean gs_manager_request_unlock (GSManager *manager);
+void gs_manager_cancel_unlock_request (GSManager *manager);
G_END_DECLS
--- gnome-screensaver-2.17.2/data/lock-dialog-default.glade.better-pam-integration 2006-08-25 10:40:48.000000000 -0400
+++ gnome-screensaver-2.17.2/data/lock-dialog-default.glade 2006-11-12 01:15:52.000000000 -0500
@@ -145,8 +145,7 @@
<child>
<widget class="GtkLabel" id="auth-prompt-label">
- <property name="visible">True</property>
- <property name="label" translatable="yes">Password:</property>
+ <property name="label" translatable="yes"></property>
<property name="use_underline">False</property>
<property name="use_markup">False</property>
<property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -173,7 +172,6 @@
<child>
<widget class="GtkEntry" id="auth-prompt-entry">
- <property name="visible">True</property>
<property name="can_focus">True</property>
<property name="editable">True</property>
<property name="visibility">False</property>
gnome-screensaver-2.17.2-securitytoken.patch:
configure.ac | 16
src/Makefile.am | 1
src/cut-n-paste/Makefile.am | 13
src/cut-n-paste/securitytoken.c | 680 ++++++++++++
src/cut-n-paste/securitytoken.h | 94 +
src/cut-n-paste/securitytokenmonitor.c | 1743 +++++++++++++++++++++++++++++++++
src/cut-n-paste/securitytokenmonitor.h | 84 +
src/gs-auth-pam.c | 7
src/gs-monitor.c | 146 ++
src/gs-window-x11.c | 1
10 files changed, 2750 insertions(+), 35 deletions(-)
--- NEW FILE gnome-screensaver-2.17.2-securitytoken.patch ---
--- gnome-screensaver-2.17.2/src/gs-window-x11.c.securitytoken 2006-11-12 01:35:06.000000000 -0500
+++ gnome-screensaver-2.17.2/src/gs-window-x11.c 2006-11-12 01:35:06.000000000 -0500
@@ -758,6 +758,7 @@
"XAUTHLOCALHOSTNAME",
"KRB5CCNAME",
"KRBTKFILE",
+ "PKCS11_LOGIN_TOKEN_NAME",
"LANG",
"LANGUAGE",
"LC_ALL",
--- /dev/null 2006-11-10 18:53:02.400788152 -0500
+++ gnome-screensaver-2.17.2/src/cut-n-paste/securitytokenmonitor.h 2006-11-12 01:35:06.000000000 -0500
@@ -0,0 +1,84 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
+ *
+ * Copyright (C) 2006 Ray Strode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+#ifndef SC_SECURITY_TOKEN_MONITOR_H
+#define SC_SECURITY_TOKEN_MONITOR_H
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+#include "securitytoken.h"
+
+#include <glib.h>
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+#define SC_TYPE_SECURITY_TOKEN_MONITOR (sc_security_token_monitor_get_type ())
+#define SC_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitor))
+#define SC_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_IS_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_IS_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_SECURITY_TOKEN_MONITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_SECURITY_TOKEN_MONITOR_ERROR (sc_security_token_monitor_error_quark ())
+typedef struct _ScSecurityTokenMonitor ScSecurityTokenMonitor;
+typedef struct _ScSecurityTokenMonitorClass ScSecurityTokenMonitorClass;
+typedef struct _ScSecurityTokenMonitorPrivate ScSecurityTokenMonitorPrivate;
+typedef enum _ScSecurityTokenMonitorError ScSecurityTokenMonitorError;
+
+struct _ScSecurityTokenMonitor {
+ GObject parent;
+
+ /*< private > */
+ ScSecurityTokenMonitorPrivate *priv;
+};
+
+struct _ScSecurityTokenMonitorClass {
+ GObjectClass parent_class;
+
+ /* Signals */
+ void (*security_token_inserted) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*security_token_removed) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*error) (ScSecurityTokenMonitor *monitor,
+ GError *error);
+};
+
+enum _ScSecurityTokenMonitorError {
+ SC_SECURITY_TOKEN_MONITOR_ERROR_GENERIC = 0,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WITH_NSS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_LOADING_DRIVER,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WATCHING_FOR_EVENTS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_REPORTING_EVENTS
+};
+
+GType sc_security_token_monitor_get_type (void) G_GNUC_CONST;
+GQuark sc_security_token_monitor_error_quark (void) G_GNUC_CONST;
+
+ScSecurityTokenMonitor *sc_security_token_monitor_new (const gchar *module);
+
+gboolean sc_security_token_monitor_start (ScSecurityTokenMonitor *monitor,
+ GError **error);
+
+void sc_security_token_monitor_stop (ScSecurityTokenMonitor *monitor);
+
+gchar *sc_security_token_monitor_get_module_path (ScSecurityTokenMonitor *monitor);
+gboolean sc_security_token_monitor_login_token_is_inserted (ScSecurityTokenMonitor *monitor);
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_MONITOR_H */
--- gnome-screensaver-2.17.2/src/cut-n-paste/Makefile.am.securitytoken 2005-04-14 15:59:44.000000000 -0400
+++ gnome-screensaver-2.17.2/src/cut-n-paste/Makefile.am 2006-11-12 01:35:06.000000000 -0500
@@ -10,7 +10,18 @@
Makefile.in
noinst_LIBRARIES = \
- libfast-user-switch.a
+ libfast-user-switch.a \
+ libsecuritytoken.a
+
+libsecuritytoken_a_SOURCES = \
+ securitytoken.h \
+ securitytoken.c \
+ securitytokenmonitor.h \
+ securitytokenmonitor.c
+
+libsecuritytoken_a_CFLAGS = $(SECURITY_TOKEN_CFLAGS) \
+ -DLIBDIR=\""$(libdir)"\" \
+ -DSYSCONFDIR=\""$(sysconfdir)"\"
libfast_user_switch_a_CPPFLAGS = \
-DDATADIR=\""$(datadir)"\" \
--- /dev/null 2006-11-10 18:53:02.400788152 -0500
+++ gnome-screensaver-2.17.2/src/cut-n-paste/securitytokenmonitor.c 2006-11-12 01:35:06.000000000 -0500
@@ -0,0 +1,1743 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
+ *
+ * Copyright (C) 2006 Ray Strode <rstrode at redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * TODO: - doing this per project is a bad idea i think.
+ * We should probably make this a system service
+ * and use dbus.
+ */
+#define _GNU_SOURCE
+#include "securitytokenmonitor.h"
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+#include "securitytoken.h"
+
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <poll.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/resource.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <glib.h>
+#include <glib/gi18n.h>
+
+#include <prerror.h>
+#include <nss.h>
+#include <pk11func.h>
+#include <secmod.h>
+#include <secerr.h>
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_DRIVER
+#define SC_SECURITY_TOKEN_MONITOR_DRIVER LIBDIR"/pkcs11/libcoolkeypk11.so"
+#endif
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_NSS_DB
+#define SC_SECURITY_TOKEN_MONITOR_NSS_DB SYSCONFDIR"/pki/nssdb"
+#endif
+
+#ifndef SC_MAX_OPEN_FILE_DESCRIPTORS
+#define SC_MAX_OPEN_FILE_DESCRIPTORS 1024
+#endif
+
+#ifndef SC_OPEN_FILE_DESCRIPTORS_DIR
+#define SC_OPEN_FILE_DESCRIPTORS_DIR "/proc/self/fd"
+#endif
+
+#ifndef sc_debug
+#if defined (SC_SECURITY_TOKEN_MONITOR_ENABLE_TEST)
+#define sc_debug(fmt, args...) g_printerr("[%u] " fmt " \n", getpid(), ##args)
+#else
+#define sc_debug(fmt, args...)
+#endif
+#endif
+
+typedef enum _ScSecurityTokenMonitorState ScSecurityTokenMonitorState;
[...2523 lines suppressed...]
+{
+ if (gs_monitor_should_lock_on_login_security_token_removal () &&
+ sc_security_token_is_login_token (token))
+ gs_monitor_lock_screen (monitor);
+
+ /* If we're already locked and the lock dialog is up, kill it.
+ */
+ gs_manager_cancel_unlock_request (monitor->priv->manager);
+}
+
static gboolean
watcher_idle_cb (GSWatcher *watcher,
gboolean is_idle,
@@ -210,37 +247,6 @@
}
static void
-gs_monitor_lock_screen (GSMonitor *monitor)
-{
- gboolean res;
- gboolean locked;
-
- /* set lock flag before trying to activate screensaver
- in case something tries to react to the ActiveChanged signal */
-
- gs_manager_get_lock_active (monitor->priv->manager, &locked);
- gs_manager_set_lock_active (monitor->priv->manager, TRUE);
- res = gs_listener_set_active (monitor->priv->listener, TRUE);
- if (! res) {
- /* If we've failed then restore lock status */
- gs_manager_set_lock_active (monitor->priv->manager, locked);
- gs_debug ("Unable to lock the screen");
- }
-}
-
-static void
-gs_monitor_simulate_user_activity (GSMonitor *monitor)
-{
- /* in case the screen isn't blanked reset the
- idle watcher */
- gs_watcher_reset (monitor->priv->watcher);
-
- /* request that the manager unlock -
- will pop up a dialog if necessary */
- gs_manager_request_unlock (monitor->priv->manager);
-}
-
-static void
listener_lock_cb (GSListener *listener,
GSMonitor *monitor)
{
@@ -424,6 +430,27 @@
}
static void
+disconnect_security_token_monitor_signals (GSMonitor *monitor)
+{
+ g_signal_handlers_disconnect_by_func (monitor->priv->security_token_monitor,
+ security_token_removed_cb, monitor);
+
+ g_signal_handlers_disconnect_by_func (monitor->priv->security_token_monitor,
+ security_token_inserted_cb, monitor);
+}
+
+static void
+connect_security_token_monitor_signals (GSMonitor *monitor)
+{
+ g_signal_connect (monitor->priv->security_token_monitor,
+ "security-token-removed",
+ G_CALLBACK (security_token_removed_cb), monitor);
+ g_signal_connect (monitor->priv->security_token_monitor,
+ "security-token-inserted",
+ G_CALLBACK (security_token_inserted_cb), monitor);
+}
+
+static void
disconnect_prefs_signals (GSMonitor *monitor)
{
g_signal_handlers_disconnect_by_func (monitor->priv->prefs, _gs_monitor_update_from_prefs, monitor);
@@ -457,6 +484,26 @@
monitor->priv->manager = gs_manager_new ();
connect_manager_signals (monitor);
+ /* PKCS11_LOGIN_TOKEN_NAME is set if the user logged in with a
+ * security token.
+ */
+ if (g_getenv ("PKCS11_LOGIN_TOKEN_NAME") != NULL) {
+ monitor->priv->security_token_monitor = sc_security_token_monitor_new (NULL);
+ sc_security_token_monitor_start (monitor->priv->security_token_monitor,
+ NULL);
+ connect_security_token_monitor_signals (monitor);
+
+ /* if the user logged in with a security token but it's
+ * not currently inserted, then they must have yanked it
+ * before we started. lock the screen immediately
+ */
+ if (gs_monitor_should_lock_on_login_security_token_removal () &&
+ !sc_security_token_monitor_login_token_is_inserted (monitor->priv->security_token_monitor))
+ gs_monitor_lock_screen (monitor);
+ } else {
+ monitor->priv->security_token_monitor = NULL;
+ }
+
_gs_monitor_update_from_prefs (monitor, monitor->priv->prefs);
}
@@ -472,6 +519,12 @@
g_return_if_fail (monitor->priv != NULL);
+ if (monitor->priv->security_token_monitor != NULL) {
+ sc_security_token_monitor_stop (monitor->priv->security_token_monitor);
+ disconnect_security_token_monitor_signals (monitor);
+ g_object_unref (monitor->priv->security_token_monitor);
+ }
+
disconnect_watcher_signals (monitor);
disconnect_listener_signals (monitor);
disconnect_manager_signals (monitor);
@@ -509,3 +562,34 @@
return TRUE;
}
+
+static void
+gs_monitor_simulate_user_activity (GSMonitor *monitor)
+{
+ /* in case the screen isn't blanked reset the
+ idle watcher */
+ gs_watcher_reset (monitor->priv->watcher);
+
+ /* request that the manager unlock -
+ will pop up a dialog if necessary */
+ gs_manager_request_unlock (monitor->priv->manager);
+}
+
+static void
+gs_monitor_lock_screen (GSMonitor *monitor)
+{
+ gboolean res;
+ gboolean locked;
+
+ /* set lock flag before trying to activate screensaver
+ in case something tries to react to the ActiveChanged signal */
+
+ gs_manager_get_lock_active (monitor->priv->manager, &locked);
+ gs_manager_set_lock_active (monitor->priv->manager, TRUE);
+ res = gs_listener_set_active (monitor->priv->listener, TRUE);
+ if (! res) {
+ /* If we've failed then restore lock status */
+ gs_manager_set_lock_active (monitor->priv->manager, locked);
+ gs_debug ("Unable to lock the screen");
+ }
+}
--- gnome-screensaver-2.17.2/configure.ac.securitytoken 2006-10-29 22:44:15.000000000 -0500
+++ gnome-screensaver-2.17.2/configure.ac 2006-11-12 01:35:47.000000000 -0500
@@ -44,6 +44,7 @@
LIBEXIF_REQUIRED_VERSION=0.6.12
GLIB_REQUIRED_VERSION=2.7.0
LIBGNOMEKBDUI_REQUIRED_VERSION=0.1
+NSS_REQUIRED_VERSION=3.11.2
AC_CHECK_HEADERS(unistd.h)
AC_CHECK_HEADERS(crypt.h sys/select.h)
@@ -57,7 +58,8 @@
gtk+-2.0 >= $GTK_REQUIRED_VERSION
dbus-glib-1 >= $DBUS_REQUIRED_VERSION
gconf-2.0 >= $GCONF_REQUIRED_VERSION
- libgnome-menu >= $LIBGNOME_MENU_REQUIRED_VERSION)
+ libgnome-menu >= $LIBGNOME_MENU_REQUIRED_VERSION
+ nss >= $NSS_REQUIRED_VERSION)
AC_SUBST(GNOME_SCREENSAVER_CFLAGS)
AC_SUBST(GNOME_SCREENSAVER_LIBS)
@@ -92,8 +94,6 @@
AM_GCONF_SOURCE_2
-GNOME_COMPILE_WARNINGS(yes)
-
# Solaris requires libresolv for daemon()
case "$host" in
*-*-solaris*)
@@ -236,6 +236,16 @@
AM_CONDITIONAL(HAVE_USER_SWITCHING, test x$enable_user_switching = xyes)
AC_SUBST(HAVE_USER_SWITCHING)
+
+# security token support
+PKG_CHECK_MODULES(SECURITY_TOKEN,
+ gobject-2.0 >= $GLIB_REQUIRED_VERSION
+ nss >= $NSS_REQUIRED_VERSION)
+AC_SUBST(SECURITY_TOKEN_CFLAGS)
+AC_SUBST(SECURITY_TOKEN_LIBS)
+
+
+
dnl ---------------------------------------------------------------------------
dnl - Where should we put documentation ?
dnl ---------------------------------------------------------------------------
Index: gnome-screensaver.spec
===================================================================
RCS file: /cvs/dist/rpms/gnome-screensaver/devel/gnome-screensaver.spec,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- gnome-screensaver.spec 12 Nov 2006 06:25:47 -0000 1.123
+++ gnome-screensaver.spec 12 Nov 2006 06:38:07 -0000 1.124
@@ -20,8 +20,8 @@
Source1: gnome-screensaver-hide-xscreensaver.menu
Patch1: gnome-screensaver-2.15.4-default-theme.patch
-Patch2: gnome-screensaver-2.17.1-better-pam-integration.patch
-Patch3: gnome-screensaver-2.16.0-securitytoken.patch
+Patch2: gnome-screensaver-2.17.2-better-pam-integration.patch
+Patch3: gnome-screensaver-2.17.2-securitytoken.patch
BuildRoot: %{_tmppath}/%{name}-root
URL: http://www.gnome.org
--- gnome-screensaver-2.16.0-securitytoken.patch DELETED ---
--- gnome-screensaver-2.17.1-better-pam-integration.patch DELETED ---
- Previous message (by thread): rpms/gnome-screensaver/devel gnome-screensaver-2.17.1-better-pam-integration.patch, 1.2, 1.3 gnome-screensaver.spec, 1.122, 1.123 gnome-screensaver-2.16.0-better-pam-integration.patch, 1.2, NONE
- Next message (by thread): rpms/gnome-screensaver/devel gnome-screensaver-2.17.2-better-pam-integration.patch, 1.1, 1.2 gnome-screensaver.spec, 1.124, 1.125
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list