rpms/gnome-screensaver/devel gnome-screensaver-2.16.0-securitytoken.patch, 1.7, 1.8 gnome-screensaver.spec, 1.113, 1.114
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Oct 15 03:42:31 UTC 2006
- Previous message (by thread): rpms/kernel/devel patch-2.6.19-rc2.bz2.sign, NONE, 1.1 .cvsignore, 1.535, 1.536 sources, 1.498, 1.499
- Next message (by thread): rpms/gdm/devel gdm-2.16.0-security-tokens.patch, 1.7, 1.8 gdm.spec, 1.206, 1.207
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rstrode
Update of /cvs/dist/rpms/gnome-screensaver/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13301
Modified Files:
gnome-screensaver-2.16.0-securitytoken.patch
gnome-screensaver.spec
Log Message:
- have security token monitor helper process kill itself when
the communication pipe to the main process goes away (bug
210677).
gnome-screensaver-2.16.0-securitytoken.patch:
configure.ac | 16
src/Makefile.am | 1
src/cut-n-paste/Makefile.am | 13
src/cut-n-paste/securitytoken.c | 680 +++++++++++++
src/cut-n-paste/securitytoken.h | 94 +
src/cut-n-paste/securitytokenmonitor.c | 1702 +++++++++++++++++++++++++++++++++
src/cut-n-paste/securitytokenmonitor.h | 84 +
src/gs-auth-pam.c | 7
src/gs-monitor.c | 128 +-
src/gs-window-x11.c | 1
10 files changed, 2691 insertions(+), 35 deletions(-)
Index: gnome-screensaver-2.16.0-securitytoken.patch
===================================================================
RCS file: /cvs/dist/rpms/gnome-screensaver/devel/gnome-screensaver-2.16.0-securitytoken.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- gnome-screensaver-2.16.0-securitytoken.patch 6 Oct 2006 00:50:37 -0000 1.7
+++ gnome-screensaver-2.16.0-securitytoken.patch 15 Oct 2006 03:42:28 -0000 1.8
@@ -1,5 +1,5 @@
--- gnome-screensaver-2.16.0/src/gs-monitor.c.securitytoken 2006-08-04 15:36:03.000000000 -0400
-+++ gnome-screensaver-2.16.0/src/gs-monitor.c 2006-10-05 20:47:48.000000000 -0400
++++ gnome-screensaver-2.16.0/src/gs-monitor.c 2006-10-14 23:39:44.000000000 -0400
@@ -41,10 +41,15 @@
#include "gs-prefs.h"
#include "gs-debug.h"
@@ -186,7 +186,7 @@
+ }
+}
--- gnome-screensaver-2.16.0/src/Makefile.am.securitytoken 2006-08-03 09:53:14.000000000 -0400
-+++ gnome-screensaver-2.16.0/src/Makefile.am 2006-10-05 20:47:48.000000000 -0400
++++ gnome-screensaver-2.16.0/src/Makefile.am 2006-10-14 23:39:44.000000000 -0400
@@ -211,6 +211,7 @@
gnome_screensaver_LDADD = \
$(SAVER_LIBS) \
@@ -195,9 +195,9 @@
$(NULL)
gnome_screensaver_LDFLAGS = -export-dynamic
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytokenmonitor.c 2006-10-05 20:48:42.000000000 -0400
-@@ -0,0 +1,1619 @@
+--- /dev/null 2006-10-14 14:17:12.965213599 -0400
++++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytokenmonitor.c 2006-10-14 23:40:12.000000000 -0400
+@@ -0,0 +1,1702 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
+ *
@@ -222,6 +222,7 @@
+ * We should probably make this a system service
+ * and use dbus.
+ */
++#define _GNU_SOURCE
+#include "securitytokenmonitor.h"
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
@@ -231,6 +232,7 @@
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
++#include <poll.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
@@ -304,7 +306,7 @@
+struct _ScSecurityTokenMonitorWorker {
+ SECMODModule *module;
+ GHashTable *security_tokens;
-+ gint output_fd;
++ gint write_fd;
+
+ guint32 nss_is_loaded : 1;
+};
@@ -332,10 +334,10 @@
+static gboolean sc_security_token_monitor_create_worker (ScSecurityTokenMonitor *monitor,
+ gint *worker_fd, GPid *worker_pid);
+
-+static ScSecurityTokenMonitorWorker * sc_security_token_monitor_worker_new (gint output_fd);
++static ScSecurityTokenMonitorWorker * sc_security_token_monitor_worker_new (gint write_fd);
+static void sc_security_token_monitor_worker_free (ScSecurityTokenMonitorWorker *worker);
-+
-+static gboolean sc_open_pipe (gint *input_fd, gint *output_fd);
++static void sc_security_token_monitor_worker_die_with_parent (ScSecurityTokenMonitorWorker *worker);
++static gboolean sc_open_pipe (gint *write_fd, gint *read_fd);
+static gboolean sc_read_bytes (gint fd, gpointer bytes, gsize num_bytes);
+static gboolean sc_write_bytes (gint fd, gconstpointer bytes, gsize num_bytes);
+static ScSecurityToken *sc_read_security_token (gint fd, SECMODModule *module);
@@ -757,19 +759,19 @@
+{
+ pid_t child_pid;
+ GPid grandchild_pid;
-+ gint input_fd, output_fd;
++ gint write_fd, read_fd;
+ gint saved_errno;
+
-+ input_fd = -1;
-+ output_fd = -1;
-+ if (!sc_open_pipe (&input_fd, &output_fd))
++ write_fd = -1;
++ read_fd = -1;
++ if (!sc_open_pipe (&write_fd, &read_fd))
+ return (GPid) -1;
+
+ child_pid = fork ();
+
+ if (child_pid < 0) {
-+ close (input_fd);
-+ close (output_fd);
++ close (write_fd);
++ close (read_fd);
+ return (GPid) child_pid;
+ }
+
@@ -777,7 +779,7 @@
+
+ /* close the end of the pipe we're not going to use
+ */
-+ close (output_fd);
++ close (read_fd);
+
+ /* fork again
+ */
@@ -788,8 +790,8 @@
+ if (child_pid < 0) {
+ child_pid = -1 * errno;
+
-+ sc_write_bytes (input_fd, &child_pid, sizeof (child_pid));
-+ close (input_fd);
++ sc_write_bytes (write_fd, &child_pid, sizeof (child_pid));
++ close (write_fd);
+ _exit (1);
+ }
+
@@ -799,14 +801,14 @@
+
+ signal (SIGPIPE, SIG_IGN);
+
-+ if (!sc_write_bytes (input_fd, &child_pid, sizeof (child_pid))) {
++ if (!sc_write_bytes (write_fd, &child_pid, sizeof (child_pid))) {
+ kill (SIGKILL, child_pid);
+ _exit (2);
+ }
-+ close (input_fd);
++ close (write_fd);
+ _exit (0);
+ }
-+ close (input_fd);
++ close (write_fd);
+
+ /* we're done, we've forked without having to worry about
+ * reaping the child later
@@ -817,10 +819,10 @@
+
+ /* close the end of the pipe we're not going to use
+ */
-+ close (input_fd);
++ close (write_fd);
+
+ grandchild_pid = -1;
-+ if (!sc_read_bytes (output_fd, &grandchild_pid, sizeof (grandchild_pid))) {
++ if (!sc_read_bytes (read_fd, &grandchild_pid, sizeof (grandchild_pid))) {
+ grandchild_pid = -1;
+ }
+
@@ -828,7 +830,7 @@
+
+ /* close the other end of the pipe since we're done with it
+ */
-+ close (output_fd);
++ close (read_fd);
+
+ /* wait for child to die (and emancipate the grandchild)
+ */
@@ -839,13 +841,13 @@
+}
+
+static gboolean
-+sc_open_pipe (gint *input_fd,
-+ gint *output_fd)
++sc_open_pipe (gint *write_fd,
++ gint *read_fd)
+{
+ gint pipe_fds[2] = { -1, -1 };
+
-+ g_assert (input_fd != NULL);
-+ g_assert (output_fd != NULL);
++ g_assert (write_fd != NULL);
++ g_assert (read_fd != NULL);
+
+ if (pipe (pipe_fds) < 0)
+ return FALSE;
@@ -862,8 +864,8 @@
+ return FALSE;
+ }
+
-+ *output_fd = pipe_fds[0];
-+ *input_fd = pipe_fds[1];
++ *read_fd = pipe_fds[0];
++ *write_fd = pipe_fds[1];
+
+ return TRUE;
+}
@@ -1332,12 +1334,12 @@
+}
+
+static ScSecurityTokenMonitorWorker *
-+sc_security_token_monitor_worker_new (gint output_fd)
++sc_security_token_monitor_worker_new (gint write_fd)
+{
+ ScSecurityTokenMonitorWorker *worker;
+
+ worker = g_slice_new0 (ScSecurityTokenMonitorWorker);
-+ worker->output_fd = output_fd;
++ worker->write_fd = write_fd;
+ worker->module = NULL;
+
+ worker->security_tokens =
@@ -1360,6 +1362,82 @@
+ g_slice_free (ScSecurityTokenMonitorWorker, worker);
+}
+
++/* This function checks to see if the helper's connection to the
++ * parent process has been closed. If it has, we assume the
++ * parent has died (or is otherwise done with the connection)
++ * and so we die, too. We do this from a signal handler (yuck!)
++ * because there isn't a nice way to cancel the
++ * SECMOD_WaitForAnyTokenEvent call, which just sits and blocks
++ * indefinitely. There is a SECMOD_CancelWait wait function
++ * that we could call if we would have gone multithreaded like
++ * NSS really wants us to do, but that call isn't signal handler
++ * safe, so we just _exit() instead (eww).
++ */
++static void
++worker_io_signal_handler (int signal_number,
++ siginfo_t *signal_info,
++ void *data)
++{
++ int number_of_events;
++ int old_errno;
++ struct pollfd poll_fds[1] = { { 0 } };
++ int parent_fd;
++
++ old_errno = errno;
++
++ /* pipe fd set up to talk to the parent */
++ parent_fd = signal_info->si_fd;
++
++ /* We only care about disconnection events
++ * (which get unmasked implicitly), so we just
++ * pass 0 for the event mask
++ */
++ poll_fds[0].events = 0;
++ poll_fds[0].fd = parent_fd;
++
++ do {
++ number_of_events = poll (poll_fds, G_N_ELEMENTS (poll_fds), 0);
++ } while ((number_of_events < 0) && (errno == EINTR));
++
++ g_assert (number_of_events <= G_N_ELEMENTS (poll_fds));
++
++ if (number_of_events < 0)
++ _exit (errno);
++
++ /* pipe disconnected; parent died
++ */
++ if (number_of_events > 0) {
++ g_assert (!(poll_fds[0].revents & POLLNVAL));
++
++ if ((poll_fds[0].revents & POLLHUP) ||
++ (poll_fds[0].revents & POLLERR)) {
++ _exit (poll_fds[0].revents);
++ }
++ }
++
++ errno = old_errno;
++}
++
++static void
++sc_security_token_monitor_worker_die_with_parent (ScSecurityTokenMonitorWorker *worker)
++{
++ struct sigaction action = { 0 };
++ gint flags;
++
++ /* dirty hack to clean up worker if parent goes away
++ */
++ sigemptyset (&action.sa_mask);
++ action.sa_sigaction = worker_io_signal_handler;
++ action.sa_flags = SA_SIGINFO;
++ sigaction (SIGIO, &action, NULL);
++
++ flags = fcntl (worker->write_fd, F_GETFL, 0);
++
++ fcntl (worker->write_fd, F_SETOWN, getpid ());
++ fcntl (worker->write_fd, F_SETFL, flags | O_ASYNC);
++ fcntl (worker->write_fd, F_SETSIG, SIGIO);
++}
++
+static gboolean
+sc_read_bytes (gint fd, gpointer bytes, gsize num_bytes)
+{
@@ -1475,10 +1553,10 @@
+{
+ sc_debug ("token '%s' removed!", sc_security_token_get_name (token));
+
-+ if (!sc_write_bytes (worker->output_fd, "R", 1))
++ if (!sc_write_bytes (worker->write_fd, "R", 1))
+ goto error_out;
+
-+ if (!sc_write_security_token (worker->output_fd, token))
++ if (!sc_write_security_token (worker->write_fd, token))
+ goto error_out;
+
+ return TRUE;
@@ -1499,10 +1577,10 @@
+
+ write_error = NULL;
+ sc_debug ("token '%s' inserted!", sc_security_token_get_name (token));
-+ if (!sc_write_bytes (worker->output_fd, "I", 1))
++ if (!sc_write_bytes (worker->write_fd, "I", 1))
+ goto error_out;
+
-+ if (!sc_write_security_token (worker->output_fd, token))
++ if (!sc_write_security_token (worker->write_fd, token))
+ goto error_out;
+
+ return TRUE;
@@ -1650,11 +1728,11 @@
+ gint *worker_fd, GPid *worker_pid)
+{
+ GPid child_pid;
-+ gint input_fd, output_fd;
++ gint write_fd, read_fd;
+
-+ input_fd = -1;
-+ output_fd = -1;
-+ if (!sc_open_pipe (&input_fd, &output_fd))
++ write_fd = -1;
++ read_fd = -1;
++ if (!sc_open_pipe (&write_fd, &read_fd))
+ return FALSE;
+
+ child_pid = sc_fork_and_disown ();
@@ -1676,9 +1754,9 @@
+
+ NSS_Shutdown ();
+
-+ fds_to_keep_open[0] = input_fd;
++ fds_to_keep_open[0] = write_fd;
+ sc_close_open_fds (fds_to_keep_open);
-+ output_fd = -1;
++ read_fd = -1;
+
+ if (!sc_load_nss (&error)) {
+ sc_debug ("could not load nss - %s", error->message);
@@ -1686,6 +1764,7 @@
+ _exit (1);
+ }
+#else
++ g_array_append_val (monitor->priv->fds_to_close_on_fork, read_fd);
+ /* Junky workaround to keep from leaking fds
+ */
+ sc_close_fds ((gint *) monitor->priv->fds_to_close_on_fork->data,
@@ -1693,7 +1772,9 @@
+#endif
+ error = NULL;
+
-+ worker = sc_security_token_monitor_worker_new (input_fd);
++ worker = sc_security_token_monitor_worker_new (write_fd);
++
++ sc_security_token_monitor_worker_die_with_parent (worker);
+
+ worker->module = sc_load_driver (monitor->priv->module_path, &error);
+
@@ -1710,17 +1791,18 @@
+
+ _exit (0);
+ }
-+ close (input_fd);
++
++ close (write_fd);
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_DRIVER_CAN_BE_RELOADED_AFTER_BEING_DESTROYED
-+ g_array_append_val (monitor->priv->fds_to_close_on_fork, output_fd);
++ g_array_append_val (monitor->priv->fds_to_close_on_fork, read_fd);
+#endif
+
+ if (worker_pid)
+ *worker_pid = child_pid;
+
+ if (worker_fd)
-+ *worker_fd = output_fd;
++ *worker_fd = read_fd;
+
+ return TRUE;
+}
@@ -1731,7 +1813,8 @@
+static GMainLoop *event_loop;
+static gboolean should_exit_on_next_remove = FALSE;
+
-+static gboolean on_timeout (ScSecurityTokenMonitor *monitor)
++static gboolean
++on_timeout (ScSecurityTokenMonitor *monitor)
+{
+ GError *error;
+ g_print ("Re-enabling monitor.\n");
@@ -1817,8 +1900,8 @@
+ return 0;
+}
+#endif
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytoken.c 2006-10-05 20:48:42.000000000 -0400
+--- /dev/null 2006-10-14 14:17:12.965213599 -0400
++++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytoken.c 2006-10-14 23:39:44.000000000 -0400
@@ -0,0 +1,680 @@
+/* securitytoken.c - security token
+ *
@@ -2500,8 +2583,8 @@
+ return 0;
+}
+#endif
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytoken.h 2006-10-05 20:48:42.000000000 -0400
+--- /dev/null 2006-10-14 14:17:12.965213599 -0400
++++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytoken.h 2006-10-14 23:39:44.000000000 -0400
@@ -0,0 +1,94 @@
+/* securitytoken.h - api for reading and writing data to a security token
+ *
@@ -2597,8 +2680,8 @@
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_H */
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytokenmonitor.h 2006-10-05 20:48:42.000000000 -0400
+--- /dev/null 2006-10-14 14:17:12.965213599 -0400
++++ gnome-screensaver-2.16.0/src/cut-n-paste/securitytokenmonitor.h 2006-10-14 23:39:44.000000000 -0400
@@ -0,0 +1,84 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
@@ -2685,7 +2768,7 @@
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_MONITOR_H */
--- gnome-screensaver-2.16.0/src/cut-n-paste/Makefile.am.securitytoken 2005-04-14 15:59:44.000000000 -0400
-+++ gnome-screensaver-2.16.0/src/cut-n-paste/Makefile.am 2006-10-05 20:47:48.000000000 -0400
++++ gnome-screensaver-2.16.0/src/cut-n-paste/Makefile.am 2006-10-14 23:39:44.000000000 -0400
@@ -10,7 +10,18 @@
Makefile.in
@@ -2707,7 +2790,7 @@
libfast_user_switch_a_CPPFLAGS = \
-DDATADIR=\""$(datadir)"\" \
--- gnome-screensaver-2.16.0/src/gs-auth-pam.c.securitytoken 2006-06-08 16:23:40.000000000 -0400
-+++ gnome-screensaver-2.16.0/src/gs-auth-pam.c 2006-10-05 20:47:48.000000000 -0400
++++ gnome-screensaver-2.16.0/src/gs-auth-pam.c 2006-10-14 23:39:44.000000000 -0400
@@ -207,6 +207,13 @@
reply [replies].resp_retcode = PAM_INCOMPLETE;
}
@@ -2723,7 +2806,7 @@
*resp = reply;
--- gnome-screensaver-2.16.0/src/gs-window-x11.c.securitytoken 2006-08-04 15:20:11.000000000 -0400
-+++ gnome-screensaver-2.16.0/src/gs-window-x11.c 2006-10-05 20:47:48.000000000 -0400
++++ gnome-screensaver-2.16.0/src/gs-window-x11.c 2006-10-14 23:39:44.000000000 -0400
@@ -680,6 +680,7 @@
"XAUTHLOCALHOSTNAME",
"KRB5CCNAME",
@@ -2733,7 +2816,7 @@
"LANGUAGE",
"RUNNING_UNDER_GDM",
--- gnome-screensaver-2.16.0/configure.ac.securitytoken 2006-08-21 19:00:04.000000000 -0400
-+++ gnome-screensaver-2.16.0/configure.ac 2006-10-05 20:47:48.000000000 -0400
++++ gnome-screensaver-2.16.0/configure.ac 2006-10-14 23:39:44.000000000 -0400
@@ -43,6 +43,7 @@
LIBGNOME_MENU_REQUIRED_VERSION=2.11.1
LIBEXIF_REQUIRED_VERSION=0.6.12
Index: gnome-screensaver.spec
===================================================================
RCS file: /cvs/dist/rpms/gnome-screensaver/devel/gnome-screensaver.spec,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- gnome-screensaver.spec 6 Oct 2006 00:50:37 -0000 1.113
+++ gnome-screensaver.spec 15 Oct 2006 03:42:28 -0000 1.114
@@ -13,7 +13,7 @@
Summary: GNOME Screensaver
Name: gnome-screensaver
Version: 2.16.0
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPL
Group: Amusements/Graphics
Source0: %{name}-%{version}.tar.bz2
@@ -124,6 +124,11 @@
%{_sysconfdir}/pam.d/*
%changelog
+* Sat Oct 14 2006 Ray Strode <rstrode at redhat.com> - 2.16.0-11.fc6
+- have security token monitor helper process kill itself when
+ the communication pipe to the main process goes away (bug
+ 210677).
+
* Thu Oct 05 2006 Ray Strode <rstrode at redhat.com> - 2.16.0-10.fc6
- report token events from helper process using token name instead
of slot id and slot series number, since slot id and slot series
- Previous message (by thread): rpms/kernel/devel patch-2.6.19-rc2.bz2.sign, NONE, 1.1 .cvsignore, 1.535, 1.536 sources, 1.498, 1.499
- Next message (by thread): rpms/gdm/devel gdm-2.16.0-security-tokens.patch, 1.7, 1.8 gdm.spec, 1.206, 1.207
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list