rpms/gdm/FC-6 gdm-2.16.0-wtmp.patch, NONE, 1.1 gdm-2.16.0-security-tokens.patch, 1.7, 1.8 gdm.spec, 1.206, 1.207 gdm-2.15.6-wtmp.patch, 1.2, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Oct 16 18:32:31 UTC 2006
- Previous message (by thread): rpms/lvm2/devel LVM2.2.02.12.tgz.asc, NONE, 1.1 .cvsignore, 1.37, 1.38 lvm2.spec, 1.82, 1.83 sources, 1.38, 1.39 upstream, 1.30, 1.31
- Next message (by thread): rpms/gdm/FC-6 gdm.spec,1.207,1.208
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rstrode
Update of /cvs/dist/rpms/gdm/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv5264
Modified Files:
gdm-2.16.0-security-tokens.patch gdm.spec
Added Files:
gdm-2.16.0-wtmp.patch
Removed Files:
gdm-2.15.6-wtmp.patch
Log Message:
- backport fixes from rawhide
gdm-2.16.0-wtmp.patch:
config/PostSession.in | 4 -
config/PreSession.in | 13 ----
daemon/slave.c | 21 +++++++
daemon/verify-pam.c | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++
daemon/verify.h | 13 ++++
5 files changed, 167 insertions(+), 18 deletions(-)
--- NEW FILE gdm-2.16.0-wtmp.patch ---
--- gdm-2.16.0/config/PostSession.in.wtmp 2006-10-15 20:09:47.000000000 -0400
+++ gdm-2.16.0/config/PostSession.in 2006-10-15 20:10:00.000000000 -0400
@@ -19,8 +19,4 @@ gdmwhich () {
echo "$OUTPUT"
}
-SESSREG=`gdmwhich sessreg`
-if [ "x$SESSREG" != "x" ] ; then
- "$SESSREG" -d -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS" -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
-fi
exit 0
--- gdm-2.16.0/config/PreSession.in.wtmp 2006-04-26 21:06:05.000000000 -0400
+++ gdm-2.16.0/config/PreSession.in 2006-10-15 20:05:45.000000000 -0400
@@ -68,17 +68,4 @@ if [ "x$XSETROOT" != "x" ] ; then
"$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
fi
-
-SESSREG=`gdmwhich sessreg`
-if [ "x$SESSREG" != "x" ] ; then
- # some output for easy debugging
- echo "$0: Registering your session with wtmp and utmp"
- echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x \"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""
-
- exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS" -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
- # this is not reached
-fi
-
-# some output for easy debugging
-echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
exit 0
--- gdm-2.16.0/daemon/slave.c.wtmp 2006-10-15 20:05:45.000000000 -0400
+++ gdm-2.16.0/daemon/slave.c 2006-10-15 20:05:45.000000000 -0400
@@ -4315,6 +4315,14 @@ gdm_slave_session_start (void)
g_free (language);
g_free (gnome_session);
+ gdm_verify_write_record (d,
+ GDM_VERIFY_RECORD_TYPE_LOGIN,
+ pwent->pw_name,
+ d->name,
+ !d->attached? d->hostname : NULL,
+ pid);
+
+
gdm_slave_send_num (GDM_SOP_SESSPID, pid);
gdm_sigchld_block_push ();
@@ -4363,6 +4371,17 @@ gdm_slave_session_start (void)
uid, gid);
}
+ if ((pid != 0) && (d->last_sess_status != -1)) {
+ gdm_debug ("session '%d' exited with status '%d', recording logout",
+ pid, d->last_sess_status);
+ gdm_verify_write_record (d,
+ GDM_VERIFY_RECORD_TYPE_LOGOUT,
+ pwent->pw_name,
+ d->name,
+ !d->attached? d->hostname : NULL,
+ pid);
+ }
+
gdm_slave_session_stop (pid != 0 /* run_post_session */,
FALSE /* no_shutdown_check */);
@@ -4721,7 +4740,7 @@ gdm_slave_child_handler (int sig)
}
} else if (pid != 0 && pid == d->sesspid) {
d->sesspid = 0;
- if (WIFEXITED (status))
+ if (WIFEXITED (status))
d->last_sess_status = WEXITSTATUS (status);
else
d->last_sess_status = -1;
--- gdm-2.16.0/daemon/verify.h.wtmp 2005-11-03 19:51:21.000000000 -0500
+++ gdm-2.16.0/daemon/verify.h 2006-10-15 20:05:45.000000000 -0400
@@ -21,6 +21,12 @@
#include "gdm.h"
+typedef enum {
+ GDM_VERIFY_RECORD_TYPE_LOGIN,
+ GDM_VERIFY_RECORD_TYPE_LOGOUT,
+ GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT
+} GdmVerifyRecordType;
+
/* If username is NULL, we ask, if local is FALSE, don't start
* the timed login timer */
gchar *gdm_verify_user (GdmDisplay *d,
@@ -30,6 +36,13 @@ gchar *gdm_verify_user (GdmDisplay *d
void gdm_verify_cleanup (GdmDisplay *d);
void gdm_verify_check (void);
void gdm_verify_select_user (const char *user);
+void gdm_verify_write_record (GdmDisplay *d,
+ GdmVerifyRecordType record_type,
+ const gchar *username,
+ const gchar *console_name,
+ const gchar *host_name,
+ GPid pid);
+
/* used in pam */
gboolean gdm_verify_setup_env (GdmDisplay *d);
gboolean gdm_verify_setup_user (GdmDisplay *d,
--- gdm-2.16.0/daemon/verify-pam.c.wtmp 2006-10-15 20:05:45.000000000 -0400
+++ gdm-2.16.0/daemon/verify-pam.c 2006-10-15 20:08:48.000000000 -0400
@@ -29,6 +29,7 @@
#ifdef sun
#include <fcntl.h>
#endif
+#include <utmp.h>
#include <glib/gi18n.h>
@@ -55,6 +56,14 @@
#define log_to_audit_system(l,h,d,s) do { ; } while (0)
#endif
+#ifndef GDM_BAD_RECORDS_FILE
+#define GDM_BAD_RECORDS_FILE "/var/log/btmp"
+#endif
+
+#ifndef GDM_NEW_RECORDS_FILE
+#define GDM_NEW_RECORDS_FILE "/var/log/wtmp"
+#endif
+
/* Evil, but this way these things are passed to the child session */
static pam_handle_t *pamh = NULL;
@@ -417,6 +426,125 @@ gdm_verify_select_user (const char *user
selected_user = g_strdup (user);
}
+void
+gdm_verify_write_record (GdmDisplay *d,
+ GdmVerifyRecordType record_type,
+ const gchar *username,
+ const gchar *console_name,
+ const gchar *host_name,
+ GPid pid)
+{
+ struct utmp record = { 0 };
+ GTimeVal now = { 0 };
+ gchar *host;
+
+ gdm_debug ("writing %s record",
+ record_type == GDM_VERIFY_RECORD_TYPE_LOGIN? "session" :
+ record_type == GDM_VERIFY_RECORD_TYPE_LOGOUT? "logout" :
+ "failed session attempt");
+
+ if (record_type != GDM_VERIFY_RECORD_TYPE_LOGOUT)
+ {
+ /* it's possible that PAM failed before
+ * it mapped the user input into a valid username
+ * so we fallback to try using "(unknown)"
+ */
+ if (username != NULL)
+ strncpy (record.ut_user,
+ username,
+ sizeof (record.ut_user));
+ else
+ strncpy (record.ut_user,
+ "(unknown)",
+ sizeof (record.ut_user));
+ }
+
+ gdm_debug ("using username %.*s",
+ sizeof (record.ut_user),
+ record.ut_user);
+
+ strncpy (record.ut_id,
+ console_name +
+ strlen (console_name) -
+ sizeof (record.ut_id),
+ sizeof (record.ut_id));
+
+ gdm_debug ("using id %.*s",
+ sizeof (record.ut_id),
+ record.ut_id);
+
+ if (g_str_has_prefix (console_name, "/dev/")) {
+ strncpy (record.ut_line,
+ console_name + strlen ("/dev/"),
+ sizeof (record.ut_line));
+ } else if (g_str_has_prefix (console_name, ":")) {
+ strncpy (record.ut_line,
+ console_name,
+ sizeof (record.ut_line));
+ }
+
+ gdm_debug ("using line %.*s",
+ sizeof (record.ut_line),
+ record.ut_line);
+
+ host = NULL;
+ if ((host_name != NULL) &&
+ g_str_has_prefix (console_name, ":"))
+ host = g_strdup_printf ("%s%s",
+ host_name,
+ console_name);
+ else if ((host_name != NULL) &&
+ !strstr (console_name, ":"))
+ host = g_strdup (host_name);
+ else if (!g_str_has_prefix (console_name, ":") &&
+ strstr (console_name, ":"))
+ host = g_strdup (console_name);
+
+ if (host)
+ {
+ strncpy (record.ut_host, host, sizeof (record.ut_host));
+ g_free (host);
+ gdm_debug ("using hostname %.*s",
+ sizeof (record.ut_host),
+ record.ut_host);
+ }
+
+ g_get_current_time (&now);
+ record.ut_tv.tv_sec = now.tv_sec;
+ record.ut_tv.tv_usec = now.tv_usec;
+
+ gdm_debug ("using time %ld", (glong) record.ut_tv.tv_sec);
+
+ record.ut_type = USER_PROCESS;
+ gdm_debug ("using type USER_PROCESS");
+
+ record.ut_pid = pid;
+
+ gdm_debug ("using pid %d", (gint) record.ut_pid);
+
+ switch (record_type)
+ {
+ case GDM_VERIFY_RECORD_TYPE_LOGIN:
+ gdm_debug ("writing session record to "
+ GDM_NEW_RECORDS_FILE);
+ updwtmp (GDM_NEW_RECORDS_FILE, &record);
+ break;
+
+ case GDM_VERIFY_RECORD_TYPE_LOGOUT:
+ gdm_debug ("writing logout record to "
+ GDM_NEW_RECORDS_FILE);
+ updwtmp (GDM_NEW_RECORDS_FILE, &record);
+ break;
+
+ case GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT:
+ gdm_debug ("writing failed session attempt record to "
+ GDM_BAD_RECORDS_FILE);
+ updwtmp (GDM_BAD_RECORDS_FILE, &record);
+ break;
+ }
+
+}
+
static const char *
perhaps_translate_message (const char *msg)
{
@@ -1173,6 +1301,12 @@ authenticate_again:
* message from the PAM subsystem */
if ( ! error_msg_given &&
gdm_slave_action_pending ()) {
+
+ gdm_verify_write_record (d, GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT,
+ login == NULL? tmp_PAM_USER : login, display,
+ d->attached? NULL : d->hostname,
+ getpid ());
+
/* I'm not sure yet if I should display this message for any other issues - heeten */
if (pamerr == PAM_AUTH_ERR ||
pamerr == PAM_USER_UNKNOWN) {
gdm-2.16.0-security-tokens.patch:
config/Makefile.am | 31
config/gdm.conf.in | 4
config/securitytokens.conf.in | 3
configure.ac | 3
daemon/Makefile.am | 7
daemon/gdm.c | 93 ++
daemon/securitytoken.c | 680 ++++++++++++++++
daemon/securitytoken.h | 94 ++
daemon/securitytokenmonitor.c | 1743 ++++++++++++++++++++++++++++++++++++++++++
daemon/securitytokenmonitor.h | 84 ++
10 files changed, 2737 insertions(+), 5 deletions(-)
Index: gdm-2.16.0-security-tokens.patch
===================================================================
RCS file: /cvs/dist/rpms/gdm/FC-6/gdm-2.16.0-security-tokens.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- gdm-2.16.0-security-tokens.patch 6 Oct 2006 01:31:41 -0000 1.7
+++ gdm-2.16.0-security-tokens.patch 16 Oct 2006 18:32:28 -0000 1.8
@@ -1,12 +1,12 @@
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gdm-2.16.0/config/securitytokens.conf.in 2006-10-05 21:20:32.000000000 -0400
+--- /dev/null 2006-10-15 12:02:21.415745159 -0400
++++ gdm-2.16.0/config/securitytokens.conf.in 2006-10-15 17:49:26.000000000 -0400
@@ -0,0 +1,3 @@
+[SecurityTokens]
+Enable=true
+#Driver=@libdir@/pkcs11/libcoolkeypk11.so
--- gdm-2.16.0/config/Makefile.am.security-tokens 2006-05-18 14:39:13.000000000 -0400
-+++ gdm-2.16.0/config/Makefile.am 2006-10-05 21:20:32.000000000 -0400
-@@ -34,9 +34,10 @@
++++ gdm-2.16.0/config/Makefile.am 2006-10-15 17:49:26.000000000 -0400
+@@ -34,9 +34,10 @@ EXTRA_DIST = \
XKeepsCrashing \
gettextfoo.h \
gdmprefetchlist.in \
@@ -18,7 +18,7 @@
Xsession: $(srcdir)/Xsession.in
sed -e 's,[@]XSESSION_SHELL[@],$(XSESSION_SHELL),g' \
-@@ -67,6 +68,31 @@
+@@ -67,6 +68,31 @@ gdm.conf: $(srcdir)/gdm.conf.in
-e 's,[@]sbindir[@],$(sbindir),g' \
<$(srcdir)/gdm.conf.in >gdm.conf
@@ -50,7 +50,7 @@
gettextfoo.h: XKeepsCrashing Xsession.in
cat $^ | $(srcdir)/extract-shell.sh > gettextfoo.h
-@@ -95,7 +121,7 @@
+@@ -95,7 +121,7 @@ uninstall-hook:
$(DESTDIR)$(predir)/Default \
$(DESTDIR)$(postdir)/Default
@@ -59,7 +59,7 @@
if test '!' -d $(DESTDIR)$(confdir); then \
$(mkinstalldirs) $(DESTDIR)$(confdir); \
chmod 755 $(DESTDIR)$(confdir); \
-@@ -128,6 +154,7 @@
+@@ -128,6 +154,7 @@ install-data-hook: gdm.conf gdm.conf-cus
chmod 644 $(DESTDIR)$(GDM_CUSTOM_CONF); \
fi
$(INSTALL_DATA) gdm.conf `dirname $(DESTDIR)$(GDM_DEFAULTS_CONF)`/factory-`basename $(DESTDIR)$(GDM_DEFAULTS_CONF)`
@@ -67,9 +67,9 @@
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
---- gdm-2.16.0/config/gdm.conf.in.security-tokens 2006-10-05 21:20:32.000000000 -0400
-+++ gdm-2.16.0/config/gdm.conf.in 2006-10-05 21:20:32.000000000 -0400
-@@ -199,6 +199,10 @@
+--- gdm-2.16.0/config/gdm.conf.in.security-tokens 2006-10-15 17:49:25.000000000 -0400
++++ gdm-2.16.0/config/gdm.conf.in 2006-10-15 17:49:26.000000000 -0400
+@@ -199,6 +199,10 @@ Xnest=@X_XNEST_PATH@/Xnest @X_XNEST_CONF
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
@@ -80,9 +80,9 @@
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
---- gdm-2.16.0/configure.ac.security-tokens 2006-10-05 21:20:32.000000000 -0400
-+++ gdm-2.16.0/configure.ac 2006-10-05 21:20:32.000000000 -0400
-@@ -19,6 +19,7 @@
+--- gdm-2.16.0/configure.ac.security-tokens 2006-10-15 17:49:25.000000000 -0400
++++ gdm-2.16.0/configure.ac 2006-10-15 17:49:26.000000000 -0400
+@@ -19,6 +19,7 @@ LIBRSVG_REQUIRED=1.1.1
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
@@ -90,7 +90,7 @@
dnl
dnl Let the user configure where to look for the configuration files.
-@@ -156,7 +157,7 @@
+@@ -156,7 +157,7 @@ PKG_CHECK_MODULES(VICIOUS, gtk+-2.0 >= $
AC_SUBST(VICIOUS_CFLAGS)
AC_SUBST(VICIOUS_LIBS)
@@ -99,9 +99,9 @@
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gdm-2.16.0/daemon/securitytokenmonitor.c 2006-10-05 21:25:26.000000000 -0400
-@@ -0,0 +1,1619 @@
+--- /dev/null 2006-10-15 12:02:21.415745159 -0400
++++ gdm-2.16.0/daemon/securitytokenmonitor.c 2006-10-15 17:50:26.000000000 -0400
+@@ -0,0 +1,1743 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
+ *
@@ -126,6 +126,7 @@
+ * We should probably make this a system service
+ * and use dbus.
+ */
++#define _GNU_SOURCE
+#include "securitytokenmonitor.h"
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
@@ -135,6 +136,7 @@
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
++#include <poll.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
@@ -208,7 +210,7 @@
+struct _ScSecurityTokenMonitorWorker {
+ SECMODModule *module;
+ GHashTable *security_tokens;
-+ gint output_fd;
++ gint write_fd;
+
+ guint32 nss_is_loaded : 1;
+};
@@ -236,10 +238,10 @@
+static gboolean sc_security_token_monitor_create_worker (ScSecurityTokenMonitor *monitor,
+ gint *worker_fd, GPid *worker_pid);
+
-+static ScSecurityTokenMonitorWorker * sc_security_token_monitor_worker_new (gint output_fd);
++static ScSecurityTokenMonitorWorker * sc_security_token_monitor_worker_new (gint write_fd);
+static void sc_security_token_monitor_worker_free (ScSecurityTokenMonitorWorker *worker);
-+
-+static gboolean sc_open_pipe (gint *input_fd, gint *output_fd);
++static void sc_security_token_monitor_worker_die_with_parent (ScSecurityTokenMonitorWorker *worker);
++static gboolean sc_open_pipe (gint *write_fd, gint *read_fd);
+static gboolean sc_read_bytes (gint fd, gpointer bytes, gsize num_bytes);
+static gboolean sc_write_bytes (gint fd, gconstpointer bytes, gsize num_bytes);
+static ScSecurityToken *sc_read_security_token (gint fd, SECMODModule *module);
@@ -350,14 +352,6 @@
+sc_security_token_monitor_set_module_path (ScSecurityTokenMonitor *monitor,
+ const gchar *module_path)
+{
-+ /* For now we hardcode coolkey. Later we'll remove these lines
-+ */
-+ if (module_path == NULL) {
-+ if (g_file_test (SC_SECURITY_TOKEN_MONITOR_DRIVER,
-+ G_FILE_TEST_IS_REGULAR))
-+ module_path = SC_SECURITY_TOKEN_MONITOR_DRIVER;
-+ }
-+
+ if ((monitor->priv->module_path == NULL) && (module_path == NULL))
+ return;
+
@@ -661,19 +655,19 @@
+{
+ pid_t child_pid;
+ GPid grandchild_pid;
-+ gint input_fd, output_fd;
++ gint write_fd, read_fd;
+ gint saved_errno;
+
-+ input_fd = -1;
-+ output_fd = -1;
-+ if (!sc_open_pipe (&input_fd, &output_fd))
++ write_fd = -1;
++ read_fd = -1;
++ if (!sc_open_pipe (&write_fd, &read_fd))
+ return (GPid) -1;
+
+ child_pid = fork ();
+
+ if (child_pid < 0) {
-+ close (input_fd);
-+ close (output_fd);
++ close (write_fd);
++ close (read_fd);
+ return (GPid) child_pid;
+ }
+
@@ -681,7 +675,7 @@
+
+ /* close the end of the pipe we're not going to use
+ */
-+ close (output_fd);
++ close (read_fd);
+
+ /* fork again
+ */
@@ -692,8 +686,8 @@
+ if (child_pid < 0) {
+ child_pid = -1 * errno;
+
-+ sc_write_bytes (input_fd, &child_pid, sizeof (child_pid));
-+ close (input_fd);
++ sc_write_bytes (write_fd, &child_pid, sizeof (child_pid));
++ close (write_fd);
+ _exit (1);
+ }
+
@@ -703,14 +697,14 @@
+
+ signal (SIGPIPE, SIG_IGN);
+
-+ if (!sc_write_bytes (input_fd, &child_pid, sizeof (child_pid))) {
++ if (!sc_write_bytes (write_fd, &child_pid, sizeof (child_pid))) {
+ kill (SIGKILL, child_pid);
+ _exit (2);
+ }
-+ close (input_fd);
++ close (write_fd);
+ _exit (0);
+ }
-+ close (input_fd);
++ close (write_fd);
+
+ /* we're done, we've forked without having to worry about
+ * reaping the child later
@@ -721,10 +715,10 @@
+
+ /* close the end of the pipe we're not going to use
+ */
-+ close (input_fd);
++ close (write_fd);
+
+ grandchild_pid = -1;
-+ if (!sc_read_bytes (output_fd, &grandchild_pid, sizeof (grandchild_pid))) {
++ if (!sc_read_bytes (read_fd, &grandchild_pid, sizeof (grandchild_pid))) {
+ grandchild_pid = -1;
+ }
+
@@ -732,7 +726,7 @@
+
+ /* close the other end of the pipe since we're done with it
+ */
-+ close (output_fd);
++ close (read_fd);
+
+ /* wait for child to die (and emancipate the grandchild)
+ */
@@ -743,13 +737,13 @@
+}
+
+static gboolean
-+sc_open_pipe (gint *input_fd,
-+ gint *output_fd)
++sc_open_pipe (gint *write_fd,
++ gint *read_fd)
+{
+ gint pipe_fds[2] = { -1, -1 };
+
-+ g_assert (input_fd != NULL);
-+ g_assert (output_fd != NULL);
++ g_assert (write_fd != NULL);
++ g_assert (read_fd != NULL);
+
+ if (pipe (pipe_fds) < 0)
+ return FALSE;
@@ -766,8 +760,8 @@
+ return FALSE;
+ }
+
-+ *output_fd = pipe_fds[0];
-+ *input_fd = pipe_fds[1];
++ *read_fd = pipe_fds[0];
++ *write_fd = pipe_fds[1];
+
+ return TRUE;
+}
@@ -860,6 +854,7 @@
+ NULL /* parent */,
+ FALSE /* recurse */);
+ g_free (module_spec);
++ module_spec = NULL;
+
+ } else {
+ SECMODModuleList *modules, *tmp;
@@ -874,6 +869,26 @@
+ module = SECMOD_ReferenceModule (tmp->module);
+ break;
+ }
++
++ /* fallback to compiled in driver path
++ */
++ if (module == NULL) {
++ if (g_file_test (SC_SECURITY_TOKEN_MONITOR_DRIVER,
++ G_FILE_TEST_IS_REGULAR)) {
++
++ module_spec = g_strdup_printf ("library=\"%s\"", module_path);
++ sc_debug ("loading security token driver using spec '%s'",
++ module_spec);
++
++ module = SECMOD_LoadUserModule (module_spec,
++ NULL /* parent */,
++ FALSE /* recurse */);
++ g_free (module_spec);
++ module_spec = NULL;
++
++ }
++ }
++
+ }
+
+ if (!module_explicitly_specified && module == NULL) {
@@ -922,6 +937,30 @@
+ return module;
+}
+
++static void
++sc_security_token_monitor_get_all_tokens (ScSecurityTokenMonitor *monitor)
++{
++ int i;
++
++ for (i = 0; i < monitor->priv->module->slotCount; i++) {
++ ScSecurityToken *token;
++ CK_SLOT_ID slot_id;
++ gint slot_series;
++ gchar *token_name;
++
++ slot_id = PK11_GetSlotID (monitor->priv->module->slots[i]);
++ slot_series = PK11_GetSlotSeries (monitor->priv->module->slots[i]);
++
++ token = _sc_security_token_new (monitor->priv->module,
++ slot_id, slot_series);
++
++ token_name = sc_security_token_get_name (token);
++
++ g_hash_table_replace (monitor->priv->security_tokens,
++ token_name, token);
++ }
++}
++
+gboolean
+sc_security_token_monitor_start (ScSecurityTokenMonitor *monitor,
+ GError **error)
@@ -992,6 +1031,10 @@
+ g_source_attach (monitor->priv->security_token_event_source, NULL);
+ g_source_unref (monitor->priv->security_token_event_source);
+
++ /* populate the hash with tokens that are already inserted
++ */
++ sc_security_token_monitor_get_all_tokens (monitor);
++
+ monitor->priv->state = SC_SECURITY_TOKEN_MONITOR_STATE_STARTED;
+
+out:
@@ -1236,12 +1279,12 @@
+}
+
+static ScSecurityTokenMonitorWorker *
-+sc_security_token_monitor_worker_new (gint output_fd)
++sc_security_token_monitor_worker_new (gint write_fd)
+{
+ ScSecurityTokenMonitorWorker *worker;
+
+ worker = g_slice_new0 (ScSecurityTokenMonitorWorker);
-+ worker->output_fd = output_fd;
++ worker->write_fd = write_fd;
+ worker->module = NULL;
+
+ worker->security_tokens =
@@ -1264,6 +1307,82 @@
+ g_slice_free (ScSecurityTokenMonitorWorker, worker);
+}
+
++/* This function checks to see if the helper's connection to the
++ * parent process has been closed. If it has, we assume the
++ * parent has died (or is otherwise done with the connection)
++ * and so we die, too. We do this from a signal handler (yuck!)
++ * because there isn't a nice way to cancel the
++ * SECMOD_WaitForAnyTokenEvent call, which just sits and blocks
++ * indefinitely. There is a SECMOD_CancelWait wait function
++ * that we could call if we would have gone multithreaded like
++ * NSS really wants us to do, but that call isn't signal handler
++ * safe, so we just _exit() instead (eww).
++ */
++static void
++worker_io_signal_handler (int signal_number,
++ siginfo_t *signal_info,
++ void *data)
++{
++ int number_of_events;
++ int old_errno;
++ struct pollfd poll_fds[1] = { { 0 } };
++ int parent_fd;
++
++ old_errno = errno;
++
++ /* pipe fd set up to talk to the parent */
++ parent_fd = signal_info->si_fd;
++
++ /* We only care about disconnection events
++ * (which get unmasked implicitly), so we just
++ * pass 0 for the event mask
++ */
++ poll_fds[0].events = 0;
++ poll_fds[0].fd = parent_fd;
++
++ do {
++ number_of_events = poll (poll_fds, G_N_ELEMENTS (poll_fds), 0);
++ } while ((number_of_events < 0) && (errno == EINTR));
++
++ g_assert (number_of_events <= G_N_ELEMENTS (poll_fds));
++
++ if (number_of_events < 0)
++ _exit (errno);
++
++ /* pipe disconnected; parent died
++ */
++ if (number_of_events > 0) {
++ g_assert (!(poll_fds[0].revents & POLLNVAL));
++
++ if ((poll_fds[0].revents & POLLHUP) ||
++ (poll_fds[0].revents & POLLERR)) {
++ _exit (poll_fds[0].revents);
++ }
++ }
++
++ errno = old_errno;
++}
++
++static void
++sc_security_token_monitor_worker_die_with_parent (ScSecurityTokenMonitorWorker *worker)
++{
++ struct sigaction action = { { 0 } };
++ gint flags;
++
++ /* dirty hack to clean up worker if parent goes away
++ */
++ sigemptyset (&action.sa_mask);
++ action.sa_sigaction = worker_io_signal_handler;
++ action.sa_flags = SA_SIGINFO;
++ sigaction (SIGIO, &action, NULL);
++
++ flags = fcntl (worker->write_fd, F_GETFL, 0);
++
++ fcntl (worker->write_fd, F_SETOWN, getpid ());
++ fcntl (worker->write_fd, F_SETFL, flags | O_ASYNC);
++ fcntl (worker->write_fd, F_SETSIG, SIGIO);
++}
++
+static gboolean
+sc_read_bytes (gint fd, gpointer bytes, gsize num_bytes)
+{
@@ -1379,10 +1498,10 @@
+{
+ sc_debug ("token '%s' removed!", sc_security_token_get_name (token));
+
-+ if (!sc_write_bytes (worker->output_fd, "R", 1))
++ if (!sc_write_bytes (worker->write_fd, "R", 1))
+ goto error_out;
+
-+ if (!sc_write_security_token (worker->output_fd, token))
++ if (!sc_write_security_token (worker->write_fd, token))
+ goto error_out;
+
+ return TRUE;
@@ -1403,10 +1522,10 @@
+
+ write_error = NULL;
+ sc_debug ("token '%s' inserted!", sc_security_token_get_name (token));
-+ if (!sc_write_bytes (worker->output_fd, "I", 1))
++ if (!sc_write_bytes (worker->write_fd, "I", 1))
+ goto error_out;
+
-+ if (!sc_write_security_token (worker->output_fd, token))
++ if (!sc_write_security_token (worker->write_fd, token))
+ goto error_out;
+
+ return TRUE;
@@ -1554,11 +1673,11 @@
+ gint *worker_fd, GPid *worker_pid)
+{
+ GPid child_pid;
-+ gint input_fd, output_fd;
++ gint write_fd, read_fd;
+
-+ input_fd = -1;
-+ output_fd = -1;
-+ if (!sc_open_pipe (&input_fd, &output_fd))
++ write_fd = -1;
++ read_fd = -1;
++ if (!sc_open_pipe (&write_fd, &read_fd))
+ return FALSE;
+
+ child_pid = sc_fork_and_disown ();
@@ -1580,9 +1699,9 @@
+
+ NSS_Shutdown ();
+
-+ fds_to_keep_open[0] = input_fd;
++ fds_to_keep_open[0] = write_fd;
+ sc_close_open_fds (fds_to_keep_open);
-+ output_fd = -1;
++ read_fd = -1;
+
+ if (!sc_load_nss (&error)) {
+ sc_debug ("could not load nss - %s", error->message);
@@ -1590,6 +1709,7 @@
+ _exit (1);
+ }
+#else
++ g_array_append_val (monitor->priv->fds_to_close_on_fork, read_fd);
+ /* Junky workaround to keep from leaking fds
+ */
+ sc_close_fds ((gint *) monitor->priv->fds_to_close_on_fork->data,
@@ -1597,7 +1717,9 @@
+#endif
+ error = NULL;
+
-+ worker = sc_security_token_monitor_worker_new (input_fd);
++ worker = sc_security_token_monitor_worker_new (write_fd);
++
++ sc_security_token_monitor_worker_die_with_parent (worker);
+
+ worker->module = sc_load_driver (monitor->priv->module_path, &error);
+
@@ -1614,17 +1736,18 @@
+
+ _exit (0);
+ }
-+ close (input_fd);
++
++ close (write_fd);
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_DRIVER_CAN_BE_RELOADED_AFTER_BEING_DESTROYED
-+ g_array_append_val (monitor->priv->fds_to_close_on_fork, output_fd);
++ g_array_append_val (monitor->priv->fds_to_close_on_fork, read_fd);
+#endif
+
+ if (worker_pid)
+ *worker_pid = child_pid;
+
+ if (worker_fd)
-+ *worker_fd = output_fd;
++ *worker_fd = read_fd;
+
+ return TRUE;
+}
@@ -1635,7 +1758,8 @@
+static GMainLoop *event_loop;
+static gboolean should_exit_on_next_remove = FALSE;
+
-+static gboolean on_timeout (ScSecurityTokenMonitor *monitor)
++static gboolean
++on_timeout (ScSecurityTokenMonitor *monitor)
+{
+ GError *error;
+ g_print ("Re-enabling monitor.\n");
@@ -1721,8 +1845,8 @@
+ return 0;
+}
+#endif
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gdm-2.16.0/daemon/securitytoken.h 2006-10-05 21:25:26.000000000 -0400
+--- /dev/null 2006-10-15 12:02:21.415745159 -0400
++++ gdm-2.16.0/daemon/securitytoken.h 2006-10-15 17:49:26.000000000 -0400
@@ -0,0 +1,94 @@
+/* securitytoken.h - api for reading and writing data to a security token
+ *
@@ -1818,8 +1942,8 @@
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_H */
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gdm-2.16.0/daemon/securitytoken.c 2006-10-05 21:25:26.000000000 -0400
+--- /dev/null 2006-10-15 12:02:21.415745159 -0400
++++ gdm-2.16.0/daemon/securitytoken.c 2006-10-15 17:49:26.000000000 -0400
@@ -0,0 +1,680 @@
+/* securitytoken.c - security token
+ *
@@ -2502,8 +2626,8 @@
+}
+#endif
--- gdm-2.16.0/daemon/Makefile.am.security-tokens 2006-03-28 18:43:21.000000000 -0500
-+++ gdm-2.16.0/daemon/Makefile.am 2006-10-05 21:20:32.000000000 -0400
-@@ -9,6 +9,7 @@
++++ gdm-2.16.0/daemon/Makefile.am 2006-10-15 17:49:26.000000000 -0400
+@@ -9,6 +9,7 @@ INCLUDES = \
-DAUTHDIR=\"$(authdir)\" \
-DBINDIR=\"$(bindir)\" \
-DDATADIR=\"$(datadir)\" \
@@ -2511,7 +2635,7 @@
-DDMCONFDIR=\"$(dmconfdir)\" \
-DGDMCONFDIR=\"$(gdmconfdir)\" \
-DGDMLOCALEDIR=\"$(gdmlocaledir)\" \
-@@ -71,7 +72,11 @@
+@@ -71,7 +72,11 @@ gdm_binary_SOURCES = \
gdm-net.c \
gdm-net.h \
getvt.c \
@@ -2524,8 +2648,8 @@
EXTRA_gdm_binary_SOURCES = verify-pam.c verify-crypt.c verify-shadow.c
---- gdm-2.16.0/daemon/gdm.c.security-tokens 2006-10-05 21:20:32.000000000 -0400
-+++ gdm-2.16.0/daemon/gdm.c 2006-10-05 21:20:32.000000000 -0400
+--- gdm-2.16.0/daemon/gdm.c.security-tokens 2006-10-15 17:49:26.000000000 -0400
++++ gdm-2.16.0/daemon/gdm.c 2006-10-15 17:49:26.000000000 -0400
@@ -63,6 +63,8 @@
#include "cookie.h"
#include "filecheck.h"
@@ -2543,7 +2667,7 @@
extern GSList *displays;
/* Local functions */
-@@ -81,6 +84,10 @@
+@@ -81,6 +84,10 @@ static void gdm_handle_message (GdmConne
static void gdm_handle_user_message (GdmConnection *conn,
const gchar *msg,
gpointer data);
@@ -2554,7 +2678,7 @@
static void gdm_daemonify (void);
static void gdm_safe_restart (void);
static void gdm_try_logout_action (GdmDisplay *disp);
-@@ -151,7 +158,6 @@
+@@ -151,7 +158,6 @@ static GMainLoop *main_loop = NULL;
static gboolean monte_carlo_sqrt2 = FALSE;
@@ -2562,7 +2686,7 @@
/*
* lookup display number if the display number is
* exists then clear the remove flag and return TRUE
-@@ -1440,6 +1446,8 @@
+@@ -1440,6 +1446,8 @@ main (int argc, char *argv[])
/* Initialize runtime environment */
umask (022);
@@ -2571,7 +2695,7 @@
ctx = g_option_context_new (_("- The GNOME login manager"));
g_option_context_add_main_entries (ctx, options, _("main options"));
-@@ -1682,6 +1690,8 @@
+@@ -1682,6 +1690,8 @@ main (int argc, char *argv[])
gdm_xdmcp_run ();
}
@@ -2580,7 +2704,7 @@
/* We always exit via exit (), and sadly we need to g_main_quit ()
* at times not knowing if it's this main or a recursive one we're
* quitting.
-@@ -3472,4 +3482,85 @@
+@@ -3472,4 +3482,85 @@ gdm_handle_user_message (GdmConnection *
}
}
@@ -2666,8 +2790,8 @@
+ ve_config_destroy (cfg);
+}
/* EOF */
---- /dev/null 2006-10-05 20:08:52.821361324 -0400
-+++ gdm-2.16.0/daemon/securitytokenmonitor.h 2006-10-05 21:25:27.000000000 -0400
+--- /dev/null 2006-10-15 12:02:21.415745159 -0400
++++ gdm-2.16.0/daemon/securitytokenmonitor.h 2006-10-15 17:49:26.000000000 -0400
@@ -0,0 +1,84 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
Index: gdm.spec
===================================================================
RCS file: /cvs/dist/rpms/gdm/FC-6/gdm.spec,v
retrieving revision 1.206
retrieving revision 1.207
diff -u -r1.206 -r1.207
--- gdm.spec 13 Oct 2006 00:43:20 -0000 1.206
+++ gdm.spec 16 Oct 2006 18:32:28 -0000 1.207
@@ -16,7 +16,7 @@
Summary: The GNOME Display Manager.
Name: gdm
Version: 2.16.0
-Release: 13%{?dist}
+Release: 14%{?dist}
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
@@ -44,7 +44,7 @@
Patch21: gdm-2.16.0-security-tokens.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347871
-Patch24: gdm-2.15.6-wtmp.patch
+Patch24: gdm-2.16.0-wtmp.patch
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203917
Patch25: gdm-2.16.0-indic-langs.patch
@@ -315,6 +315,9 @@
%attr(1770, root, gdm) %dir %{_localstatedir}/gdm
%changelog
+* Mon Oct 16 2006 Ray Strode <rstrode at redhat.com> - 1:2.16.0-14.fc6
+- backport fixes from rawhide
+
* Wed Oct 10 2006 Ray Strode <rstrode at redhat.com> - 1:2.16.0-13.fc6
- desensitize entry fields until pam asks for input, so if pam
doesn't initially ask for input (like in smart card required mode)
--- gdm-2.15.6-wtmp.patch DELETED ---
- Previous message (by thread): rpms/lvm2/devel LVM2.2.02.12.tgz.asc, NONE, 1.1 .cvsignore, 1.37, 1.38 lvm2.spec, 1.82, 1.83 sources, 1.38, 1.39 upstream, 1.30, 1.31
- Next message (by thread): rpms/gdm/FC-6 gdm.spec,1.207,1.208
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list