rpms/gdm/devel gdm-2.18.0-security-tokens.patch, NONE, 1.1 gdm.spec, 1.235, 1.236 gdm-2.17.3-security-tokens.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Mar 20 05:46:36 UTC 2007
Author: rstrode
Update of /cvs/dist/rpms/gdm/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv2045
Modified Files:
gdm.spec
Added Files:
gdm-2.18.0-security-tokens.patch
Removed Files:
gdm-2.17.3-security-tokens.patch
Log Message:
- update and reenable security token patch
gdm-2.18.0-security-tokens.patch:
config/Makefile.am | 32
config/gdm.conf.in | 4
config/securitytokens.conf.in | 3
configure.ac | 3
daemon/Makefile.am | 7
daemon/gdm.c | 93 ++
daemon/securitytoken.c | 680 ++++++++++++++++
daemon/securitytoken.h | 94 ++
daemon/securitytokenmonitor.c | 1743 ++++++++++++++++++++++++++++++++++++++++++
daemon/securitytokenmonitor.h | 84 ++
10 files changed, 2738 insertions(+), 5 deletions(-)
--- NEW FILE gdm-2.18.0-security-tokens.patch ---
--- gdm-2.18.0/config/gdm.conf.in.security-tokens 2007-03-20 01:21:20.000000000 -0400
+++ gdm-2.18.0/config/gdm.conf.in 2007-03-20 01:21:24.000000000 -0400
@@ -200,6 +200,10 @@
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
+# Whether or not to listen for smart card insertion/removal events
+SecurityTokensEnable=true
+SecurityTokensDriver=
+
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
--- /dev/null 2007-03-19 18:45:10.978423391 -0400
+++ gdm-2.18.0/config/securitytokens.conf.in 2007-03-20 01:21:24.000000000 -0400
@@ -0,0 +1,3 @@
+[SecurityTokens]
+Enable=true
+#Driver=@libdir@/pkcs11/libcoolkeypk11.so
--- gdm-2.18.0/config/Makefile.am.security-tokens 2007-03-11 17:46:16.000000000 -0400
+++ gdm-2.18.0/config/Makefile.am 2007-03-20 01:22:40.000000000 -0400
@@ -34,9 +34,11 @@
XKeepsCrashing \
gettextfoo.h \
gdmprefetchlist.in \
+ securitytokens.conf.in \
extract-shell.sh
-CLEANFILES = Xsession gdm.conf gdm.conf-custom default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist
+CLEANFILES = Xsession gdm.conf gdm.conf-custom default.desktop gnome.desktop CDE.desktop ssh.desktop Init PreSession PostSession gdmprefetchlist securitytokens.conf
+
Xsession: $(srcdir)/Xsession.in
sed -e 's,[@]XSESSION_SHELL[@],$(XSESSION_SHELL),g' \
@@ -72,6 +74,31 @@
sed -e 's,[@]GDM_DEFAULTS_CONF[@],$(GDM_DEFAULTS_CONF),g' \
<$(srcdir)/gdm.conf-custom.in >gdm.conf-custom
+securitytokens.conf: $(srcdir)/securitytokens.conf.in
+ sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
+ -e 's,[@]GDM_USER_PATH[@],$(GDM_USER_PATH),g' \
+ -e 's,[@]HALT_COMMAND[@],$(HALT_COMMAND),g' \
+ -e 's,[@]REBOOT_COMMAND[@],$(REBOOT_COMMAND),g' \
+ -e 's,[@]SOUND_PROGRAM[@],$(SOUND_PROGRAM),g' \
+ -e 's,[@]SUSPEND_COMMAND[@],$(SUSPEND_COMMAND),g' \
+ -e 's,[@]XEVIE_OPTION[@],$(XEVIE_OPTION),g' \
+ -e 's,[@]X_CONFIG_OPTIONS[@],$(X_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_SERVER[@],$(X_SERVER),g' \
+ -e 's,[@]X_XNEST_CONFIG_OPTIONS[@],$(X_XNEST_CONFIG_OPTIONS),g' \
+ -e 's,[@]X_XNEST_PATH[@],$(X_XNEST_PATH),g' \
+ -e 's,[@]authdir[@],$(authdir),g' \
+ -e 's,[@]datadir[@],$(datadir),g' \
+ -e 's,[@]dmconfdir[@],$(dmconfdir),g' \
+ -e 's,[@]gdmconfdir[@],$(gdmconfdir),g' \
+ -e 's,[@]libdir[@],$(libdir),g' \
+ -e 's,[@]libexecdir[@],$(libexecdir),g' \
+ -e 's,[@]localedir[@],$(libexecdir),g' \
+ -e 's,[@]logdir[@],$(logdir),g' \
+ -e 's,[@]pixmapdir[@],$(pixmapdir),g' \
+ -e 's,[@]sbindir[@],$(sbindir),g' \
+ <$(srcdir)/securitytokens.conf.in >securitytokens.conf
+
+
gettextfoo.h: XKeepsCrashing Xsession.in
cat $^ | $(srcdir)/extract-shell.sh > gettextfoo.h
@@ -100,7 +127,7 @@
$(DESTDIR)$(predir)/Default \
$(DESTDIR)$(postdir)/Default
-install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST)
+install-data-hook: gdm.conf gdm.conf-custom Xsession Init PostSession PreSession $(DESKTOP_FILES) $(GDMPREFETCHLIST) securitytokens.conf
if test '!' -d $(DESTDIR)$(confdir); then \
$(mkinstalldirs) $(DESTDIR)$(confdir); \
chmod 755 $(DESTDIR)$(confdir); \
@@ -133,6 +160,7 @@
chmod 644 $(DESTDIR)$(GDM_CUSTOM_CONF); \
fi
$(INSTALL_DATA) gdm.conf `dirname $(DESTDIR)$(GDM_DEFAULTS_CONF)`/factory-`basename $(DESTDIR)$(GDM_DEFAULTS_CONF)`
+ $(INSTALL_DATA) securitytokens.conf $(DESTDIR)$(confdir)/securitytokens.conf
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
--- gdm-2.18.0/configure.ac.security-tokens 2007-03-20 01:21:24.000000000 -0400
+++ gdm-2.18.0/configure.ac 2007-03-20 01:21:24.000000000 -0400
@@ -20,6 +20,7 @@
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
SCROLLKEEPER_REQUIRED=0.1.4
+NSS_REQUIRED=3.11.1
dnl
dnl Let the user configure where to look for the configuration files.
@@ -176,7 +177,7 @@
AC_SUBST(VICIOUS_CFLAGS)
AC_SUBST(VICIOUS_LIBS)
-PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED dbus-glib-1 >= $DBUS_REQUIRED)
+PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED dbus-glib-1 >= $DBUS_REQUIRED nss >= $NSS_REQUIRED)
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
--- /dev/null 2007-03-19 18:45:10.978423391 -0400
+++ gdm-2.18.0/daemon/securitytokenmonitor.h 2007-03-20 01:21:24.000000000 -0400
@@ -0,0 +1,84 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
+ *
+ * Copyright (C) 2006 Ray Strode
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+#ifndef SC_SECURITY_TOKEN_MONITOR_H
+#define SC_SECURITY_TOKEN_MONITOR_H
+
+#define SC_SECURITY_TOKEN_ENABLE_INTERNAL_API
+#include "securitytoken.h"
+
+#include <glib.h>
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+#define SC_TYPE_SECURITY_TOKEN_MONITOR (sc_security_token_monitor_get_type ())
+#define SC_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitor))
+#define SC_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_IS_SECURITY_TOKEN_MONITOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_IS_SECURITY_TOKEN_MONITOR_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), SC_TYPE_SECURITY_TOKEN_MONITOR))
+#define SC_SECURITY_TOKEN_MONITOR_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), SC_TYPE_SECURITY_TOKEN_MONITOR, ScSecurityTokenMonitorClass))
+#define SC_SECURITY_TOKEN_MONITOR_ERROR (sc_security_token_monitor_error_quark ())
+typedef struct _ScSecurityTokenMonitor ScSecurityTokenMonitor;
+typedef struct _ScSecurityTokenMonitorClass ScSecurityTokenMonitorClass;
+typedef struct _ScSecurityTokenMonitorPrivate ScSecurityTokenMonitorPrivate;
+typedef enum _ScSecurityTokenMonitorError ScSecurityTokenMonitorError;
+
+struct _ScSecurityTokenMonitor {
+ GObject parent;
+
+ /*< private > */
+ ScSecurityTokenMonitorPrivate *priv;
+};
+
+struct _ScSecurityTokenMonitorClass {
+ GObjectClass parent_class;
+
+ /* Signals */
+ void (*security_token_inserted) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*security_token_removed) (ScSecurityTokenMonitor *monitor,
+ ScSecurityToken *token);
+ void (*error) (ScSecurityTokenMonitor *monitor,
+ GError *error);
+};
+
+enum _ScSecurityTokenMonitorError {
+ SC_SECURITY_TOKEN_MONITOR_ERROR_GENERIC = 0,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WITH_NSS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_LOADING_DRIVER,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_WATCHING_FOR_EVENTS,
+ SC_SECURITY_TOKEN_MONITOR_ERROR_REPORTING_EVENTS
+};
+
+GType sc_security_token_monitor_get_type (void) G_GNUC_CONST;
+GQuark sc_security_token_monitor_error_quark (void) G_GNUC_CONST;
+
+ScSecurityTokenMonitor *sc_security_token_monitor_new (const gchar *module);
+
+gboolean sc_security_token_monitor_start (ScSecurityTokenMonitor *monitor,
+ GError **error);
+
+void sc_security_token_monitor_stop (ScSecurityTokenMonitor *monitor);
+
+gchar *sc_security_token_monitor_get_module_path (ScSecurityTokenMonitor *monitor);
+gboolean sc_security_token_monitor_login_token_is_inserted (ScSecurityTokenMonitor *monitor);
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_MONITOR_H */
--- gdm-2.18.0/daemon/gdm.c.security-tokens 2007-03-20 01:21:24.000000000 -0400
+++ gdm-2.18.0/daemon/gdm.c 2007-03-20 01:21:24.000000000 -0400
@@ -68,6 +68,8 @@
#include "filecheck.h"
#include "gdmconfig.h"
#include "errorgui.h"
+#include "securitytokenmonitor.h"
+#include "securitytoken.h"
#define DYNAMIC_ADD 0
[...2481 lines suppressed...]
+ g_propagate_error (error, processing_error);
+ return FALSE;
+ }
+ }
+
+ if (!sc_security_token_monitor_worker_emit_security_token_removed (worker, token, &processing_error)) {
+ g_propagate_error (error, processing_error);
+ return FALSE;
+ }
+
+ g_hash_table_remove (worker->security_tokens, key);
+ token = NULL;
+ } else {
+ sc_debug ("got spurious remove event");
+ }
+ }
+
+ g_free (key);
+ PK11_FreeSlot (slot);
+
+ return TRUE;
+}
+
+static gboolean
+sc_security_token_monitor_create_worker (ScSecurityTokenMonitor *monitor,
+ gint *worker_fd, GPid *worker_pid)
+{
+ GPid child_pid;
+ gint write_fd, read_fd;
+
+ write_fd = -1;
+ read_fd = -1;
+ if (!sc_open_pipe (&write_fd, &read_fd))
+ return FALSE;
+
+ child_pid = sc_fork_and_disown ();
+
+ if (child_pid < 0)
+ return FALSE;
+
+ if (child_pid == 0) {
+ GError *error;
+ ScSecurityTokenMonitorWorker *worker;
+
+/* FIXME: Gotta figure out why this isn't working
+*/
+#ifdef SC_SECURITY_TOKEN_MONITOR_DRIVER_CAN_BE_RELOADED_AFTER_BEING_DESTROYED
+ gint fds_to_keep_open[] = { -1, STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO, -1 };
+
+ SECMOD_DestroyModule (monitor->priv->module);
+ monitor->priv->module = NULL;
+
+ NSS_Shutdown ();
+
+ fds_to_keep_open[0] = write_fd;
+ sc_close_open_fds (fds_to_keep_open);
+ read_fd = -1;
+
+ if (!sc_load_nss (&error)) {
+ sc_debug ("could not load nss - %s", error->message);
+ g_error_free (error);
+ _exit (1);
+ }
+#else
+ g_array_append_val (monitor->priv->fds_to_close_on_fork, read_fd);
+ /* Junky workaround to keep from leaking fds
+ */
+ sc_close_fds ((gint *) monitor->priv->fds_to_close_on_fork->data,
+ monitor->priv->fds_to_close_on_fork->len);
+#endif
+ error = NULL;
+
+ worker = sc_security_token_monitor_worker_new (write_fd);
+
+ sc_security_token_monitor_worker_die_with_parent (worker);
+
+ worker->module = sc_load_driver (monitor->priv->module_path, &error);
+
+ if (worker->module == NULL) {
+ sc_debug ("could not load nss driver - %s", error->message);
+ g_error_free (error);
+ _exit (2);
+ }
+
+ while (sc_security_token_monitor_worker_watch_for_and_process_event (worker, &error));
+
+ sc_debug ("could not process token event - %s", error->message);
+ sc_security_token_monitor_worker_free (worker);
+
+ _exit (0);
+ }
+
+ close (write_fd);
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_DRIVER_CAN_BE_RELOADED_AFTER_BEING_DESTROYED
+ g_array_append_val (monitor->priv->fds_to_close_on_fork, read_fd);
+#endif
+
+ if (worker_pid)
+ *worker_pid = child_pid;
+
+ if (worker_fd)
+ *worker_fd = read_fd;
+
+ return TRUE;
+}
+
+#ifdef SC_SECURITY_TOKEN_MONITOR_ENABLE_TEST
+#include <glib.h>
+
+static GMainLoop *event_loop;
+static gboolean should_exit_on_next_remove = FALSE;
+
+static gboolean
+on_timeout (ScSecurityTokenMonitor *monitor)
+{
+ GError *error;
+ g_print ("Re-enabling monitor.\n");
+
+ if (!sc_security_token_monitor_start (monitor, &error)) {
+ g_warning ("could not start security token monitor - %s",
+ error->message);
+ g_error_free (error);
+ return 1;
+ }
+ g_print ("Please re-insert security token\n");
+
+ should_exit_on_next_remove = TRUE;
+
+ return FALSE;
+}
+
+static void
+on_device_inserted (ScSecurityTokenMonitor * monitor,
+ ScSecurityToken *token)
+{
+ g_print ("security token inserted!\n");
+ g_print ("Please remove it.\n");
+}
+
+static void
+on_device_removed (ScSecurityTokenMonitor * monitor,
+ ScSecurityToken *token)
+{
+ g_print ("security token removed!\n");
+
+ if (should_exit_on_next_remove)
+ g_main_loop_quit (event_loop);
+ else {
+ g_print ("disabling monitor for 2 seconds\n");
+ sc_security_token_monitor_stop (monitor);
+ g_timeout_add (2000, (GSourceFunc) on_timeout, monitor);
+ }
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ ScSecurityTokenMonitor *monitor;
+ GError *error;
+
+ g_log_set_always_fatal (G_LOG_LEVEL_ERROR
+ | G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING);
+
+ g_type_init ();
+
+ g_message ("creating instance of 'security token monitor' object...");
+ monitor = sc_security_token_monitor_new (NULL);
+ g_message ("'security token monitor' object created successfully");
+
+ g_signal_connect (monitor, "security-token-inserted",
+ G_CALLBACK (on_device_inserted), NULL);
+
+ g_signal_connect (monitor, "security-token-removed",
+ G_CALLBACK (on_device_removed), NULL);
+
+ g_message ("starting listener...");
+
+ error = NULL;
+ if (!sc_security_token_monitor_start (monitor, &error)) {
+ g_warning ("could not start security token monitor - %s",
+ error->message);
+ g_error_free (error);
+ return 1;
+ }
+
+ event_loop = g_main_loop_new (NULL, FALSE);
+ g_main_loop_run (event_loop);
+ g_main_loop_unref (event_loop);
+ event_loop = NULL;
+
+ g_message ("destroying previously created 'security token monitor' object...");
+ g_object_unref (monitor);
+ monitor = NULL;
+ g_message ("'security token monitor' object destroyed successfully");
+
+ return 0;
+}
+#endif
Index: gdm.spec
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236
--- gdm.spec 20 Mar 2007 04:08:18 -0000 1.235
+++ gdm.spec 20 Mar 2007 05:46:34 -0000 1.236
@@ -16,7 +16,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 2.18.0
-Release: 3%{?dist}
+Release: 4%{?dist}
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
@@ -43,7 +43,7 @@
# http://bugzilla.gnome.org/show_bug.cgi?id=347798
Patch19: gdm-2.17.7-move-default-message.patch
Patch20: gdm-2.17.7-reset-pam.patch
-#Patch21: gdm-2.17.3-security-tokens.patch
+Patch21: gdm-2.18.0-security-tokens.patch
# http://bugzilla.gnome.org/show_bug.cgi?id=347871
Patch24: gdm-2.16.0-wtmp.patch
@@ -140,7 +140,7 @@
%patch12 -p1 -b .audit-login
%patch19 -p1 -b .move-default-message
%patch20 -p1 -b .reset-pam
-#%patch21 -p1 -b .security-tokens
+%patch21 -p1 -b .security-tokens
%patch24 -p1 -b .wtmp
%patch25 -p1 -b .indic-langs
%patch28 -p1 -b .desensitize-entry
@@ -365,6 +365,9 @@
%{_datadir}/pixmaps/faces/extras/*.jpg
%changelog
+* Mon Mar 19 2007 Ray Strode <rstrode at redhat.com> - 1:2.18.0-4
+- update and reenable security token patch
+
* Mon Mar 19 2007 David Zeuthen <davidz at redhat.com> - 1:2.18.0-3
- Also pass AT's to the session from the plain greeter (#232518)
- New faces including new subpackage gdm-extra-faces
--- gdm-2.17.3-security-tokens.patch DELETED ---
More information about the fedora-cvs-commits
mailing list