[gdm/f16] auth fixes
Ray Strode
rstrode at fedoraproject.org
Mon Oct 24 20:57:01 UTC 2011
commit 11ed592e8f72cc3c77c9b137e081303df84c2d39
Author: Ray Strode <rstrode at redhat.com>
Date: Mon Oct 24 16:56:28 2011 -0400
auth fixes
auth-fixes.patch | 154 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
gdm.spec | 11 ++++-
2 files changed, 164 insertions(+), 1 deletions(-)
---
diff --git a/auth-fixes.patch b/auth-fixes.patch
new file mode 100644
index 0000000..3ee5a29
--- /dev/null
+++ b/auth-fixes.patch
@@ -0,0 +1,154 @@
+From 9c354795892b8c5fd661a35653991a88fabc76bf Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Mon, 24 Oct 2011 16:39:45 -0400
+Subject: [PATCH 1/2] daemon: Don't emit session-exited when non-authenticated
+ worker fails
+
+Sometimes PAM modules are finicky and don't die when you tell them to.
+Instead they fail some seconds later.
+
+If a user successfully logs in with one stack and another stack is
+being troublesome, then we'll get notified about it finishing up
+after the user is already logged in.
+
+When that happens, we erroneously assume the stack finishing is the
+stack the user's session is running on and then proceed to log the
+user out.
+
+This commit makes us be a little more careful about our bookkeeping
+so we can ignore failures from slow PAM modules.
+---
+ daemon/gdm-session-direct.c | 23 ++++++++++++++---------
+ 1 files changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/daemon/gdm-session-direct.c b/daemon/gdm-session-direct.c
+index e178985..bb2bff8 100644
+--- a/daemon/gdm-session-direct.c
++++ b/daemon/gdm-session-direct.c
+@@ -91,10 +91,11 @@ struct _GdmSessionDirectPrivate
+
+ GHashTable *conversations;
+
++ GdmSessionConversation *session_conversation;
++
+ GList *pending_connections;
+
+ GPid session_pid;
+- guint32 is_running : 1;
+
+ /* object lifetime scope */
+ char *id;
+@@ -1073,7 +1074,7 @@ gdm_session_direct_handle_session_started (GdmSessionDirect *session,
+ pid);
+
+ session->priv->session_pid = pid;
+- session->priv->is_running = TRUE;
++ session->priv->session_conversation = conversation;
+
+ _gdm_session_session_started (GDM_SESSION (session), conversation->service_name, pid);
+
+@@ -1129,7 +1130,7 @@ gdm_session_direct_handle_session_exited (GdmSessionDirect *session,
+ g_debug ("GdmSessionDirect: Emitting 'session-exited' signal with exit code '%d'",
+ code);
+
+- session->priv->is_running = FALSE;
++ session->priv->session_conversation = NULL;
+ _gdm_session_session_exited (GDM_SESSION (session), code);
+
+ return DBUS_HANDLER_RESULT_HANDLED;
+@@ -1158,7 +1159,7 @@ gdm_session_direct_handle_session_died (GdmSessionDirect *session,
+ g_debug ("GdmSessionDirect: Emitting 'session-died' signal with signal number '%d'",
+ code);
+
+- session->priv->is_running = FALSE;
++ session->priv->session_conversation = NULL;
+ _gdm_session_session_died (GDM_SESSION (session), code);
+
+ return DBUS_HANDLER_RESULT_HANDLED;
+@@ -1790,7 +1791,7 @@ worker_exited (GdmSessionWorkerJob *job,
+ g_debug ("GdmSessionDirect: Worker job exited: %d", code);
+
+ g_object_ref (conversation->job);
+- if (conversation->session->priv->is_running) {
++ if (conversation->session->priv->session_conversation == conversation) {
+ _gdm_session_session_exited (GDM_SESSION (conversation->session), code);
+ }
+
+@@ -1819,7 +1820,7 @@ worker_died (GdmSessionWorkerJob *job,
+ g_debug ("GdmSessionDirect: Worker job died: %d", signum);
+
+ g_object_ref (conversation->job);
+- if (conversation->session->priv->is_running) {
++ if (conversation->session->priv->session_conversation == conversation) {
+ _gdm_session_session_died (GDM_SESSION (conversation->session), signum);
+ }
+
+@@ -2442,6 +2443,10 @@ stop_all_other_conversations (GdmSessionDirect *session,
+ g_strdup (conversation_to_keep->service_name),
+ conversation_to_keep);
+ }
++
++ if (session->priv->session_conversation != conversation_to_keep) {
++ session->priv->session_conversation = NULL;
++ }
+ }
+
+ }
+@@ -2456,7 +2461,7 @@ gdm_session_direct_start_session (GdmSession *session,
+ char *program;
+
+ g_return_if_fail (session != NULL);
+- g_return_if_fail (impl->priv->is_running == FALSE);
++ g_return_if_fail (impl->priv->session_conversation == NULL);
+
+ conversation = find_conversation_by_name (impl, service_name);
+
+@@ -2504,7 +2509,7 @@ gdm_session_direct_close (GdmSession *session)
+
+ g_debug ("GdmSessionDirect: Closing session");
+
+- if (impl->priv->is_running) {
++ if (impl->priv->session_conversation != NULL) {
+ gdm_session_record_logout (impl->priv->session_pid,
+ impl->priv->selected_user,
+ impl->priv->display_hostname,
+@@ -2540,7 +2545,7 @@ gdm_session_direct_close (GdmSession *session)
+ g_hash_table_remove_all (impl->priv->environment);
+
+ impl->priv->session_pid = -1;
+- impl->priv->is_running = FALSE;
++ impl->priv->session_conversation = NULL;
+ }
+
+ static void
+--
+1.7.6.2
+
+
+From 9c874ee6f595906faf59f891f20492530888804b Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Mon, 24 Oct 2011 16:45:46 -0400
+Subject: [PATCH 2/2] worker: don't block SIGTERM
+
+If the slave tells us to go away, we should go away,
+not wait a PAM module decides to let us get back to the
+main loop.
+---
+ daemon/session-worker-main.c | 1 -
+ 1 files changed, 0 insertions(+), 1 deletions(-)
+
+diff --git a/daemon/session-worker-main.c b/daemon/session-worker-main.c
+index 9d40b8d..42fcd52 100644
+--- a/daemon/session-worker-main.c
++++ b/daemon/session-worker-main.c
+@@ -188,7 +188,6 @@ main (int argc,
+ gdm_signal_handler_set_fatal_func (signal_handler,
+ (GDestroyNotify)g_main_loop_quit,
+ main_loop);
+- gdm_signal_handler_add (signal_handler, SIGTERM, signal_cb, NULL);
+ gdm_signal_handler_add (signal_handler, SIGINT, signal_cb, NULL);
+ gdm_signal_handler_add (signal_handler, SIGILL, signal_cb, NULL);
+ gdm_signal_handler_add (signal_handler, SIGBUS, signal_cb, NULL);
+--
+1.7.6.2
+
diff --git a/gdm.spec b/gdm.spec
index 6dafc6d..e002eff 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -15,7 +15,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 3.2.1.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -104,6 +104,9 @@ Provides: gdm-plugin-smartcard = %{epoch}:%{version}-%{release}
Obsoletes: gdm-plugin-fingerprint < 1:3.2.1
Provides: gdm-plugin-fingerprint = %{epoch}:%{version}-%{release}
+# already upstream
+Patch0: auth-fixes.patch
+
# Fedora-specific
Patch98: plymouth.patch
Patch99: gdm-3.0.0-fedora-logo.patch
@@ -135,6 +138,7 @@ Development files and headers for writing GDM greeters.
%prep
%setup -q
+%patch0 -p1 -b .auth-fixes
%patch98 -p1 -b .plymouth
%patch99 -p1 -b .fedora-logo
@@ -393,8 +397,13 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
%{_datadir}/gir-1.0/GdmGreeter-1.0.gir
%changelog
+* Mon Oct 24 2011 Ray Strode <rstrode at redhat.com> 3.2.1.1-3
+- Fix auth bug that could cause forced log outs shortly after log in
+ Resolves: #741431
+
* Mon Oct 24 2011 Ray Strode <rstrode at redhat.com> 3.2.1.1-2
- Fix fingeprint login
+ Resolves: #748549
* Wed Oct 19 2011 Ray Strode <rstrode at redhat.com> 3.2.1.1-1
- Update to 3.2.1.1
More information about the scm-commits
mailing list