[gdm/f21] Fix user switching
Ray Strode
rstrode at fedoraproject.org
Fri Jan 23 15:43:55 UTC 2015
commit 0f295a87ea1b09dd3d66d8bffcddbd34c1ae16a0
Author: Ray Strode <rstrode at redhat.com>
Date: Thu Jan 22 14:53:39 2015 -0500
Fix user switching
Resolves: #1184933
fix-user-switching.patch | 120 ++++++++++++++++++++++++++++++++++++++++++++++
gdm.spec | 8 +++-
2 files changed, 127 insertions(+), 1 deletions(-)
---
diff --git a/fix-user-switching.patch b/fix-user-switching.patch
new file mode 100644
index 0000000..a316d4b
--- /dev/null
+++ b/fix-user-switching.patch
@@ -0,0 +1,120 @@
+From 0ecacfd6123e4026c78d5d61670da0abdcbf7559 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Thu, 22 Jan 2015 11:51:18 -0500
+Subject: [PATCH] manager: allow the login screen to do reauthentication
+
+At the moment, we only allow the user session to do reauthentication
+from its lock screen. If a user does user switching we instead open
+a new session for checking the user's password.
+
+This commit enables reauthentication from the login screen as well.
+---
+ daemon/gdm-manager.c | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
+index 8c41045..0278512 100644
+--- a/daemon/gdm-manager.c
++++ b/daemon/gdm-manager.c
+@@ -1161,84 +1161,89 @@ open_temporary_reauthentication_channel (GdmManager *self,
+ self);
+
+ address = gdm_session_get_server_address (session);
+
+ return g_strdup (address);
+ }
+
+ static gboolean
+ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager,
+ GDBusMethodInvocation *invocation,
+ const char *username)
+ {
+ GdmManager *self = GDM_MANAGER (manager);
+ const char *sender;
+ GdmDisplay *display = NULL;
+ GdmSession *session;
+ GDBusConnection *connection;
+ char *seat_id = NULL;
+ char *session_id = NULL;
+ GPid pid = 0;
+ uid_t uid = (uid_t) -1;
+ gboolean is_login_screen = FALSE;
+ gboolean is_remote = FALSE;
+
+ g_debug ("GdmManager: trying to open reauthentication channel for user %s", username);
+
+ sender = g_dbus_method_invocation_get_sender (invocation);
+ connection = g_dbus_method_invocation_get_connection (invocation);
+ get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, &pid, &uid, &is_login_screen, &is_remote);
+
+- if (is_login_screen) {
+- g_dbus_method_invocation_return_error_literal (invocation,
+- G_DBUS_ERROR,
+- G_DBUS_ERROR_ACCESS_DENIED,
+- "Login screen not allow to open reauthentication channel");
+- return TRUE;
+- }
+-
+ if (session_id == NULL || pid == 0 || uid == (uid_t) -1) {
+ g_dbus_method_invocation_return_error_literal (invocation,
+ G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ _("No session available"));
+
+ return TRUE;
+ }
+
+- session = get_seed_session_for_display (display);
++ if (is_login_screen) {
++ session = find_session_for_user_on_seat (self,
++ username,
++ seat_id,
++ NULL);
++ } else {
++ session = get_seed_session_for_display (display);
++ }
+
+ if (session != NULL && gdm_session_is_running (session)) {
+ gdm_session_start_reauthentication (session, pid, uid);
+ g_hash_table_insert (self->priv->open_reauthentication_requests,
+ GINT_TO_POINTER (pid),
+ invocation);
++ } else if (is_login_screen) {
++ g_dbus_method_invocation_return_error_literal (invocation,
++ G_DBUS_ERROR,
++ G_DBUS_ERROR_ACCESS_DENIED,
++ "Login screen only allowed to open reauthentication channels for running sessions");
++ return TRUE;
+ } else {
+ char *address;
+ address = open_temporary_reauthentication_channel (self,
+ seat_id,
+ session_id,
+ pid,
+ uid,
+ is_remote);
+ gdm_dbus_manager_complete_open_reauthentication_channel (GDM_DBUS_MANAGER (manager),
+ invocation,
+ address);
+ g_free (address);
+ }
+
+ return TRUE;
+ }
+
+ static void
+ manager_interface_init (GdmDBusManagerIface *interface)
+ {
+ interface->handle_open_session = gdm_manager_handle_open_session;
+ interface->handle_open_reauthentication_channel = gdm_manager_handle_open_reauthentication_channel;
+ }
+
+ static void
+ set_up_greeter_session (GdmManager *manager,
+ GdmDisplay *display)
+ {
+ char *allowed_user;
+ struct passwd *passwd_entry;
+--
+2.2.1
+
diff --git a/gdm.spec b/gdm.spec
index 8b51500..b986b4a 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -12,7 +12,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 3.14.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -21,6 +21,7 @@ URL: http://download.gnome.org/sources/gdm
Source: http://download.gnome.org/sources/gdm/3.14/gdm-%{version}.tar.xz
Source1: org.gnome.login-screen.gschema.override
Patch0: fix-pam-ecryptfs.patch
+Patch1: fix-user-switching.patch
BuildRequires: pkgconfig(libcanberra-gtk)
BuildRequires: pango-devel >= 0:%{pango_version}
@@ -107,6 +108,7 @@ files needed to build custom greeters.
%prep
%setup -q
%patch0 -p1 -b .fix-pam-ecryptfs
+%patch1 -p1 -b .fix-user-switching
autoreconf -i -f
intltoolize -f
@@ -296,6 +298,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
%{_libdir}/pkgconfig/gdm.pc
%changelog
+* Fri Jan 23 2015 Ray Strode <rstrode at redhat.com> 3.14.1-3
+- Fix user switching
+ Resolves: #1184933
+
* Fri Jan 16 2015 Ray Strode <rstrode at redhat.com> 3.14.1-2
- Fix pam_ecryptfs. unfortunately adds back gross last login messages.
Resolves: #1174366
More information about the scm-commits
mailing list