diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | daemon/slave.c | 2 | ||||
-rw-r--r-- | daemon/slave.h | 2 | ||||
-rw-r--r-- | daemon/verify-pam.c | 32 |
4 files changed, 31 insertions, 15 deletions
@@ -1,3 +1,13 @@ +Thu May 06 15:33:01 2004 George Lebl <jirka@5z.com> + + * daemon/verify-pam.c, daemon/slave.[ch]: Fix #119853 thanks to + investigation by Frederic Crozat. PAM sometimes doesn't + go away after we tell it to and keeps asking questions even though + we want it to shut up and die. So just keep telling it until + we succeed in pissing it off enough to go away. Also + change the name of the _should_complain function to _action_pending + since that's more appropriate + Thu May 06 15:18:07 2004 George Lebl <jirka@5z.com> * daemon/verify-pam.c: attempt to fix #126984 and possibly others diff --git a/daemon/slave.c b/daemon/slave.c index 9f55b907..f5a2d81c 100644 --- a/daemon/slave.c +++ b/daemon/slave.c @@ -5208,7 +5208,7 @@ gdm_slave_greeter_check_interruption (void) } gboolean -gdm_slave_should_complain (void) +gdm_slave_action_pending (void) { if (do_timed_login || do_configurator || diff --git a/daemon/slave.h b/daemon/slave.h index 1da81ccd..3c49b2f3 100644 --- a/daemon/slave.h +++ b/daemon/slave.h @@ -27,7 +27,7 @@ void gdm_slave_start (GdmDisplay *d); void gdm_slave_greeter_ctl_no_ret (char cmd, const char *str); char *gdm_slave_greeter_ctl (char cmd, const char *str); gboolean gdm_slave_greeter_check_interruption (void); -gboolean gdm_slave_should_complain (void); +gboolean gdm_slave_action_pending (void); void gdm_slave_send (const char *str, gboolean wait_for_ack); void gdm_slave_send_num (const char *opcode, long num); diff --git a/daemon/verify-pam.c b/daemon/verify-pam.c index 7c21d1fa..21cdb0b2 100644 --- a/daemon/verify-pam.c +++ b/daemon/verify-pam.c @@ -141,6 +141,12 @@ gdm_verify_pam_conv (int num_msg, const struct pam_message **msg, if (reply == NULL) return PAM_CONV_ERR; + /* Should never happen unless PAM is on crack and keeps asking questions + after we told it to piss off. So tell it to piss off again and + maybe it will listen */ + if ( ! gdm_slave_action_pending ()) + return PAM_CONV_ERR; + memset (reply, 0, sizeof (struct pam_response) * num_msg); /* Here we set the login if it wasn't already set, @@ -408,7 +414,7 @@ create_pamh (GdmDisplay *d, /* Initialize a PAM session for the user */ if ((*pamerr = pam_start (service, login, conv, &pamh)) != PAM_SUCCESS) { pamh = NULL; /* be anal */ - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Unable to establish service %s: %s\n"), service, pam_strerror (NULL, *pamerr)); return FALSE; @@ -416,7 +422,7 @@ create_pamh (GdmDisplay *d, /* Inform PAM of the user's tty */ if ((*pamerr = pam_set_item (pamh, PAM_TTY, display)) != PAM_SUCCESS) { - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Can't set PAM_TTY=%s"), display); return FALSE; } @@ -426,7 +432,7 @@ create_pamh (GdmDisplay *d, /* From the host of the display */ if ((*pamerr = pam_set_item (pamh, PAM_RHOST, d->hostname)) != PAM_SUCCESS) { - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Can't set PAM_RHOST=%s"), d->hostname); return FALSE; @@ -563,7 +569,7 @@ authenticate_again: } if (started_timer) gdm_slave_greeter_ctl_no_ret (GDM_STOPTIMER, ""); - if (gdm_slave_should_complain ()) { + if (gdm_slave_action_pending ()) { /* FIXME: see note above about PAM_FAIL_DELAY */ /* #ifndef PAM_FAIL_DELAY */ gdm_sleep_no_signal (GdmRetryDelay); @@ -588,7 +594,7 @@ authenticate_again: /* is not really an auth problem, but it will pretty much look as such, it shouldn't really happen */ - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't authenticate user")); goto pamerr; } @@ -654,7 +660,7 @@ authenticate_again: error_msg_given = TRUE; goto pamerr; default : - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't set acct. mgmt for %s"), login); goto pamerr; } @@ -675,7 +681,7 @@ authenticate_again: pamerr = pam_setcred (pamh, PAM_ESTABLISH_CRED); if (pamerr != PAM_SUCCESS) { did_setcred = FALSE; - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't set credentials for %s"), login); goto pamerr; } @@ -689,7 +695,7 @@ authenticate_again: opened_session = FALSE; /* we handle this above */ did_setcred = FALSE; - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't open session for %s"), login); goto pamerr; } @@ -710,7 +716,7 @@ authenticate_again: /* The verbose authentication is turned on, output the error * message from the PAM subsystem */ if ( ! error_msg_given && - gdm_slave_should_complain ()) { + gdm_slave_action_pending ()) { /* I'm not sure yet if I should display this message for any other issues - heeten */ if (pamerr == PAM_AUTH_ERR || pamerr == PAM_USER_UNKNOWN) { @@ -842,7 +848,7 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, const gchar *display, /* Start authentication session */ did_we_ask_for_password = FALSE; if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) { - if (gdm_slave_should_complain ()) { + if (gdm_slave_action_pending ()) { gdm_error (_("Couldn't authenticate user")); gdm_error_box (cur_gdm_disp, GTK_MESSAGE_ERROR, @@ -902,7 +908,7 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, const gchar *display, _("\nThe system administrator has disabled your access to the system temporary.")); goto setup_pamerr; default : - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't set acct. mgmt for %s"), login); goto setup_pamerr; } @@ -925,7 +931,7 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, const gchar *display, pamerr = pam_setcred (pamh, PAM_ESTABLISH_CRED); if (pamerr != PAM_SUCCESS) { did_setcred = FALSE; - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't set credentials for %s"), login); goto setup_pamerr; } @@ -940,7 +946,7 @@ gdm_verify_setup_user (GdmDisplay *d, const gchar *login, const gchar *display, /* Throw away the credentials */ pam_setcred (pamh, PAM_DELETE_CRED); - if (gdm_slave_should_complain ()) + if (gdm_slave_action_pending ()) gdm_error (_("Couldn't open session for %s"), login); goto setup_pamerr; } |