| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This commit updates the docs to mention the new
split authentication feature recently added.
|
|
|
|
|
| |
This commit adds a plugin to initiate a conversation when
smartcards are inserted.
|
|
|
|
|
| |
This commit adds a plugin to initiate a conversation for
fingerprint scans.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows extensions to drive which PAM conversations
get run and potentially augment the login window UI.
This commit adds one builtin extension that
does the traditional unified authentication thing, and
a plugin for password-only based authentication.
By default we use the builtin extension, but enable
the plugin with --enable-split-authentication
Subsequent commits will add support for fingerprint and smartcard
plugins.
|
|
|
|
|
|
|
|
| |
If pam_start() fails, that suggests the configured service
stack is failing independent of the user account.
This commit exposes that failure as "service unavailable"
instead of "authentication failed".
|
|
|
|
|
|
| |
We keep multiple conversations in the session now, keyed off of
which PAM service is at the other end. Much of the guts still
only operate on the first conversation added though.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now the greeter (and also the autologin code) has to say what
PAM stack it wants the slave to run. When that stack is ready,
we emit the Ready signal as before, but now the Ready signal
carries a string argument saying which service is ready to
converse.
When we support multiple PAM stacks, the greeter will call
StartConversation for each stack, and will keep the UI
associated with each stack disabled until the Ready signals
come back one-by-one.
|
|
|
|
|
| |
This way when we're running multiple PAM conversations at once
it will be obvious which worker is managing which conversation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to eventually support having multiple
simultaneous PAM conversations in one login
screen (so, e.g., username/password, smart card, and
fingerprint all work at the same time).
This commit refactors the session code to be in terms
of a conversation object. With this change, it should
be easier later to have multiple conversation objects.
The conversation is named by the pam service the login
screen is talking to.
|
|
|
|
|
|
|
| |
It's pretty old code that was designed to prevent
proceeding until the user had a chance to pick language,
etc. I don't think it's really relevant anymore, and it
adds some complexity to the code I'd rather not have.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GTK widgets must at all times report a size they can handle. So it is
not allowed to return 0 when not realized, because then size allocations
break when GTK uses this size for its widget.
In this case, GTK uses the pre-realize size to determine the size it
should request when creating the greeter window - chicken and egg so to
say.
This patch just uses the default monitor (I guess the root window's
monitor is the default monitor?) for determining the login window size.
One thing this patch doesn't do is add a call to gtk_widget_queue_resize()
from the realize callback or from monitor-changing signals, though
that's probably technically necessary.
https://bugzilla.gnome.org/show_bug.cgi?id=646498
|
|
|
|
| |
This gets around filename length limitations.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't rename .xsession-errors to .xsession-errors.old if the file is not a
regular file. The later code will truncate the file to zero anyway, so even in
that case the file won't grow indefinitely.
This is handy when the home directory is on NFS and you want to avoid network
contention when there are buggy programs which spam .xsession-errors.
Also drop the second check that .xsession-errors is a regular file even if the
opening succeeded. With that, we'd open a temporary .xsession-errors.XXXXXX
even if ~/.xsession-errors was perfectly writable (such as being a symlink to
/dev/null).
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=639527
Bug-Ubuntu: https://launchpad.net/bugs/771661
|
| |
|
| |
|
| |
|
|
|
|
|
| |
If we don't set this, it will use the default which can
cause weird behavior when building in a logged in session.
|
|
|
|
|
|
|
| |
This reverts commit 2108fbb01143a6cfd5847e9564f0f20bce00570c.
It was wrong. dconf uses both XDG_CACHE_HOME and XDG_CONFIG_HOME.
They both need to exist and be distinct.
|
|
|
|
|
|
| |
We now install some noop mime uri handlers, so this
commit makes sure they get uninstalled at uninstall
time as well.
|
|
|
|
| |
Later versions of dconf seem to stuff it there now.
|
|
|
|
|
|
|
|
|
| |
Starting with glib 2.28, we don't use gconf to find out which handler
should be used for a URI scheme, and we need to provide a custom MIME
configuration for the gdm user to ensure no default URI scheme handler
is used.
CVE-2011-1709
|
| |
|
| |
|
|
|
|
| |
This makes things a little easier for debugging problems.
|
|
|
|
|
|
|
|
|
|
|
| |
We were forcing the minimum height of the scrollable widget
to be the minimum height of the tree view. This meant the
scrollable widget would never "clamp" the tree view to a
reasonable size.
Downstream report here:
https://bugzilla.redhat.com/show_bug.cgi?id=703243
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=647336
|
| |
|
|
|
|
|
|
|
| |
It's left over from an era past; before two was
superceded by three; when black wasn't yet the new
black; when questions were asked more frequently than
they needed to be.
|
|
|
|
|
|
|
|
| |
If the user can't jump to an existing login screen, we should fail
instead of firing up a new one.
This way we don't get a stream of login screens from ssh users or
whatever.
|
|
|
|
| |
This will save master.gnome.org work when posting new releases.
|
|
|
|
|
| |
Earlier versions have some bugs that make GDM
crash, so probably better to just force this version.
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the top of the function we loop through "optional" environment
variables and set them in the welcome environment only if they are
already set in the slave environment.
After commit 62c19ec5d67bf3f4279607012d04f2ef948a63d5 WINDOWPATH
is optional now as well.
This commit consolidates the WINDOWPATH setting code with the other
optional environment variable code at the top.
|
| |
|
|
|
|
|
|
|
| |
latest username in the audit class. Then make sure to call this function
before auditing to ensure that username is always set. This fixes a problem
where audit would have a NULL value if it were obtained via PAM and not the
GUI.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Some PAM modules are really slow to shut down.
We need to handle them being slow to shut down better,
(by not blocking login on them shutting down etc), but
in the mean time force them to die immediately.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When PAM sends a message up to the greeter to show the user,
it shows it right away, immediately overwriting any previous
message.
This commit introduces a message queue, so that each pending
message gets a reasonable amount of time on screen for the user
to read.
https://bugzilla.gnome.org/show_bug.cgi?id=583856
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The greeter currently gives the go ahead for the session to start
as soon as the user has been authorized. Then the slave quickly
runs through the remaining hoops and the greeter gets promptly
killed.
This commit changes the logic so that the slave doesn't get the
go ahead to start the session until all the hoops have been
run through, and potential messages have been queued, and displayed.
https://bugzilla.gnome.org/show_bug.cgi?id=583856
|
|
|
|
|
|
|
| |
create_static_display checks for a NULL return value in a function
that can't return NULL.
This commit drops that check.
|
|
|
|
|
| |
/usr/bin/grep is correct on Solaris but not on Linux/sparc
https://bugzilla.gnome.org/show_bug.cgi?id=649415
|
|
|
|
| |
It's unused so get rid of it.
|
|
|
|
|
| |
It appears to be copy-and-paste mistake, or maybe it was relevant
before commit a736563893b6c99c900198afaeea1684bc8c1259 not sure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gtk falls back to non-symbolic icons before looking
for symbolic icons in parent icon themes.
For the greeeter panel, though, any symbolic icon is better than a
non-symblic icon, so that behavior is wrong.
This commit changes gdm to not check for fallbacks in the absense of
a symblic icon. The icons we care about are shipped in the base
icon theme anyway, so we can depend on them being available.
|
| |
|
| |
|
|
|
|
|
| |
We don't want any signal handlers to run after the widgets
they are meant for are destroyed.
|