| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
At the moment the user's session is stored in a property called
"XSession". This is pretty weird if the user is using wayland.
AccountService now supports a more generic property "Session" and
a related "SessionType" property to replace "XSession".
This commit switches GDM over to use the new properties.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's currently a way to disable wayland, but no way to disable Xorg.
We currently prefer wayland if it's not disabled, but have no way to
prefer Xorg without disabling wayland entirely.
There's currently no way use legacy Xorg support at all if user display
server support is enabled at a build time.
This commit adds more flexibility to display server selection. It adds
two new keys: XorgEnable and and PreferredDisplayServer.
XorgEnable=false disables Xorg support entirely on seat 0.
PreferredDisplayServer can be set to "wayland", "xorg", "legacy-xorg" or
"none" to select which display server is used by default. If it's set to
"wayland", it will fall back to "xorg". If it's set to "xorg" it will
fall back to "wayland".
|
| |
|
|
|
|
|
|
| |
We used the same signal (session-start-failed) when we had both session
starting and opening failures.
This may lead to wrong behaviors, so let's introduce another signal to
notify such state.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're currently emitting verification-complete signal as soon as we
got a positive authentication callback from the worker, however at this
point we've not opened the session yet, and if that fails we'll end up
in a scenario where gdm assumed that we're logging in, and so its
greeter is shut down and never restarted on its VT until we manually
switch back and forth from it. Meanwhile the session opening failure is
never exposed to the user.
So, do not emit verification-completed on logins, until we've opened
the session.
However, re-order the session-opened callback events so that we keep
notifying verification-complete before than session-opened.
This basically reverts commit c4292870 (again).
Fixes: https://gitlab.gnome.org/GNOME/gdm/-/issues/712
|
| |
|
|
|
|
|
|
|
|
|
| |
We would not initialize the DBus error domain before we retrieved the
first error, but only did so to compare the error after receiving them.
This means that the first error we received will not be resolved
correctly, while all subsequent ones are resolved.
Fix this by calling GDM_SESSION_WORKER_ERROR from gdm_session_class_init
and add gdm_dbus_error_ensure to make sure this can never be optimized
away.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a service has returned PAM_MAXTRIES error code we should both emit
the error message and also ensure that this service isn't marked as
available again for the current session, to prevent us to restart the
authentication of it.
An example of this can be the PAM fprintd module that will return us a
max retries error when the user tried to use his finger more times than
configured. In such scenario we want to both prompt the error to the
user and prevent that this module is used again if the user can still
use other authentication methods.
So add an error specialization for PAM_MAXTRIES and threat it as service
unavailable error when emitting it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
XDMCP login screens get a "Remote Geeter Interface" exported over
the bus connection (so the login window can provide a Disconnect
button).
This interface is getting leaked when the session object is disposed,
leaving the bus connection itself undisposed, which causes an fd
leak.
This commit plugs the interface leak, and thus the fd leak.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a workaround for the fact that we currently need to run multiple
greeter sessions in multi-seat environments that use the same user. We
should not be doing this in the first place. Doing this effectively
prevents GNOME from using a systemd startup, which would cause relevant
processes to be outside of the session scope preventing lookups of the
logind session from the PID.
Instead, we really should be running each of the greeter session as a
separate (dynamic) user. But lacking that, this workaround should get
multi-seat support up and running again for the time being.
See: #526
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recording when sessions start, for Wayland → Xorg fallback or
transitioning to the user session, is currently done with timeouts.
This isn't ideal, because on some very slow machines the timeout can be
hit before the session has had a chance to fail: if gnome-session takes
more than 3 seconds to fail then the session will be considered to have
exited rather than failed, and so we don't do Xorg fallback.
We can do this more reliably if we allow sessions to optionally register
themselves with GDM. Then we will know when they've started, so can shut
down the greeter or fall back to Xorg as appropriate. The mechanism is
that they specify X-GDM-SessionRegisters=true in their file, and then
call RegsterSession on the DisplayManager interface on the bus (added in
the previous commit) to say that they've started up.
If X-GDM-SessionRegisters is missing or false, GDM will call the same
method for them after 10 seconds.
Closes: #483
|
| |
|
|
|
|
|
| |
If a client has a reference to a session that starts running,
refuse to allow further operations on the session.
CVE-2019-3825
|
| |
|
|
|
|
|
|
| |
There's a bug right now dealing with timed login and reauthentication,
but it's not clear what's going on by looking at the logs.
This commit sprinkles some more logging throughout the code, to make
the bug easier to track.
|
| |
|
|
| |
This prevents strings from being unnecessarily copied.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Right now if the session-worker crashes, we fail to close the
worker's dbus connection.
This commit addresses the problem by making sure the conversation
is explicitly closed at the time it's freed.
Closes https://gitlab.gnome.org/GNOME/gdm/issues/388
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 572a19324b75cc1f1b2db4908e2d7c9f06e4e335.
It turns out we need this call for more than just the session type,
we also need to it to inform the greeter about the default session
to use.
https://bugzilla.gnome.org/show_bug.cgi?id=793609
|
| |
|
|
|
|
|
| |
It's only needed to update the session type, which we do
earlier in the function anyway.
https://bugzilla.gnome.org/show_bug.cgi?id=789722
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds one PAM extension, a "Choice List" using the
new PAM_BINARY_PROMPT protocol added in the previous commit. The
PAM module sends a list of (key, row text) pairs, and GDM ferries
the request to gnome-shell using a new user verifier sub-interface.
gnome-shell should present the list to the user and pass back the
corresponding key, which GDM ferries back to the PAM module.
Note this commit is only the daemon side. A subsequent commit will
add the libgdm API needed for gnome-shell to actually deal with
this new PAM extension.
https://bugzilla.gnome.org/show_bug.cgi?id=788851
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This abuses PAM_BINARY_PROMPT for our own nefarious purposes.
The way it works is GDM advertises what "extensions" it supports
with the environment variable, GDM_SUPPORTED_PAM_EXTENSIONS (a space
separated list of reverse dns notation names). PAM services that
support this protocol, will read the environment variable, and
check for extension strings they support. They then know that sending
PAM_BINARY_PROMPT won't blow up, and know what format to use for the
binary data. The type field of the structure is the index of the
string from the environment variable.
This commit is just foundation work. It doesn't actually add any
extensions.
https://bugzilla.gnome.org/show_bug.cgi?id=788851
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Right now the worker interface has three methods for starting
a conversation: Setup, SetupForUser, SetupForProgram
Each of these method calls take a large number of overlapping arguments.
Extending these argument lists is painful and breaks upgrades.
This commit adds a new, fourth call, Initialize, which supercedes the
others and just takes a vardict, which is much more extensible.
https://bugzilla.gnome.org/show_bug.cgi?id=788851
|
| |
|
|
|
|
|
|
|
| |
Use EXIT_ defines for readibility.
There were some exit codes > 1, but they don't seem to be checked by any of the
parent process code. This does mean that the logs might have changed, but
modern logging techniques have probably made this obsolete.
https://bugzilla.gnome.org/show_bug.cgi?id=788307
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eventually, our software should become "multi-seat aware",
where it takes into account multiple seats at a time
for the user (even if it's just putting up a dialog saying
"user is busy" on all but one seat).
We're not there yet. And user bus currently breaks XDMCP
(which should really spawn session with its own separate user,
but again, we're not there yet).
This commit changes GDM to start a session bus for all non-seat0
displays, as a near-term workaround.
https://bugzilla.gnome.org/show_bug.cgi?id=787943
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's a bug when changing the language of the login screen to a different
one than the user session's language, which causes the new language to be
used both in the login screen AND the user session if you simply logout and
then re-login without rebooting. Restarting the machine after that point
normalizes things, getting the new language used only in the login screen
but not in the user session.
Making sure that the user language is always saved by the session seems
without checking whether is the same than the default language fixes this.
Based on a patch by Felipe Erias Morandeira <femorandeira@igalia.com>
https://bugzilla.gnome.org/show_bug.cgi?id=786422
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the user has not ever selected a session from the selector, we will
log them into the `fallback' session, which is calculated by looking at
all installed sessions and picking the first one in the list.
There is a bug that the visually selected session presented in the
greeter can be different from the fallback session calculated inside
GDM. This happens because the two sort sessions differently.
Inside GDM we calculate the fallback session by comparing the full
basename of the file:
>>> GLib.strcmp0("gnome-xorg.desktop", "gnome.desktop")
-1
Whereas gnome-shell calls gdm_get_session_ids(), which returns IDs
without the ".desktop" extension. Those are then sorted:
>>> GLib.strcmp0("gnome-xorg", "gnome")
45
which gives a different ordering.
Fix this bug by calculating the fallback session in the same way, by
removing ".desktop" from the filename.
https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1705157
https://bugzilla.gnome.org/show_bug.cgi?id=787304
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--disable-user-display-server
get_system_session_dirs is function that says which directories to
search for session desktop files. The returned directories may
be xsession dirs, wayland-session dirs, or both, depending on
configuration.
A bug in this function means an unused NULL sentinal value from the
xsession list of directories is getting copied into the middle of
the output list, when --disable-user-display-server is passed to
configure.
This commit corrects the bug, by dropping the unused sentinal value.
Launchpad-Bug: 1704050
https://bugzilla.gnome.org/show_bug.cgi?id=784891
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently update the session type (to either wayland or
x11) when we first start the PAM conversation and later when
the username is set (if the user is not set at the same time as
the PAM conversation).
There's a race that means the session won't necessarly have been
read from accountsservice at these points.
This commit changes the code to instead update the session type
in result to the session actually getting read.
https://bugzilla.gnome.org/show_bug.cgi?id=781825
|
| |
|
|
|
|
|
|
|
|
|
| |
Right now the first time the session search dirs are requested, they
are computed and cached. That leaves them stale if the ignore-wayland
flag changes, which breaks fallback mode in some cases.
This commit fix the problem by always computing the session search dirs
in full, with no caching.
https://bugzilla.gnome.org/show_bug.cgi?id=780518
|
| |
|
|
|
|
|
|
|
|
|
| |
commit 5b1e625417c274823c66a552f37d912986fc34d8 changed how the
default session path was computed. It inadvertently dropped
support for the ignore-wayland flag, breaking fall back to X in
scenarios where wayland doesn't work.
This commit fixes the code to again honor ignore-wayland.
https://bugzilla.gnome.org/show_bug.cgi?id=779338
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some deployments need to be able to turn off running X servers as a
user for backward compatibility.
This commit adds some #ifdef goop to that end.
Note wayland requires running as the user, so this option, merely
deprioritizes wayland sessions under X sessions.
https://bugzilla.gnome.org/show_bug.cgi?id=779338
|
| |
|
|
|
|
|
|
| |
The current mechanism of assuming the wayland-sessions path is
the first element of the array isn't very conducive to reprioritizing
wayland sessions. This commit changes the code to use a GArray instead.
https://bugzilla.gnome.org/show_bug.cgi?id=779338
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If a user has never logged in before and they login using autologin,
then we don't select the correct session type if they end up
with a wayland session. This is because we fail to initialize
the session type based on the default session type.
This commit changes the code to update the session type anytime the
session defaults are reset.
https://bugzilla.gnome.org/show_bug.cgi?id=761785
|
| |
|
|
|
|
|
| |
We're currently leaking the hash table when disposing the
session, this commit fixes that.
https://bugzilla.gnome.org/show_bug.cgi?id=754814
|
| |
|
|
|
|
|
|
|
|
|
| |
The only reference to session objects gets cleaned up when
verification-complete is emitted, which happens in the middle
of the establish_credentials handler.
This commit makes sure the session object stays alive until the
handler completes to prevent a crash.
https://bugzilla.gnome.org/show_bug.cgi?id=754814
|
| |
|
|
|
|
|
|
|
|
| |
Right now we only emit verification-complete when the a user
successfully reauthenticates. We should also do it when they
successfully initially authenticate.
This commit fixes that.
https://bugzilla.gnome.org/show_bug.cgi?id=754814
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We figure out the XDG_CURRENT_DESKTOP by looking at the session that's
use for login. For the greeter, we don't use a session, at all, but
instead a directly specified program. Still, we're determining the
XDG_CURRENT_DESKTOP for the greeter based on what default session
gets picked. On KDE only setups, the greeter will get marked as
a KDE session which will prevent gnome-settings-daemon from starting
properly.
This commit changes the code so that greeter sessions, don't rely
on the default session desktop file.
https://bugzilla.gnome.org/show_bug.cgi?id=760943
|
| |
|
|
|
|
|
|
| |
If no session desktop file can be found in the search path, we are
doomed. Crash nicely with g_error rather than continuing on to call
g_sequence_get with an invalid GSequenceIter.
https://bugzilla.gnome.org/show_bug.cgi?id=760548
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
gdm_session_get_display_mode is longer and more confusing than it
needs to be. This commit, consolidates code paths together and
adds a more descriptive comment explaining why NEW_VT display
mode is used for everything but non-seat0 seats.
Based on a patch and bug report by
Michael Catanzaro <mcatanzaro@gnome.org>
https://bugzilla.gnome.org/show_bug.cgi?id=760415
|
| |
|
|
|
|
|
|
| |
We need to cancel ongoing async ops for worker proxies when freeing
conversations or we'll crash when the completion handler runs and we
access free'd memory.
https://bugzilla.gnome.org/show_bug.cgi?id=758032
|
| |
|
|
|
|
|
| |
We don't want an outstanding reference on the worker proxy to lead to
signal handlers getting dispatched after the conversation is freed.
https://bugzilla.gnome.org/show_bug.cgi?id=758032
|
| |
|
|
|
|
|
|
| |
We previously only did it if the session name was different,
but now it's possible to have sessions of both types with the
same name.
https://bugzilla.gnome.org/show_bug.cgi?id=757715
|
| |
|
|
|
|
|
| |
If two sessions have the same name, give the wayland one
priority, unless wayland sessions are being ignored.
https://bugzilla.gnome.org/show_bug.cgi?id=757715
|
| |
|
|
|
|
|
|
|
|
|
| |
We're going to want to be able to exclude wayland
sessions from the search path if the manager deems it
necessary.
This commit adds a property to GdmSession to give the
manager that ability.
https://bugzilla.gnome.org/show_bug.cgi?id=757715
|
| |
|
|
|
|
|
|
| |
We're going to need to look at session state in the future.
This commit preps the way forward, for that by, making sure
the state object is available.
https://bugzilla.gnome.org/show_bug.cgi?id=757715
|
| |
|
|
|
|
|
|
|
|
|
|
| |
custom is a magic name we used to allow
for having the user decide their session by
a ~/.xsession file. We no longer support that
construct and haven't for many years. Instead,
users who want that functionality can just add
a xsession file to accomplish it.
This commit just removes some left over cruft that
never got cleaned up.
|
| |
|
|
|
|
|
|
| |
I really don't want
$ git grep slave
to return hits.
|
| |
|
|
| |
This reverts commit 76e2a54a1ef6cb8783844ce11efcf694e220a840.
|
| |
|
|
|
|
|
|
|
|
| |
Right now we only emit verification-complete when the a user
successfully reauthenticates. We should also do it when they
successfully initially authenticate.
This commit fixes that.
https://bugzilla.gnome.org/show_bug.cgi?id=754814
|
| |
|
|
|
|
|
|
|
|
|
|
| |
commit cab736cfb32aa25677287ff261ae1cb11f036e89 introduced a
bug that leads to GDM_LANG getting set to gibberish. This
causes spew to the log and, in some cases, prevents successful
login.
This commit addresses the problem by duplicating a string that
is, otherwise, freed before its second use.
https://bugzilla.gnome.org/show_bug.cgi?id=754033
|
| |
|
|
|
|
|
|
|
|
| |
Right now we're not picking up changes to locale.conf completely
at runtime.
This commit moves reading locale.conf to a different place in the
code, so that it's more effectively read and used.
https://bugzilla.gnome.org/show_bug.cgi?id=751865
|
