| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds one PAM extension, a "Choice List" using the
new PAM_BINARY_PROMPT protocol added in the previous commit. The
PAM module sends a list of (key, row text) pairs, and GDM ferries
the request to gnome-shell using a new user verifier sub-interface.
gnome-shell should present the list to the user and pass back the
corresponding key, which GDM ferries back to the PAM module.
Note this commit is only the daemon side. A subsequent commit will
add the libgdm API needed for gnome-shell to actually deal with
this new PAM extension.
https://bugzilla.gnome.org/show_bug.cgi?id=788851
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This abuses PAM_BINARY_PROMPT for our own nefarious purposes.
The way it works is GDM advertises what "extensions" it supports
with the environment variable, GDM_SUPPORTED_PAM_EXTENSIONS (a space
separated list of reverse dns notation names). PAM services that
support this protocol, will read the environment variable, and
check for extension strings they support. They then know that sending
PAM_BINARY_PROMPT won't blow up, and know what format to use for the
binary data. The type field of the structure is the index of the
string from the environment variable.
This commit is just foundation work. It doesn't actually add any
extensions.
https://bugzilla.gnome.org/show_bug.cgi?id=788851
|
| |
|
|
|
|
|
|
| |
I really don't want
$ git grep slave
to return hits.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously we would emit the timed-login-requested signal after the
client connects, which might be before it was listening for the
signal.
Now we only emit the signal in direct response to a GetTimedLoginDetails
call, which we make implicitly when the appropiate proxy interface is
set up.
https://bugzilla.gnome.org/show_bug.cgi?id=680348
|
| |
|
|
|
|
|
| |
These days the greeter doesn't let you pick a language at log in time.
This commit drops the interface, since it's unused, and we don't have
any API guarantees in libgdm.
|
| |
|
|
|
|
|
|
|
|
|
| |
front"
This reverts commit 67235fd797e5b9a88178f4733551814b61a4711b.
As pointed out by Giovanni, this code is incorrect, as PAM_AUTHTOK
doesn't work when not in a PAM module.
https://bugzilla.gnome.org/show_bug.cgi?id=678057
|
| |
|
|
|
|
|
|
| |
Some PAM modules can be told their password ahead of time to prevent them
having to ask later. This is accomplished by setting the PAM_AUTHTOK item
before calling pam_authenticate.
https://bugzilla.gnome.org/show_bug.cgi?id=678057
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Before, the session worker and session communicated by a series of signals
and methods... but backwards. The session worker would listen for a series
of signals sent out by the session, and respond back by calling methods on
it. This requires a lot of annoying, silly manual labor when trying to add
another method to the API.
So, reverse the API so that the worker manager calls async methods on the
worker itself.
https://bugzilla.gnome.org/show_bug.cgi?id=678057
|
| |
|
|
|
|
| |
These are all dead signals that never got removed.
https://bugzilla.gnome.org/show_bug.cgi?id=678057
|
| |
|
|
|
|
| |
This allows the setup session to pass the gdm-initial-setup user.
https://bugzilla.gnome.org/show_bug.cgi?id=678057
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds reauthentication support for
screensavers and user switching to use.
1) It adds a "verification mode" argument to the GdmSession constructor
that tweaks the behavior of how the session worker acts to fit login or
unlock scenarios better.
2) It adds a way for programs to open a communication channel for user
verification to already runnings sessions (so reauthentication happens
in the context of the session).
|
| |
|
|
|
| |
It's needed by ConsoleKit and it will be needed for
starting reauthentication sessions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One goal for GNOME 3.6, is to replace the screen locking functionality
provided by gnome-screensaver with redesigned functionality provided
by gnome-shell.
At the same time, it makes sense to consolidate the yucky PAM
authentication code to one place (GDM).
Right now only greeters can talk to GDM. At the time the greeter is
started, the slave sets up a private communication channel which the
greeter then connects to for initiating communication.
This commit adds a new method to the org.gnome.DisplayManager.Manager
interface that allows opening a private connection to the slave that
is associated with the currently running session. That slave exports
the session object over the bus that greeters can interact with the
session as appropriate. This interface replaces the
GDM_GREETER_DBUS_ADDRESS environment variable that used to to be used
for connecting the greeter to the slave.
This commit also drops gdm-greeter-server and gdm-chooser-server which
don't fit the new model, and are really just thin middle men that don't do
anything important.
Furthermore, this commit splits GdmSession interfaces 3 orthogonal parts
up into 3 separate interfaces on the session object.
A future commit will make this interface work for screensavers/reauthentication.
Based on work by Giovanni Campagna <gcampagna@src.gnome.org>
https://bugzilla.gnome.org/show_bug.cgi?id=676381
|
|
|
GdmSession is an object in the slave that manages
the various session worker processes. Each session
worker process talks to PAM to perform authentication
for the user. For instance, if the user has a fingerprint
reader, then there will normally be two worker processes,
one for handling fingerprint auth, and one for handling
password auth. GdmSession is the interface layer in the
slave to talking to those running worker processes.
This commit ports GdmSession over to GDBus from dbus-glib.
https://bugzilla.gnome.org/show_bug.cgi?id=622888
|
