| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds reauthentication support for
screensavers and user switching to use.
1) It adds a "verification mode" argument to the GdmSession constructor
that tweaks the behavior of how the session worker acts to fit login or
unlock scenarios better.
2) It adds a way for programs to open a communication channel for user
verification to already runnings sessions (so reauthentication happens
in the context of the session).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The GdmManager object controls the GdmLocalDisplayFactory and
GdmXdmcpDisplayFactory singleton objects, which manage displays on local
VTs and displays on remote machines respectively.
Another role of the GdmManager object is to aggregate and export the
displays currently being managed by those display factories over the
system bus.
This commit moves GdmManager over to using GDBus and the
GDBusObjectManager interface for display enumeration.
https://bugzilla.gnome.org/show_bug.cgi?id=622888
|
|
|
|
|
|
|
|
| |
This is one big commit because it uses generated code both
in the daemon and in the slaves, so we need to port both at the
same time.
https://bugzilla.gnome.org/show_bug.cgi?id=622888
|
|
|
|
|
| |
We now start it in the greeter session, but polkit doesn't
ship an agent desktop file, so ship our own.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PAM files that ship with GDM are really specific to Red Hat's
historical fork of pam. For example, the "system-auth" file still
lives in the Fedora 17 "pam" git. A long while back, Debian hit the
same problem, and of course the difference is the naming;
common-auth/common-password etc.
OpenEmbedded then picked up Debian's PAM fork. Since for OSTree-GNOME
we're using Poky/OpenEmbedded, let's add an option to integrate with
their PAM.
We use code similar to what NetworkManager has, so we should keep
using the Red Hat files on systems with /etc/redhat-release or
/etc/fedora-release.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build system was inconsistent in its handling of pam files. The
multistack files had names ending in .pam, which we copied to an
unsuffixed file, and installed via pam_DATA. The non-multistack files
had unsuffixed filenames in the source, which we installed manually
via install-data-local.
Let's clean this up by naming every file with ".pam", and do the
rename when we put them in the install root. This is faster and
requires less makefile boilerplate to copy the files during the build
process.
Note: This also drops the previous crappy implementation of a
configuration management scheme where we only installed the files if
they didn't already exist. I'm not aware of anyone who actually uses
'make install' for gdm and cares about that semantic.
Finally, because all of these pam files are Red Hat specific, move
them to a separate pam-redhat directory, to ease the addition of a
future patch which adds PAM files for different systems.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
|
|
|
|
| |
That's where the other two are after all.
|
|
|
|
|
|
|
|
|
| |
The shell session has a policykit agent since gnome-shell plays this
role. This is not, however, the case of the fallback session which needs
an agent of its own. Otherwise you can’t shutdown a system if there’s
someone else logged on.
https://bugzilla.gnome.org/show_bug.cgi?id=678718
|
|
|
|
|
|
|
|
|
| |
Leading up to gnome 3.2 we tried to detect whether or not the user
had a new enough gnome-shell to support the shell based login screen.
We're leading up to 3.6 now, we don't need this hack anymore.
This commit drops it.
|
|
|
|
| |
Command 38b2df058c9d0237a6398675ca6401cf2b043015 was incomplete.
|
|
|
|
|
| |
gnome-shell no longer accepts a --gdm-mode commandline option.
Instead, it now accepts --mode=gdm.
|
|
|
|
|
|
|
|
| |
This commit moves the fallback greeter and daemon away from gconf.
Some changes from Ray Strode.
https://bugzilla.gnome.org/show_bug.cgi?id=635375
|
|
|
|
|
|
|
|
|
|
|
| |
It adds a lot of packaging pain and confusion for distributors,
and the bulk of the gain from it could be fixed by adding a
setting to gnome-settings-daemon.
Instead, just ship a static list of settings.
Distros will still need to run dconf update in their post transaction
hooks, however.
|
|
|
|
|
| |
There's really no point in updating the dconf db
if we haven't changed it.
|
|
|
|
|
|
| |
dist-hook was referencing files it didn't depend on explicitly.
Also, linearize the dep tree of those files so that in parallel
make setups we don't end up running the generation script twice.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many distros do:
xhost +si:localuser:`id -un`
in there local start up scripts. This allows users connected
via ssh (or a tty) to just set DISPLAY and gain access to any
X servers that are running that they "own" without having to
mess around with XAUTHORITY.
This commit puts the equivalent change upstream.
https://bugzilla.gnome.org/show_bug.cgi?id=651431
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a disable-user-list key that the greeter can read
to know to disable the user list.
Note, neither the shell greeter or the fallback greeter support
reading the key. That will happen in follow up commits.
https://bugzilla.gnome.org/show_bug.cgi?id=660660
|
|
|
|
|
|
|
| |
The non-fallback greeter uses them, too, so they shouldn't
be in the fallback greeter source directories.
https://bugzilla.gnome.org/show_bug.cgi?id=660491
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently generate a complete, binary dconf database
as part of the install process.
In general, system administrators can change dconf
settings system-wide using a mechanism described here:
https://live.gnome.org/dconf/SystemAdministrators
Unfortunately, because of the way we generate our database,
any administrator overrides will get discarded during
package upgrade, and likewise, our carefully vetted database
will get destroyed on any site administrator updates.
Rather than step on each others toes, this commit changes
GDM to use the same mechanism described above. This should
make upstream defaults and system defaults coexist much
better.
Note, the mechanism used isn't quite as featureful as we
would really like. It doesn't support wildcards or changing
whole subtrees at a time. That means, in theory, if a new
plugin gets added to settings daemon it could be marked active
at the login screen without being vetted first.
To circumvent this, we add a layer of indirection in and some
gross shell scripting to give us the features we need.
Distributions should probably run
/usr/libexec/gdm-update-dconf-db \
gdm \
/usr/share/gdm/upstream-settings \
00-upstream-settings
In there post transaction hooks, but at a minimum need to run
dconf update.
|
|
|
|
|
|
|
|
|
|
| |
Add back commit 4892c9447324f2248ce944f150abe3143f78eaa3
This commit does a quick check to make sure gnome-shell is
installed, and supports --gdm-mode. If either of those fail,
then fall back to the old greeter.
https://bugzilla.gnome.org/show_bug.cgi?id=660409
|
|
|
|
|
|
|
|
|
|
| |
If an administrator wants to set settings
at the login screen they need to drop a special
file in /etc/dconf/db/gdm.d and run dconf update.
We don't create the directory for them though.
This commit creates that directory so the admin
doesn't have to.
|
|
|
|
|
|
|
|
|
| |
The shell greeter needs a setting to be able to look up a
possible logo to use. Rather than put it in the shell, we'll
put it here, so we can potentially make the fallback greeter
read the same setting.
https://bugzilla.gnome.org/show_bug.cgi?id=658062
|
|
|
|
|
|
|
|
|
| |
The shell greeter needs to be able to disable fingerprint
authentication, just as the fallback greeter does. This
commit moves that setting (and its cousin for smartcards)
to a central location.
https://bugzilla.gnome.org/show_bug.cgi?id=657823
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This effectively reverts commit fdc07aee1e7c15741a3fd8c4179bfa7ccabdc700
The reason is two fold:
1) it may cause problems for distros that ship the mutter binary in a
subpackage separate from libmutter
2) it was meant to make life a little easier for distributors for the
3.1.90 release. That release is over now, and it didn't actually
make life any easier for distributors anyway because of other bugs.
https://bugzilla.gnome.org/show_bug.cgi?id=658429
|
|
|
|
|
|
|
|
| |
This was a copy-and-paste mistake I think.
Spotted by vuntz.
https://bugzilla.gnome.org/show_bug.cgi?id=658429
|
|
|
|
|
|
|
|
| |
Right now we hard code the session to gdm-shell which
prevents users from forcing fallback.
This commit changes gnome-session to load the session
from settings, and changes the default in settings to gdm-shell.
|
|
|
|
|
|
|
|
| |
This reverts commit 43c6eff12d5c6ab346f79f8ad2fe80963057e201.
GDM needs to be able to do an orderly logout of the greeter
gnome-session as part of the login process, so locking down
log out isn't a good idea.
|
|
|
|
|
|
|
|
|
|
|
|
| |
It never makes sense to offer log out when you are not logged in,
and setting this lockdown key is an easy way to make gnome-sessions
'fail whale' dialog more appropriate for the login session. With
this key set, it will just say
A problem has occurred and the system can't recover.
Please contact a system administrator
https://bugzilla.gnome.org/show_bug.cgi?id=658552
|
|
|
|
|
|
| |
For tablet computers.
https://bugzilla.gnome.org/show_bug.cgi?id=652113
|
|
|
|
|
|
|
|
| |
They both had bugs out the gate that would make the
new greeter not work.
https://bugzilla.gnome.org/show_bug.cgi?id=657692
http://git.gnome.org/browse/gnome-shell/commit/?id=612b9e9f
|
|
|
|
|
| |
It's generated and contains hard coded paths,
so don't put it in the disted tarball.
|
|
|
|
|
| |
- run pam_loginuid first thing
- add a password stack just for completeness
|
|
|
|
|
|
| |
I forgot to add these sections in when reformulating
the patch in bug 655867 but failed to notice since
my installed gdm-welcome was fine.
|
|
|
|
| |
It was overzealously dropped in commit 48705a
|
|
|
|
| |
This reverts commit 1438f9b2dc7e545101ed4e4312653ce168f5bfa7.
|
|
|
|
| |
.gitignore was preventing it from being added before.
|
| |
|
|
|
|
|
| |
This commit removes two files from the CLEAN_FILES list
that are checked into version control.
|
| |
|
|
|
|
|
|
| |
This commit does a quick check to make sure gnome-shell is installed,
and supports --gdm-mode. If either of those fail, then fall back
to the old greeter.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now before launching the greeter, we create this
little ad hoc session that only runs through some of the
OS machinery for session registration.
This means not only is there duplicate code with GDMs
real session handling functions, but the greeter is
potentially running in an incomplete session.
This commit, inspired by the work of Lennart and Kay,
changes GDM to run its greeter session through a session
worker just like any other session.
|
|
|
|
|
| |
This commit changes gdm to first try running gnome-shell in
--gdm-mode and fallback to the existing way.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before we were doing some sort of weird hybrid thing with
a session file and an autostart directory that wasn't that
much different than just having an autostart directory by
itself.
Now we fully define the session component list from the session
file, and merely provide a pool of new candidate desktop files to
select that sessoin from.
This modernizes how we use gnome-session and as a side-effect
enables us the ability to have fallback sessions (which will
be important when defaulting to a shell based greeter later).
|
|
|
|
|
| |
The key is no longer necessary in recent versions of
gnome-power-manager.
|
|
|
|
|
| |
If we don't set this, it will use the default which can
cause weird behavior when building in a logged in session.
|
|
|
|
|
|
|
| |
This reverts commit 2108fbb01143a6cfd5847e9564f0f20bce00570c.
It was wrong. dconf uses both XDG_CACHE_HOME and XDG_CONFIG_HOME.
They both need to exist and be distinct.
|
|
|
|
|
|
| |
We now install some noop mime uri handlers, so this
commit makes sure they get uninstalled at uninstall
time as well.
|
|
|
|
| |
Later versions of dconf seem to stuff it there now.
|
|
|
|
|
|
|
|
|
| |
Starting with glib 2.28, we don't use gconf to find out which handler
should be used for a URI scheme, and we need to provide a custom MIME
configuration for the gdm user to ensure no default URI scheme handler
is used.
CVE-2011-1709
|