From 0ecacfd6123e4026c78d5d61670da0abdcbf7559 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 22 Jan 2015 11:51:18 -0500
Subject: [PATCH] manager: allow the login screen to do reauthentication
At the moment, we only allow the user session to do reauthentication
from its lock screen. If a user does user switching we instead open
a new session for checking the user's password.
This commit enables reauthentication from the login screen as well.
---
daemon/gdm-manager.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
index 8c41045..0278512 100644
--- a/daemon/gdm-manager.c
+++ b/daemon/gdm-manager.c
@@ -1161,84 +1161,89 @@ open_temporary_reauthentication_channel (GdmManager *self,
self);
address = gdm_session_get_server_address (session);
return g_strdup (address);
}
static gboolean
gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager,
GDBusMethodInvocation *invocation,
const char *username)
{
GdmManager *self = GDM_MANAGER (manager);
const char *sender;
GdmDisplay *display = NULL;
GdmSession *session;
GDBusConnection *connection;
char *seat_id = NULL;
char *session_id = NULL;
GPid pid = 0;
uid_t uid = (uid_t) -1;
gboolean is_login_screen = FALSE;
gboolean is_remote = FALSE;
g_debug ("GdmManager: trying to open reauthentication channel for user %s", username);
sender = g_dbus_method_invocation_get_sender (invocation);
connection = g_dbus_method_invocation_get_connection (invocation);
get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, &pid, &uid, &is_login_screen, &is_remote);
- if (is_login_screen) {
- g_dbus_method_invocation_return_error_literal (invocation,
- G_DBUS_ERROR,
- G_DBUS_ERROR_ACCESS_DENIED,
- "Login screen not allow to open reauthentication channel");
- return TRUE;
- }
-
if (session_id == NULL || pid == 0 || uid == (uid_t) -1) {
g_dbus_method_invocation_return_error_literal (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
_("No session available"));
return TRUE;
}
- session = get_seed_session_for_display (display);
+ if (is_login_screen) {
+ session = find_session_for_user_on_seat (self,
+ username,
+ seat_id,
+ NULL);
+ } else {
+ session = get_seed_session_for_display (display);
+ }
if (session != NULL && gdm_session_is_running (session)) {
gdm_session_start_reauthentication (session, pid, uid);
g_hash_table_insert (self->priv->open_reauthentication_requests,
GINT_TO_POINTER (pid),
invocation);
+ } else if (is_login_screen) {
+ g_dbus_method_invocation_return_error_literal (invocation,
+ G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Login screen only allowed to open reauthentication channels for running sessions");
+ return TRUE;
} else {
char *address;
address = open_temporary_reauthentication_channel (self,
seat_id,
session_id,
pid,
uid,
is_remote);
gdm_dbus_manager_complete_open_reauthentication_channel (GDM_DBUS_MANAGER (manager),
invocation,
address);
g_free (address);
}
return TRUE;
}
static void
manager_interface_init (GdmDBusManagerIface *interface)
{
interface->handle_open_session = gdm_manager_handle_open_session;
interface->handle_open_reauthentication_channel = gdm_manager_handle_open_reauthentication_channel;
}
static void
set_up_greeter_session (GdmManager *manager,
GdmDisplay *display)
{
char *allowed_user;
struct passwd *passwd_entry;
--
2.2.1