From 3fdf0be9efc73ebe0f1a94aad463d2213d11ab3b Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Jan 22 2015 19:53:59 +0000 Subject: Fix user switching Resolves: #1184933 --- diff --git a/fix-user-switching.patch b/fix-user-switching.patch new file mode 100644 index 0000000..a316d4b --- /dev/null +++ b/fix-user-switching.patch @@ -0,0 +1,120 @@ +From 0ecacfd6123e4026c78d5d61670da0abdcbf7559 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Thu, 22 Jan 2015 11:51:18 -0500 +Subject: [PATCH] manager: allow the login screen to do reauthentication + +At the moment, we only allow the user session to do reauthentication +from its lock screen. If a user does user switching we instead open +a new session for checking the user's password. + +This commit enables reauthentication from the login screen as well. +--- + daemon/gdm-manager.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index 8c41045..0278512 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1161,84 +1161,89 @@ open_temporary_reauthentication_channel (GdmManager *self, + self); + + address = gdm_session_get_server_address (session); + + return g_strdup (address); + } + + static gboolean + gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager, + GDBusMethodInvocation *invocation, + const char *username) + { + GdmManager *self = GDM_MANAGER (manager); + const char *sender; + GdmDisplay *display = NULL; + GdmSession *session; + GDBusConnection *connection; + char *seat_id = NULL; + char *session_id = NULL; + GPid pid = 0; + uid_t uid = (uid_t) -1; + gboolean is_login_screen = FALSE; + gboolean is_remote = FALSE; + + g_debug ("GdmManager: trying to open reauthentication channel for user %s", username); + + sender = g_dbus_method_invocation_get_sender (invocation); + connection = g_dbus_method_invocation_get_connection (invocation); + get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, &pid, &uid, &is_login_screen, &is_remote); + +- if (is_login_screen) { +- g_dbus_method_invocation_return_error_literal (invocation, +- G_DBUS_ERROR, +- G_DBUS_ERROR_ACCESS_DENIED, +- "Login screen not allow to open reauthentication channel"); +- return TRUE; +- } +- + if (session_id == NULL || pid == 0 || uid == (uid_t) -1) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("No session available")); + + return TRUE; + } + +- session = get_seed_session_for_display (display); ++ if (is_login_screen) { ++ session = find_session_for_user_on_seat (self, ++ username, ++ seat_id, ++ NULL); ++ } else { ++ session = get_seed_session_for_display (display); ++ } + + if (session != NULL && gdm_session_is_running (session)) { + gdm_session_start_reauthentication (session, pid, uid); + g_hash_table_insert (self->priv->open_reauthentication_requests, + GINT_TO_POINTER (pid), + invocation); ++ } else if (is_login_screen) { ++ g_dbus_method_invocation_return_error_literal (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_ACCESS_DENIED, ++ "Login screen only allowed to open reauthentication channels for running sessions"); ++ return TRUE; + } else { + char *address; + address = open_temporary_reauthentication_channel (self, + seat_id, + session_id, + pid, + uid, + is_remote); + gdm_dbus_manager_complete_open_reauthentication_channel (GDM_DBUS_MANAGER (manager), + invocation, + address); + g_free (address); + } + + return TRUE; + } + + static void + manager_interface_init (GdmDBusManagerIface *interface) + { + interface->handle_open_session = gdm_manager_handle_open_session; + interface->handle_open_reauthentication_channel = gdm_manager_handle_open_reauthentication_channel; + } + + static void + set_up_greeter_session (GdmManager *manager, + GdmDisplay *display) + { + char *allowed_user; + struct passwd *passwd_entry; +-- +2.2.1 + diff --git a/gdm.spec b/gdm.spec index 319e83c..7c0a040 100644 --- a/gdm.spec +++ b/gdm.spec @@ -12,7 +12,7 @@ Summary: The GNOME Display Manager Name: gdm Version: 3.15.3.1 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 License: GPLv2+ Group: User Interface/X @@ -21,6 +21,7 @@ URL: http://download.gnome.org/sources/gdm Source: http://download.gnome.org/sources/gdm/3.15/gdm-%{version}.tar.xz Source1: org.gnome.login-screen.gschema.override Patch0: fix-pam-ecryptfs.patch +Patch1: fix-user-switching.patch BuildRequires: pkgconfig(libcanberra-gtk) BuildRequires: pango-devel >= 0:%{pango_version} @@ -107,6 +108,7 @@ files needed to build custom greeters. %prep %setup -q %patch0 -p1 -b .fix-pam-ecryptfs +%patch1 -p1 -b .fix-user-switching autoreconf -i -f intltoolize -f @@ -296,6 +298,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || : %{_libdir}/pkgconfig/gdm.pc %changelog +* Thu Jan 22 2015 Ray Strode 3.15.3.1-3 +- Fix user switching + Resolves: #1184933 + * Fri Jan 16 2015 Ray Strode 3.13.91-2 - Fix pam_ecryptfs. unfortunately adds back gross last login messages. Resolves: #1174366