From d83d66eaf7c09e05c389b96698b798f3dcbf9fb4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 23 2019 12:36:24 +0000 Subject: import gdm-3.28.2-12.el7_6.1 --- diff --git a/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch b/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch index eb47abb..7c0508b 100644 --- a/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch +++ b/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch @@ -1,20 +1,46 @@ -From ef789e1e30c8682ac04e9ed29d40352992bf8aa9 Mon Sep 17 00:00:00 2001 +From 37fd7d17cff85440fdeaff95a88f341c10ce5211 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 20 Dec 2018 14:51:38 -0500 Subject: [PATCH] manager: allow multiple xdmcp logins for the same user --- common/gdm-settings-keys.h | 1 + - daemon/gdm-manager.c | 27 +++++++++++++++++++++++++++ - data/gdm.schemas | 5 +++++ - data/gdm.schemas.in.in | 5 +++++ - 4 files changed, 38 insertions(+) + daemon/gdm-manager.c | 71 ++++++++++++++++++++++++++++---------- + data/gdm.schemas.in.in | 5 +++ + 3 files changed, 59 insertions(+), 18 deletions(-) diff --git a/common/gdm-settings-keys.h b/common/gdm-settings-keys.h -index f0059b5..33676a8 100644 +index f0059b5cf..6113a625b 100644 --- a/common/gdm-settings-keys.h +++ b/common/gdm-settings-keys.h -@@ -55,6 +55,7 @@ G_BEGIN_DECLS +@@ -28,37 +28,38 @@ G_BEGIN_DECLS + #define GDM_KEY_USER "daemon/User" + #define GDM_KEY_GROUP "daemon/Group" + #define GDM_KEY_AUTO_LOGIN_ENABLE "daemon/AutomaticLoginEnable" + #define GDM_KEY_AUTO_LOGIN_USER "daemon/AutomaticLogin" + #define GDM_KEY_TIMED_LOGIN_ENABLE "daemon/TimedLoginEnable" + #define GDM_KEY_TIMED_LOGIN_USER "daemon/TimedLogin" + #define GDM_KEY_TIMED_LOGIN_DELAY "daemon/TimedLoginDelay" + #define GDM_KEY_INITIAL_SETUP_ENABLE "daemon/InitialSetupEnable" + #define GDM_KEY_WAYLAND_ENABLE "daemon/WaylandEnable" + + #define GDM_KEY_DEBUG "debug/Enable" + + #define GDM_KEY_INCLUDE "greeter/Include" + #define GDM_KEY_EXCLUDE "greeter/Exclude" + #define GDM_KEY_INCLUDE_ALL "greeter/IncludeAll" + + #define GDM_KEY_DISALLOW_TCP "security/DisallowTCP" + #define GDM_KEY_ALLOW_REMOTE_AUTOLOGIN "security/AllowRemoteAutoLogin" + + #define GDM_KEY_XDMCP_ENABLE "xdmcp/Enable" + #define GDM_KEY_SHOW_LOCAL_GREETER "xdmcp/ShowLocalGreeter" + #define GDM_KEY_MAX_PENDING "xdmcp/MaxPending" + #define GDM_KEY_MAX_SESSIONS "xdmcp/MaxSessions" + #define GDM_KEY_MAX_WAIT "xdmcp/MaxWait" + #define GDM_KEY_DISPLAYS_PER_HOST "xdmcp/DisplaysPerHost" + #define GDM_KEY_UDP_PORT "xdmcp/Port" + #define GDM_KEY_INDIRECT "xdmcp/HonorIndirect" #define GDM_KEY_MAX_WAIT_INDIRECT "xdmcp/MaxWaitIndirect" #define GDM_KEY_PING_INTERVAL "xdmcp/PingIntervalSeconds" #define GDM_KEY_WILLING "xdmcp/Willing" @@ -22,26 +48,171 @@ index f0059b5..33676a8 100644 #define GDM_KEY_MULTICAST "chooser/Multicast" #define GDM_KEY_MULTICAST_ADDR "chooser/MulticastAddr" + + G_END_DECLS + + #endif /* _GDM_SETTINGS_KEYS_H */ diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c -index 031c61c..225de1d 100644 +index 031c61ce6..a24d7614d 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c -@@ -612,6 +612,11 @@ switch_to_compatible_user_session (GdmManager *manager, +@@ -577,93 +577,106 @@ get_display_and_details_for_bus_sender (GdmManager *self, + if (out_tty != NULL) { + *out_tty = get_tty_for_session_id (session_id, &error); + + if (error != NULL) { + g_debug ("GdmManager: Error while retrieving tty for session: %s", + error->message); + g_clear_error (&error); + } + } + + display = gdm_display_store_find (self->priv->display_store, + lookup_by_session_id, + (gpointer) session_id); + + if (out_display != NULL) { + *out_display = display; + } + out: + g_free (session_id); + } + + static gboolean + switch_to_compatible_user_session (GdmManager *manager, + GdmSession *session, + gboolean fail_if_already_switched) + { + gboolean res; + gboolean ret; + const char *username; + const char *seat_id; +- const char *ssid_to_activate; ++ const char *ssid_to_activate = NULL; + GdmSession *existing_session; + + ret = FALSE; + username = gdm_session_get_username (session); seat_id = gdm_session_get_display_seat_id (session); -+ if (!seat_id || !sd_seat_can_multi_session (seat_id)) { -+ g_debug ("GdmManager: unable to activate existing sessions unless on seat0"); -+ goto out; +- if (!fail_if_already_switched) { +- session = NULL; +- } ++ if (!fail_if_already_switched) ++ ssid_to_activate = gdm_session_get_session_id (session); + +- existing_session = find_session_for_user_on_seat (manager, username, seat_id, session); ++ if (ssid_to_activate == NULL) { ++ if (!seat_id || !sd_seat_can_multi_session (seat_id)) { ++ g_debug ("GdmManager: unable to activate existing sessions from login screen unless on seat0"); ++ goto out; ++ } + +- if (existing_session != NULL) { +- ssid_to_activate = gdm_session_get_session_id (existing_session); +- if (seat_id != NULL) { +- res = activate_session_id (manager, seat_id, ssid_to_activate); +- if (! res) { +- g_debug ("GdmManager: unable to activate session: %s", ssid_to_activate); +- goto out; +- } ++ if (!fail_if_already_switched) { ++ session = NULL; + } + +- res = session_unlock (manager, ssid_to_activate); +- if (!res) { +- /* this isn't fatal */ +- g_debug ("GdmManager: unable to unlock session: %s", ssid_to_activate); ++ existing_session = find_session_for_user_on_seat (manager, username, seat_id, session); ++ ++ if (existing_session != NULL) { ++ ssid_to_activate = gdm_session_get_session_id (existing_session); + } +- } else { + } + - if (!fail_if_already_switched) { - session = NULL; ++ if (ssid_to_activate == NULL) { + goto out; } -@@ -1091,6 +1096,20 @@ open_temporary_reauthentication_channel (GdmManager *self, + ++ if (seat_id != NULL) { ++ res = activate_session_id (manager, seat_id, ssid_to_activate); ++ if (! res) { ++ g_debug ("GdmManager: unable to activate session: %s", ssid_to_activate); ++ goto out; ++ } ++ } ++ ++ res = session_unlock (manager, ssid_to_activate); ++ if (!res) { ++ /* this isn't fatal */ ++ g_debug ("GdmManager: unable to unlock session: %s", ssid_to_activate); ++ } ++ + ret = TRUE; + + out: + return ret; + } + + static GdmDisplay * + get_display_for_user_session (GdmSession *session) + { + return g_object_get_data (G_OBJECT (session), "gdm-display"); + } + + static GdmSession * + get_user_session_for_display (GdmDisplay *display) + { + if (display == NULL) { + return NULL; + } + + return g_object_get_data (G_OBJECT (display), "gdm-user-session"); } static gboolean + add_session_record (GdmManager *manager, + GdmSession *session, + GPid pid, + SessionRecord record) + { + const char *username; + char *display_name, *hostname, *display_device; +@@ -1063,92 +1076,114 @@ open_temporary_reauthentication_channel (GdmManager *self, + g_signal_connect (session, + "client-disconnected", + G_CALLBACK (on_reauthentication_client_disconnected), + self); + g_signal_connect (session, + "client-rejected", + G_CALLBACK (on_reauthentication_client_rejected), + self); + g_signal_connect (session, + "cancelled", + G_CALLBACK (on_reauthentication_cancelled), + self); + g_signal_connect (session, + "conversation-started", + G_CALLBACK (on_reauthentication_conversation_started), + self); + g_signal_connect (session, + "conversation-stopped", + G_CALLBACK (on_reauthentication_conversation_stopped), + self); + g_signal_connect (session, + "verification-complete", + G_CALLBACK (on_reauthentication_verification_complete), + self); + + address = gdm_session_get_server_address (session); + + return g_strdup (address); + } + ++static gboolean +remote_users_can_log_in_more_than_once (GdmManager *manager) +{ + gboolean enabled; @@ -55,11 +226,35 @@ index 031c61c..225de1d 100644 + return enabled; +} + -+static gboolean + static gboolean gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager, GDBusMethodInvocation *invocation, const char *username) -@@ -1122,6 +1141,14 @@ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager + { + GdmManager *self = GDM_MANAGER (manager); + const char *sender; + GdmDisplay *display = NULL; + GdmSession *session; + GDBusConnection *connection; + char *seat_id = NULL; + char *session_id = NULL; + GPid pid = 0; + uid_t uid = (uid_t) -1; + gboolean is_login_screen = FALSE; + gboolean is_remote = FALSE; + + g_debug ("GdmManager: trying to open reauthentication channel for user %s", username); + + sender = g_dbus_method_invocation_get_sender (invocation); + connection = g_dbus_method_invocation_get_connection (invocation); + get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, NULL, &pid, &uid, &is_login_screen, &is_remote); + + if (session_id == NULL || pid == 0 || uid == (uid_t) -1) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("No session available")); + return TRUE; } @@ -74,11 +269,65 @@ index 031c61c..225de1d 100644 if (is_login_screen) { session = find_session_for_user_on_seat (self, username, + seat_id, + NULL); + } else { + session = get_user_session_for_display (display); + } + + if (session != NULL && gdm_session_is_running (session)) { + gdm_session_start_reauthentication (session, pid, uid); + g_hash_table_insert (self->priv->open_reauthentication_requests, + GINT_TO_POINTER (pid), + invocation); + } else if (is_login_screen) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Login screen only allowed to open reauthentication channels for running sessions"); + return TRUE; + } else { + char *address; + address = open_temporary_reauthentication_channel (self, + seat_id, + session_id, + pid, + uid, + is_remote); + gdm_dbus_manager_complete_open_reauthentication_channel (GDM_DBUS_MANAGER (manager), + invocation, diff --git a/data/gdm.schemas.in.in b/data/gdm.schemas.in.in -index 8ad2031..003f92c 100644 +index 8ad203101..f50934b15 100644 --- a/data/gdm.schemas.in.in +++ b/data/gdm.schemas.in.in -@@ -129,5 +129,10 @@ +@@ -102,32 +102,37 @@ + + xdmcp/DisplaysPerHost + i + 1 + + + xdmcp/Port + i + 177 + + + xdmcp/HonorIndirect + b + true + + + xdmcp/MaxWaitIndirect + i + 30 + + + xdmcp/PingIntervalSeconds + i + 0 + + + xdmcp/Willing s @gdmconfdir@/Xwilling @@ -90,5 +339,5 @@ index 8ad2031..003f92c 100644 -- -1.8.3.1 +2.20.1 diff --git a/SPECS/gdm.spec b/SPECS/gdm.spec index dd8af48..29dba12 100644 --- a/SPECS/gdm.spec +++ b/SPECS/gdm.spec @@ -10,7 +10,7 @@ Name: gdm Epoch: 1 Version: 3.28.2 -Release: 12%{?dist} +Release: 12%{?dist}.1 Summary: The GNOME Display Manager License: GPLv2+ @@ -361,6 +361,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || : %{_libdir}/pkgconfig/gdm-pam-extensions.pc %changelog +* Thu Mar 28 2019 Ray Strode - 3.28.2-12.1 +- Fix unlock on XDMCP sessions + Resolves: #1693967 + * Thu Dec 20 2018 Ray Strode 3.28.2-12 - Allow multiple simultaneous XDMCP logins for a user if xdmcp/AllowMultipleSessionsPerUser=true