diff --git a/.gdm.metadata b/.gdm.metadata new file mode 100644 index 0000000..7343b77 --- /dev/null +++ b/.gdm.metadata @@ -0,0 +1 @@ +3c619c91941b2df0362a67b905669f8852106bf5 SOURCES/gdm-3.28.3.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..03d9ac4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/gdm-3.28.3.tar.xz diff --git a/SOURCES/0001-Honor-initial-setup-being-disabled-by-distro-install.patch b/SOURCES/0001-Honor-initial-setup-being-disabled-by-distro-install.patch new file mode 100644 index 0000000..96a78f5 --- /dev/null +++ b/SOURCES/0001-Honor-initial-setup-being-disabled-by-distro-install.patch @@ -0,0 +1,82 @@ +From fa5733788ae5f8e8caeb07e956be370e96f9b6b1 Mon Sep 17 00:00:00 2001 +From: Rui Matos +Date: Mon, 23 Jan 2017 20:19:51 +0100 +Subject: [PATCH] Honor initial setup being disabled by distro installer + +Sysadmins might want to disable any kind of initial setup for their +users, perhaps because they pre-configure their environments. We +already provide a configuration file option for this but distro +installers might have their own way of requesting this. + +At least the anaconda installer provides an option to skip any kind +post-install setup tools so, for now we're only adding support for +that but more might be added in the future. + +https://bugzilla.gnome.org/show_bug.cgi?id=777708 +--- + daemon/Makefile.am | 1 + + daemon/gdm-display.c | 29 +++++++++++++++++++++++++++++ + 2 files changed, 30 insertions(+) + +diff --git a/daemon/Makefile.am b/daemon/Makefile.am +index ab5dda0..786e0c5 100644 +--- a/daemon/Makefile.am ++++ b/daemon/Makefile.am +@@ -14,6 +14,7 @@ AM_CPPFLAGS = \ + -DLOCALSTATEDIR=\"$(localstatedir)\" \ + -DLOGDIR=\"$(logdir)\" \ + -DSBINDIR=\"$(sbindir)\" \ ++ -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ + -DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \ + -DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \ +diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c +index 0057e2c..2af8e13 100644 +--- a/daemon/gdm-display.c ++++ b/daemon/gdm-display.c +@@ -1456,6 +1456,31 @@ can_create_environment (const char *session_id) + } + + static gboolean ++initial_setup_disabled_by_anaconda (void) ++{ ++ GKeyFile *key_file; ++ const gchar *file_name = SYSCONFDIR "/sysconfig/anaconda"; ++ gboolean disabled = FALSE; ++ GError *error = NULL; ++ ++ key_file = g_key_file_new (); ++ if (!g_key_file_load_from_file (key_file, file_name, G_KEY_FILE_NONE, &error)) { ++ if (!g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT) && ++ !g_error_matches (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_NOT_FOUND)) { ++ g_warning ("Could not read %s: %s", file_name, error->message); ++ } ++ g_error_free (error); ++ goto out; ++ } ++ ++ disabled = g_key_file_get_boolean (key_file, "General", ++ "post_install_tools_disabled", NULL); ++ out: ++ g_key_file_unref (key_file); ++ return disabled; ++} ++ ++static gboolean + wants_initial_setup (GdmDisplay *self) + { + gboolean enabled = FALSE; +@@ -1480,6 +1505,10 @@ wants_initial_setup (GdmDisplay *self) + return FALSE; + } + ++ if (initial_setup_disabled_by_anaconda ()) { ++ return FALSE; ++ } ++ + return enabled; + } + +-- +2.9.3 + diff --git a/SOURCES/0001-daemon-fix-wayland-detection-when-deciding-to-bypass.patch b/SOURCES/0001-daemon-fix-wayland-detection-when-deciding-to-bypass.patch new file mode 100644 index 0000000..c442a45 --- /dev/null +++ b/SOURCES/0001-daemon-fix-wayland-detection-when-deciding-to-bypass.patch @@ -0,0 +1,135 @@ +From b9f38b65417923624bf97a18daf1c2ede5e8651e Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Sun, 15 Dec 2019 14:51:44 -0500 +Subject: [PATCH] daemon: fix wayland detection when deciding to bypass + Xsession + +At the moment if there's a session file with the same name in +both /usr/share/xsessions and /usr/share/wayland-sessions, GDM +will think the wayland is getting used when deciding whether or +not to bypass the /etc/gdm/Xsession script, even if wayland is +explicitly being ignored. + +This commit fixes the check. +--- + daemon/gdm-session.c | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index a8263ba11..ecb2b3cac 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -3145,96 +3145,96 @@ gdm_session_get_session_id (GdmSession *self) + return conversation->session_id; + } + + const char * + gdm_session_get_conversation_session_id (GdmSession *self, + const char *service_name) + { + GdmSessionConversation *conversation; + + g_return_val_if_fail (GDM_IS_SESSION (self), NULL); + + conversation = find_conversation_by_name (self, service_name); + + if (conversation == NULL) { + return NULL; + } + + return conversation->session_id; + } + + static char * + get_session_filename (GdmSession *self) + { + return g_strdup_printf ("%s.desktop", get_session_name (self)); + } + + #ifdef ENABLE_WAYLAND_SUPPORT + static gboolean + gdm_session_is_wayland_session (GdmSession *self) + { +- GKeyFile *key_file; ++ g_autoptr (GKeyFile) key_file = NULL; + gboolean is_wayland_session = FALSE; +- char *filename; +- char *full_path = NULL; ++ g_autofree char *filename = NULL; ++ g_autofree char *full_path = NULL; + + g_return_val_if_fail (self != NULL, FALSE); + g_return_val_if_fail (GDM_IS_SESSION (self), FALSE); + + filename = get_session_filename (self); + +- key_file = load_key_file_for_file (self, filename, "wayland", &full_path); ++ if (!self->priv->ignore_wayland) { ++ key_file = load_key_file_for_file (self, filename, "wayland", &full_path); + +- if (key_file == NULL) { +- goto out; +- } ++ if (key_file == NULL) { ++ goto out; ++ } + +- if (full_path != NULL && strstr (full_path, "/wayland-sessions/") != NULL) { +- is_wayland_session = TRUE; ++ if (full_path != NULL && strstr (full_path, "/wayland-sessions/") != NULL) { ++ is_wayland_session = TRUE; ++ } + } +- g_debug ("GdmSession: checking if file '%s' is wayland session: %s", filename, is_wayland_session? "yes" : "no"); + + out: +- g_clear_pointer (&key_file, (GDestroyNotify) g_key_file_free); +- g_free (filename); ++ g_debug ("GdmSession: checking if file '%s' is wayland session: %s", filename, is_wayland_session? "yes" : "no"); ++ + return is_wayland_session; + } + #endif + + static void + update_session_type (GdmSession *self) + { + #ifdef ENABLE_WAYLAND_SUPPORT + gboolean is_wayland_session = FALSE; + +- if (!self->priv->ignore_wayland) +- is_wayland_session = gdm_session_is_wayland_session (self); ++ is_wayland_session = gdm_session_is_wayland_session (self); + + if (is_wayland_session) { + set_session_type (self, "wayland"); + } else { + set_session_type (self, NULL); + } + #endif + } + + gboolean + gdm_session_bypasses_xsession (GdmSession *self) + { + GError *error; + GKeyFile *key_file; + gboolean res; + gboolean bypasses_xsession = FALSE; + char *filename = NULL; + + g_return_val_if_fail (self != NULL, FALSE); + g_return_val_if_fail (GDM_IS_SESSION (self), FALSE); + + #ifdef ENABLE_WAYLAND_SUPPORT + if (gdm_session_is_wayland_session (self)) { + bypasses_xsession = TRUE; + goto out; + } + #endif + + filename = get_session_filename (self); + +-- +2.18.1 + diff --git a/SOURCES/0001-data-disable-wayland-for-proprietary-nvidia-machines.patch b/SOURCES/0001-data-disable-wayland-for-proprietary-nvidia-machines.patch new file mode 100644 index 0000000..f636a97 --- /dev/null +++ b/SOURCES/0001-data-disable-wayland-for-proprietary-nvidia-machines.patch @@ -0,0 +1,28 @@ +From f2ac0603854c7933ecea4a13876fa7e72fd66d1a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Thu, 6 Sep 2018 10:14:08 -0400 +Subject: [PATCH] data: disable wayland for proprietary nvidia machines + +At the moment GLX applications don't work well when the +proprietary nvidia driver is used with a wayland session. + +For now, disable wayland on that hardware, and users who +want to opt in can just edit the udev rule. +(or add their own that overrides it) +--- + data/61-gdm.rules.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in +index de8e17903..26cf9cf51 100644 +--- a/data/61-gdm.rules.in ++++ b/data/61-gdm.rules.in +@@ -1,2 +1,5 @@ + # disable Wayland on Cirrus chipsets + ATTR{vendor}=="0x1013", ATTR{device}=="0x00b8", ATTR{subsystem_vendor}=="0x1af4", ATTR{subsystem_device}=="0x1100", RUN+="@libexecdir@/gdm-disable-wayland" ++ ++# disable Wayland when using the proprietary nvidia driver ++DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland" +-- +2.20.1 + diff --git a/SOURCES/0001-data-disable-wayland-on-server-chips-and-dual-gpu-se.patch b/SOURCES/0001-data-disable-wayland-on-server-chips-and-dual-gpu-se.patch new file mode 100644 index 0000000..67f27fd --- /dev/null +++ b/SOURCES/0001-data-disable-wayland-on-server-chips-and-dual-gpu-se.patch @@ -0,0 +1,44 @@ +From 13a617e15cca421962be888b5607a9900bbfef51 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 11 Feb 2019 18:14:07 -0500 +Subject: [PATCH] data: disable wayland on server chips and dual gpu setups + +We're still having a variety of issues on server chips and +dual gpu/hybrid graphics setups. + +This commit forces Xorg for those cases. +--- + data/61-gdm.rules.in | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in +index 26cf9cf51..e3631740d 100644 +--- a/data/61-gdm.rules.in ++++ b/data/61-gdm.rules.in +@@ -1,5 +1,23 @@ + # disable Wayland on Cirrus chipsets + ATTR{vendor}=="0x1013", ATTR{device}=="0x00b8", ATTR{subsystem_vendor}=="0x1af4", ATTR{subsystem_device}=="0x1100", RUN+="@libexecdir@/gdm-disable-wayland" + ++# disable Wayland on Matrox chipsets ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0522", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0524", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0530", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0532", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0533", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0534", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0536", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x102b", ATTR{device}=="0x0538", RUN+="@libexecdir@/gdm-disable-wayland" ++ ++# disable Wayland on aspeed chipsets ++ATTR{vendor}=="0x1a03", ATTR{device}=="0x2010", RUN+="@libexecdir@/gdm-disable-wayland" ++ATTR{vendor}=="0x1a03", ATTR{device}=="0x2000", RUN+="@libexecdir@/gdm-disable-wayland" ++ + # disable Wayland when using the proprietary nvidia driver + DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland" ++ ++# disable Wayland on hybrid graphics setups for now ++SUBSYSTEM=="drm", KERNEL=="card[1-9]*", RUN+="@libexecdir@/gdm-disable-wayland" ++ +-- +2.21.0 + diff --git a/SOURCES/0001-data-enable-wayland-on-cirrus.patch b/SOURCES/0001-data-enable-wayland-on-cirrus.patch new file mode 100644 index 0000000..7442200 --- /dev/null +++ b/SOURCES/0001-data-enable-wayland-on-cirrus.patch @@ -0,0 +1,44 @@ +From 7d9b41f1d82589999f8c89ed3bcc4eec6cee4978 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Fri, 6 Dec 2019 13:59:43 -0500 +Subject: [PATCH] data: enable wayland on cirrus + +cirrus in the 5.2 kernel was substantially rewritten and is more wayland +ready. + +This commit reenables wayland on cirrus. +--- + data/61-gdm.rules.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in +index e3631740d..fc2e3315c 100644 +--- a/data/61-gdm.rules.in ++++ b/data/61-gdm.rules.in +@@ -1,23 +1,20 @@ +-# disable Wayland on Cirrus chipsets +-ATTR{vendor}=="0x1013", ATTR{device}=="0x00b8", ATTR{subsystem_vendor}=="0x1af4", ATTR{subsystem_device}=="0x1100", RUN+="@libexecdir@/gdm-disable-wayland" +- + # disable Wayland on Matrox chipsets + ATTR{vendor}=="0x102b", ATTR{device}=="0x0522", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0524", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0530", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0532", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0533", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0534", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0536", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0538", RUN+="@libexecdir@/gdm-disable-wayland" + + # disable Wayland on aspeed chipsets + ATTR{vendor}=="0x1a03", ATTR{device}=="0x2010", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x1a03", ATTR{device}=="0x2000", RUN+="@libexecdir@/gdm-disable-wayland" + + # disable Wayland when using the proprietary nvidia driver + DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland" + + # disable Wayland on hybrid graphics setups for now + SUBSYSTEM=="drm", KERNEL=="card[1-9]*", RUN+="@libexecdir@/gdm-disable-wayland" + +-- +2.21.0 + diff --git a/SOURCES/0001-data-only-disable-wayland-on-passthrough-virt-setups.patch b/SOURCES/0001-data-only-disable-wayland-on-passthrough-virt-setups.patch new file mode 100644 index 0000000..24a222f --- /dev/null +++ b/SOURCES/0001-data-only-disable-wayland-on-passthrough-virt-setups.patch @@ -0,0 +1,55 @@ +From ab9510df0b5f7bc29662804991729c6d6ee38b70 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Thu, 12 Dec 2019 16:56:16 -0500 +Subject: [PATCH] data: only disable wayland on passthrough virt setups + +at the moment we disable wayland on all hybrid graphics setups, +but most hybrid graphics setups work fine. + +The case we really care about is passthrough virt. in that case, +wayland is a bad idea because: +1) kernel crashes +2) mutter provides no way to disable one of the cards, and will +always use one as a secondary gpu + +This commit forces xorg in passthrough setups so the user can use +an xorg.conf to turn one of the cards off. +--- + data/61-gdm.rules.in | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in +index fc2e3315c..f971224cf 100644 +--- a/data/61-gdm.rules.in ++++ b/data/61-gdm.rules.in +@@ -1,20 +1,25 @@ + # disable Wayland on Matrox chipsets + ATTR{vendor}=="0x102b", ATTR{device}=="0x0522", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0524", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0530", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0532", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0533", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0534", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0536", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x102b", ATTR{device}=="0x0538", RUN+="@libexecdir@/gdm-disable-wayland" + + # disable Wayland on aspeed chipsets + ATTR{vendor}=="0x1a03", ATTR{device}=="0x2010", RUN+="@libexecdir@/gdm-disable-wayland" + ATTR{vendor}=="0x1a03", ATTR{device}=="0x2000", RUN+="@libexecdir@/gdm-disable-wayland" + + # disable Wayland when using the proprietary nvidia driver + DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland" + +-# disable Wayland on hybrid graphics setups for now +-SUBSYSTEM=="drm", KERNEL=="card[1-9]*", RUN+="@libexecdir@/gdm-disable-wayland" ++# disable Wayland on passthrough graphics setups for now (assumes passthrough if ++# there is more than one card, and one of the cards is virt: cirrus, bochs, qxl) ++ATTR{vendor}=="0x1013", ATTR{device}=="0x00b8", ATTR{subsystem_vendor}=="0x1af4", ATTR{subsystem_device}=="0x1100", ENV{GDM_HAS_VIRTUAL_GPU}="1" ++ATTR{vendor}=="0x1b36", ATTR{device}=="0x0100", ENV{GDM_HAS_VIRTUAL_GPU}="1" ++ATTR{vendor}=="0x1234", ATTR{device}=="0x1111", ENV{GDM_HAS_VIRTUAL_GPU}="1" ++ ++SUBSYSTEM=="drm", KERNEL=="card[1-9]*", ENV{GDM_HAS_VIRTUAL_GPU}=="1", RUN+="@libexecdir@/gdm-disable-wayland" + +-- +2.21.0 + diff --git a/SOURCES/0001-display-access-file-drop-unused-function.patch b/SOURCES/0001-display-access-file-drop-unused-function.patch new file mode 100644 index 0000000..12bf24e --- /dev/null +++ b/SOURCES/0001-display-access-file-drop-unused-function.patch @@ -0,0 +1,206 @@ +From fb55ec1c2e2957eb4c11a220874e5089fd357286 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 16 May 2018 14:06:29 -0400 +Subject: [PATCH] display-access-file: drop unused function + +gdm_display_access_file_remove_display is unused. + +This commit drops it. + +https://bugzilla.gnome.org/show_bug.cgi?id=796176 +--- + daemon/gdm-display-access-file.c | 79 -------------------------------- + daemon/gdm-display-access-file.h | 3 -- + 2 files changed, 82 deletions(-) + +diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c +index 9bf818d2a..c1f0f17a8 100644 +--- a/daemon/gdm-display-access-file.c ++++ b/daemon/gdm-display-access-file.c +@@ -536,139 +536,60 @@ gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile *file, + || fflush (file->priv->fp) == EOF) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "%s", g_strerror (errno)); + display_added = FALSE; + } else { + display_added = TRUE; + } + + /* If we wrote a FamilyLocal entry, we still want a FamilyWild + * entry, because it's more resiliant against hostname changes + * + */ + if (auth_entry.family == FamilyLocal) { + auth_entry.family = FamilyWild; + + if (XauWriteAuth (file->priv->fp, &auth_entry) + && fflush (file->priv->fp) != EOF) { + display_added = TRUE; + } + } + + g_free (auth_entry.address); + g_free (auth_entry.number); + g_free (auth_entry.name); + + return display_added; + } + +-gboolean +-gdm_display_access_file_remove_display (GdmDisplayAccessFile *file, +- GdmDisplay *display, +- GError **error) +-{ +- Xauth *auth_entry; +- unsigned short family; +- unsigned short address_length; +- char *address; +- unsigned short number_length; +- char *number; +- unsigned short name_length; +- char *name; +- +- gboolean result = FALSE; +- +- g_return_val_if_fail (file != NULL, FALSE); +- g_return_val_if_fail (file->priv->path != NULL, FALSE); +- +- _get_auth_info_for_display (file, display, +- &family, +- &address_length, +- &address, +- &number_length, +- &number, +- &name_length, +- &name); +- +- auth_entry = XauGetAuthByAddr (family, +- address_length, +- address, +- number_length, +- number, +- name_length, +- name); +- g_free (address); +- g_free (number); +- g_free (name); +- +- if (auth_entry != NULL) { +- XauDisposeAuth (auth_entry); +- result = TRUE; +- } +- +- /* If FamilyLocal, we also added a FamilyWild entry, +- * so we need to clean that up too +- */ +- if (family == FamilyLocal) { +- auth_entry = XauGetAuthByAddr (FamilyWild, +- address_length, +- address, +- number_length, +- number, +- name_length, +- name); +- +- if (auth_entry != NULL) { +- XauDisposeAuth (auth_entry); +- result = TRUE; +- } +- } +- +- +- if (result == FALSE) { +- g_set_error (error, +- GDM_DISPLAY_ACCESS_FILE_ERROR, +- GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY, +- "could not find authorization entry"); +- } else if (fflush (file->priv->fp) == EOF) { +- g_set_error (error, +- G_FILE_ERROR, +- g_file_error_from_errno (errno), +- "%s", g_strerror (errno)); +- result = FALSE; +- } +- +- return result; +-} +- + void + gdm_display_access_file_close (GdmDisplayAccessFile *file) + { + char *auth_dir; + + g_return_if_fail (file != NULL); + g_return_if_fail (file->priv->fp != NULL); + g_return_if_fail (file->priv->path != NULL); + + errno = 0; + if (g_unlink (file->priv->path) != 0) { + g_warning ("GdmDisplayAccessFile: Unable to remove X11 authority database '%s': %s", + file->priv->path, + g_strerror (errno)); + } + + /* still try to remove dir even if file remove failed, + may have already been removed by someone else */ + /* we own the parent directory too */ + auth_dir = g_path_get_dirname (file->priv->path); + if (auth_dir != NULL) { + errno = 0; + if (g_rmdir (auth_dir) != 0) { + g_warning ("GdmDisplayAccessFile: Unable to remove X11 authority directory '%s': %s", + auth_dir, + g_strerror (errno)); + } + g_free (auth_dir); + } + +diff --git a/daemon/gdm-display-access-file.h b/daemon/gdm-display-access-file.h +index cc7de9e35..eff8dd011 100644 +--- a/daemon/gdm-display-access-file.h ++++ b/daemon/gdm-display-access-file.h +@@ -50,39 +50,36 @@ struct _GdmDisplayAccessFile + GdmDisplayAccessFilePrivate *priv; + }; + + struct _GdmDisplayAccessFileClass + { + GObjectClass parent_class; + }; + + enum _GdmDisplayAccessFileError + { + GDM_DISPLAY_ACCESS_FILE_ERROR_GENERAL = 0, + GDM_DISPLAY_ACCESS_FILE_ERROR_FINDING_AUTH_ENTRY + }; + + GQuark gdm_display_access_file_error_quark (void); + GType gdm_display_access_file_get_type (void); + + GdmDisplayAccessFile *gdm_display_access_file_new (const char *username); + gboolean gdm_display_access_file_open (GdmDisplayAccessFile *file, + GError **error); + gboolean gdm_display_access_file_add_display (GdmDisplayAccessFile *file, + GdmDisplay *display, + char **cookie, + gsize *cookie_size, + GError **error); + gboolean gdm_display_access_file_add_display_with_cookie (GdmDisplayAccessFile *file, + GdmDisplay *display, + const char *cookie, + gsize cookie_size, + GError **error); +-gboolean gdm_display_access_file_remove_display (GdmDisplayAccessFile *file, +- GdmDisplay *display, +- GError **error); + + void gdm_display_access_file_close (GdmDisplayAccessFile *file); + char *gdm_display_access_file_get_path (GdmDisplayAccessFile *file); + + G_END_DECLS + #endif /* __GDM_DISPLAY_ACCESS_FILE_H__ */ +-- +2.17.1 + diff --git a/SOURCES/0001-display-ask-accountservice-if-there-are-users-rather.patch b/SOURCES/0001-display-ask-accountservice-if-there-are-users-rather.patch new file mode 100644 index 0000000..cd35a63 --- /dev/null +++ b/SOURCES/0001-display-ask-accountservice-if-there-are-users-rather.patch @@ -0,0 +1,269 @@ +From 781e865705b0c134271c9ec21655cd5d8ce37fec Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Sat, 14 Dec 2019 13:50:53 -0500 +Subject: [PATCH] display: ask accountservice if there are users rather than + enumerate users + +At the moment we ask accountsservice to give us the list of users just +to find out if there is a list of users. + +That's rather inefficient and might be wrong for directory server users +that have never logged in before. + +This commit changes gdm to ask accountsservice the question we really +want to know the answer to; whether or not there are users. +--- + daemon/gdm-display.c | 55 ++++++++++++++++++-------------------------- + 1 file changed, 22 insertions(+), 33 deletions(-) + +diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c +index 878be88da..875534272 100644 +--- a/daemon/gdm-display.c ++++ b/daemon/gdm-display.c +@@ -57,62 +57,60 @@ + struct GdmDisplayPrivate + { + char *id; + char *seat_id; + char *session_id; + char *session_class; + char *session_type; + + char *remote_hostname; + int x11_display_number; + char *x11_display_name; + int status; + time_t creation_time; + GTimer *server_timer; + + char *x11_cookie; + gsize x11_cookie_size; + GdmDisplayAccessFile *access_file; + + guint finish_idle_id; + + xcb_connection_t *xcb_connection; + int xcb_screen_number; + + GDBusConnection *connection; + GdmDisplayAccessFile *user_access_file; + + GdmDBusDisplay *display_skeleton; + GDBusObjectSkeleton *object_skeleton; + +- GDBusProxy *accountsservice_proxy; +- + /* this spawns and controls the greeter session */ + GdmLaunchEnvironment *launch_environment; + + guint is_local : 1; + guint is_initial : 1; + guint allow_timed_login : 1; + guint have_existing_user_accounts : 1; + guint doing_initial_setup : 1; + }; + + enum { + PROP_0, + PROP_ID, + PROP_STATUS, + PROP_SEAT_ID, + PROP_SESSION_ID, + PROP_SESSION_CLASS, + PROP_SESSION_TYPE, + PROP_REMOTE_HOSTNAME, + PROP_X11_DISPLAY_NUMBER, + PROP_X11_DISPLAY_NAME, + PROP_X11_COOKIE, + PROP_X11_AUTHORITY_FILE, + PROP_IS_CONNECTED, + PROP_IS_LOCAL, + PROP_LAUNCH_ENVIRONMENT, + PROP_IS_INITIAL, + PROP_ALLOW_TIMED_LOGIN, + PROP_HAVE_EXISTING_USER_ACCOUNTS, + PROP_DOING_INITIAL_SETUP, +@@ -512,96 +510,88 @@ queue_finish (GdmDisplay *self) + if (self->priv->finish_idle_id == 0) { + self->priv->finish_idle_id = g_idle_add ((GSourceFunc)finish_idle, self); + } + } + + static void + _gdm_display_set_status (GdmDisplay *self, + int status) + { + if (status != self->priv->status) { + self->priv->status = status; + g_object_notify (G_OBJECT (self), "status"); + } + } + + static gboolean + gdm_display_real_prepare (GdmDisplay *self) + { + g_return_val_if_fail (GDM_IS_DISPLAY (self), FALSE); + + g_debug ("GdmDisplay: prepare display"); + + _gdm_display_set_status (self, GDM_DISPLAY_PREPARED); + + return TRUE; + } + + static void + look_for_existing_users_sync (GdmDisplay *self) + { +- GError *error = NULL; +- GVariant *call_result; +- GVariant *user_list; +- +- self->priv->accountsservice_proxy = g_dbus_proxy_new_sync (self->priv->connection, +- 0, NULL, +- "org.freedesktop.Accounts", +- "/org/freedesktop/Accounts", +- "org.freedesktop.Accounts", +- NULL, +- &error); +- +- if (!self->priv->accountsservice_proxy) { +- g_warning ("Failed to contact accountsservice: %s", error->message); +- goto out; +- } +- +- call_result = g_dbus_proxy_call_sync (self->priv->accountsservice_proxy, +- "ListCachedUsers", +- NULL, +- 0, ++ g_autoptr (GVariant) result = NULL; ++ g_autoptr (GVariant) result_child = NULL; ++ g_autoptr (GError) error = NULL; ++ gboolean has_no_users = FALSE; ++ ++ result = g_dbus_connection_call_sync (self->priv->connection, ++ "org.freedesktop.Accounts", ++ "/org/freedesktop/Accounts", ++ "org.freedesktop.DBus.Properties", ++ "Get", ++ g_variant_new ("(ss)", "org.freedesktop.Accounts", "HasNoUsers"), ++ G_VARIANT_TYPE ("(v)"), ++ G_DBUS_CALL_FLAGS_NONE, + -1, + NULL, + &error); + +- if (!call_result) { +- g_warning ("Failed to list cached users: %s", error->message); +- goto out; ++ if (result == NULL) { ++ g_warning ("Failed to contact accountsservice: %s", error->message); ++ return; + } + +- g_variant_get (call_result, "(@ao)", &user_list); +- self->priv->have_existing_user_accounts = g_variant_n_children (user_list) > 0; +- g_variant_unref (user_list); +- g_variant_unref (call_result); +-out: +- g_clear_error (&error); ++ g_variant_get (result, "(v)", &result_child); ++ has_no_users = g_variant_get_boolean (result_child); ++ self->priv->have_existing_user_accounts = !has_no_users; ++ ++ g_debug ("GdmDisplay: machine does %shave existing user accounts", ++ has_no_users? "not " : ""); + } + + gboolean + gdm_display_prepare (GdmDisplay *self) + { + gboolean ret; + + g_return_val_if_fail (GDM_IS_DISPLAY (self), FALSE); + + g_debug ("GdmDisplay: Preparing display: %s", self->priv->id); + + /* FIXME: we should probably do this in a more global place, + * asynchronously + */ + look_for_existing_users_sync (self); + + self->priv->doing_initial_setup = wants_initial_setup (self); + + g_object_ref (self); + ret = GDM_DISPLAY_GET_CLASS (self)->prepare (self); + g_object_unref (self); + + return ret; + } + + gboolean + gdm_display_manage (GdmDisplay *self) + { + gboolean res; + +@@ -1332,61 +1322,60 @@ gdm_display_init (GdmDisplay *self) + + self->priv = GDM_DISPLAY_GET_PRIVATE (self); + + self->priv->creation_time = time (NULL); + self->priv->server_timer = g_timer_new (); + } + + static void + gdm_display_finalize (GObject *object) + { + GdmDisplay *self; + + g_return_if_fail (object != NULL); + g_return_if_fail (GDM_IS_DISPLAY (object)); + + self = GDM_DISPLAY (object); + + g_return_if_fail (self->priv != NULL); + + g_debug ("GdmDisplay: Finalizing display: %s", self->priv->id); + g_free (self->priv->id); + g_free (self->priv->seat_id); + g_free (self->priv->session_class); + g_free (self->priv->remote_hostname); + g_free (self->priv->x11_display_name); + g_free (self->priv->x11_cookie); + + g_clear_object (&self->priv->display_skeleton); + g_clear_object (&self->priv->object_skeleton); + g_clear_object (&self->priv->connection); +- g_clear_object (&self->priv->accountsservice_proxy); + + if (self->priv->access_file != NULL) { + g_object_unref (self->priv->access_file); + } + + if (self->priv->user_access_file != NULL) { + g_object_unref (self->priv->user_access_file); + } + + if (self->priv->server_timer != NULL) { + g_timer_destroy (self->priv->server_timer); + } + + G_OBJECT_CLASS (gdm_display_parent_class)->finalize (object); + } + + GDBusObjectSkeleton * + gdm_display_get_object_skeleton (GdmDisplay *self) + { + return self->priv->object_skeleton; + } + + static void + on_launch_environment_session_opened (GdmLaunchEnvironment *launch_environment, + GdmDisplay *self) + { + char *session_id; + + g_debug ("GdmDisplay: Greeter session opened"); + session_id = gdm_launch_environment_get_session_id (launch_environment); +-- +2.21.0 + diff --git a/SOURCES/0001-local-display-factory-pause-for-a-few-seconds-before.patch b/SOURCES/0001-local-display-factory-pause-for-a-few-seconds-before.patch new file mode 100644 index 0000000..543ecb9 --- /dev/null +++ b/SOURCES/0001-local-display-factory-pause-for-a-few-seconds-before.patch @@ -0,0 +1,90 @@ +From f9662449f0f7dbb452ba11fe85a3c81b386f6dab Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 29 Oct 2018 06:57:59 -0400 +Subject: [PATCH] local-display-factory: pause for a few seconds before falling + back to X + +logind currently gets confused if a session is started immediately as +one is shutting down. + +Workaround this problem by adding an artificial delay when falling +back to X. + +http://bugzilla.redhat.com/1643874 +--- + daemon/gdm-local-display-factory.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c +index 403921d32..ab7e12e91 100644 +--- a/daemon/gdm-local-display-factory.c ++++ b/daemon/gdm-local-display-factory.c +@@ -283,60 +283,65 @@ on_display_status_changed (GdmDisplay *display, + /* if this is a local display, do a full resync. Only + * seats without displays will get created anyway. This + * ensures we get a new login screen when the user logs out, + * if there isn't one. + */ + if (is_local) { + /* reset num failures */ + factory->priv->num_failures = 0; + + gdm_local_display_factory_sync_seats (factory); + } + break; + case GDM_DISPLAY_FAILED: + /* leave the display number in factory->priv->used_display_numbers + so that it doesn't get reused */ + gdm_display_store_remove (store, display); + + /* Create a new equivalent display if it was static */ + if (is_local) { + + factory->priv->num_failures++; + + if (factory->priv->num_failures > MAX_DISPLAY_FAILURES) { + /* oh shit */ + g_warning ("GdmLocalDisplayFactory: maximum number of X display failures reached: check X server log for errors"); + } else { + #ifdef ENABLE_WAYLAND_SUPPORT + if (g_strcmp0 (session_type, "wayland") == 0) { + g_free (session_type); + session_type = NULL; ++ ++ /* workaround logind race for now ++ * bug 1643874 ++ */ ++ sleep (2); + } + + #endif + create_display (factory, seat_id, session_type, is_initial); + } + } + break; + case GDM_DISPLAY_UNMANAGED: + break; + case GDM_DISPLAY_PREPARED: + break; + case GDM_DISPLAY_MANAGED: + break; + default: + g_assert_not_reached (); + break; + } + + g_free (seat_id); + g_free (session_type); + } + + static gboolean + lookup_by_seat_id (const char *id, + GdmDisplay *display, + gpointer user_data) + { + const char *looking_for = user_data; + char *current; + gboolean res; +-- +2.19.1 + diff --git a/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch b/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch new file mode 100644 index 0000000..0b1d1a2 --- /dev/null +++ b/SOURCES/0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch @@ -0,0 +1,343 @@ +From bb58b5762272840a414f2bfe3ab59d733099a06c Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 20 Dec 2018 14:51:38 -0500 +Subject: [PATCH 1/2] manager: allow multiple xdmcp logins for the same user + +--- + common/gdm-settings-keys.h | 1 + + daemon/gdm-manager.c | 71 ++++++++++++++++++++++++++++---------- + data/gdm.schemas.in.in | 5 +++ + 3 files changed, 59 insertions(+), 18 deletions(-) + +diff --git a/common/gdm-settings-keys.h b/common/gdm-settings-keys.h +index f0059b5cf..33676a851 100644 +--- a/common/gdm-settings-keys.h ++++ b/common/gdm-settings-keys.h +@@ -28,37 +28,38 @@ G_BEGIN_DECLS + #define GDM_KEY_USER "daemon/User" + #define GDM_KEY_GROUP "daemon/Group" + #define GDM_KEY_AUTO_LOGIN_ENABLE "daemon/AutomaticLoginEnable" + #define GDM_KEY_AUTO_LOGIN_USER "daemon/AutomaticLogin" + #define GDM_KEY_TIMED_LOGIN_ENABLE "daemon/TimedLoginEnable" + #define GDM_KEY_TIMED_LOGIN_USER "daemon/TimedLogin" + #define GDM_KEY_TIMED_LOGIN_DELAY "daemon/TimedLoginDelay" + #define GDM_KEY_INITIAL_SETUP_ENABLE "daemon/InitialSetupEnable" + #define GDM_KEY_WAYLAND_ENABLE "daemon/WaylandEnable" + + #define GDM_KEY_DEBUG "debug/Enable" + + #define GDM_KEY_INCLUDE "greeter/Include" + #define GDM_KEY_EXCLUDE "greeter/Exclude" + #define GDM_KEY_INCLUDE_ALL "greeter/IncludeAll" + + #define GDM_KEY_DISALLOW_TCP "security/DisallowTCP" + #define GDM_KEY_ALLOW_REMOTE_AUTOLOGIN "security/AllowRemoteAutoLogin" + + #define GDM_KEY_XDMCP_ENABLE "xdmcp/Enable" + #define GDM_KEY_SHOW_LOCAL_GREETER "xdmcp/ShowLocalGreeter" + #define GDM_KEY_MAX_PENDING "xdmcp/MaxPending" + #define GDM_KEY_MAX_SESSIONS "xdmcp/MaxSessions" + #define GDM_KEY_MAX_WAIT "xdmcp/MaxWait" + #define GDM_KEY_DISPLAYS_PER_HOST "xdmcp/DisplaysPerHost" + #define GDM_KEY_UDP_PORT "xdmcp/Port" + #define GDM_KEY_INDIRECT "xdmcp/HonorIndirect" + #define GDM_KEY_MAX_WAIT_INDIRECT "xdmcp/MaxWaitIndirect" + #define GDM_KEY_PING_INTERVAL "xdmcp/PingIntervalSeconds" + #define GDM_KEY_WILLING "xdmcp/Willing" ++#define GDM_KEY_ALLOW_MULTIPLE_SESSIONS_PER_USER "xdmcp/AllowMultipleSessionsPerUser" + + #define GDM_KEY_MULTICAST "chooser/Multicast" + #define GDM_KEY_MULTICAST_ADDR "chooser/MulticastAddr" + + G_END_DECLS + + #endif /* _GDM_SETTINGS_KEYS_H */ +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index 056560b20..de7357ad5 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -594,93 +594,106 @@ get_display_and_details_for_bus_sender (GdmManager *self, + if (out_tty != NULL) { + *out_tty = get_tty_for_session_id (session_id, &error); + + if (error != NULL) { + g_debug ("GdmManager: Error while retrieving tty for session: %s", + error->message); + g_clear_error (&error); + } + } + + display = gdm_display_store_find (self->priv->display_store, + lookup_by_session_id, + (gpointer) session_id); + + if (out_display != NULL) { + *out_display = display; + } + out: + g_free (session_id); + } + + static gboolean + switch_to_compatible_user_session (GdmManager *manager, + GdmSession *session, + gboolean fail_if_already_switched) + { + gboolean res; + gboolean ret; + const char *username; + const char *seat_id; +- const char *ssid_to_activate; ++ const char *ssid_to_activate = NULL; + GdmSession *existing_session; + + ret = FALSE; + + username = gdm_session_get_username (session); + seat_id = gdm_session_get_display_seat_id (session); + +- if (!fail_if_already_switched) { +- session = NULL; +- } ++ if (!fail_if_already_switched) ++ ssid_to_activate = gdm_session_get_session_id (session); + +- existing_session = find_session_for_user_on_seat (manager, username, seat_id, session); ++ if (ssid_to_activate == NULL) { ++ if (!seat_id || !sd_seat_can_multi_session (seat_id)) { ++ g_debug ("GdmManager: unable to activate existing sessions from login screen unless on seat0"); ++ goto out; ++ } + +- if (existing_session != NULL) { +- ssid_to_activate = gdm_session_get_session_id (existing_session); +- if (seat_id != NULL) { +- res = activate_session_id (manager, seat_id, ssid_to_activate); +- if (! res) { +- g_debug ("GdmManager: unable to activate session: %s", ssid_to_activate); +- goto out; +- } ++ if (!fail_if_already_switched) { ++ session = NULL; + } + +- res = session_unlock (manager, ssid_to_activate); +- if (!res) { +- /* this isn't fatal */ +- g_debug ("GdmManager: unable to unlock session: %s", ssid_to_activate); ++ existing_session = find_session_for_user_on_seat (manager, username, seat_id, session); ++ ++ if (existing_session != NULL) { ++ ssid_to_activate = gdm_session_get_session_id (existing_session); + } +- } else { ++ } ++ ++ if (ssid_to_activate == NULL) { + goto out; + } + ++ if (seat_id != NULL) { ++ res = activate_session_id (manager, seat_id, ssid_to_activate); ++ if (! res) { ++ g_debug ("GdmManager: unable to activate session: %s", ssid_to_activate); ++ goto out; ++ } ++ } ++ ++ res = session_unlock (manager, ssid_to_activate); ++ if (!res) { ++ /* this isn't fatal */ ++ g_debug ("GdmManager: unable to unlock session: %s", ssid_to_activate); ++ } ++ + ret = TRUE; + + out: + return ret; + } + + static GdmDisplay * + get_display_for_user_session (GdmSession *session) + { + return g_object_get_data (G_OBJECT (session), "gdm-display"); + } + + static GdmSession * + get_user_session_for_display (GdmDisplay *display) + { + if (display == NULL) { + return NULL; + } + + return g_object_get_data (G_OBJECT (display), "gdm-user-session"); + } + + static gboolean + add_session_record (GdmManager *manager, + GdmSession *session, + GPid pid, + SessionRecord record) + { + const char *username; + char *display_name, *hostname, *display_device; +@@ -1088,92 +1101,114 @@ open_temporary_reauthentication_channel (GdmManager *self, + g_signal_connect (session, + "client-disconnected", + G_CALLBACK (on_reauthentication_client_disconnected), + self); + g_signal_connect (session, + "client-rejected", + G_CALLBACK (on_reauthentication_client_rejected), + self); + g_signal_connect (session, + "cancelled", + G_CALLBACK (on_reauthentication_cancelled), + self); + g_signal_connect (session, + "conversation-started", + G_CALLBACK (on_reauthentication_conversation_started), + self); + g_signal_connect (session, + "conversation-stopped", + G_CALLBACK (on_reauthentication_conversation_stopped), + self); + g_signal_connect (session, + "verification-complete", + G_CALLBACK (on_reauthentication_verification_complete), + self); + + address = gdm_session_get_server_address (session); + + return g_strdup (address); + } + ++static gboolean ++remote_users_can_log_in_more_than_once (GdmManager *manager) ++{ ++ gboolean enabled; ++ ++ enabled = FALSE; ++ ++ gdm_settings_direct_get_boolean (GDM_KEY_ALLOW_MULTIPLE_SESSIONS_PER_USER, &enabled); ++ ++ g_debug ("GdmDisplay: Remote users allowed to log in more than once: %s", enabled? "yes" : "no"); ++ ++ return enabled; ++} ++ + static gboolean + gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager, + GDBusMethodInvocation *invocation, + const char *username) + { + GdmManager *self = GDM_MANAGER (manager); + const char *sender; + GdmDisplay *display = NULL; + GdmSession *session; + GDBusConnection *connection; + char *seat_id = NULL; + char *session_id = NULL; + GPid pid = 0; + uid_t uid = (uid_t) -1; + gboolean is_login_screen = FALSE; + gboolean is_remote = FALSE; + + g_debug ("GdmManager: trying to open reauthentication channel for user %s", username); + + sender = g_dbus_method_invocation_get_sender (invocation); + connection = g_dbus_method_invocation_get_connection (invocation); + get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, NULL, &pid, &uid, &is_login_screen, &is_remote); + + if (session_id == NULL || pid == 0 || uid == (uid_t) -1) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("No session available")); + + return TRUE; + } + ++ if (is_login_screen && is_remote && remote_users_can_log_in_more_than_once (self)) { ++ g_dbus_method_invocation_return_error_literal (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_ACCESS_DENIED, ++ "Login screen creates new sessions for remote connections"); ++ return TRUE; ++ } ++ + if (is_login_screen) { + g_debug ("GdmManager: looking for login screen session for user %s on seat %s", username, seat_id); + session = find_session_for_user_on_seat (self, + username, + seat_id, + NULL); + } else { + g_debug ("GdmManager: looking for user session on display"); + session = get_user_session_for_display (display); + } + + if (session != NULL && gdm_session_is_running (session)) { + gdm_session_start_reauthentication (session, pid, uid); + g_hash_table_insert (self->priv->open_reauthentication_requests, + GINT_TO_POINTER (pid), + invocation); + } else if (is_login_screen) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Login screen only allowed to open reauthentication channels for running sessions"); + return TRUE; + } else { + char *address; + address = open_temporary_reauthentication_channel (self, + seat_id, + session_id, + pid, + uid, + is_remote); +diff --git a/data/gdm.schemas.in.in b/data/gdm.schemas.in.in +index 8ad203101..003f92c63 100644 +--- a/data/gdm.schemas.in.in ++++ b/data/gdm.schemas.in.in +@@ -102,32 +102,37 @@ + + xdmcp/DisplaysPerHost + i + 1 + + + xdmcp/Port + i + 177 + + + xdmcp/HonorIndirect + b + true + + + xdmcp/MaxWaitIndirect + i + 30 + + + xdmcp/PingIntervalSeconds + i + 0 + + + xdmcp/Willing + s + @gdmconfdir@/Xwilling + ++ ++ xdmcp/AllowMultipleSessionsPerUser ++ b ++ false ++ + + +-- +2.21.1 + diff --git a/SOURCES/0001-manager-don-t-kill-timed-login-session-immediately-a.patch b/SOURCES/0001-manager-don-t-kill-timed-login-session-immediately-a.patch new file mode 100644 index 0000000..6a4f22b --- /dev/null +++ b/SOURCES/0001-manager-don-t-kill-timed-login-session-immediately-a.patch @@ -0,0 +1,87 @@ +From ecd37ba6d56a49dd896613f68d1e1754633b9f0c Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 6 Feb 2019 16:14:52 -0500 +Subject: [PATCH 1/4] manager: don't kill timed login session immediately after + it starts + +At the moment GDM is misidentifying timed login sessions as if +they are automatic login sessions. That leads to their displays +getting killed sometimes shortly after log in. + +This commit corrects the check, so that timed login sessions aren't +treated as autologin sessions. +--- + daemon/gdm-manager.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index 2118c5834..b2d0578f5 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1841,61 +1841,62 @@ on_start_user_session (StartUserSessionOperation *operation) + NULL); + } else { + uid_t allowed_uid; + + g_object_ref (display); + if (doing_initial_setup) { + g_debug ("GdmManager: closing down initial setup display"); + gdm_display_stop_greeter_session (display); + gdm_display_unmanage (display); + gdm_display_finish (display); + + /* We can't start the user session until the finished display + * starts to respawn (since starting an X server and bringing + * one down at the same time is a no go) + */ + g_assert (self->priv->initial_login_operation == NULL); + self->priv->initial_login_operation = operation; + starting_user_session_right_away = FALSE; + } else { + g_debug ("GdmManager: session has its display server, reusing our server for another login screen"); + } + + /* The user session is going to follow the session worker + * into the new display. Untie it from this display and + * create a new session for a future user login. */ + allowed_uid = gdm_session_get_allowed_user (operation->session); + g_object_set_data (G_OBJECT (display), "gdm-user-session", NULL); + g_object_set_data (G_OBJECT (operation->session), "gdm-display", NULL); + create_user_session_for_display (operation->manager, display, allowed_uid); + +- if (g_strcmp0 (operation->service_name, "gdm-autologin") == 0) { ++ if ((g_strcmp0 (operation->service_name, "gdm-autologin") == 0) && ++ !gdm_session_client_is_connected (operation->session)) { + gboolean was_initial = FALSE; + + g_object_get (G_OBJECT (display), "is-initial", &was_initial, NULL); + + /* remove the unused prepared greeter display since we're not going + * to have a greeter */ + gdm_display_store_remove (self->priv->display_store, display); + g_object_unref (display); + + should_be_initial = was_initial; + } + + /* Give the user session a new display object for bookkeeping purposes */ + create_display_for_user_session (operation->manager, + operation->session, + session_id, + should_be_initial); + } + + if (starting_user_session_right_away) { + start_user_session (operation->manager, operation); + } + + out: + return G_SOURCE_REMOVE; + } + + static void + queue_start_user_session (GdmManager *manager, + GdmSession *session, +-- +2.21.0 + diff --git a/SOURCES/0001-manager-ensure-is-initial-is-transfered-to-autologin.patch b/SOURCES/0001-manager-ensure-is-initial-is-transfered-to-autologin.patch new file mode 100644 index 0000000..32cf1c2 --- /dev/null +++ b/SOURCES/0001-manager-ensure-is-initial-is-transfered-to-autologin.patch @@ -0,0 +1,198 @@ +From 4b2db2cf52be75e2eec4aa29f8ee082392ded410 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Thu, 1 Nov 2018 13:03:37 -0400 +Subject: [PATCH] manager: ensure is-initial is transfered to autologin display + +At the moment, we don't handle transferring the is-initial property to +the autologin display. + +That prevents autologin from working if wayland fails and X falls back, +since autologin currently requires an initial display. + +This commit makes sure we properly transfer is-initial from greeter to +user display. +--- + daemon/gdm-manager.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index 1943d89e4..2118c5834 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1740,90 +1740,93 @@ start_user_session (GdmManager *manager, + + g_object_get (G_OBJECT (display), "is-connected", &is_connected, NULL); + + if (is_connected) { + auth_file = NULL; + username = gdm_session_get_username (operation->session); + gdm_display_add_user_authorization (display, + username, + &auth_file, + NULL); + + g_assert (auth_file != NULL); + + g_object_set (operation->session, + "user-x11-authority-file", auth_file, + NULL); + + g_free (auth_file); + } + } + + gdm_session_start_session (operation->session, + operation->service_name); + + destroy_start_user_session_operation (operation); + } + + static void + create_display_for_user_session (GdmManager *self, + GdmSession *session, +- const char *session_id) ++ const char *session_id, ++ gboolean is_initial) + { + GdmDisplay *display; + /* at the moment we only create GdmLocalDisplay objects on seat0 */ + const char *seat_id = "seat0"; + + display = gdm_local_display_new (); + + g_object_set (G_OBJECT (display), + "session-class", "user", + "seat-id", seat_id, + "session-id", session_id, ++ "is-initial", is_initial, + NULL); + gdm_display_store_add (self->priv->display_store, + display); + g_object_set_data (G_OBJECT (session), "gdm-display", display); + g_object_set_data_full (G_OBJECT (display), + "gdm-user-session", + g_object_ref (session), + (GDestroyNotify) + clean_user_session); + } + + static gboolean + on_start_user_session (StartUserSessionOperation *operation) + { + GdmManager *self = operation->manager; + gboolean migrated; + gboolean fail_if_already_switched = TRUE; + gboolean doing_initial_setup = FALSE; ++ gboolean should_be_initial = FALSE; + gboolean starting_user_session_right_away = TRUE; + GdmDisplay *display; + const char *session_id; + + g_debug ("GdmManager: start or jump to session"); + + /* If there's already a session running, jump to it. + * If the only session running is the one we just opened, + * start a session on it. + */ + migrated = switch_to_compatible_user_session (operation->manager, operation->session, fail_if_already_switched); + + g_debug ("GdmManager: migrated: %d", migrated); + if (migrated) { + /* We don't stop the manager here because + when Xorg exits it switches to the VT it was + started from. That interferes with fast + user switching. */ + gdm_session_reset (operation->session); + destroy_start_user_session_operation (operation); + goto out; + } + + display = get_display_for_user_session (operation->session); + + g_object_get (G_OBJECT (display), "doing-initial-setup", &doing_initial_setup, NULL); + + session_id = gdm_session_get_conversation_session_id (operation->session, + operation->service_name); + +@@ -1839,70 +1842,77 @@ on_start_user_session (StartUserSessionOperation *operation) + } else { + uid_t allowed_uid; + + g_object_ref (display); + if (doing_initial_setup) { + g_debug ("GdmManager: closing down initial setup display"); + gdm_display_stop_greeter_session (display); + gdm_display_unmanage (display); + gdm_display_finish (display); + + /* We can't start the user session until the finished display + * starts to respawn (since starting an X server and bringing + * one down at the same time is a no go) + */ + g_assert (self->priv->initial_login_operation == NULL); + self->priv->initial_login_operation = operation; + starting_user_session_right_away = FALSE; + } else { + g_debug ("GdmManager: session has its display server, reusing our server for another login screen"); + } + + /* The user session is going to follow the session worker + * into the new display. Untie it from this display and + * create a new session for a future user login. */ + allowed_uid = gdm_session_get_allowed_user (operation->session); + g_object_set_data (G_OBJECT (display), "gdm-user-session", NULL); + g_object_set_data (G_OBJECT (operation->session), "gdm-display", NULL); + create_user_session_for_display (operation->manager, display, allowed_uid); + + if (g_strcmp0 (operation->service_name, "gdm-autologin") == 0) { ++ gboolean was_initial = FALSE; ++ ++ g_object_get (G_OBJECT (display), "is-initial", &was_initial, NULL); ++ + /* remove the unused prepared greeter display since we're not going + * to have a greeter */ + gdm_display_store_remove (self->priv->display_store, display); + g_object_unref (display); ++ ++ should_be_initial = was_initial; + } + + /* Give the user session a new display object for bookkeeping purposes */ + create_display_for_user_session (operation->manager, + operation->session, +- session_id); ++ session_id, ++ should_be_initial); + } + + if (starting_user_session_right_away) { + start_user_session (operation->manager, operation); + } + + out: + return G_SOURCE_REMOVE; + } + + static void + queue_start_user_session (GdmManager *manager, + GdmSession *session, + const char *service_name) + { + StartUserSessionOperation *operation; + + operation = g_slice_new0 (StartUserSessionOperation); + operation->manager = manager; + operation->session = g_object_ref (session); + operation->service_name = g_strdup (service_name); + + operation->idle_id = g_idle_add ((GSourceFunc) on_start_user_session, operation); + g_object_set_data (G_OBJECT (session), "start-user-session-operation", operation); + } + + static void + start_user_session_if_ready (GdmManager *manager, + GdmSession *session, + const char *service_name) +-- +2.19.1 + diff --git a/SOURCES/0001-session-ensure-login-screen-over-XDMCP-connects-to-i.patch b/SOURCES/0001-session-ensure-login-screen-over-XDMCP-connects-to-i.patch new file mode 100644 index 0000000..bf19d59 --- /dev/null +++ b/SOURCES/0001-session-ensure-login-screen-over-XDMCP-connects-to-i.patch @@ -0,0 +1,105 @@ +From b8c942b5f191eaa39ac1e578fa019b32a516cd5c Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 11 Feb 2019 10:32:55 -0500 +Subject: [PATCH] session: ensure login screen over XDMCP connects to its + session + +Right now GTK preferentially picks the wayland display over an +X11 display if it finds one. + +That causes a problem for XDMCP sessions, since there may be a +wayland display running on the local console for the GDM user. + +This commit addresses the issue by forcing the X11 backend if +the session is X11. +--- + daemon/gdm-session.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index e6640aac7..0f821e390 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -2614,60 +2614,79 @@ set_up_session_environment (GdmSession *self) + } + + static void + send_display_mode (GdmSession *self, + GdmSessionConversation *conversation) + { + GdmSessionDisplayMode mode; + + mode = gdm_session_get_display_mode (self); + gdm_dbus_worker_call_set_session_display_mode (conversation->worker_proxy, + gdm_session_display_mode_to_string (mode), + conversation->worker_cancellable, + NULL, NULL); + } + + static void + send_session_type (GdmSession *self, + GdmSessionConversation *conversation) + { + const char *session_type = "x11"; + + if (self->priv->session_type != NULL) { + session_type = self->priv->session_type; + } + + gdm_dbus_worker_call_set_environment_variable (conversation->worker_proxy, + "XDG_SESSION_TYPE", + session_type, + conversation->worker_cancellable, + NULL, NULL); ++ ++ /* If the session type is x11, then set GDK_BACKEND to x11 as well. ++ * This is so gnome-session-check-accelerated from an XDMCP connection doesn't ++ * try to use the wayland display running on the local console for the gdm ++ * user login screen session. ++ * ++ * That's the only case where we let a user log in more than once, so it's ++ * the only situation that matters. ++ * ++ * We can drop this code if we ever switch the login screen to use systemd's ++ * DynamicUser feature. ++ */ ++ if (g_strcmp0 (session_type, "x11") == 0) { ++ gdm_dbus_worker_call_set_environment_variable (conversation->worker_proxy, ++ "GDK_BACKEND", ++ "x11", ++ conversation->worker_cancellable, ++ NULL, NULL); ++ } + } + + void + gdm_session_open_session (GdmSession *self, + const char *service_name) + { + GdmSessionConversation *conversation; + + g_return_if_fail (GDM_IS_SESSION (self)); + + conversation = find_conversation_by_name (self, service_name); + + if (conversation != NULL) { + send_display_mode (self, conversation); + send_session_type (self, conversation); + + gdm_dbus_worker_call_open (conversation->worker_proxy, + conversation->worker_cancellable, + (GAsyncReadyCallback) on_opened, conversation); + } + } + + static void + stop_all_other_conversations (GdmSession *self, + GdmSessionConversation *conversation_to_keep, + gboolean now) + { + GHashTableIter iter; + gpointer key, value; + +-- +2.18.1 + diff --git a/SOURCES/0001-session-worker-expose-worker-state-enum-to-type-syst.patch b/SOURCES/0001-session-worker-expose-worker-state-enum-to-type-syst.patch new file mode 100644 index 0000000..3de78e9 --- /dev/null +++ b/SOURCES/0001-session-worker-expose-worker-state-enum-to-type-syst.patch @@ -0,0 +1,470 @@ +From 521ff70fe447558461dd38cdec62a7c0a5a74f7a Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 24 Jun 2019 14:48:23 -0400 +Subject: [PATCH 1/3] session-worker: expose worker state enum to type system + +We're going to need to access the worker state as a property on +the worker object. + +This commit hooks it up to glib-mkenums so the requisite goo can +get generated +--- + daemon/Makefile.am | 8 +++++ + daemon/gdm-session-worker-enum-types.c.in | 42 +++++++++++++++++++++++ + daemon/gdm-session-worker-enum-types.h.in | 24 +++++++++++++ + daemon/gdm-session-worker.c | 16 +++------ + daemon/gdm-session-worker.h | 12 +++++++ + 5 files changed, 90 insertions(+), 12 deletions(-) + create mode 100644 daemon/gdm-session-worker-enum-types.c.in + create mode 100644 daemon/gdm-session-worker-enum-types.h.in + +diff --git a/daemon/Makefile.am b/daemon/Makefile.am +index b77c9276e..86a8ee32f 100644 +--- a/daemon/Makefile.am ++++ b/daemon/Makefile.am +@@ -14,69 +14,76 @@ AM_CPPFLAGS = \ + -DLIBEXECDIR=\"$(libexecdir)\" \ + -DLOCALSTATEDIR=\"$(localstatedir)\" \ + -DLOGDIR=\"$(logdir)\" \ + -DSBINDIR=\"$(sbindir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ + -DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \ + -DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \ + -DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\" \ + -DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\" \ + -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \ + $(DISABLE_DEPRECATED_CFLAGS) \ + $(DAEMON_CFLAGS) \ + $(XLIB_CFLAGS) \ + $(WARN_CFLAGS) \ + $(DEBUG_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(JOURNALD_CFLAGS) \ + $(LIBSELINUX_CFLAGS) \ + -DLANG_CONFIG_FILE=\"$(LANG_CONFIG_FILE)\" \ + $(NULL) + + BUILT_SOURCES = \ + gdm-display-glue.h \ + gdm-manager-glue.h \ + gdm-local-display-glue.h \ + gdm-local-display-factory-glue.h \ + gdm-session-glue.h \ + gdm-session-worker-glue.h \ + gdm-session-enum-types.h \ ++ gdm-session-worker-enum-types.h \ + com.redhat.AccountsServiceUser.System.h \ + $(NULL) + + gdm-session-enum-types.h: gdm-session-enum-types.h.in gdm-session.h + $(AM_V_GEN) glib-mkenums --template $^ > $@ + + gdm-session-enum-types.c: gdm-session-enum-types.c.in gdm-session.h + $(AM_V_GEN) glib-mkenums --template $^ > $@ + ++gdm-session-worker-enum-types.h: gdm-session-worker-enum-types.h.in gdm-session-worker.h ++ $(AM_V_GEN) glib-mkenums --template $^ > $@ ++ ++gdm-session-worker-enum-types.c: gdm-session-worker-enum-types.c.in gdm-session-worker.h ++ $(AM_V_GEN) glib-mkenums --template $^ > $@ ++ + gdm-display-glue.c gdm-display-glue.h: gdm-display.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-display-glue \ + $(srcdir)/gdm-display.xml + + gdm-local-display-glue.c gdm-local-display-glue.h: gdm-local-display.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-local-display-glue \ + $(srcdir)/gdm-local-display.xml + + gdm-local-display-factory-glue.c gdm-local-display-factory-glue.h : gdm-local-display-factory.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-local-display-factory-glue \ + $(srcdir)/gdm-local-display-factory.xml + + gdm-manager-glue.c gdm-manager-glue.h : gdm-manager.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-manager-glue \ + $(srcdir)/gdm-manager.xml + + gdm-session-glue.c gdm-session-glue.h : gdm-session.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ +@@ -128,60 +135,61 @@ gdm_session_worker_SOURCES = \ + session-worker-main.c \ + com.redhat.AccountsServiceUser.System.h \ + com.redhat.AccountsServiceUser.System.c \ + gdm-session.c \ + gdm-session.h \ + gdm-session-settings.h \ + gdm-session-settings.c \ + gdm-session-auditor.h \ + gdm-session-auditor.c \ + gdm-session-record.c \ + gdm-session-record.h \ + gdm-session-worker.h \ + gdm-session-worker.c \ + gdm-session-worker-job.c \ + gdm-session-worker-common.c \ + gdm-session-worker-common.h \ + gdm-dbus-util.c \ + gdm-dbus-util.h \ + $(NULL) + + if SUPPORTS_PAM_EXTENSIONS + gdm_session_worker_SOURCES += $(top_srcdir)/pam-extensions/gdm-pam-extensions.h + endif + + nodist_gdm_session_worker_SOURCES = \ + gdm-session-glue.h \ + gdm-session-glue.c \ + gdm-session-worker-glue.c \ + gdm-session-worker-glue.h \ + gdm-session-enum-types.c \ ++ gdm-session-worker-enum-types.c \ + gdm-session-enum-types.h \ + $(NULL) + + gdm_wayland_session_LDADD = \ + $(top_builddir)/common/libgdmcommon.la \ + $(GTK_LIBS) \ + $(COMMON_LIBS) \ + $(SYSTEMD_LIBS) \ + $(NULL) + + gdm_wayland_session_SOURCES = \ + gdm-manager-glue.h \ + gdm-manager-glue.c \ + gdm-wayland-session.c \ + $(NULL) + + gdm_x_session_LDADD = \ + $(top_builddir)/common/libgdmcommon.la \ + $(GTK_LIBS) \ + $(COMMON_LIBS) \ + $(SYSTEMD_LIBS) \ + $(XLIB_LIBS) \ + $(NULL) + + gdm_x_session_SOURCES = \ + gdm-manager-glue.h \ + gdm-manager-glue.c \ + gdm-x-session.c \ + $(NULL) + +diff --git a/daemon/gdm-session-worker-enum-types.c.in b/daemon/gdm-session-worker-enum-types.c.in +new file mode 100644 +index 000000000..c02869076 +--- /dev/null ++++ b/daemon/gdm-session-worker-enum-types.c.in +@@ -0,0 +1,42 @@ ++/*** BEGIN file-header ***/ ++ ++#include ++ ++/*** END file-header ***/ ++ ++/*** BEGIN file-production ***/ ++#include "@filename@" ++/* enumerations from "@filename@" */ ++/*** END file-production ***/ ++ ++/*** BEGIN value-header ***/ ++GType @enum_name@_get_type (void) G_GNUC_CONST; ++ ++GType ++@enum_name@_get_type (void) ++{ ++ static GType etype = 0; ++ ++ if (G_UNLIKELY(etype == 0)) { ++ static const G@Type@Value values[] = { ++/*** END value-header ***/ ++ ++/*** BEGIN value-production ***/ ++ { @VALUENAME@, "@VALUENAME@", "@valuenick@" }, ++/*** END value-production ***/ ++ ++/*** BEGIN value-tail ***/ ++ { 0, NULL, NULL } ++ }; ++ ++ etype = g_@type@_register_static (g_intern_static_string ("@EnumName@"), values); ++ } ++ ++ return etype; ++} ++ ++/*** END value-tail ***/ ++ ++/*** BEGIN file-tail ***/ ++ /**/ ++/*** END file-tail ***/ +diff --git a/daemon/gdm-session-worker-enum-types.h.in b/daemon/gdm-session-worker-enum-types.h.in +new file mode 100644 +index 000000000..64f4b4bb6 +--- /dev/null ++++ b/daemon/gdm-session-worker-enum-types.h.in +@@ -0,0 +1,24 @@ ++/*** BEGIN file-header ***/ ++#ifndef GDM_SESSION_WORKER_ENUM_TYPES_H ++#define GDM_SESSION_WORKER_ENUM_TYPES_H ++ ++#include ++ ++G_BEGIN_DECLS ++/*** END file-header ***/ ++ ++/*** BEGIN file-production ***/ ++ ++/* enumerations from "@filename@" */ ++/*** END file-production ***/ ++ ++/*** BEGIN value-header ***/ ++GType @enum_name@_get_type (void) G_GNUC_CONST; ++#define @ENUMPREFIX@_TYPE_@ENUMSHORT@ (@enum_name@_get_type ()) ++/*** END value-header ***/ ++ ++/*** BEGIN file-tail ***/ ++G_END_DECLS ++ ++#endif /* GDM_SESSION_WORKER_ENUM_TYPES_H */ ++/*** END file-tail ***/ +diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c +index ae86d28ac..f6935ab1d 100644 +--- a/daemon/gdm-session-worker.c ++++ b/daemon/gdm-session-worker.c +@@ -83,83 +83,72 @@ + #define GDM_SESSION_WORKER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerPrivate)) + + #define GDM_SESSION_DBUS_PATH "/org/gnome/DisplayManager/Session" + #define GDM_SESSION_DBUS_NAME "org.gnome.DisplayManager.Session" + #define GDM_SESSION_DBUS_ERROR_CANCEL "org.gnome.DisplayManager.Session.Error.Cancel" + + #define GDM_WORKER_DBUS_PATH "/org/gnome/DisplayManager/Worker" + + #ifndef GDM_PASSWD_AUXILLARY_BUFFER_SIZE + #define GDM_PASSWD_AUXILLARY_BUFFER_SIZE 1024 + #endif + + #ifndef GDM_SESSION_DEFAULT_PATH + #define GDM_SESSION_DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin" + #endif + + #ifndef GDM_SESSION_ROOT_UID + #define GDM_SESSION_ROOT_UID 0 + #endif + + #ifndef GDM_SESSION_LOG_FILENAME + #define GDM_SESSION_LOG_FILENAME "session.log" + #endif + + #define MAX_FILE_SIZE 65536 + #define MAX_LOGS 5 + + #define RELEASE_DISPLAY_SIGNAL (SIGRTMAX) + #define ACQUIRE_DISPLAY_SIGNAL (SIGRTMAX - 1) + +-enum { +- GDM_SESSION_WORKER_STATE_NONE = 0, +- GDM_SESSION_WORKER_STATE_SETUP_COMPLETE, +- GDM_SESSION_WORKER_STATE_AUTHENTICATED, +- GDM_SESSION_WORKER_STATE_AUTHORIZED, +- GDM_SESSION_WORKER_STATE_ACCREDITED, +- GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED, +- GDM_SESSION_WORKER_STATE_SESSION_OPENED, +- GDM_SESSION_WORKER_STATE_SESSION_STARTED +-}; +- + typedef struct + { + GdmSessionWorker *worker; + GdmSession *session; + GPid pid_of_caller; + uid_t uid_of_caller; + + } ReauthenticationRequest; + + struct GdmSessionWorkerPrivate + { +- int state; ++ GdmSessionWorkerState state; + + int exit_code; + + pam_handle_t *pam_handle; + + GPid child_pid; + guint child_watch_id; + + /* from Setup */ + char *service; + char *x11_display_name; + char *x11_authority_file; + char *display_device; + char *display_seat_id; + char *hostname; + char *username; + char *log_file; + char *session_id; + uid_t uid; + gid_t gid; + gboolean password_is_required; + char **extensions; + + int cred_flags; + int login_vt; + int session_vt; + int session_tty_fd; + + char **arguments; + guint32 cancelled : 1; +@@ -2455,60 +2444,63 @@ gdm_session_worker_set_property (GObject *object, + switch (prop_id) { + case PROP_SERVER_ADDRESS: + gdm_session_worker_set_server_address (self, g_value_get_string (value)); + break; + case PROP_IS_REAUTH_SESSION: + gdm_session_worker_set_is_reauth_session (self, g_value_get_boolean (value)); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } + } + + static void + gdm_session_worker_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) + { + GdmSessionWorker *self; + + self = GDM_SESSION_WORKER (object); + + switch (prop_id) { + case PROP_SERVER_ADDRESS: + g_value_set_string (value, self->priv->server_address); + break; + case PROP_IS_REAUTH_SESSION: + g_value_set_boolean (value, self->priv->is_reauth_session); + break; ++ case PROP_STATE: ++ g_value_set_int (value, self->priv->state); ++ break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } + } + + static gboolean + gdm_session_worker_handle_set_environment_variable (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *key, + const char *value) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + gdm_session_worker_set_environment_variable (worker, key, value); + gdm_dbus_worker_complete_set_environment_variable (object, invocation); + return TRUE; + } + + static gboolean + gdm_session_worker_handle_set_session_name (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *session_name) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + g_debug ("GdmSessionWorker: session name set to %s", session_name); + if (worker->priv->user_settings != NULL) + gdm_session_settings_set_session_name (worker->priv->user_settings, + session_name); + gdm_dbus_worker_complete_set_session_name (object, invocation); + return TRUE; +diff --git a/daemon/gdm-session-worker.h b/daemon/gdm-session-worker.h +index 5603e80e0..2814eab4d 100644 +--- a/daemon/gdm-session-worker.h ++++ b/daemon/gdm-session-worker.h +@@ -1,56 +1,68 @@ + /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- + * + * Copyright (C) 2006 Ray Strode + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + + #ifndef __GDM_SESSION_WORKER_H + #define __GDM_SESSION_WORKER_H + + #include + + #include "gdm-session-worker-glue.h" + #include "gdm-session-worker-common.h" ++#include "gdm-session-worker-enum-types.h" + + G_BEGIN_DECLS + + #define GDM_TYPE_SESSION_WORKER (gdm_session_worker_get_type ()) + #define GDM_SESSION_WORKER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GDM_TYPE_SESSION_WORKER, GdmSessionWorker)) + #define GDM_SESSION_WORKER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerClass)) + #define GDM_IS_SESSION_WORKER(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GDM_TYPE_SESSION_WORKER)) + #define GDM_IS_SESSION_WORKER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GDM_TYPE_SESSION_WORKER)) + #define GDM_SESSION_WORKER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), GDM_TYPE_SESSION_WORKER, GdmSessionWorkerClass)) + ++typedef enum { ++ GDM_SESSION_WORKER_STATE_NONE = 0, ++ GDM_SESSION_WORKER_STATE_SETUP_COMPLETE, ++ GDM_SESSION_WORKER_STATE_AUTHENTICATED, ++ GDM_SESSION_WORKER_STATE_AUTHORIZED, ++ GDM_SESSION_WORKER_STATE_ACCREDITED, ++ GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED, ++ GDM_SESSION_WORKER_STATE_SESSION_OPENED, ++ GDM_SESSION_WORKER_STATE_SESSION_STARTED ++} GdmSessionWorkerState; ++ + typedef struct GdmSessionWorkerPrivate GdmSessionWorkerPrivate; + + typedef struct + { + GdmDBusWorkerSkeleton parent; + GdmSessionWorkerPrivate *priv; + } GdmSessionWorker; + + typedef struct + { + GdmDBusWorkerSkeletonClass parent_class; + } GdmSessionWorkerClass; + + GType gdm_session_worker_get_type (void); + + GdmSessionWorker * gdm_session_worker_new (const char *server_address, + gboolean is_for_reauth) G_GNUC_MALLOC; + G_END_DECLS + #endif /* GDM_SESSION_WORKER_H */ +-- +2.18.1 + diff --git a/SOURCES/0001-utils-add-new-gdm-disable-wayland-binary.patch b/SOURCES/0001-utils-add-new-gdm-disable-wayland-binary.patch new file mode 100644 index 0000000..0171861 --- /dev/null +++ b/SOURCES/0001-utils-add-new-gdm-disable-wayland-binary.patch @@ -0,0 +1,161 @@ +From 14656db42a6b4d4d48cf74127f3187dfe85607ec Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 21 May 2018 15:03:29 +0000 +Subject: [PATCH] utils: add new gdm-disable-wayland binary + +We currently disable wayland for cirrus by calling printf +from a udev rule. This works, but it's a little too open +coded to easily write SELinux policy for. + +This commit introduces a new program, gdm-disable-wayland, +that does the same thing, but in a dedicated binary. + +A future commit will change the udev rule to use the binary. + +https://bugzilla.gnome.org/show_bug.cgi?id=796315 + + +(cherry picked from commit 2dc57da31781dedfe374ce353b0f5fd6aa9da56f) +--- + utils/Makefile.am | 14 ++++++++++ + utils/gdm-disable-wayland.c | 53 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 67 insertions(+) + create mode 100644 utils/gdm-disable-wayland.c + +diff --git a/utils/Makefile.am b/utils/Makefile.am +index ae3cc01fb..babe890b9 100644 +--- a/utils/Makefile.am ++++ b/utils/Makefile.am +@@ -1,56 +1,70 @@ + NULL = + + AM_CPPFLAGS = \ + -I$(srcdir) \ + -I$(builddir) \ + -I$(top_srcdir) \ + -I$(top_builddir) \ + -I$(top_srcdir)/common \ + -I$(top_builddir)/common \ + -DDATADIR=\"$(datadir)\" \ + -DGDMCONFDIR=\"$(gdmconfdir)\" \ + -DLOCALSTATEDIR=\""$(localstatedir)"\" \ ++ -DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \ ++ -DGDM_RUNTIME_CONF=\"$(GDM_RUNTIME_CONF)\" \ + -DGDM_SCREENSHOT_DIR=\""$(GDM_SCREENSHOT_DIR)"\"\ + -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ + $(UTILS_CFLAGS) \ + $(CANBERRA_GTK_CFLAGS) \ + $(GTK_CFLAGS) \ + $(XLIB_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(COMMON_CFLAGS) \ + $(NULL) + + edit = sed \ + -e 's|@sbindir[@]|$(sbindir)|g' \ + -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ + -e 's|@localstatedir[@]|$(localstatedir)|g' \ + -e 's|@GDM_PID_FILE[@]|$(GDM_PID_FILE)|g' + + bin_PROGRAMS = \ + gdmflexiserver \ + gdm-screenshot \ + $(NULL) + ++libexec_PROGRAMS = \ ++ gdm-disable-wayland \ ++ $(NULL) ++ + gdmflexiserver_LDADD = \ + $(top_builddir)/common/libgdmcommon.la \ + $(GTK_LIBS) \ + $(COMMON_LIBS) \ + $(SYSTEMD_LIBS) \ + $(NULL) + + gdm_screenshot_SOURCES = \ + gdm-screenshot.c \ + $(NULL) + + gdm_screenshot_LDADD = \ + $(GTK_LIBS) \ + $(CANBERRA_GTK_LIBS) \ + $(XLIB_LIBS) \ + $(COMMON_LIBS) \ + $(NULL) + ++gdm_disable_wayland_LDADD = \ ++ $(COMMON_LIBS) \ ++ $(NULL) ++ ++gdm_disable_wayland_SOURCES = \ ++ gdm-disable-wayland.c \ ++ $(NULL) ++ + CLEANFILES = \ + $(NULL) + + DISTCLEANFILES = \ + $(NULL) +diff --git a/utils/gdm-disable-wayland.c b/utils/gdm-disable-wayland.c +new file mode 100644 +index 000000000..be61c4d8f +--- /dev/null ++++ b/utils/gdm-disable-wayland.c +@@ -0,0 +1,53 @@ ++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- ++ * ++ * Copyright (C) 2018 Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ * ++ */ ++ ++#include "config.h" ++ ++#include ++#include ++#include ++ ++#include ++ ++int ++main (int argc, char *argv[]) ++{ ++ g_autoptr(GKeyFile) key_file = NULL; ++ g_autoptr(GError) error = NULL; ++ gboolean saved_okay; ++ ++ setlocale (LC_ALL, ""); ++ ++ key_file = g_key_file_new (); ++ ++ g_key_file_set_boolean (key_file, "daemon", "WaylandEnable", FALSE); ++ ++ g_mkdir_with_parents (GDM_RUN_DIR, 0711); ++ ++ saved_okay = g_key_file_save_to_file (key_file, GDM_RUNTIME_CONF, &error); ++ ++ if (!saved_okay) { ++ g_printerr ("gdm-disable-wayland: unable to disable wayland: %s", ++ error->message); ++ return EX_CANTCREAT; ++ } ++ ++ return EX_OK; ++} +-- +2.17.1 + diff --git a/SOURCES/0001-worker-don-t-load-user-settings-for-program-sessions.patch b/SOURCES/0001-worker-don-t-load-user-settings-for-program-sessions.patch new file mode 100644 index 0000000..279384d --- /dev/null +++ b/SOURCES/0001-worker-don-t-load-user-settings-for-program-sessions.patch @@ -0,0 +1,601 @@ +From a45b3f26e1f1f4ffc8870ebf073698d5eecf587b Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 15 Aug 2018 10:48:16 -0400 +Subject: [PATCH 1/4] worker: don't load user settings for program sessions + +We don't need or want the login greeter to access accountsservice +for its session name +--- + daemon/gdm-session-worker.c | 38 +++++++++++++++++++++++++------------ + 1 file changed, 26 insertions(+), 12 deletions(-) + +diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c +index c1d89cab2..e79073996 100644 +--- a/daemon/gdm-session-worker.c ++++ b/daemon/gdm-session-worker.c +@@ -409,103 +409,108 @@ gdm_session_execute (const char *file, + */ + static gboolean + gdm_session_worker_get_username (GdmSessionWorker *worker, + char **username) + { + gconstpointer item; + + g_assert (worker->priv->pam_handle != NULL); + + if (pam_get_item (worker->priv->pam_handle, PAM_USER, &item) == PAM_SUCCESS) { + if (username != NULL) { + *username = g_strdup ((char *) item); + g_debug ("GdmSessionWorker: username is '%s'", + *username != NULL ? *username : ""); + } + + if (worker->priv->auditor != NULL) { + gdm_session_auditor_set_username (worker->priv->auditor, (char *)item); + } + + return TRUE; + } + + return FALSE; + } + + static void + attempt_to_load_user_settings (GdmSessionWorker *worker, + const char *username) + { ++ if (worker->priv->user_settings == NULL) ++ return; ++ ++ if (gdm_session_settings_is_loaded (worker->priv->user_settings)) ++ return; ++ + g_debug ("GdmSessionWorker: attempting to load user settings"); + gdm_session_settings_load (worker->priv->user_settings, + username); + } + + static void + gdm_session_worker_update_username (GdmSessionWorker *worker) + { + char *username; + gboolean res; + + username = NULL; + res = gdm_session_worker_get_username (worker, &username); + if (res) { + g_debug ("GdmSessionWorker: old-username='%s' new-username='%s'", + worker->priv->username != NULL ? worker->priv->username : "", + username != NULL ? username : ""); + + + gdm_session_auditor_set_username (worker->priv->auditor, worker->priv->username); + + if ((worker->priv->username == username) || + ((worker->priv->username != NULL) && (username != NULL) && + (strcmp (worker->priv->username, username) == 0))) + goto out; + + g_debug ("GdmSessionWorker: setting username to '%s'", username); + + g_free (worker->priv->username); + worker->priv->username = username; + username = NULL; + + gdm_dbus_worker_emit_username_changed (GDM_DBUS_WORKER (worker), + worker->priv->username); + + /* We have a new username to try. If we haven't been able to + * read user settings up until now, then give it a go now + * (see the comment in do_setup for rationale on why it's useful + * to keep trying to read settings) + */ + if (worker->priv->username != NULL && +- worker->priv->username[0] != '\0' && +- !gdm_session_settings_is_loaded (worker->priv->user_settings)) { ++ worker->priv->username[0] != '\0') { + attempt_to_load_user_settings (worker, worker->priv->username); + } + } + + out: + g_free (username); + } + + static gboolean + gdm_session_worker_ask_question (GdmSessionWorker *worker, + const char *question, + char **answerp) + { + return gdm_dbus_worker_manager_call_info_query_sync (worker->priv->manager, + worker->priv->service, + question, + answerp, + NULL, + NULL); + } + + static gboolean + gdm_session_worker_ask_for_secret (GdmSessionWorker *worker, + const char *question, + char **answerp) + { + return gdm_dbus_worker_manager_call_secret_info_query_sync (worker->priv->manager, + worker->priv->service, + question, + answerp, +@@ -2475,87 +2480,89 @@ gdm_session_worker_get_property (GObject *object, + g_value_set_string (value, self->priv->server_address); + break; + case PROP_IS_REAUTH_SESSION: + g_value_set_boolean (value, self->priv->is_reauth_session); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } + } + + static gboolean + gdm_session_worker_handle_set_environment_variable (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *key, + const char *value) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + gdm_session_worker_set_environment_variable (worker, key, value); + gdm_dbus_worker_complete_set_environment_variable (object, invocation); + return TRUE; + } + + static gboolean + gdm_session_worker_handle_set_session_name (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *session_name) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + g_debug ("GdmSessionWorker: session name set to %s", session_name); +- gdm_session_settings_set_session_name (worker->priv->user_settings, +- session_name); ++ if (worker->priv->user_settings != NULL) ++ gdm_session_settings_set_session_name (worker->priv->user_settings, ++ session_name); + gdm_dbus_worker_complete_set_session_name (object, invocation); + return TRUE; + } + + static gboolean + gdm_session_worker_handle_set_session_display_mode (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *str) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + g_debug ("GdmSessionWorker: session display mode set to %s", str); + worker->priv->display_mode = gdm_session_display_mode_from_string (str); + gdm_dbus_worker_complete_set_session_display_mode (object, invocation); + return TRUE; + } + + static gboolean + gdm_session_worker_handle_set_language_name (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *language_name) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + g_debug ("GdmSessionWorker: language name set to %s", language_name); +- gdm_session_settings_set_language_name (worker->priv->user_settings, +- language_name); ++ if (worker->priv->user_settings != NULL) ++ gdm_session_settings_set_language_name (worker->priv->user_settings, ++ language_name); + gdm_dbus_worker_complete_set_language_name (object, invocation); + return TRUE; + } + + static void + on_saved_language_name_read (GdmSessionWorker *worker) + { + char *language_name; + + language_name = gdm_session_settings_get_language_name (worker->priv->user_settings); + + g_debug ("GdmSessionWorker: Saved language is %s", language_name); + gdm_dbus_worker_emit_saved_language_name_read (GDM_DBUS_WORKER (worker), + language_name); + g_free (language_name); + } + + static void + on_saved_session_name_read (GdmSessionWorker *worker) + { + char *session_name; + + session_name = gdm_session_settings_get_session_name (worker->priv->user_settings); + + g_debug ("GdmSessionWorker: Saved session is %s", session_name); + gdm_dbus_worker_emit_saved_session_name_read (GDM_DBUS_WORKER (worker), + session_name); + g_free (session_name); + } + +@@ -2634,109 +2641,111 @@ do_authorize (GdmSessionWorker *worker) + } + worker->priv->pending_invocation = NULL; + } + + static void + do_accredit (GdmSessionWorker *worker) + { + GError *error; + gboolean res; + + /* get kerberos tickets, setup group lists, etc + */ + error = NULL; + res = gdm_session_worker_accredit_user (worker, &error); + + if (res) { + gdm_dbus_worker_complete_establish_credentials (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation); + } else { + g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error); + } + worker->priv->pending_invocation = NULL; + } + + static void + save_account_details_now (GdmSessionWorker *worker) + { + g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED); + + g_debug ("GdmSessionWorker: saving account details for user %s", worker->priv->username); + worker->priv->state = GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED; +- if (!gdm_session_settings_save (worker->priv->user_settings, +- worker->priv->username)) { +- g_warning ("could not save session and language settings"); ++ if (worker->priv->user_settings != NULL) { ++ if (!gdm_session_settings_save (worker->priv->user_settings, ++ worker->priv->username)) { ++ g_warning ("could not save session and language settings"); ++ } + } + queue_state_change (worker); + } + + static void + on_settings_is_loaded_changed (GdmSessionSettings *user_settings, + GParamSpec *pspec, + GdmSessionWorker *worker) + { + if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) { + return; + } + + /* These signal handlers should be disconnected after the loading, + * so that gdm_session_settings_set_* APIs don't cause the emitting + * of Saved*NameRead D-Bus signals any more. + */ + g_signal_handlers_disconnect_by_func (worker->priv->user_settings, + G_CALLBACK (on_saved_session_name_read), + worker); + + g_signal_handlers_disconnect_by_func (worker->priv->user_settings, + G_CALLBACK (on_saved_language_name_read), + worker); + + if (worker->priv->state == GDM_SESSION_WORKER_STATE_NONE) { + g_debug ("GdmSessionWorker: queuing setup for user: %s %s", + worker->priv->username, worker->priv->display_device); + queue_state_change (worker); + } else if (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED) { + save_account_details_now (worker); + } else { + return; + } + + g_signal_handlers_disconnect_by_func (G_OBJECT (worker->priv->user_settings), + G_CALLBACK (on_settings_is_loaded_changed), + worker); + } + + static void + do_save_account_details_when_ready (GdmSessionWorker *worker) + { + g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED); + +- if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) { ++ if (worker->priv->user_settings != NULL && !gdm_session_settings_is_loaded (worker->priv->user_settings)) { + g_signal_connect (G_OBJECT (worker->priv->user_settings), + "notify::is-loaded", + G_CALLBACK (on_settings_is_loaded_changed), + worker); + g_debug ("GdmSessionWorker: user %s, not fully loaded yet, will save account details later", + worker->priv->username); + gdm_session_settings_load (worker->priv->user_settings, + worker->priv->username); + return; + } + + save_account_details_now (worker); + } + + static void + do_open_session (GdmSessionWorker *worker) + { + GError *error; + gboolean res; + + error = NULL; + res = gdm_session_worker_open_session (worker, &error); + + if (res) { + char *session_id = worker->priv->session_id; + if (session_id == NULL) { + session_id = ""; + } + + gdm_dbus_worker_complete_open (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation, session_id); +@@ -2980,155 +2989,161 @@ gdm_session_worker_handle_initialize (GdmDBusWorker *object, + if (g_strcmp0 (key, "service") == 0) { + worker->priv->service = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "extensions") == 0) { + worker->priv->extensions = filter_extensions (g_variant_get_strv (value, NULL)); + } else if (g_strcmp0 (key, "username") == 0) { + worker->priv->username = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "is-program-session") == 0) { + worker->priv->is_program_session = g_variant_get_boolean (value); + } else if (g_strcmp0 (key, "log-file") == 0) { + worker->priv->log_file = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "x11-display-name") == 0) { + worker->priv->x11_display_name = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "x11-authority-file") == 0) { + worker->priv->x11_authority_file = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "console") == 0) { + worker->priv->display_device = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "seat-id") == 0) { + worker->priv->display_seat_id = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "hostname") == 0) { + worker->priv->hostname = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "display-is-local") == 0) { + worker->priv->display_is_local = g_variant_get_boolean (value); + } else if (g_strcmp0 (key, "display-is-initial") == 0) { + worker->priv->display_is_initial = g_variant_get_boolean (value); + } + } + + worker->priv->pending_invocation = invocation; + + if (!worker->priv->is_program_session) { ++ worker->priv->user_settings = gdm_session_settings_new (); ++ + g_signal_connect_swapped (worker->priv->user_settings, + "notify::language-name", + G_CALLBACK (on_saved_language_name_read), + worker); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::session-name", + G_CALLBACK (on_saved_session_name_read), + worker); + + if (worker->priv->username) { + wait_for_settings = !gdm_session_settings_load (worker->priv->user_settings, + worker->priv->username); + } + } + + if (wait_for_settings) { + /* Load settings from accounts daemon before continuing + */ + g_signal_connect (G_OBJECT (worker->priv->user_settings), + "notify::is-loaded", + G_CALLBACK (on_settings_is_loaded_changed), + worker); + } else { + queue_state_change (worker); + } + + return TRUE; + } + + static gboolean + gdm_session_worker_handle_setup (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *service, + const char *x11_display_name, + const char *x11_authority_file, + const char *console, + const char *seat_id, + const char *hostname, + gboolean display_is_local, + gboolean display_is_initial) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + validate_and_queue_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE); + + worker->priv->service = g_strdup (service); + worker->priv->x11_display_name = g_strdup (x11_display_name); + worker->priv->x11_authority_file = g_strdup (x11_authority_file); + worker->priv->display_device = g_strdup (console); + worker->priv->display_seat_id = g_strdup (seat_id); + worker->priv->hostname = g_strdup (hostname); + worker->priv->display_is_local = display_is_local; + worker->priv->display_is_initial = display_is_initial; + worker->priv->username = NULL; + ++ worker->priv->user_settings = gdm_session_settings_new (); ++ + g_signal_connect_swapped (worker->priv->user_settings, + "notify::language-name", + G_CALLBACK (on_saved_language_name_read), + worker); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::session-name", + G_CALLBACK (on_saved_session_name_read), + worker); + return TRUE; + } + + static gboolean + gdm_session_worker_handle_setup_for_user (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *service, + const char *username, + const char *x11_display_name, + const char *x11_authority_file, + const char *console, + const char *seat_id, + const char *hostname, + gboolean display_is_local, + gboolean display_is_initial) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + + if (!validate_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE)) + return TRUE; + + worker->priv->service = g_strdup (service); + worker->priv->x11_display_name = g_strdup (x11_display_name); + worker->priv->x11_authority_file = g_strdup (x11_authority_file); + worker->priv->display_device = g_strdup (console); + worker->priv->display_seat_id = g_strdup (seat_id); + worker->priv->hostname = g_strdup (hostname); + worker->priv->display_is_local = display_is_local; + worker->priv->display_is_initial = display_is_initial; + worker->priv->username = g_strdup (username); + ++ worker->priv->user_settings = gdm_session_settings_new (); ++ + g_signal_connect_swapped (worker->priv->user_settings, + "notify::language-name", + G_CALLBACK (on_saved_language_name_read), + worker); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::session-name", + G_CALLBACK (on_saved_session_name_read), + worker); + + /* Load settings from accounts daemon before continuing + */ + worker->priv->pending_invocation = invocation; + if (gdm_session_settings_load (worker->priv->user_settings, username)) { + queue_state_change (worker); + } else { + g_signal_connect (G_OBJECT (worker->priv->user_settings), + "notify::is-loaded", + G_CALLBACK (on_settings_is_loaded_changed), + worker); + } + + return TRUE; + } + + static gboolean + gdm_session_worker_handle_setup_for_program (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *service, + const char *username, +@@ -3459,98 +3474,97 @@ static void + reauthentication_request_free (ReauthenticationRequest *request) + { + + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_client_connected), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_client_disconnected), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_cancelled), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_conversation_started), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_conversation_stopped), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_verification_complete), + request); + g_clear_object (&request->session); + g_slice_free (ReauthenticationRequest, request); + } + + static void + gdm_session_worker_init (GdmSessionWorker *worker) + { + worker->priv = GDM_SESSION_WORKER_GET_PRIVATE (worker); + +- worker->priv->user_settings = gdm_session_settings_new (); + worker->priv->reauthentication_requests = g_hash_table_new_full (NULL, + NULL, + NULL, + (GDestroyNotify) + reauthentication_request_free); + } + + static void + gdm_session_worker_unwatch_child (GdmSessionWorker *worker) + { + if (worker->priv->child_watch_id == 0) + return; + + g_source_remove (worker->priv->child_watch_id); + worker->priv->child_watch_id = 0; + } + + + static void + gdm_session_worker_finalize (GObject *object) + { + GdmSessionWorker *worker; + + g_return_if_fail (object != NULL); + g_return_if_fail (GDM_IS_SESSION_WORKER (object)); + + worker = GDM_SESSION_WORKER (object); + + g_return_if_fail (worker->priv != NULL); + + gdm_session_worker_unwatch_child (worker); + + if (worker->priv->child_pid > 0) { + gdm_signal_pid (worker->priv->child_pid, SIGTERM); + gdm_wait_on_pid (worker->priv->child_pid); + } + +- g_object_unref (worker->priv->user_settings); ++ g_clear_object (&worker->priv->user_settings); + g_free (worker->priv->service); + g_free (worker->priv->x11_display_name); + g_free (worker->priv->x11_authority_file); + g_free (worker->priv->display_device); + g_free (worker->priv->display_seat_id); + g_free (worker->priv->hostname); + g_free (worker->priv->username); + g_free (worker->priv->server_address); + g_strfreev (worker->priv->arguments); + g_strfreev (worker->priv->extensions); + + g_hash_table_unref (worker->priv->reauthentication_requests); + + G_OBJECT_CLASS (gdm_session_worker_parent_class)->finalize (object); + } + + GdmSessionWorker * + gdm_session_worker_new (const char *address, + gboolean is_reauth_session) + { + GObject *object; + + object = g_object_new (GDM_TYPE_SESSION_WORKER, + "server-address", address, + "is-reauth-session", is_reauth_session, + NULL); + + return GDM_SESSION_WORKER (object); + } +-- +2.17.1 + diff --git a/SOURCES/0002-gdm-x-session-run-session-bus-on-non-seat0-seats.patch b/SOURCES/0002-gdm-x-session-run-session-bus-on-non-seat0-seats.patch new file mode 100644 index 0000000..df3c8bb --- /dev/null +++ b/SOURCES/0002-gdm-x-session-run-session-bus-on-non-seat0-seats.patch @@ -0,0 +1,165 @@ +From 84b823187c8e0b23274cd1a93f4e47a2c585c75b Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 5 Feb 2020 15:20:48 -0500 +Subject: [PATCH 2/2] gdm-x-session: run session bus on non-seat0 seats + +GNOME doesn't deal very well with multiple sessions +running on a multiple seats at the moment. + +Until that's fixed, ensure sessions run on auxillary +seats get their own session bus. +--- + daemon/gdm-session.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index a8263ba11..55637b378 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -2846,130 +2846,139 @@ on_start_program_cb (GdmDBusWorker *worker, + if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CLOSED) || + g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) + return; + + self = conversation->session; + service_name = conversation->service_name; + + if (worked) { + self->priv->session_pid = pid; + self->priv->session_conversation = conversation; + + g_debug ("GdmSession: Emitting 'session-started' signal with pid '%d'", pid); + g_signal_emit (self, signals[SESSION_STARTED], 0, service_name, pid); + } else { + gdm_session_stop_conversation (self, service_name); + + g_debug ("GdmSession: Emitting 'session-start-failed' signal"); + g_signal_emit (self, signals[SESSION_START_FAILED], 0, service_name, error->message); + } + } + + void + gdm_session_start_session (GdmSession *self, + const char *service_name) + { + GdmSessionConversation *conversation; + GdmSessionDisplayMode display_mode; + gboolean is_x11 = TRUE; + gboolean run_launcher = FALSE; + gboolean allow_remote_connections = FALSE; ++ gboolean run_separate_bus = FALSE; + char *command; + char *program; + + g_return_if_fail (GDM_IS_SESSION (self)); + g_return_if_fail (self->priv->session_conversation == NULL); + + conversation = find_conversation_by_name (self, service_name); + + if (conversation == NULL) { + g_warning ("GdmSession: Tried to start session of " + "nonexistent conversation %s", service_name); + return; + } + + stop_all_other_conversations (self, conversation, FALSE); + + display_mode = gdm_session_get_display_mode (self); + + #ifdef ENABLE_WAYLAND_SUPPORT + is_x11 = g_strcmp0 (self->priv->session_type, "wayland") != 0; + #endif + + if (display_mode == GDM_SESSION_DISPLAY_MODE_LOGIND_MANAGED || + display_mode == GDM_SESSION_DISPLAY_MODE_NEW_VT) { + run_launcher = TRUE; + } + ++ if (g_strcmp0 (self->priv->display_seat_id, "seat0") != 0 && !run_launcher) { ++ run_separate_bus = TRUE; ++ } ++ + if (self->priv->selected_program == NULL) { + gboolean run_xsession_script; + + command = get_session_command (self); + + run_xsession_script = !gdm_session_bypasses_xsession (self); + + if (self->priv->display_is_local) { + gboolean disallow_tcp = TRUE; + gdm_settings_direct_get_boolean (GDM_KEY_DISALLOW_TCP, &disallow_tcp); + allow_remote_connections = !disallow_tcp; + } else { + allow_remote_connections = TRUE; + } + + if (run_launcher) { + if (is_x11) { + program = g_strdup_printf (LIBEXECDIR "/gdm-x-session %s %s\"%s\"", + run_xsession_script? "--run-script " : "", + allow_remote_connections? "--allow-remote-connections " : "", + command); + } else { + program = g_strdup_printf (LIBEXECDIR "/gdm-wayland-session \"%s\"", + command); + } + } else if (run_xsession_script) { +- program = g_strdup_printf (GDMCONFDIR "/Xsession \"%s\"", command); ++ if (run_separate_bus) { ++ program = g_strdup_printf ("dbus-run-session -- " GDMCONFDIR "/Xsession \"%s\"", command); ++ } else { ++ program = g_strdup_printf (GDMCONFDIR "/Xsession \"%s\"", command); ++ } + } else { + program = g_strdup (command); + } + + g_free (command); + } else { + if (run_launcher) { + if (is_x11) { +- program = g_strdup_printf (LIBEXECDIR "/gdm-x-session \"%s\"", +- self->priv->selected_program); ++ program = g_strdup_printf (LIBEXECDIR "/gdm-x-session \"%s\"", ++ self->priv->selected_program); + } else { + program = g_strdup_printf (LIBEXECDIR "/gdm-wayland-session \"%s\"", + self->priv->selected_program); + } + } else { +- if (g_strcmp0 (self->priv->display_seat_id, "seat0") != 0) { ++ if (run_separate_bus) { + program = g_strdup_printf ("dbus-run-session -- %s", + self->priv->selected_program); + } else { + program = g_strdup (self->priv->selected_program); + } + } + } + + set_up_session_environment (self); + send_environment (self, conversation); + + gdm_dbus_worker_call_start_program (conversation->worker_proxy, + program, + conversation->worker_cancellable, + (GAsyncReadyCallback) on_start_program_cb, + conversation); + g_free (program); + } + + static void + stop_all_conversations (GdmSession *self) + { + stop_all_other_conversations (self, NULL, TRUE); + } + + static void + do_reset (GdmSession *self) + { + stop_all_conversations (self); + +-- +2.21.1 + diff --git a/SOURCES/0002-manager-session-Add-some-debugging-around-starting-r.patch b/SOURCES/0002-manager-session-Add-some-debugging-around-starting-r.patch new file mode 100644 index 0000000..bb217a4 --- /dev/null +++ b/SOURCES/0002-manager-session-Add-some-debugging-around-starting-r.patch @@ -0,0 +1,1015 @@ +From d3b60b5211d804e23c663d053c5b511dede22a28 Mon Sep 17 00:00:00 2001 +From: Iain Lane +Date: Thu, 31 Jan 2019 10:52:35 +0000 +Subject: [PATCH 2/4] manager,session: Add some debugging around starting + reauthentication + +There's a bug right now dealing with timed login and reauthentication, +but it's not clear what's going on by looking at the logs. + +This commit sprinkles some more logging throughout the code, to make +the bug easier to track. +--- + daemon/gdm-manager.c | 46 ++++++++++++++++++++++++++++++++++++++------ + daemon/gdm-session.c | 25 ++++++++++++++++++++---- + 2 files changed, 61 insertions(+), 10 deletions(-) + +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index b2d0578f5..0cc06a978 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -340,77 +340,94 @@ session_unlock (GdmManager *manager, + "org.freedesktop.login1.Manager", + "UnlockSession", + g_variant_new ("(s)", ssid), + NULL, /* expected reply */ + G_DBUS_CALL_FLAGS_NONE, + -1, + NULL, + &error); + if (reply == NULL) { + g_debug ("GdmManager: logind 'UnlockSession' %s raised:\n %s\n\n", + g_dbus_error_get_remote_error (error), error->message); + g_error_free (error); + return FALSE; + } + + g_variant_unref (reply); + + return TRUE; + } + + static GdmSession * + find_session_for_user_on_seat (GdmManager *manager, + const char *username, + const char *seat_id, + GdmSession *dont_count_session) + { + GList *node; + + for (node = manager->priv->user_sessions; node != NULL; node = node->next) { + GdmSession *candidate_session = node->data; +- const char *candidate_username, *candidate_seat_id; ++ const char *candidate_username, *candidate_seat_id, *candidate_session_id; + +- if (candidate_session == dont_count_session) ++ candidate_session_id = gdm_session_get_session_id (candidate_session); ++ ++ if (candidate_session == dont_count_session) { ++ g_debug ("GdmSession: Ignoring session %s as requested", ++ candidate_session_id); + continue; ++ } + +- if (!gdm_session_is_running (candidate_session)) ++ if (!gdm_session_is_running (candidate_session)) { ++ g_debug ("GdmSession: Ignoring session %s as it isn't running", ++ candidate_session_id); + continue; ++ } + + candidate_username = gdm_session_get_username (candidate_session); + candidate_seat_id = gdm_session_get_display_seat_id (candidate_session); + ++ g_debug ("GdmManager: Considering session %s on seat %s belonging to user %s", ++ candidate_session_id, ++ candidate_seat_id, ++ candidate_username); ++ + if (g_strcmp0 (candidate_username, username) == 0 && + g_strcmp0 (candidate_seat_id, seat_id) == 0) { ++ g_debug ("GdmManager: yes, found session %s", candidate_session_id); + return candidate_session; + } ++ ++ g_debug ("GdmManager: no, will not use session %s", candidate_session_id); + } + ++ g_debug ("GdmManager: no matching sessions found"); + return NULL; + } + + static gboolean + is_remote_session (GdmManager *self, + const char *session_id, + GError **error) + { + char *seat; + int ret; + gboolean is_remote; + + /* FIXME: The next release of logind is going to have explicit api for + * checking remoteness. + */ + seat = NULL; + ret = sd_session_get_seat (session_id, &seat); + + if (ret < 0 && ret != -ENOENT) { + g_debug ("GdmManager: Error while retrieving seat for session %s: %s", + session_id, strerror (-ret)); + } + + if (seat != NULL) { + is_remote = FALSE; + free (seat); + } else { + is_remote = TRUE; + } + +@@ -840,62 +857,66 @@ gdm_manager_handle_open_session (GdmDBusManager *manager, + if (display == NULL) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("No session available")); + + return TRUE; + } + + #ifdef HAVE_LIBXDMCP + if (GDM_IS_XDMCP_CHOOSER_DISPLAY (display)) { + GdmLaunchEnvironment *launch_environment; + + g_object_get (display, "launch-environment", &launch_environment, NULL); + + if (launch_environment != NULL) { + session = gdm_launch_environment_get_session (launch_environment); + } + + if (session == NULL) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("Chooser session unavailable")); + return TRUE; + } + } + #endif + if (session == NULL) { + session = get_user_session_for_display (display); ++ g_debug ("GdmSession: Considering session %s for username %s", ++ gdm_session_get_session_id (session), ++ gdm_session_get_username (session)); + + if (gdm_session_is_running (session)) { ++ g_debug ("GdmSession: the session is running, and therefore can't be used"); + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("Can only be called before user is logged in")); + return TRUE; + } + } + + allowed_user = gdm_session_get_allowed_user (session); + + if (uid != allowed_user) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("Caller not GDM")); + return TRUE; + } + + address = gdm_session_get_server_address (session); + + if (address == NULL) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("Unable to open private communication channel")); + return TRUE; + } + + gdm_dbus_manager_complete_open_session (GDM_DBUS_MANAGER (manager), + invocation, +@@ -1017,60 +1038,64 @@ open_temporary_reauthentication_channel (GdmManager *self, + char *seat_id, + char *session_id, + GPid pid, + uid_t uid, + gboolean is_remote) + { + GdmSession *session; + char **environment; + const char *display, *auth_file; + const char *address; + + /* Note we're just using a minimal environment here rather than the + * session's environment because the caller is unprivileged and the + * associated worker will be privileged */ + environment = g_get_environ (); + display = ""; + auth_file = "/dev/null"; + + session = gdm_session_new (GDM_SESSION_VERIFICATION_MODE_REAUTHENTICATE, + uid, + display, + NULL, + NULL, + seat_id, + auth_file, + is_remote == FALSE, + (const char * const *) + environment); + g_strfreev (environment); + ++ g_debug ("GdmSession: Created session for temporary reauthentication channel for user %d (seat %s)", ++ (int) uid, ++ seat_id); ++ + g_object_set_data_full (G_OBJECT (session), + "caller-session-id", + g_strdup (session_id), + (GDestroyNotify) + g_free); + g_object_set_data (G_OBJECT (session), + "caller-pid", + GUINT_TO_POINTER (pid)); + g_hash_table_insert (self->priv->transient_sessions, + GINT_TO_POINTER (pid), + session); + + g_signal_connect (session, + "client-connected", + G_CALLBACK (on_reauthentication_client_connected), + self); + g_signal_connect (session, + "client-disconnected", + G_CALLBACK (on_reauthentication_client_disconnected), + self); + g_signal_connect (session, + "client-rejected", + G_CALLBACK (on_reauthentication_client_rejected), + self); + g_signal_connect (session, + "cancelled", + G_CALLBACK (on_reauthentication_cancelled), + self); + g_signal_connect (session, + "conversation-started", +@@ -1096,65 +1121,67 @@ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager + const char *username) + { + GdmManager *self = GDM_MANAGER (manager); + const char *sender; + GdmDisplay *display = NULL; + GdmSession *session; + GDBusConnection *connection; + char *seat_id = NULL; + char *session_id = NULL; + GPid pid = 0; + uid_t uid = (uid_t) -1; + gboolean is_login_screen = FALSE; + gboolean is_remote = FALSE; + + g_debug ("GdmManager: trying to open reauthentication channel for user %s", username); + + sender = g_dbus_method_invocation_get_sender (invocation); + connection = g_dbus_method_invocation_get_connection (invocation); + get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, NULL, &pid, &uid, &is_login_screen, &is_remote); + + if (session_id == NULL || pid == 0 || uid == (uid_t) -1) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + _("No session available")); + + return TRUE; + } + + if (is_login_screen) { ++ g_debug ("GdmManager: looking for login screen session for user %s on seat %s", username, seat_id); + session = find_session_for_user_on_seat (self, + username, + seat_id, + NULL); + } else { ++ g_debug ("GdmManager: looking for user session on display"); + session = get_user_session_for_display (display); + } + + if (session != NULL && gdm_session_is_running (session)) { + gdm_session_start_reauthentication (session, pid, uid); + g_hash_table_insert (self->priv->open_reauthentication_requests, + GINT_TO_POINTER (pid), + invocation); + } else if (is_login_screen) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Login screen only allowed to open reauthentication channels for running sessions"); + return TRUE; + } else { + char *address; + address = open_temporary_reauthentication_channel (self, + seat_id, + session_id, + pid, + uid, + is_remote); + gdm_dbus_manager_complete_open_reauthentication_channel (GDM_DBUS_MANAGER (manager), + invocation, + address); + g_free (address); + } + + return TRUE; + } +@@ -2087,107 +2114,107 @@ on_session_client_ready_for_session_to_start (GdmSession *session, + if (client_is_ready) { + g_debug ("GdmManager: Will start session when ready"); + } else { + g_debug ("GdmManager: Will start session when ready and told"); + } + + waiting_to_start_user_session = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (session), + "waiting-to-start")); + + g_object_set_data (G_OBJECT (session), + "start-when-ready", + GINT_TO_POINTER (client_is_ready)); + + if (client_is_ready && waiting_to_start_user_session) { + start_user_session_if_ready (manager, session, service_name); + } + } + + static void + on_session_client_connected (GdmSession *session, + GCredentials *credentials, + GPid pid_of_client, + GdmManager *manager) + { + GdmDisplay *display; + char *username; + int delay; + gboolean enabled; + gboolean allow_timed_login = FALSE; + +- g_debug ("GdmManager: client connected"); ++ g_debug ("GdmManager: client with pid %d connected", (int) pid_of_client); + + display = get_display_for_user_session (session); + + if (display == NULL) { + return; + } + + if (!display_is_on_seat0 (display)) { + return; + } + + #ifdef WITH_PLYMOUTH + if (manager->priv->plymouth_is_running) { + plymouth_quit_with_transition (); + manager->priv->plymouth_is_running = FALSE; + } + #endif + + g_object_get (G_OBJECT (display), "allow-timed-login", &allow_timed_login, NULL); + + if (!allow_timed_login) { + return; + } + + enabled = get_timed_login_details (manager, &username, &delay); + + if (! enabled) { + return; + } + + gdm_session_set_timed_login_details (session, username, delay); + + g_debug ("GdmManager: Starting automatic login conversation (for timed login)"); + gdm_session_start_conversation (session, "gdm-autologin"); + + g_free (username); + + } + + static void + on_session_client_disconnected (GdmSession *session, + GCredentials *credentials, + GPid pid_of_client, + GdmManager *manager) + { +- g_debug ("GdmManager: client disconnected"); ++ g_debug ("GdmManager: client with pid %d disconnected", (int) pid_of_client); + } + + typedef struct + { + GdmManager *manager; + GdmSession *session; + guint idle_id; + } ResetSessionOperation; + + static void + destroy_reset_session_operation (ResetSessionOperation *operation) + { + g_object_set_data (G_OBJECT (operation->session), + "reset-session-operation", + NULL); + g_object_unref (operation->session); + g_slice_free (ResetSessionOperation, operation); + } + + static gboolean + on_reset_session (ResetSessionOperation *operation) + { + gdm_session_reset (operation->session); + + destroy_reset_session_operation (operation); + + return G_SOURCE_REMOVE; + } + + static void +@@ -2200,63 +2227,64 @@ queue_session_reset (GdmManager *manager, + + if (operation != NULL) { + return; + } + + operation = g_slice_new0 (ResetSessionOperation); + operation->manager = manager; + operation->session = g_object_ref (session); + operation->idle_id = g_idle_add ((GSourceFunc) on_reset_session, operation); + + g_object_set_data (G_OBJECT (session), "reset-session-operation", operation); + } + + static void + on_session_cancelled (GdmSession *session, + GdmManager *manager) + { + g_debug ("GdmManager: Session was cancelled"); + queue_session_reset (manager, session); + } + + static void + on_session_conversation_started (GdmSession *session, + const char *service_name, + GdmManager *manager) + { + GdmDisplay *display; + gboolean enabled; + char *username; + +- g_debug ("GdmManager: session conversation started for service %s", service_name); ++ g_debug ("GdmManager: session conversation started for service %s on session", service_name); + + if (g_strcmp0 (service_name, "gdm-autologin") != 0) { ++ g_debug ("GdmManager: ignoring session conversation since its not automatic login conversation"); + return; + } + + display = get_display_for_user_session (session); + + if (display == NULL) { + g_debug ("GdmManager: conversation has no associated display"); + return; + } + + if (!display_is_on_seat0 (display)) { + return; + } + + enabled = get_automatic_login_details (manager, &username); + + if (! enabled) { + return; + } + + g_debug ("GdmManager: begin auto login for user '%s'", username); + + /* service_name will be "gdm-autologin" + */ + gdm_session_setup_for_user (session, service_name, username); + + g_free (username); + } + + static void +@@ -2312,60 +2340,66 @@ create_user_session_for_display (GdmManager *manager, + char *display_auth_file = NULL; + char *display_seat_id = NULL; + char *display_id = NULL; + #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER) + char *display_session_type = NULL; + gboolean greeter_is_wayland; + #endif + + g_object_get (G_OBJECT (display), + "id", &display_id, + "x11-display-name", &display_name, + "is-local", &display_is_local, + "remote-hostname", &remote_hostname, + "x11-authority-file", &display_auth_file, + "seat-id", &display_seat_id, + #if defined(ENABLE_WAYLAND_SUPPORT) && defined(ENABLE_USER_DISPLAY_SERVER) + "session-type", &display_session_type, + #endif + NULL); + display_device = get_display_device (manager, display); + + session = gdm_session_new (GDM_SESSION_VERIFICATION_MODE_LOGIN, + allowed_user, + display_name, + remote_hostname, + display_device, + display_seat_id, + display_auth_file, + display_is_local, + NULL); ++ ++ g_debug ("GdmSession: Created user session for user %d on display %s (seat %s)", ++ (int) allowed_user, ++ display_id, ++ display_seat_id); ++ + g_free (display_name); + g_free (remote_hostname); + g_free (display_auth_file); + g_free (display_seat_id); + + g_signal_connect (session, + "reauthentication-started", + G_CALLBACK (on_session_reauthentication_started), + manager); + g_signal_connect (session, + "reauthenticated", + G_CALLBACK (on_session_reauthenticated), + manager); + g_signal_connect (session, + "client-ready-for-session-to-start", + G_CALLBACK (on_session_client_ready_for_session_to_start), + manager); + g_signal_connect (session, + "client-connected", + G_CALLBACK (on_session_client_connected), + manager); + g_signal_connect (session, + "client-disconnected", + G_CALLBACK (on_session_client_disconnected), + manager); + g_signal_connect (session, + "cancelled", + G_CALLBACK (on_session_cancelled), + manager); + g_signal_connect (session, +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index 0f821e390..f23a83c5e 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -624,61 +624,64 @@ get_fallback_session_name (GdmSession *self) + + static const char * + get_default_session_name (GdmSession *self) + { + if (self->priv->saved_session != NULL) { + return self->priv->saved_session; + } + + return get_fallback_session_name (self); + } + + static void + gdm_session_defaults_changed (GdmSession *self) + { + + update_session_type (self); + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_emit_default_language_name_changed (self->priv->greeter_interface, + get_default_language_name (self)); + gdm_dbus_greeter_emit_default_session_name_changed (self->priv->greeter_interface, + get_default_session_name (self)); + } + } + + void + gdm_session_select_user (GdmSession *self, + const char *text) + { + +- g_debug ("GdmSession: Setting user: '%s'", text); ++ g_debug ("GdmSession: selecting user '%s' for session '%s' (%p)", ++ text, ++ gdm_session_get_session_id (self), ++ self); + + g_free (self->priv->selected_user); + self->priv->selected_user = g_strdup (text); + + g_free (self->priv->saved_session); + self->priv->saved_session = NULL; + + g_free (self->priv->saved_session_type); + self->priv->saved_session_type = NULL; + + g_free (self->priv->saved_language); + self->priv->saved_language = NULL; + } + + static void + cancel_pending_query (GdmSessionConversation *conversation) + { + if (conversation->pending_invocation == NULL) { + return; + } + + g_debug ("GdmSession: Cancelling pending query"); + + g_dbus_method_invocation_return_dbus_error (conversation->pending_invocation, + GDM_SESSION_DBUS_ERROR_CANCEL, + "Operation cancelled"); + conversation->pending_invocation = NULL; + } + + static void +@@ -1416,117 +1419,121 @@ gdm_session_handle_client_cancel (GdmDBusUserVerifier *user_verifier_interfac + gdm_dbus_user_verifier_complete_cancel (user_verifier_interface, + invocation); + gdm_session_cancel (self); + return TRUE; + } + + static gboolean + gdm_session_handle_client_select_session (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *session, + GdmSession *self) + { + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_select_session (greeter_interface, + invocation); + } + gdm_session_select_session (self, session); + return TRUE; + } + + static gboolean + gdm_session_handle_client_select_user (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *username, + GdmSession *self) + { + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_select_user (greeter_interface, + invocation); + } ++ g_debug ("GdmSession: client selected user '%s' on session (%p)", username, self); + gdm_session_select_user (self, username); + return TRUE; + } + + static gboolean + gdm_session_handle_client_start_session_when_ready (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *service_name, + gboolean client_is_ready, + GdmSession *self) + { + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_start_session_when_ready (greeter_interface, + invocation); + } + g_signal_emit (G_OBJECT (self), + signals [CLIENT_READY_FOR_SESSION_TO_START], + 0, + service_name, + client_is_ready); + return TRUE; + } + + static gboolean + gdm_session_handle_get_timed_login_details (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + GdmSession *self) + { + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_get_timed_login_details (greeter_interface, + invocation, + self->priv->timed_login_username != NULL, + self->priv->timed_login_username != NULL? self->priv->timed_login_username : "", + self->priv->timed_login_delay); + if (self->priv->timed_login_username != NULL) { + gdm_dbus_greeter_emit_timed_login_requested (self->priv->greeter_interface, + self->priv->timed_login_username, + self->priv->timed_login_delay); + } + } + return TRUE; + } + + static gboolean + gdm_session_handle_client_begin_auto_login (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *username, + GdmSession *self) + { + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_begin_auto_login (greeter_interface, + invocation); + } + +- g_debug ("GdmSession: begin auto login for user '%s'", username); ++ g_debug ("GdmSession: client requesting automatic login for user '%s' on session '%s' (%p)", ++ username, ++ gdm_session_get_session_id (self), ++ self); + + gdm_session_setup_for_user (self, "gdm-autologin", username); + + return TRUE; + } + + static void + export_user_verifier_interface (GdmSession *self, + GDBusConnection *connection) + { + GdmDBusUserVerifier *user_verifier_interface; + user_verifier_interface = GDM_DBUS_USER_VERIFIER (gdm_dbus_user_verifier_skeleton_new ()); + + g_object_set_data (G_OBJECT (connection), "gdm-session", self); + + g_signal_connect (user_verifier_interface, + "handle-enable-extensions", + G_CALLBACK (gdm_session_handle_client_enable_extensions), + connection); + g_signal_connect (user_verifier_interface, + "handle-begin-verification", + G_CALLBACK (gdm_session_handle_client_begin_verification), + self); + g_signal_connect (user_verifier_interface, + "handle-begin-verification-for-user", + G_CALLBACK (gdm_session_handle_client_begin_verification_for_user), + self); + g_signal_connect (user_verifier_interface, + "handle-answer-query", + G_CALLBACK (gdm_session_handle_client_answer_query), +@@ -1775,61 +1782,63 @@ allow_user_function (GDBusAuthObserver *observer, + { + uid_t client_uid; + GPid pid_of_client; + + client_uid = g_credentials_get_unix_user (credentials, NULL); + if (client_uid == self->priv->allowed_user) { + return TRUE; + } + + g_debug ("GdmSession: User not allowed"); + + pid_of_client = g_credentials_get_unix_pid (credentials, NULL); + g_signal_emit (G_OBJECT (self), + signals [CLIENT_REJECTED], + 0, + credentials, + (guint) + pid_of_client); + + + return FALSE; + } + + static void + setup_outside_server (GdmSession *self) + { + GDBusAuthObserver *observer; + GDBusServer *server; + GError *error = NULL; + +- g_debug ("GdmSession: Creating D-Bus server for greeters and such"); ++ g_debug ("GdmSession: Creating D-Bus server for greeters and such for session %s (%p)", ++ gdm_session_get_session_id (self), ++ self); + + observer = g_dbus_auth_observer_new (); + g_signal_connect_object (observer, + "authorize-authenticated-peer", + G_CALLBACK (allow_user_function), + self, + 0); + + server = gdm_dbus_setup_private_server (observer, &error); + g_object_unref (observer); + + if (server == NULL) { + g_warning ("Cannot create greeter D-Bus server for the session: %s", + error->message); + return; + } + + g_signal_connect_object (server, + "new-connection", + G_CALLBACK (handle_connection_from_outside), + self, + 0); + self->priv->outside_server = server; + + g_dbus_server_start (server); + + g_debug ("GdmSession: D-Bus server for greeters listening on %s", + g_dbus_server_get_client_address (self->priv->outside_server)); + } + +@@ -2160,61 +2169,61 @@ stop_conversation_now (GdmSessionConversation *conversation) + void + gdm_session_set_ignore_wayland (GdmSession *self, + gboolean ignore_wayland) + { + self->priv->ignore_wayland = ignore_wayland; + } + #endif + + gboolean + gdm_session_start_conversation (GdmSession *self, + const char *service_name) + { + GdmSessionConversation *conversation; + + g_return_val_if_fail (GDM_IS_SESSION (self), FALSE); + + conversation = g_hash_table_lookup (self->priv->conversations, + service_name); + + if (conversation != NULL) { + if (!conversation->is_stopping) { + g_warning ("GdmSession: conversation %s started more than once", service_name); + return FALSE; + } + g_debug ("GdmSession: stopping old conversation %s", service_name); + gdm_session_worker_job_stop_now (conversation->job); + g_object_unref (conversation->job); + conversation->job = NULL; + } + +- g_debug ("GdmSession: starting conversation %s", service_name); ++ g_debug ("GdmSession: starting conversation %s for session (%p)", service_name, self); + + conversation = start_conversation (self, service_name); + + g_hash_table_insert (self->priv->conversations, + g_strdup (service_name), conversation); + return TRUE; + } + + void + gdm_session_stop_conversation (GdmSession *self, + const char *service_name) + { + GdmSessionConversation *conversation; + + g_return_if_fail (GDM_IS_SESSION (self)); + + g_debug ("GdmSession: stopping conversation %s", service_name); + + conversation = find_conversation_by_name (self, service_name); + + if (conversation != NULL) { + stop_conversation (conversation); + } + } + + static void + on_initialization_complete_cb (GdmDBusWorker *proxy, + GAsyncResult *res, + gpointer user_data) + { +@@ -2319,60 +2328,64 @@ initialize (GdmSession *self, + } + + g_free (extensions); + } + + void + gdm_session_setup (GdmSession *self, + const char *service_name) + { + + g_return_if_fail (GDM_IS_SESSION (self)); + + update_session_type (self); + + initialize (self, service_name, NULL, NULL); + gdm_session_defaults_changed (self); + } + + + void + gdm_session_setup_for_user (GdmSession *self, + const char *service_name, + const char *username) + { + + g_return_if_fail (GDM_IS_SESSION (self)); + g_return_if_fail (username != NULL); + + update_session_type (self); + ++ g_debug ("GdmSession: Set up service %s for username %s on session (%p)", ++ service_name, ++ username, ++ self); + gdm_session_select_user (self, username); + + self->priv->is_program_session = FALSE; + initialize (self, service_name, self->priv->selected_user, NULL); + gdm_session_defaults_changed (self); + } + + void + gdm_session_setup_for_program (GdmSession *self, + const char *service_name, + const char *username, + const char *log_file) + { + + g_return_if_fail (GDM_IS_SESSION (self)); + + self->priv->is_program_session = TRUE; + initialize (self, service_name, username, log_file); + } + + void + gdm_session_authenticate (GdmSession *self, + const char *service_name) + { + GdmSessionConversation *conversation; + + g_return_if_fail (GDM_IS_SESSION (self)); + + conversation = find_conversation_by_name (self, service_name); + if (conversation != NULL) { +@@ -2968,60 +2981,64 @@ gdm_session_set_timed_login_details (GdmSession *self, + + gboolean + gdm_session_is_running (GdmSession *self) + { + return self->priv->session_pid > 0; + } + + gboolean + gdm_session_client_is_connected (GdmSession *self) + { + g_return_val_if_fail (GDM_IS_SESSION (self), FALSE); + + return self->priv->outside_connections != NULL; + } + + uid_t + gdm_session_get_allowed_user (GdmSession *self) + { + return self->priv->allowed_user; + } + + void + gdm_session_start_reauthentication (GdmSession *session, + GPid pid_of_caller, + uid_t uid_of_caller) + { + GdmSessionConversation *conversation = session->priv->session_conversation; + + g_return_if_fail (conversation != NULL); + ++ g_debug ("GdmSession: starting reauthentication for session %s for client with pid %d", ++ conversation->session_id, ++ (int) uid_of_caller); ++ + conversation->reauth_pid_of_caller = pid_of_caller; + + gdm_dbus_worker_call_start_reauthentication (conversation->worker_proxy, + (int) pid_of_caller, + (int) uid_of_caller, + conversation->worker_cancellable, + (GAsyncReadyCallback) on_reauthentication_started_cb, + conversation); + } + + const char * + gdm_session_get_server_address (GdmSession *self) + { + g_return_val_if_fail (GDM_IS_SESSION (self), NULL); + + return g_dbus_server_get_client_address (self->priv->outside_server); + } + + const char * + gdm_session_get_username (GdmSession *self) + { + g_return_val_if_fail (GDM_IS_SESSION (self), NULL); + + return self->priv->selected_user; + } + + const char * + gdm_session_get_display_device (GdmSession *self) + { + g_return_val_if_fail (GDM_IS_SESSION (self), NULL); +-- +2.21.0 + diff --git a/SOURCES/0002-session-support-new-accountsservice-Session-and-Sess.patch b/SOURCES/0002-session-support-new-accountsservice-Session-and-Sess.patch new file mode 100644 index 0000000..1269f41 --- /dev/null +++ b/SOURCES/0002-session-support-new-accountsservice-Session-and-Sess.patch @@ -0,0 +1,1641 @@ +From e625a214d531635db1e48b2dc51ed0e09ef8005b Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Tue, 14 Aug 2018 14:52:41 -0400 +Subject: [PATCH 2/4] session: support new accountsservice Session and + SessionType props + +At the moment the user's session is stored in a property called +"XSession". This is pretty weird if the user is using wayland. + +AccountService now supports a more generic property "Session" and +a related "SessionType" property to replace "XSession". + +This commit switches GDM over to use the new properties. +--- + daemon/gdm-session-settings.c | 61 ++++++++++++++++++++++++--- + daemon/gdm-session-settings.h | 3 ++ + daemon/gdm-session-worker.c | 28 +++++++++++++ + daemon/gdm-session-worker.xml | 3 ++ + daemon/gdm-session.c | 78 ++++++++++++++++++++++++++--------- + 5 files changed, 148 insertions(+), 25 deletions(-) + +diff --git a/daemon/gdm-session-settings.c b/daemon/gdm-session-settings.c +index 933f095bc..8463fad32 100644 +--- a/daemon/gdm-session-settings.c ++++ b/daemon/gdm-session-settings.c +@@ -12,114 +12,121 @@ + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * Written by: Ray Strode + */ + #include "config.h" + #include "gdm-session-settings.h" + + #include + #include + #include + #include + #include + + #include + #include + #include + + #include + + struct _GdmSessionSettingsPrivate + { + ActUserManager *user_manager; + ActUser *user; + char *session_name; ++ char *session_type; + char *language_name; + }; + + static void gdm_session_settings_finalize (GObject *object); + static void gdm_session_settings_class_install_properties (GdmSessionSettingsClass * + settings_class); + + static void gdm_session_settings_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec); + static void gdm_session_settings_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec); + + enum { + PROP_0 = 0, + PROP_SESSION_NAME, ++ PROP_SESSION_TYPE, + PROP_LANGUAGE_NAME, + PROP_IS_LOADED + }; + + G_DEFINE_TYPE (GdmSessionSettings, gdm_session_settings, G_TYPE_OBJECT) + + static void + gdm_session_settings_class_init (GdmSessionSettingsClass *settings_class) + { + GObjectClass *object_class; + + object_class = G_OBJECT_CLASS (settings_class); + + object_class->finalize = gdm_session_settings_finalize; + + gdm_session_settings_class_install_properties (settings_class); + + g_type_class_add_private (settings_class, sizeof (GdmSessionSettingsPrivate)); + } + + static void + gdm_session_settings_class_install_properties (GdmSessionSettingsClass *settings_class) + { + GObjectClass *object_class; + GParamSpec *param_spec; + + object_class = G_OBJECT_CLASS (settings_class); + object_class->set_property = gdm_session_settings_set_property; + object_class->get_property = gdm_session_settings_get_property; + + param_spec = g_param_spec_string ("session-name", "Session Name", + "The name of the session", + NULL, G_PARAM_READWRITE); + g_object_class_install_property (object_class, PROP_SESSION_NAME, param_spec); + ++ param_spec = g_param_spec_string ("session-type", "Session Type", ++ "The type of the session", ++ NULL, G_PARAM_READWRITE); ++ g_object_class_install_property (object_class, PROP_SESSION_TYPE, param_spec); ++ + param_spec = g_param_spec_string ("language-name", "Language Name", + "The name of the language", + NULL, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY); + g_object_class_install_property (object_class, PROP_LANGUAGE_NAME, param_spec); + + param_spec = g_param_spec_boolean ("is-loaded", NULL, NULL, + FALSE, G_PARAM_READABLE); + g_object_class_install_property (object_class, PROP_IS_LOADED, param_spec); + } + + static void + gdm_session_settings_init (GdmSessionSettings *settings) + { + settings->priv = G_TYPE_INSTANCE_GET_PRIVATE (settings, + GDM_TYPE_SESSION_SETTINGS, + GdmSessionSettingsPrivate); + + settings->priv->user_manager = act_user_manager_get_default (); + + } + + static void + gdm_session_settings_finalize (GObject *object) + { + GdmSessionSettings *settings; + GObjectClass *parent_class; + + settings = GDM_SESSION_SETTINGS (object); + +@@ -136,172 +143,212 @@ gdm_session_settings_finalize (GObject *object) + parent_class->finalize (object); + } + } + + void + gdm_session_settings_set_language_name (GdmSessionSettings *settings, + const char *language_name) + { + g_return_if_fail (GDM_IS_SESSION_SETTINGS (settings)); + + if (settings->priv->language_name == NULL || + strcmp (settings->priv->language_name, language_name) != 0) { + settings->priv->language_name = g_strdup (language_name); + g_object_notify (G_OBJECT (settings), "language-name"); + } + } + + void + gdm_session_settings_set_session_name (GdmSessionSettings *settings, + const char *session_name) + { + g_return_if_fail (GDM_IS_SESSION_SETTINGS (settings)); + + if (settings->priv->session_name == NULL || + strcmp (settings->priv->session_name, session_name) != 0) { + settings->priv->session_name = g_strdup (session_name); + g_object_notify (G_OBJECT (settings), "session-name"); + } + } + ++void ++gdm_session_settings_set_session_type (GdmSessionSettings *settings, ++ const char *session_type) ++{ ++ g_return_if_fail (GDM_IS_SESSION_SETTINGS (settings)); ++ ++ if (settings->priv->session_type == NULL || ++ g_strcmp0 (settings->priv->session_type, session_type) != 0) { ++ settings->priv->session_type = g_strdup (session_type); ++ g_object_notify (G_OBJECT (settings), "session-type"); ++ } ++} ++ + char * + gdm_session_settings_get_language_name (GdmSessionSettings *settings) + { + g_return_val_if_fail (GDM_IS_SESSION_SETTINGS (settings), NULL); + return g_strdup (settings->priv->language_name); + } + + char * + gdm_session_settings_get_session_name (GdmSessionSettings *settings) + { + g_return_val_if_fail (GDM_IS_SESSION_SETTINGS (settings), NULL); + return g_strdup (settings->priv->session_name); + } + ++char * ++gdm_session_settings_get_session_type (GdmSessionSettings *settings) ++{ ++ g_return_val_if_fail (GDM_IS_SESSION_SETTINGS (settings), NULL); ++ return g_strdup (settings->priv->session_type); ++} ++ + static void + gdm_session_settings_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) + { + GdmSessionSettings *settings; + + settings = GDM_SESSION_SETTINGS (object); + + switch (prop_id) { + case PROP_LANGUAGE_NAME: + gdm_session_settings_set_language_name (settings, g_value_get_string (value)); + break; + + case PROP_SESSION_NAME: + gdm_session_settings_set_session_name (settings, g_value_get_string (value)); + break; + ++ case PROP_SESSION_TYPE: ++ gdm_session_settings_set_session_type (settings, g_value_get_string (value)); ++ break; ++ + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } + } + + static void + gdm_session_settings_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) + { + GdmSessionSettings *settings; + + settings = GDM_SESSION_SETTINGS (object); + + switch (prop_id) { + case PROP_SESSION_NAME: + g_value_set_string (value, settings->priv->session_name); + break; + ++ case PROP_SESSION_TYPE: ++ g_value_set_string (value, settings->priv->session_type); ++ break; ++ + case PROP_LANGUAGE_NAME: + g_value_set_string (value, settings->priv->language_name); + break; + + case PROP_IS_LOADED: + g_value_set_boolean (value, gdm_session_settings_is_loaded (settings)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } + } + + GdmSessionSettings * + gdm_session_settings_new (void) + { + GdmSessionSettings *settings; + + settings = g_object_new (GDM_TYPE_SESSION_SETTINGS, + NULL); + + return settings; + } + + gboolean + gdm_session_settings_is_loaded (GdmSessionSettings *settings) + { + if (settings->priv->user == NULL) { + return FALSE; + } + + return act_user_is_loaded (settings->priv->user); + } + + static void + load_settings_from_user (GdmSessionSettings *settings) + { + const char *session_name; ++ const char *session_type; + const char *language_name; + + if (!act_user_is_loaded (settings->priv->user)) { + g_warning ("GdmSessionSettings: trying to load user settings from unloaded user"); + return; + } + +- session_name = act_user_get_x_session (settings->priv->user); +- g_debug ("GdmSessionSettings: saved session is %s", session_name); ++ /* if the user doesn't have saved state, they don't have any settings worth reading */ ++ if (!act_user_get_saved (settings->priv->user)) ++ goto out; ++ ++ session_type = act_user_get_session_type (settings->priv->user); ++ session_name = act_user_get_session (settings->priv->user); + +- if (session_name != NULL) { ++ g_debug ("GdmSessionSettings: saved session is %s (type %s)", session_name, session_type); ++ ++ if (session_type != NULL && session_type[0] != '\0') { ++ gdm_session_settings_set_session_type (settings, session_type); ++ } ++ ++ if (session_name != NULL && session_name[0] != '\0') { + gdm_session_settings_set_session_name (settings, session_name); + } + + language_name = act_user_get_language (settings->priv->user); + + g_debug ("GdmSessionSettings: saved language is %s", language_name); +- if (language_name != NULL) { ++ if (language_name != NULL && language_name[0] != '\0') { + gdm_session_settings_set_language_name (settings, language_name); + } + ++out: + g_object_notify (G_OBJECT (settings), "is-loaded"); + } + + static void + on_user_is_loaded_changed (ActUser *user, + GParamSpec *pspec, + GdmSessionSettings *settings) + { + if (act_user_is_loaded (settings->priv->user)) { + load_settings_from_user (settings); + g_signal_handlers_disconnect_by_func (G_OBJECT (settings->priv->user), + G_CALLBACK (on_user_is_loaded_changed), + settings); + } + } + + gboolean + gdm_session_settings_load (GdmSessionSettings *settings, + const char *username) + { + ActUser *old_user; + + g_return_val_if_fail (settings != NULL, FALSE); + g_return_val_if_fail (username != NULL, FALSE); + g_return_val_if_fail (!gdm_session_settings_is_loaded (settings), FALSE); + + if (settings->priv->user != NULL) { + old_user = settings->priv->user; + + g_signal_handlers_disconnect_by_func (G_OBJECT (settings->priv->user), +@@ -322,40 +369,44 @@ gdm_session_settings_load (GdmSessionSettings *settings, + G_CALLBACK (on_user_is_loaded_changed), + settings); + return FALSE; + } + + load_settings_from_user (settings); + + return TRUE; + } + + gboolean + gdm_session_settings_save (GdmSessionSettings *settings, + const char *username) + { + ActUser *user; + + g_return_val_if_fail (GDM_IS_SESSION_SETTINGS (settings), FALSE); + g_return_val_if_fail (username != NULL, FALSE); + g_return_val_if_fail (gdm_session_settings_is_loaded (settings), FALSE); + + user = act_user_manager_get_user (settings->priv->user_manager, + username); + + + if (!act_user_is_loaded (user)) { + g_object_unref (user); + return FALSE; + } + + if (settings->priv->session_name != NULL) { +- act_user_set_x_session (user, settings->priv->session_name); ++ act_user_set_session (user, settings->priv->session_name); ++ } ++ ++ if (settings->priv->session_type != NULL) { ++ act_user_set_session_type (user, settings->priv->session_type); + } + + if (settings->priv->language_name != NULL) { + act_user_set_language (user, settings->priv->language_name); + } + g_object_unref (user); + + return TRUE; + } +diff --git a/daemon/gdm-session-settings.h b/daemon/gdm-session-settings.h +index 20946bff1..db38ffc72 100644 +--- a/daemon/gdm-session-settings.h ++++ b/daemon/gdm-session-settings.h +@@ -33,37 +33,40 @@ G_BEGIN_DECLS + #define GDM_IS_SESSION_SETTINGS_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GDM_TYPE_SESSION_SETTINGS)) + #define GDM_SESSION_SETTINGS_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), GDM_TYPE_SESSION_SETTINGS, GdmSessionSettingsClass)) + #define GDM_SESSION_SETTINGS_ERROR (gdm_session_settings_error_quark ()) + typedef struct _GdmSessionSettings GdmSessionSettings; + typedef struct _GdmSessionSettingsClass GdmSessionSettingsClass; + typedef struct _GdmSessionSettingsPrivate GdmSessionSettingsPrivate; + + struct _GdmSessionSettings + { + GObject parent; + + /*< private > */ + GdmSessionSettingsPrivate *priv; + }; + + struct _GdmSessionSettingsClass + { + GObjectClass parent_class; + }; + + GType gdm_session_settings_get_type (void); + GdmSessionSettings *gdm_session_settings_new (void); + + gboolean gdm_session_settings_load (GdmSessionSettings *settings, + const char *username); + gboolean gdm_session_settings_save (GdmSessionSettings *settings, + const char *username); + gboolean gdm_session_settings_is_loaded (GdmSessionSettings *settings); + char *gdm_session_settings_get_language_name (GdmSessionSettings *settings); + char *gdm_session_settings_get_session_name (GdmSessionSettings *settings); ++char *gdm_session_settings_get_session_type (GdmSessionSettings *settings); + void gdm_session_settings_set_language_name (GdmSessionSettings *settings, + const char *language_name); + void gdm_session_settings_set_session_name (GdmSessionSettings *settings, + const char *session_name); ++void gdm_session_settings_set_session_type (GdmSessionSettings *settings, ++ const char *session_type); + + G_END_DECLS + #endif /* GDM_SESSION_SETTINGS_H */ +diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c +index e79073996..ae86d28ac 100644 +--- a/daemon/gdm-session-worker.c ++++ b/daemon/gdm-session-worker.c +@@ -2539,60 +2539,74 @@ gdm_session_worker_handle_set_language_name (GdmDBusWorker *object, + gdm_dbus_worker_complete_set_language_name (object, invocation); + return TRUE; + } + + static void + on_saved_language_name_read (GdmSessionWorker *worker) + { + char *language_name; + + language_name = gdm_session_settings_get_language_name (worker->priv->user_settings); + + g_debug ("GdmSessionWorker: Saved language is %s", language_name); + gdm_dbus_worker_emit_saved_language_name_read (GDM_DBUS_WORKER (worker), + language_name); + g_free (language_name); + } + + static void + on_saved_session_name_read (GdmSessionWorker *worker) + { + char *session_name; + + session_name = gdm_session_settings_get_session_name (worker->priv->user_settings); + + g_debug ("GdmSessionWorker: Saved session is %s", session_name); + gdm_dbus_worker_emit_saved_session_name_read (GDM_DBUS_WORKER (worker), + session_name); + g_free (session_name); + } + ++static void ++on_saved_session_type_read (GdmSessionWorker *worker) ++{ ++ char *session_type; ++ ++ session_type = gdm_session_settings_get_session_type (worker->priv->user_settings); ++ ++ g_debug ("GdmSessionWorker: Saved session type is %s", session_type); ++ gdm_dbus_worker_emit_saved_session_type_read (GDM_DBUS_WORKER (worker), ++ session_type); ++ g_free (session_type); ++} ++ ++ + static void + do_setup (GdmSessionWorker *worker) + { + GError *error; + gboolean res; + + error = NULL; + res = gdm_session_worker_initialize_pam (worker, + worker->priv->service, + (const char **) worker->priv->extensions, + worker->priv->username, + worker->priv->hostname, + worker->priv->display_is_local, + worker->priv->x11_display_name, + worker->priv->x11_authority_file, + worker->priv->display_device, + worker->priv->display_seat_id, + &error); + + if (res) { + g_dbus_method_invocation_return_value (worker->priv->pending_invocation, NULL); + } else { + g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error); + } + worker->priv->pending_invocation = NULL; + } + + static void + do_authenticate (GdmSessionWorker *worker) + { +@@ -3001,158 +3015,172 @@ gdm_session_worker_handle_initialize (GdmDBusWorker *object, + } else if (g_strcmp0 (key, "x11-authority-file") == 0) { + worker->priv->x11_authority_file = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "console") == 0) { + worker->priv->display_device = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "seat-id") == 0) { + worker->priv->display_seat_id = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "hostname") == 0) { + worker->priv->hostname = g_variant_dup_string (value, NULL); + } else if (g_strcmp0 (key, "display-is-local") == 0) { + worker->priv->display_is_local = g_variant_get_boolean (value); + } else if (g_strcmp0 (key, "display-is-initial") == 0) { + worker->priv->display_is_initial = g_variant_get_boolean (value); + } + } + + worker->priv->pending_invocation = invocation; + + if (!worker->priv->is_program_session) { + worker->priv->user_settings = gdm_session_settings_new (); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::language-name", + G_CALLBACK (on_saved_language_name_read), + worker); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::session-name", + G_CALLBACK (on_saved_session_name_read), + worker); + ++ g_signal_connect_swapped (worker->priv->user_settings, ++ "notify::session-type", ++ G_CALLBACK (on_saved_session_type_read), ++ worker); ++ + if (worker->priv->username) { + wait_for_settings = !gdm_session_settings_load (worker->priv->user_settings, + worker->priv->username); + } + } + + if (wait_for_settings) { + /* Load settings from accounts daemon before continuing + */ + g_signal_connect (G_OBJECT (worker->priv->user_settings), + "notify::is-loaded", + G_CALLBACK (on_settings_is_loaded_changed), + worker); + } else { + queue_state_change (worker); + } + + return TRUE; + } + + static gboolean + gdm_session_worker_handle_setup (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *service, + const char *x11_display_name, + const char *x11_authority_file, + const char *console, + const char *seat_id, + const char *hostname, + gboolean display_is_local, + gboolean display_is_initial) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + validate_and_queue_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE); + + worker->priv->service = g_strdup (service); + worker->priv->x11_display_name = g_strdup (x11_display_name); + worker->priv->x11_authority_file = g_strdup (x11_authority_file); + worker->priv->display_device = g_strdup (console); + worker->priv->display_seat_id = g_strdup (seat_id); + worker->priv->hostname = g_strdup (hostname); + worker->priv->display_is_local = display_is_local; + worker->priv->display_is_initial = display_is_initial; + worker->priv->username = NULL; + + worker->priv->user_settings = gdm_session_settings_new (); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::language-name", + G_CALLBACK (on_saved_language_name_read), + worker); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::session-name", + G_CALLBACK (on_saved_session_name_read), + worker); ++ g_signal_connect_swapped (worker->priv->user_settings, ++ "notify::session-type", ++ G_CALLBACK (on_saved_session_type_read), ++ worker); ++ + return TRUE; + } + + static gboolean + gdm_session_worker_handle_setup_for_user (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *service, + const char *username, + const char *x11_display_name, + const char *x11_authority_file, + const char *console, + const char *seat_id, + const char *hostname, + gboolean display_is_local, + gboolean display_is_initial) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + + if (!validate_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE)) + return TRUE; + + worker->priv->service = g_strdup (service); + worker->priv->x11_display_name = g_strdup (x11_display_name); + worker->priv->x11_authority_file = g_strdup (x11_authority_file); + worker->priv->display_device = g_strdup (console); + worker->priv->display_seat_id = g_strdup (seat_id); + worker->priv->hostname = g_strdup (hostname); + worker->priv->display_is_local = display_is_local; + worker->priv->display_is_initial = display_is_initial; + worker->priv->username = g_strdup (username); + + worker->priv->user_settings = gdm_session_settings_new (); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::language-name", + G_CALLBACK (on_saved_language_name_read), + worker); + + g_signal_connect_swapped (worker->priv->user_settings, + "notify::session-name", + G_CALLBACK (on_saved_session_name_read), + worker); ++ g_signal_connect_swapped (worker->priv->user_settings, ++ "notify::session-type", ++ G_CALLBACK (on_saved_session_type_read), ++ worker); + + /* Load settings from accounts daemon before continuing + */ + worker->priv->pending_invocation = invocation; + if (gdm_session_settings_load (worker->priv->user_settings, username)) { + queue_state_change (worker); + } else { + g_signal_connect (G_OBJECT (worker->priv->user_settings), + "notify::is-loaded", + G_CALLBACK (on_settings_is_loaded_changed), + worker); + } + + return TRUE; + } + + static gboolean + gdm_session_worker_handle_setup_for_program (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *service, + const char *username, + const char *x11_display_name, + const char *x11_authority_file, + const char *console, + const char *seat_id, + const char *hostname, + gboolean display_is_local, + gboolean display_is_initial, + const char *log_file) + { +diff --git a/daemon/gdm-session-worker.xml b/daemon/gdm-session-worker.xml +index 4280fe095..a215779c8 100644 +--- a/daemon/gdm-session-worker.xml ++++ b/daemon/gdm-session-worker.xml +@@ -51,40 +51,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ++ ++ ++ + + + + + + + + + + +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index 19d26c92e..e6640aac7 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -59,60 +59,61 @@ + + #define GDM_SESSION_DBUS_ERROR_CANCEL "org.gnome.DisplayManager.Session.Error.Cancel" + #define GDM_SESSION_DBUS_OBJECT_PATH "/org/gnome/DisplayManager/Session" + + #define GDM_WORKER_DBUS_PATH "/org/gnome/DisplayManager/Worker" + + typedef struct + { + GdmSession *session; + GdmSessionWorkerJob *job; + GPid worker_pid; + char *service_name; + GDBusMethodInvocation *starting_invocation; + char *starting_username; + GDBusMethodInvocation *pending_invocation; + GdmDBusWorkerManager *worker_manager_interface; + GdmDBusWorker *worker_proxy; + GCancellable *worker_cancellable; + char *session_id; + guint32 is_stopping : 1; + + GPid reauth_pid_of_caller; + } GdmSessionConversation; + + struct _GdmSessionPrivate + { + /* per open scope */ + char *selected_program; + char *selected_session; + char *saved_session; ++ char *saved_session_type; + char *saved_language; + char *selected_user; + char *user_x11_authority_file; + + char *timed_login_username; + int timed_login_delay; + GList *pending_timed_login_invocations; + + GHashTable *conversations; + + GdmSessionConversation *session_conversation; + + char **conversation_environment; + + GdmDBusUserVerifier *user_verifier_interface; + GHashTable *user_verifier_extensions; + GdmDBusGreeter *greeter_interface; + GdmDBusRemoteGreeter *remote_greeter_interface; + GdmDBusChooser *chooser_interface; + + GList *pending_worker_connections; + GList *outside_connections; + + GPid session_pid; + + /* object lifetime scope */ + char *session_type; + char *display_name; + char *display_hostname; + char *display_device; +@@ -312,295 +313,310 @@ on_establish_credentials_cb (GdmDBusWorker *proxy, + return; + + self = g_object_ref (conversation->session); + service_name = g_strdup (conversation->service_name); + + if (worked) { + if (self->priv->user_verifier_interface != NULL) { + gdm_dbus_user_verifier_emit_verification_complete (self->priv->user_verifier_interface, + service_name); + g_signal_emit (self, signals[VERIFICATION_COMPLETE], 0, service_name); + } + + switch (self->priv->verification_mode) { + case GDM_SESSION_VERIFICATION_MODE_LOGIN: + case GDM_SESSION_VERIFICATION_MODE_CHOOSER: + gdm_session_open_session (self, service_name); + break; + case GDM_SESSION_VERIFICATION_MODE_REAUTHENTICATE: + default: + break; + } + } else { + report_and_stop_conversation (self, service_name, error); + } + + g_free (service_name); + g_object_unref (self); + } + + static char ** +-get_system_session_dirs (GdmSession *self) ++get_system_session_dirs (GdmSession *self, ++ const char *type) + { + GArray *search_array = NULL; + char **search_dirs; + + static const char *x_search_dirs[] = { + "/etc/X11/sessions/", + DMCONFDIR "/Sessions/", + DATADIR "/gdm/BuiltInSessions/", + DATADIR "/xsessions/", + }; + + static const char *wayland_search_dir = DATADIR "/wayland-sessions/"; + + search_array = g_array_new (TRUE, TRUE, sizeof (char *)); + +- g_array_append_vals (search_array, x_search_dirs, G_N_ELEMENTS (x_search_dirs)); ++ if (type == NULL || strcmp (type, "x11") == 0) ++ g_array_append_vals (search_array, x_search_dirs, G_N_ELEMENTS (x_search_dirs)); + + #ifdef ENABLE_WAYLAND_SUPPORT +- if (!self->priv->ignore_wayland) { ++ if ((!self->priv->ignore_wayland && type == NULL) || g_strcmp0 (type, "wayland") == 0) { + #ifdef ENABLE_USER_DISPLAY_SERVER + g_array_prepend_val (search_array, wayland_search_dir); + #else + g_array_append_val (search_array, wayland_search_dir); + #endif + } + #endif + + search_dirs = g_strdupv ((char **) search_array->data); + + g_array_free (search_array, TRUE); + + return search_dirs; + } + + static gboolean + is_prog_in_path (const char *prog) + { + char *f; + gboolean ret; + + f = g_find_program_in_path (prog); + ret = (f != NULL); + g_free (f); + return ret; + } + + static GKeyFile * + load_key_file_for_file (GdmSession *self, + const char *file, ++ const char *type, + char **full_path) + { + GKeyFile *key_file; +- GError *error; ++ GError *error = NULL; + gboolean res; + char **search_dirs; + + key_file = g_key_file_new (); + +- search_dirs = get_system_session_dirs (self), ++ search_dirs = get_system_session_dirs (self, type); ++ + error = NULL; + res = g_key_file_load_from_dirs (key_file, + file, + (const char **) search_dirs, + full_path, + G_KEY_FILE_NONE, + &error); + if (! res) { +- g_debug ("GdmSession: File '%s' not found: %s", file, error->message); +- g_error_free (error); ++ g_debug ("GdmSession: File '%s' not found in search dirs", file); ++ if (error != NULL) { ++ g_debug ("GdmSession: %s", error->message); ++ g_error_free (error); ++ } + g_key_file_free (key_file); + key_file = NULL; + } + + g_strfreev (search_dirs); + + return key_file; + } + + static gboolean + get_session_command_for_file (GdmSession *self, + const char *file, ++ const char *type, + char **command) + { + GKeyFile *key_file; + GError *error; + char *exec; + gboolean ret; + gboolean res; + + exec = NULL; + ret = FALSE; + if (command != NULL) { + *command = NULL; + } + ++ if (self->priv->ignore_wayland && g_strcmp0 (type, "wayland") == 0) { ++ g_debug ("GdmSession: ignoring wayland session command request for file '%s'", ++ file); ++ goto out; ++ } ++ + g_debug ("GdmSession: getting session command for file '%s'", file); +- key_file = load_key_file_for_file (self, file, NULL); ++ key_file = load_key_file_for_file (self, file, type, NULL); + if (key_file == NULL) { + goto out; + } + + error = NULL; + res = g_key_file_get_boolean (key_file, + G_KEY_FILE_DESKTOP_GROUP, + G_KEY_FILE_DESKTOP_KEY_HIDDEN, + &error); + if (error == NULL && res) { + g_debug ("GdmSession: Session %s is marked as hidden", file); + goto out; + } + + exec = g_key_file_get_string (key_file, + G_KEY_FILE_DESKTOP_GROUP, + G_KEY_FILE_DESKTOP_KEY_TRY_EXEC, + NULL); + if (exec != NULL) { + res = is_prog_in_path (exec); + g_free (exec); + exec = NULL; + + if (! res) { + g_debug ("GdmSession: Command not found: %s", + G_KEY_FILE_DESKTOP_KEY_TRY_EXEC); + goto out; + } + } + + error = NULL; + exec = g_key_file_get_string (key_file, + G_KEY_FILE_DESKTOP_GROUP, + G_KEY_FILE_DESKTOP_KEY_EXEC, + &error); + if (error != NULL) { + g_debug ("GdmSession: %s key not found: %s", + G_KEY_FILE_DESKTOP_KEY_EXEC, + error->message); + g_error_free (error); + goto out; + } + + if (command != NULL) { + *command = g_strdup (exec); + } + ret = TRUE; + + out: + g_free (exec); + + return ret; + } + + static gboolean + get_session_command_for_name (GdmSession *self, + const char *name, ++ const char *type, + char **command) + { + gboolean res; + char *filename; + + filename = g_strdup_printf ("%s.desktop", name); +- res = get_session_command_for_file (self, filename, command); ++ res = get_session_command_for_file (self, filename, type, command); + g_free (filename); + + return res; + } + + static const char * + get_default_language_name (GdmSession *self) + { + const char *default_language; + + if (self->priv->saved_language != NULL) { + return self->priv->saved_language; + } + + default_language = g_hash_table_lookup (self->priv->environment, + "LANG"); + + if (default_language != NULL) { + return default_language; + } + + return setlocale (LC_MESSAGES, NULL); + } + + static const char * + get_fallback_session_name (GdmSession *self) + { + char **search_dirs; + int i; + char *name; + GSequence *sessions; + GSequenceIter *session; + + if (self->priv->fallback_session_name != NULL) { + /* verify that the cached version still exists */ +- if (get_session_command_for_name (self, self->priv->fallback_session_name, NULL)) { ++ if (get_session_command_for_name (self, self->priv->fallback_session_name, NULL, NULL)) { + goto out; + } + } + + name = g_strdup ("gnome"); +- if (get_session_command_for_name (self, name, NULL)) { ++ if (get_session_command_for_name (self, name, NULL, NULL)) { + g_free (self->priv->fallback_session_name); + self->priv->fallback_session_name = name; + goto out; + } + g_free (name); + + sessions = g_sequence_new (g_free); + +- search_dirs = get_system_session_dirs (self); ++ search_dirs = get_system_session_dirs (self, NULL); + for (i = 0; search_dirs[i] != NULL; i++) { + GDir *dir; + const char *base_name; + + dir = g_dir_open (search_dirs[i], 0, NULL); + + if (dir == NULL) { + continue; + } + + do { + base_name = g_dir_read_name (dir); + + if (base_name == NULL) { + break; + } + + if (!g_str_has_suffix (base_name, ".desktop")) { + continue; + } + +- if (get_session_command_for_file (self, base_name, NULL)) { ++ if (get_session_command_for_file (self, base_name, NULL, NULL)) { + name = g_strndup (base_name, strlen (base_name) - strlen (".desktop")); + g_sequence_insert_sorted (sessions, name, (GCompareDataFunc) g_strcmp0, NULL); + } + } while (base_name != NULL); + + g_dir_close (dir); + } + g_strfreev (search_dirs); + + name = NULL; + session = g_sequence_get_begin_iter (sessions); + + if (g_sequence_iter_is_end (session)) + g_error ("GdmSession: no session desktop files installed, aborting..."); + + do { + name = g_sequence_get (session); + if (name) { + break; + } + session = g_sequence_iter_next (session); + } while (!g_sequence_iter_is_end (session)); + + g_free (self->priv->fallback_session_name); + self->priv->fallback_session_name = g_strdup (name); + + g_sequence_free (sessions); + + out: + return self->priv->fallback_session_name; +@@ -616,60 +632,63 @@ get_default_session_name (GdmSession *self) + return get_fallback_session_name (self); + } + + static void + gdm_session_defaults_changed (GdmSession *self) + { + + update_session_type (self); + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_emit_default_language_name_changed (self->priv->greeter_interface, + get_default_language_name (self)); + gdm_dbus_greeter_emit_default_session_name_changed (self->priv->greeter_interface, + get_default_session_name (self)); + } + } + + void + gdm_session_select_user (GdmSession *self, + const char *text) + { + + g_debug ("GdmSession: Setting user: '%s'", text); + + g_free (self->priv->selected_user); + self->priv->selected_user = g_strdup (text); + + g_free (self->priv->saved_session); + self->priv->saved_session = NULL; + ++ g_free (self->priv->saved_session_type); ++ self->priv->saved_session_type = NULL; ++ + g_free (self->priv->saved_language); + self->priv->saved_language = NULL; + } + + static void + cancel_pending_query (GdmSessionConversation *conversation) + { + if (conversation->pending_invocation == NULL) { + return; + } + + g_debug ("GdmSession: Cancelling pending query"); + + g_dbus_method_invocation_return_dbus_error (conversation->pending_invocation, + GDM_SESSION_DBUS_ERROR_CANCEL, + "Operation cancelled"); + conversation->pending_invocation = NULL; + } + + static void + answer_pending_query (GdmSessionConversation *conversation, + const char *answer) + { + g_dbus_method_invocation_return_value (conversation->pending_invocation, + g_variant_new ("(s)", answer)); + conversation->pending_invocation = NULL; + } + + static void + set_pending_query (GdmSessionConversation *conversation, +@@ -936,80 +955,91 @@ worker_on_reauthenticated (GdmDBusWorker *worker, + GdmSession *self = conversation->session; + g_debug ("GdmSession: Emitting 'reauthenticated' signal "); + g_signal_emit (self, signals[REAUTHENTICATED], 0, service_name); + } + + static void + worker_on_saved_language_name_read (GdmDBusWorker *worker, + const char *language_name, + GdmSessionConversation *conversation) + { + GdmSession *self = conversation->session; + + if (strlen (language_name) > 0) { + g_free (self->priv->saved_language); + self->priv->saved_language = g_strdup (language_name); + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_emit_default_language_name_changed (self->priv->greeter_interface, + language_name); + } + } + } + + static void + worker_on_saved_session_name_read (GdmDBusWorker *worker, + const char *session_name, + GdmSessionConversation *conversation) + { + GdmSession *self = conversation->session; + +- if (! get_session_command_for_name (self, session_name, NULL)) { ++ if (! get_session_command_for_name (self, session_name, self->priv->saved_session_type, NULL)) { + /* ignore sessions that don't exist */ + g_debug ("GdmSession: not using invalid .dmrc session: %s", session_name); + g_free (self->priv->saved_session); + self->priv->saved_session = NULL; + } else if (strcmp (session_name, + get_default_session_name (self)) != 0) { + g_free (self->priv->saved_session); + self->priv->saved_session = g_strdup (session_name); + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_emit_default_session_name_changed (self->priv->greeter_interface, + session_name); + } + } + + update_session_type (self); + + } + ++static void ++worker_on_saved_session_type_read (GdmDBusWorker *worker, ++ const char *session_type, ++ GdmSessionConversation *conversation) ++{ ++ GdmSession *self = conversation->session; ++ ++ g_free (self->priv->saved_session_type); ++ self->priv->saved_session_type = g_strdup (session_type); ++} ++ + static GdmSessionConversation * + find_conversation_by_pid (GdmSession *self, + GPid pid) + { + GHashTableIter iter; + gpointer key, value; + + g_hash_table_iter_init (&iter, self->priv->conversations); + while (g_hash_table_iter_next (&iter, &key, &value)) { + GdmSessionConversation *conversation; + + conversation = (GdmSessionConversation *) value; + + if (conversation->worker_pid == pid) { + return conversation; + } + } + + return NULL; + } + + static gboolean + allow_worker_function (GDBusAuthObserver *observer, + GIOStream *stream, + GCredentials *credentials, + GdmSession *self) + { + uid_t connecting_user; + + connecting_user = g_credentials_get_unix_user (credentials, NULL); +@@ -1089,60 +1119,63 @@ register_worker (GdmDBusWorkerManager *worker_manager_interface, + g_dbus_method_invocation_return_value (invocation, NULL); + + conversation->worker_proxy = gdm_dbus_worker_proxy_new_sync (connection, + G_DBUS_PROXY_FLAGS_NONE, + NULL, + GDM_WORKER_DBUS_PATH, + NULL, NULL); + /* drop the reference we stole from the pending connections list + * since the proxy owns the connection now */ + g_object_unref (connection); + + g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (conversation->worker_proxy), G_MAXINT); + + conversation->worker_cancellable = g_cancellable_new (); + + g_signal_connect (conversation->worker_proxy, + "username-changed", + G_CALLBACK (worker_on_username_changed), conversation); + g_signal_connect (conversation->worker_proxy, + "session-exited", + G_CALLBACK (worker_on_session_exited), conversation); + g_signal_connect (conversation->worker_proxy, + "reauthenticated", + G_CALLBACK (worker_on_reauthenticated), conversation); + g_signal_connect (conversation->worker_proxy, + "saved-language-name-read", + G_CALLBACK (worker_on_saved_language_name_read), conversation); + g_signal_connect (conversation->worker_proxy, + "saved-session-name-read", + G_CALLBACK (worker_on_saved_session_name_read), conversation); ++ g_signal_connect (conversation->worker_proxy, ++ "saved-session-type-read", ++ G_CALLBACK (worker_on_saved_session_type_read), conversation); + g_signal_connect (conversation->worker_proxy, + "cancel-pending-query", + G_CALLBACK (worker_on_cancel_pending_query), conversation); + + conversation->worker_manager_interface = g_object_ref (worker_manager_interface); + g_debug ("GdmSession: worker connection is %p", connection); + + g_debug ("GdmSession: Emitting conversation-started signal"); + g_signal_emit (self, signals[CONVERSATION_STARTED], 0, conversation->service_name); + + if (self->priv->user_verifier_interface != NULL) { + gdm_dbus_user_verifier_emit_conversation_started (self->priv->user_verifier_interface, + conversation->service_name); + } + + if (conversation->starting_invocation != NULL) { + if (conversation->starting_username != NULL) { + gdm_session_setup_for_user (self, conversation->service_name, conversation->starting_username); + + g_clear_pointer (&conversation->starting_username, + (GDestroyNotify) + g_free); + } else { + gdm_session_setup (self, conversation->service_name); + } + } + + g_debug ("GdmSession: Conversation started"); + + return TRUE; +@@ -1804,60 +1837,63 @@ static void + free_conversation (GdmSessionConversation *conversation) + { + if (conversation->job != NULL) { + g_warning ("Freeing conversation '%s' with active job", conversation->service_name); + } + + g_free (conversation->service_name); + g_free (conversation->starting_username); + g_free (conversation->session_id); + g_clear_object (&conversation->worker_manager_interface); + + g_cancellable_cancel (conversation->worker_cancellable); + g_clear_object (&conversation->worker_cancellable); + + if (conversation->worker_proxy != NULL) { + g_signal_handlers_disconnect_by_func (conversation->worker_proxy, + G_CALLBACK (worker_on_username_changed), + conversation); + g_signal_handlers_disconnect_by_func (conversation->worker_proxy, + G_CALLBACK (worker_on_session_exited), + conversation); + g_signal_handlers_disconnect_by_func (conversation->worker_proxy, + G_CALLBACK (worker_on_reauthenticated), + conversation); + g_signal_handlers_disconnect_by_func (conversation->worker_proxy, + G_CALLBACK (worker_on_saved_language_name_read), + conversation); + g_signal_handlers_disconnect_by_func (conversation->worker_proxy, + G_CALLBACK (worker_on_saved_session_name_read), + conversation); ++ g_signal_handlers_disconnect_by_func (conversation->worker_proxy, ++ G_CALLBACK (worker_on_saved_session_type_read), ++ conversation); + g_signal_handlers_disconnect_by_func (conversation->worker_proxy, + G_CALLBACK (worker_on_cancel_pending_query), + conversation); + g_clear_object (&conversation->worker_proxy); + } + g_clear_object (&conversation->session); + g_free (conversation); + } + + static void + load_lang_config_file (GdmSession *self) + { + static const char *config_file = LANG_CONFIG_FILE; + gchar *contents = NULL; + gchar *p; + gchar *key; + gchar *value; + gsize length; + GError *error; + GString *line; + GRegex *re; + + if (!g_file_test (config_file, G_FILE_TEST_EXISTS)) { + g_debug ("Cannot access '%s'", config_file); + return; + } + + error = NULL; + if (!g_file_get_contents (config_file, &contents, &length, &error)) { + g_debug ("Failed to parse '%s': %s", +@@ -2412,83 +2448,83 @@ gdm_session_send_environment (GdmSession *self, + g_return_if_fail (GDM_IS_SESSION (self)); + + conversation = find_conversation_by_name (self, service_name); + if (conversation != NULL) { + send_environment (self, conversation); + } + } + + static const char * + get_session_name (GdmSession *self) + { + /* FIXME: test the session names before we use them? */ + + if (self->priv->selected_session != NULL) { + return self->priv->selected_session; + } + + return get_default_session_name (self); + } + + static char * + get_session_command (GdmSession *self) + { + gboolean res; + char *command; + const char *session_name; + + session_name = get_session_name (self); + + command = NULL; +- res = get_session_command_for_name (self, session_name, &command); ++ res = get_session_command_for_name (self, session_name, NULL, &command); + if (! res) { + g_critical ("Cannot find a command for specified session: %s", session_name); + exit (EXIT_FAILURE); + } + + return command; + } + + static gchar * + get_session_desktop_names (GdmSession *self) + { + gchar *filename; + GKeyFile *keyfile; + gchar *desktop_names = NULL; + + if (self->priv->selected_program != NULL) { + return g_strdup ("GNOME-Greeter:GNOME"); + } + + filename = g_strdup_printf ("%s.desktop", get_session_name (self)); + g_debug ("GdmSession: getting desktop names for file '%s'", filename); +- keyfile = load_key_file_for_file (self, filename, NULL); ++ keyfile = load_key_file_for_file (self, filename, NULL, NULL); + if (keyfile != NULL) { + gchar **names; + + names = g_key_file_get_string_list (keyfile, G_KEY_FILE_DESKTOP_GROUP, + "DesktopNames", NULL, NULL); + if (names != NULL) { + desktop_names = g_strjoinv (":", names); + + g_strfreev (names); + } + } + + g_key_file_free (keyfile); + g_free (filename); + return desktop_names; + } + + void + gdm_session_set_environment_variable (GdmSession *self, + const char *key, + const char *value) + { + g_return_if_fail (key != NULL); + g_return_if_fail (value != NULL); + + g_hash_table_replace (self->priv->environment, + g_strdup (key), + g_strdup (value)); + } + +@@ -3008,115 +3044,117 @@ gdm_session_get_conversation_session_id (GdmSession *self, + + conversation = find_conversation_by_name (self, service_name); + + if (conversation == NULL) { + return NULL; + } + + return conversation->session_id; + } + + static char * + get_session_filename (GdmSession *self) + { + return g_strdup_printf ("%s.desktop", get_session_name (self)); + } + + #ifdef ENABLE_WAYLAND_SUPPORT + static gboolean + gdm_session_is_wayland_session (GdmSession *self) + { + GKeyFile *key_file; + gboolean is_wayland_session = FALSE; + char *filename; + char *full_path = NULL; + + g_return_val_if_fail (self != NULL, FALSE); + g_return_val_if_fail (GDM_IS_SESSION (self), FALSE); + + filename = get_session_filename (self); + +- key_file = load_key_file_for_file (self, filename, &full_path); ++ key_file = load_key_file_for_file (self, filename, "wayland", &full_path); + + if (key_file == NULL) { + goto out; + } + + if (full_path != NULL && strstr (full_path, "/wayland-sessions/") != NULL) { + is_wayland_session = TRUE; + } + g_debug ("GdmSession: checking if file '%s' is wayland session: %s", filename, is_wayland_session? "yes" : "no"); + + out: + g_clear_pointer (&key_file, (GDestroyNotify) g_key_file_free); + g_free (filename); + return is_wayland_session; + } + #endif + + static void + update_session_type (GdmSession *self) + { + #ifdef ENABLE_WAYLAND_SUPPORT +- gboolean is_wayland_session; ++ gboolean is_wayland_session = FALSE; ++ ++ if (!self->priv->ignore_wayland) ++ is_wayland_session = gdm_session_is_wayland_session (self); + +- is_wayland_session = gdm_session_is_wayland_session (self); + if (is_wayland_session) { + set_session_type (self, "wayland"); + } else { + set_session_type (self, NULL); + } + #endif + } + + gboolean + gdm_session_bypasses_xsession (GdmSession *self) + { + GError *error; + GKeyFile *key_file; + gboolean res; + gboolean bypasses_xsession = FALSE; + char *filename = NULL; + + g_return_val_if_fail (self != NULL, FALSE); + g_return_val_if_fail (GDM_IS_SESSION (self), FALSE); + + #ifdef ENABLE_WAYLAND_SUPPORT + if (gdm_session_is_wayland_session (self)) { + bypasses_xsession = TRUE; + goto out; + } + #endif + + filename = get_session_filename (self); + +- key_file = load_key_file_for_file (self, filename, NULL); ++ key_file = load_key_file_for_file (self, filename, "x11", NULL); + + error = NULL; + res = g_key_file_has_key (key_file, G_KEY_FILE_DESKTOP_GROUP, "X-GDM-BypassXsession", NULL); + if (!res) { + goto out; + } else { + bypasses_xsession = g_key_file_get_boolean (key_file, G_KEY_FILE_DESKTOP_GROUP, "X-GDM-BypassXsession", &error); + if (error) { + bypasses_xsession = FALSE; + g_error_free (error); + goto out; + } + } + + out: + if (bypasses_xsession) { + g_debug ("GdmSession: Session %s bypasses Xsession wrapper script", filename); + } + g_free (filename); + return bypasses_xsession; + } + + GdmSessionDisplayMode + gdm_session_get_display_mode (GdmSession *self) + { + g_debug ("GdmSession: type %s, program? %s, seat %s", + self->priv->session_type, + self->priv->is_program_session? "yes" : "no", + self->priv->display_seat_id); + +-- +2.17.1 + diff --git a/SOURCES/0002-session-worker-kill-user-sessions-when-stop-gdm-serv.patch b/SOURCES/0002-session-worker-kill-user-sessions-when-stop-gdm-serv.patch new file mode 100644 index 0000000..85175ea --- /dev/null +++ b/SOURCES/0002-session-worker-kill-user-sessions-when-stop-gdm-serv.patch @@ -0,0 +1,922 @@ +From 4db5bf628396a7191f2392e7d09ab9bbd7c2b533 Mon Sep 17 00:00:00 2001 +From: Xiaoguang Wang +Date: Thu, 16 May 2019 13:26:16 +0800 +Subject: [PATCH 2/3] session-worker: kill user sessions when stop gdm service + +At the moment the session worker exits as soon as it gets SIGTERM. +That means it may fail to stop the user session (which only happens +in the orderly shutdown path). + +This commit sets up a SIGTERM handler that integrates with and +quits the main loop after the session is started. + +It still retains the _exit-on-SIGTERM behavior before the session +is started, to ensure a stuck pam module doesn't prevent the +process from dying. + +Some small changes to commit by Ray Strode. + +Closes #400 +--- + daemon/gdm-session-worker.c | 39 +++++++++++++++++++++++++++--------- + daemon/session-worker-main.c | 33 ++++++++++++++++++++++++++++++ + 2 files changed, 63 insertions(+), 9 deletions(-) + +diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c +index f6935ab1d..aa288ac8e 100644 +--- a/daemon/gdm-session-worker.c ++++ b/daemon/gdm-session-worker.c +@@ -159,60 +159,61 @@ struct GdmSessionWorkerPrivate + guint32 display_is_initial : 1; + guint state_change_idle_id; + GdmSessionDisplayMode display_mode; + + char *server_address; + GDBusConnection *connection; + GdmDBusWorkerManager *manager; + + GHashTable *reauthentication_requests; + + GdmSessionAuditor *auditor; + GdmSessionSettings *user_settings; + + GDBusMethodInvocation *pending_invocation; + }; + + #ifdef SUPPORTS_PAM_EXTENSIONS + static char gdm_pam_extension_environment_block[_POSIX_ARG_MAX]; + + static const char * const + gdm_supported_pam_extensions[] = { + GDM_PAM_EXTENSION_CHOICE_LIST, + NULL + }; + #endif + + enum { + PROP_0, + PROP_SERVER_ADDRESS, + PROP_IS_REAUTH_SESSION, ++ PROP_STATE, + }; + + static void gdm_session_worker_class_init (GdmSessionWorkerClass *klass); + static void gdm_session_worker_init (GdmSessionWorker *session_worker); + static void gdm_session_worker_finalize (GObject *object); + + static void gdm_session_worker_set_environment_variable (GdmSessionWorker *worker, + const char *key, + const char *value); + + static void queue_state_change (GdmSessionWorker *worker); + + static void worker_interface_init (GdmDBusWorkerIface *iface); + + + typedef int (* GdmSessionWorkerPamNewMessagesFunc) (int, + const struct pam_message **, + struct pam_response **, + gpointer); + + G_DEFINE_TYPE_WITH_CODE (GdmSessionWorker, + gdm_session_worker, + GDM_DBUS_TYPE_WORKER_SKELETON, + G_IMPLEMENT_INTERFACE (GDM_DBUS_TYPE_WORKER, + worker_interface_init)) + + /* adapted from glib script_execute */ + static void + script_execute (const gchar *file, + char **argv, +@@ -971,100 +972,111 @@ jump_to_vt (GdmSessionWorker *worker, + + g_debug ("GdmSessionWorker: first setting graphics mode to prevent flicker"); + if (ioctl (fd, KDSETMODE, KD_GRAPHICS) < 0) { + g_debug ("GdmSessionWorker: couldn't set graphics mode: %m"); + } + + /* It's possible that the current VT was left in a broken + * combination of states (KD_GRAPHICS with VT_AUTO), that + * can't be switched away from. This call makes sure things + * are set in a way that VT_ACTIVATE should work and + * VT_WAITACTIVE shouldn't hang. + */ + fix_terminal_vt_mode (worker, active_vt_tty_fd); + } else { + fd = active_vt_tty_fd; + } + + handle_terminal_vt_switches (worker, fd); + + if (ioctl (fd, VT_ACTIVATE, vt_number) < 0) { + g_debug ("GdmSessionWorker: couldn't initiate jump to VT %d: %m", + vt_number); + } else if (ioctl (fd, VT_WAITACTIVE, vt_number) < 0) { + g_debug ("GdmSessionWorker: couldn't finalize jump to VT %d: %m", + vt_number); + } + + close (active_vt_tty_fd); + } + ++static void ++gdm_session_worker_set_state (GdmSessionWorker *worker, ++ GdmSessionWorkerState state) ++{ ++ if (worker->priv->state == state) ++ return; ++ ++ worker->priv->state = state; ++ g_object_notify (G_OBJECT (worker), "state"); ++} ++ + static void + gdm_session_worker_uninitialize_pam (GdmSessionWorker *worker, + int status) + { + g_debug ("GdmSessionWorker: uninitializing PAM"); + + if (worker->priv->pam_handle == NULL) + return; + + gdm_session_worker_get_username (worker, NULL); + + if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) { + pam_close_session (worker->priv->pam_handle, 0); + gdm_session_auditor_report_logout (worker->priv->auditor); + } else { + gdm_session_auditor_report_login_failure (worker->priv->auditor, + status, + pam_strerror (worker->priv->pam_handle, status)); + } + + if (worker->priv->state >= GDM_SESSION_WORKER_STATE_ACCREDITED) { + pam_setcred (worker->priv->pam_handle, PAM_DELETE_CRED); + } + + pam_end (worker->priv->pam_handle, status); + worker->priv->pam_handle = NULL; + + gdm_session_worker_stop_auditor (worker); + + if (g_strcmp0 (worker->priv->display_seat_id, "seat0") == 0) { + if (worker->priv->login_vt != worker->priv->session_vt) { + jump_to_vt (worker, worker->priv->login_vt); + } + } + + worker->priv->login_vt = 0; + worker->priv->session_vt = 0; + + g_debug ("GdmSessionWorker: state NONE"); +- worker->priv->state = GDM_SESSION_WORKER_STATE_NONE; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_NONE); + } + + static char * + _get_tty_for_pam (const char *x11_display_name, + const char *display_device) + { + #ifdef __sun + return g_strdup (display_device); + #else + return g_strdup (x11_display_name); + #endif + } + + #ifdef PAM_XAUTHDATA + static struct pam_xauth_data * + _get_xauth_for_pam (const char *x11_authority_file) + { + FILE *fh; + Xauth *auth = NULL; + struct pam_xauth_data *retval = NULL; + gsize len = sizeof (*retval) + 1; + + fh = fopen (x11_authority_file, "r"); + if (fh) { + auth = XauReadAuth (fh); + fclose (fh); + } + if (auth) { + len += auth->name_length + auth->data_length; + retval = g_malloc0 (len); +@@ -1173,61 +1185,61 @@ gdm_session_worker_initialize_pam (GdmSessionWorker *worker, + goto out; + } + } + + /* set RHOST */ + if (hostname != NULL && hostname[0] != '\0') { + error_code = pam_set_item (worker->priv->pam_handle, PAM_RHOST, hostname); + g_debug ("error informing authentication system of user's hostname %s: %s", + hostname, + pam_strerror (worker->priv->pam_handle, error_code)); + + if (error_code != PAM_SUCCESS) { + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_AUTHENTICATING, + "%s", ""); + goto out; + } + } + + /* set seat ID */ + if (seat_id != NULL && seat_id[0] != '\0') { + gdm_session_worker_set_environment_variable (worker, "XDG_SEAT", seat_id); + } + + if (strcmp (service, "gdm-launch-environment") == 0) { + gdm_session_worker_set_environment_variable (worker, "XDG_SESSION_CLASS", "greeter"); + } + + g_debug ("GdmSessionWorker: state SETUP_COMPLETE"); +- worker->priv->state = GDM_SESSION_WORKER_STATE_SETUP_COMPLETE; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE); + + /* Temporarily set PAM_TTY with the currently active VT (login screen) + PAM_TTY will be reset with the users VT right before the user session is opened */ + ensure_login_vt (worker); + g_snprintf (tty_string, 256, "/dev/tty%d", worker->priv->login_vt); + pam_set_item (worker->priv->pam_handle, PAM_TTY, tty_string); + if (!display_is_local) + worker->priv->password_is_required = TRUE; + + out: + if (error_code != PAM_SUCCESS) { + gdm_session_worker_uninitialize_pam (worker, error_code); + return FALSE; + } + + return TRUE; + } + + static gboolean + gdm_session_worker_authenticate_user (GdmSessionWorker *worker, + gboolean password_is_required, + GError **error) + { + int error_code; + int authentication_flags; + + g_debug ("GdmSessionWorker: authenticating user %s", worker->priv->username); + + authentication_flags = 0; + +@@ -1238,61 +1250,61 @@ gdm_session_worker_authenticate_user (GdmSessionWorker *worker, + /* blocking call, does the actual conversation */ + error_code = pam_authenticate (worker->priv->pam_handle, authentication_flags); + + if (error_code == PAM_AUTHINFO_UNAVAIL) { + g_debug ("GdmSessionWorker: authentication service unavailable"); + + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE, + "%s", ""); + goto out; + } else if (error_code != PAM_SUCCESS) { + g_debug ("GdmSessionWorker: authentication returned %d: %s", error_code, pam_strerror (worker->priv->pam_handle, error_code)); + + /* + * Do not display a different message for user unknown versus + * a failed password for a valid user. + */ + if (error_code == PAM_USER_UNKNOWN) { + error_code = PAM_AUTH_ERR; + } + + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_AUTHENTICATING, + "%s", get_friendly_error_message (error_code)); + goto out; + } + + g_debug ("GdmSessionWorker: state AUTHENTICATED"); +- worker->priv->state = GDM_SESSION_WORKER_STATE_AUTHENTICATED; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_AUTHENTICATED); + + out: + if (error_code != PAM_SUCCESS) { + gdm_session_worker_uninitialize_pam (worker, error_code); + return FALSE; + } + + return TRUE; + } + + static gboolean + gdm_session_worker_authorize_user (GdmSessionWorker *worker, + gboolean password_is_required, + GError **error) + { + int error_code; + int authentication_flags; + + g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session", + password_is_required); + + authentication_flags = 0; + + if (password_is_required) { + authentication_flags |= PAM_DISALLOW_NULL_AUTHTOK; + } + + /* check that the account isn't disabled or expired + */ + error_code = pam_acct_mgmt (worker->priv->pam_handle, authentication_flags); +@@ -1303,61 +1315,61 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker, + g_debug ("GdmSessionWorker: authenticated user requires new auth token"); + error_code = pam_chauthtok (worker->priv->pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK); + + gdm_session_worker_get_username (worker, NULL); + + if (error_code != PAM_SUCCESS) { + gdm_session_auditor_report_password_change_failure (worker->priv->auditor); + } else { + gdm_session_auditor_report_password_changed (worker->priv->auditor); + } + } + + /* If the user is reauthenticating, then authorization isn't required to + * proceed, the user is already logged in after all. + */ + if (worker->priv->is_reauth_session) { + error_code = PAM_SUCCESS; + } + + if (error_code != PAM_SUCCESS) { + g_debug ("GdmSessionWorker: user is not authorized to log in: %s", + pam_strerror (worker->priv->pam_handle, error_code)); + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_AUTHORIZING, + "%s", get_friendly_error_message (error_code)); + goto out; + } + + g_debug ("GdmSessionWorker: state AUTHORIZED"); +- worker->priv->state = GDM_SESSION_WORKER_STATE_AUTHORIZED; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_AUTHORIZED); + + out: + if (error_code != PAM_SUCCESS) { + gdm_session_worker_uninitialize_pam (worker, error_code); + return FALSE; + } + + return TRUE; + } + + static void + gdm_session_worker_set_environment_variable (GdmSessionWorker *worker, + const char *key, + const char *value) + { + int error_code; + char *environment_entry; + + if (value != NULL) { + environment_entry = g_strdup_printf ("%s=%s", key, value); + } else { + /* empty value means "remove from environment" */ + environment_entry = g_strdup (key); + } + + error_code = pam_putenv (worker->priv->pam_handle, + environment_entry); + + if (error_code != PAM_SUCCESS) { + g_warning ("cannot put %s in pam environment: %s\n", +@@ -1716,61 +1728,61 @@ gdm_session_worker_accredit_user (GdmSessionWorker *worker, + + /* If the user is reauthenticating and they've made it this far, then there + * is no reason we should lock them out of their session. They've already + * proved they are they same person who logged in, and that's all we care + * about. + */ + if (worker->priv->is_reauth_session) { + error_code = PAM_SUCCESS; + } + + if (error_code != PAM_SUCCESS) { + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_GIVING_CREDENTIALS, + "%s", + pam_strerror (worker->priv->pam_handle, error_code)); + goto out; + } + + ret = TRUE; + + out: + g_free (home); + g_free (shell); + if (ret) { + g_debug ("GdmSessionWorker: state ACCREDITED"); + ret = TRUE; + + gdm_session_worker_get_username (worker, NULL); + gdm_session_auditor_report_user_accredited (worker->priv->auditor); +- worker->priv->state = GDM_SESSION_WORKER_STATE_ACCREDITED; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_ACCREDITED); + } else { + gdm_session_worker_uninitialize_pam (worker, error_code); + } + + return ret; + } + + static const char * const * + gdm_session_worker_get_environment (GdmSessionWorker *worker) + { + return (const char * const *) pam_getenvlist (worker->priv->pam_handle); + } + + static gboolean + run_script (GdmSessionWorker *worker, + const char *dir) + { + /* scripts are for non-program sessions only */ + if (worker->priv->is_program_session) { + return TRUE; + } + + return gdm_run_script (dir, + worker->priv->username, + worker->priv->x11_display_name, + worker->priv->display_is_local? NULL : worker->priv->hostname, + worker->priv->x11_authority_file); + } + + static void +@@ -2145,61 +2157,61 @@ gdm_session_worker_start_session (GdmSessionWorker *worker, + (char **) + environment, + TRUE); + + gdm_log_init (); + g_debug ("GdmSessionWorker: child '%s' could not be started: %s", + worker->priv->arguments[0], + g_strerror (errno)); + + _exit (EXIT_FAILURE); + } + + if (worker->priv->session_tty_fd > 0) { + close (worker->priv->session_tty_fd); + worker->priv->session_tty_fd = -1; + } + + /* If we end up execing again, make sure we don't use the executable context set up + * by pam_selinux durin pam_open_session + */ + #ifdef HAVE_SELINUX + setexeccon (NULL); + #endif + + worker->priv->child_pid = session_pid; + + g_debug ("GdmSessionWorker: session opened creating reply..."); + g_assert (sizeof (GPid) <= sizeof (int)); + + g_debug ("GdmSessionWorker: state SESSION_STARTED"); +- worker->priv->state = GDM_SESSION_WORKER_STATE_SESSION_STARTED; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_SESSION_STARTED); + + gdm_session_worker_watch_child (worker); + + out: + if (error_code != PAM_SUCCESS) { + gdm_session_worker_uninitialize_pam (worker, error_code); + return FALSE; + } + + return TRUE; + } + + static gboolean + set_up_for_new_vt (GdmSessionWorker *worker) + { + int fd; + char vt_string[256], tty_string[256]; + int session_vt = 0; + + fd = open ("/dev/tty0", O_RDWR | O_NOCTTY); + + if (fd < 0) { + g_debug ("GdmSessionWorker: couldn't open VT master: %m"); + return FALSE; + } + + if (worker->priv->display_is_initial) { + session_vt = atoi (GDM_INITIAL_VT); + } else { + if (ioctl(fd, VT_OPENQRY, &session_vt) < 0) { +@@ -2368,61 +2380,61 @@ gdm_session_worker_open_session (GdmSessionWorker *worker, + break; + case GDM_SESSION_DISPLAY_MODE_NEW_VT: + case GDM_SESSION_DISPLAY_MODE_LOGIND_MANAGED: + if (!set_up_for_new_vt (worker)) { + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_OPENING_SESSION, + "Unable to open VT"); + return FALSE; + } + break; + } + + flags = 0; + + if (worker->priv->is_program_session) { + flags |= PAM_SILENT; + } + + error_code = pam_open_session (worker->priv->pam_handle, flags); + + if (error_code != PAM_SUCCESS) { + g_set_error (error, + GDM_SESSION_WORKER_ERROR, + GDM_SESSION_WORKER_ERROR_OPENING_SESSION, + "%s", pam_strerror (worker->priv->pam_handle, error_code)); + goto out; + } + + g_debug ("GdmSessionWorker: state SESSION_OPENED"); +- worker->priv->state = GDM_SESSION_WORKER_STATE_SESSION_OPENED; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_SESSION_OPENED); + + session_id = gdm_session_worker_get_environment_variable (worker, "XDG_SESSION_ID"); + + if (session_id != NULL) { + g_free (worker->priv->session_id); + worker->priv->session_id = session_id; + } + + out: + if (error_code != PAM_SUCCESS) { + gdm_session_worker_uninitialize_pam (worker, error_code); + return FALSE; + } + + gdm_session_worker_get_username (worker, NULL); + gdm_session_auditor_report_login (worker->priv->auditor); + + return TRUE; + } + + static void + gdm_session_worker_set_server_address (GdmSessionWorker *worker, + const char *address) + { + g_free (worker->priv->server_address); + worker->priv->server_address = g_strdup (address); + } + + static void + gdm_session_worker_set_is_reauth_session (GdmSessionWorker *worker, +@@ -2445,61 +2457,61 @@ gdm_session_worker_set_property (GObject *object, + case PROP_SERVER_ADDRESS: + gdm_session_worker_set_server_address (self, g_value_get_string (value)); + break; + case PROP_IS_REAUTH_SESSION: + gdm_session_worker_set_is_reauth_session (self, g_value_get_boolean (value)); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } + } + + static void + gdm_session_worker_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) + { + GdmSessionWorker *self; + + self = GDM_SESSION_WORKER (object); + + switch (prop_id) { + case PROP_SERVER_ADDRESS: + g_value_set_string (value, self->priv->server_address); + break; + case PROP_IS_REAUTH_SESSION: + g_value_set_boolean (value, self->priv->is_reauth_session); + break; + case PROP_STATE: +- g_value_set_int (value, self->priv->state); ++ g_value_set_enum (value, self->priv->state); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } + } + + static gboolean + gdm_session_worker_handle_set_environment_variable (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *key, + const char *value) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + gdm_session_worker_set_environment_variable (worker, key, value); + gdm_dbus_worker_complete_set_environment_variable (object, invocation); + return TRUE; + } + + static gboolean + gdm_session_worker_handle_set_session_name (GdmDBusWorker *object, + GDBusMethodInvocation *invocation, + const char *session_name) + { + GdmSessionWorker *worker = GDM_SESSION_WORKER (object); + g_debug ("GdmSessionWorker: session name set to %s", session_name); + if (worker->priv->user_settings != NULL) + gdm_session_settings_set_session_name (worker->priv->user_settings, + session_name); + gdm_dbus_worker_complete_set_session_name (object, invocation); +@@ -2646,61 +2658,61 @@ do_authorize (GdmSessionWorker *worker) + g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error); + } + worker->priv->pending_invocation = NULL; + } + + static void + do_accredit (GdmSessionWorker *worker) + { + GError *error; + gboolean res; + + /* get kerberos tickets, setup group lists, etc + */ + error = NULL; + res = gdm_session_worker_accredit_user (worker, &error); + + if (res) { + gdm_dbus_worker_complete_establish_credentials (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation); + } else { + g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error); + } + worker->priv->pending_invocation = NULL; + } + + static void + save_account_details_now (GdmSessionWorker *worker) + { + g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED); + + g_debug ("GdmSessionWorker: saving account details for user %s", worker->priv->username); +- worker->priv->state = GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED; ++ gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED); + if (worker->priv->user_settings != NULL) { + if (!gdm_session_settings_save (worker->priv->user_settings, + worker->priv->username)) { + g_warning ("could not save session and language settings"); + } + } + queue_state_change (worker); + } + + static void + on_settings_is_loaded_changed (GdmSessionSettings *user_settings, + GParamSpec *pspec, + GdmSessionWorker *worker) + { + if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) { + return; + } + + /* These signal handlers should be disconnected after the loading, + * so that gdm_session_settings_set_* APIs don't cause the emitting + * of Saved*NameRead D-Bus signals any more. + */ + g_signal_handlers_disconnect_by_func (worker->priv->user_settings, + G_CALLBACK (on_saved_session_name_read), + worker); + + g_signal_handlers_disconnect_by_func (worker->priv->user_settings, + G_CALLBACK (on_saved_language_name_read), + worker); + +@@ -3461,60 +3473,69 @@ worker_interface_init (GdmDBusWorkerIface *interface) + interface->handle_start_reauthentication = gdm_session_worker_handle_start_reauthentication; + } + + static void + gdm_session_worker_class_init (GdmSessionWorkerClass *klass) + { + GObjectClass *object_class = G_OBJECT_CLASS (klass); + + object_class->get_property = gdm_session_worker_get_property; + object_class->set_property = gdm_session_worker_set_property; + object_class->constructor = gdm_session_worker_constructor; + object_class->finalize = gdm_session_worker_finalize; + + g_type_class_add_private (klass, sizeof (GdmSessionWorkerPrivate)); + + g_object_class_install_property (object_class, + PROP_SERVER_ADDRESS, + g_param_spec_string ("server-address", + "server address", + "server address", + NULL, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); + + g_object_class_install_property (object_class, + PROP_IS_REAUTH_SESSION, + g_param_spec_boolean ("is-reauth-session", + "is reauth session", + "is reauth session", + FALSE, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); ++ ++ g_object_class_install_property (object_class, ++ PROP_STATE, ++ g_param_spec_enum ("state", ++ "state", ++ "state", ++ GDM_TYPE_SESSION_WORKER_STATE, ++ GDM_SESSION_WORKER_STATE_NONE, ++ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS)); + } + + static void + reauthentication_request_free (ReauthenticationRequest *request) + { + + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_client_connected), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_client_disconnected), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_cancelled), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_conversation_started), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_conversation_stopped), + request); + g_signal_handlers_disconnect_by_func (request->session, + G_CALLBACK (on_reauthentication_verification_complete), + request); + g_clear_object (&request->session); + g_slice_free (ReauthenticationRequest, request); + } + + static void + gdm_session_worker_init (GdmSessionWorker *worker) +diff --git a/daemon/session-worker-main.c b/daemon/session-worker-main.c +index 4a3a8ebbe..d96844d2d 100644 +--- a/daemon/session-worker-main.c ++++ b/daemon/session-worker-main.c +@@ -37,104 +37,137 @@ + #include + + #include "gdm-common.h" + #include "gdm-log.h" + #include "gdm-session-worker.h" + + #include "gdm-settings.h" + #include "gdm-settings-direct.h" + #include "gdm-settings-keys.h" + + static GdmSettings *settings = NULL; + + static gboolean + on_sigusr1_cb (gpointer user_data) + { + g_debug ("Got USR1 signal"); + + gdm_log_toggle_debug (); + + return TRUE; + } + + static gboolean + is_debug_set (void) + { + gboolean debug; + gdm_settings_direct_get_boolean (GDM_KEY_DEBUG, &debug); + return debug; + } + ++static gboolean ++on_shutdown_signal_cb (gpointer user_data) ++{ ++ GMainLoop *mainloop = user_data; ++ ++ g_main_loop_quit (mainloop); ++ ++ return FALSE; ++} ++ ++static void ++on_state_changed (GdmSessionWorker *worker, ++ GParamSpec *pspec, ++ GMainLoop *main_loop) ++{ ++ GdmSessionWorkerState state; ++ ++ g_object_get (G_OBJECT (worker), "state", &state, NULL); ++ ++ if (state != GDM_SESSION_WORKER_STATE_SESSION_STARTED) ++ return; ++ ++ g_unix_signal_add (SIGTERM, on_shutdown_signal_cb, main_loop); ++} ++ + static void + on_sigterm_cb (int signal_number) + { + _exit (EXIT_SUCCESS); + } + + int + main (int argc, + char **argv) + { + GMainLoop *main_loop; + GOptionContext *context; + GdmSessionWorker *worker; + const char *address; + gboolean is_for_reauth; + static GOptionEntry entries [] = { + { NULL } + }; + + signal (SIGTERM, on_sigterm_cb); + + bindtextdomain (GETTEXT_PACKAGE, GNOMELOCALEDIR); + textdomain (GETTEXT_PACKAGE); + setlocale (LC_ALL, ""); + + /* Translators: worker is a helper process that does the work + of starting up a session */ + context = g_option_context_new (_("GNOME Display Manager Session Worker")); + g_option_context_add_main_entries (context, entries, NULL); + + g_option_context_parse (context, &argc, &argv, NULL); + g_option_context_free (context); + + gdm_log_init (); + + settings = gdm_settings_new (); + if (settings == NULL) { + g_warning ("Unable to initialize settings"); + exit (EXIT_FAILURE); + } + + if (! gdm_settings_direct_init (settings, DATADIR "/gdm/gdm.schemas", "/")) { + g_warning ("Unable to initialize settings"); + exit (EXIT_FAILURE); + } + + gdm_log_set_debug (is_debug_set ()); + + address = g_getenv ("GDM_SESSION_DBUS_ADDRESS"); + if (address == NULL) { + g_warning ("GDM_SESSION_DBUS_ADDRESS not set"); + exit (EXIT_FAILURE); + } + + is_for_reauth = g_getenv ("GDM_SESSION_FOR_REAUTH") != NULL; + + worker = gdm_session_worker_new (address, is_for_reauth); + + main_loop = g_main_loop_new (NULL, FALSE); + ++ g_signal_connect (G_OBJECT (worker), ++ "notify::state", ++ G_CALLBACK (on_state_changed), ++ main_loop); ++ + g_unix_signal_add (SIGUSR1, on_sigusr1_cb, NULL); + + g_main_loop_run (main_loop); + + if (worker != NULL) { ++ g_signal_handlers_disconnect_by_func (worker, ++ G_CALLBACK (on_state_changed), ++ main_loop); + g_object_unref (worker); + } + + g_main_loop_unref (main_loop); + + g_debug ("Worker finished"); + + return 0; + } +-- +2.18.1 + diff --git a/SOURCES/0003-daemon-save-os-release-in-accountsservice.patch b/SOURCES/0003-daemon-save-os-release-in-accountsservice.patch new file mode 100644 index 0000000..d41e6c3 --- /dev/null +++ b/SOURCES/0003-daemon-save-os-release-in-accountsservice.patch @@ -0,0 +1,624 @@ +From f12d17a6f4f76ba037e9126113684777a070a8f4 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 20 Aug 2018 14:30:59 -0400 +Subject: [PATCH 3/4] daemon: save os-release in accountsservice + +It can be useful to know what OS a user was running +when they logged in (to detect upgrades). + +This commit saves that information in accountsservice. +--- + daemon/Makefile.am | 10 ++ + daemon/gdm-session-settings.c | 98 +++++++++++++++++++ + data/Makefile.am | 2 + + .../com.redhat.AccountsServiceUser.System.xml | 10 ++ + 4 files changed, 120 insertions(+) + create mode 100644 data/com.redhat.AccountsServiceUser.System.xml + +diff --git a/daemon/Makefile.am b/daemon/Makefile.am +index 3b1b15122..b77c9276e 100644 +--- a/daemon/Makefile.am ++++ b/daemon/Makefile.am +@@ -14,137 +14,147 @@ AM_CPPFLAGS = \ + -DLIBEXECDIR=\"$(libexecdir)\" \ + -DLOCALSTATEDIR=\"$(localstatedir)\" \ + -DLOGDIR=\"$(logdir)\" \ + -DSBINDIR=\"$(sbindir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ + -DGDM_RUN_DIR=\"$(GDM_RUN_DIR)\" \ + -DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \ + -DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\" \ + -DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\" \ + -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \ + $(DISABLE_DEPRECATED_CFLAGS) \ + $(DAEMON_CFLAGS) \ + $(XLIB_CFLAGS) \ + $(WARN_CFLAGS) \ + $(DEBUG_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(JOURNALD_CFLAGS) \ + $(LIBSELINUX_CFLAGS) \ + -DLANG_CONFIG_FILE=\"$(LANG_CONFIG_FILE)\" \ + $(NULL) + + BUILT_SOURCES = \ + gdm-display-glue.h \ + gdm-manager-glue.h \ + gdm-local-display-glue.h \ + gdm-local-display-factory-glue.h \ + gdm-session-glue.h \ + gdm-session-worker-glue.h \ + gdm-session-enum-types.h \ ++ com.redhat.AccountsServiceUser.System.h \ + $(NULL) + + gdm-session-enum-types.h: gdm-session-enum-types.h.in gdm-session.h + $(AM_V_GEN) glib-mkenums --template $^ > $@ + + gdm-session-enum-types.c: gdm-session-enum-types.c.in gdm-session.h + $(AM_V_GEN) glib-mkenums --template $^ > $@ + + gdm-display-glue.c gdm-display-glue.h: gdm-display.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-display-glue \ + $(srcdir)/gdm-display.xml + + gdm-local-display-glue.c gdm-local-display-glue.h: gdm-local-display.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-local-display-glue \ + $(srcdir)/gdm-local-display.xml + + gdm-local-display-factory-glue.c gdm-local-display-factory-glue.h : gdm-local-display-factory.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-local-display-factory-glue \ + $(srcdir)/gdm-local-display-factory.xml + + gdm-manager-glue.c gdm-manager-glue.h : gdm-manager.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-manager-glue \ + $(srcdir)/gdm-manager.xml + + gdm-session-glue.c gdm-session-glue.h : gdm-session.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-session-glue \ + $(srcdir)/gdm-session.xml + + gdm-session-worker-glue.c gdm-session-worker-glue.h : gdm-session-worker.xml Makefile.am + $(AM_V_GEN)gdbus-codegen \ + --c-namespace=GdmDBus \ + --interface-prefix=org.gnome.DisplayManager \ + --generate-c-code=gdm-session-worker-glue \ + $(srcdir)/gdm-session-worker.xml + ++com.redhat.AccountsServiceUser.System.c com.redhat.AccountsServiceUser.System.h: $(top_srcdir)/data/com.redhat.AccountsServiceUser.System.xml Makefile.am ++ $(AM_V_GEN)gdbus-codegen \ ++ --c-namespace=Gdm \ ++ --interface-prefix=com.redhat \ ++ --generate-c-code=com.redhat.AccountsServiceUser.System \ ++ $(top_srcdir)/data/com.redhat.AccountsServiceUser.System.xml ++ + noinst_PROGRAMS = \ + test-session-client \ + $(NULL) + + test_session_client_SOURCES = \ + test-session-client.c \ + $(NULL) + + nodist_test_session_client_SOURCES = \ + gdm-session-glue.h \ + gdm-session-glue.c \ + gdm-manager-glue.h \ + gdm-manager-glue.c \ + $(NULL) + + test_session_client_LDADD = \ + $(DAEMON_LIBS) \ + $(NULL) + + libexec_PROGRAMS = \ + gdm-session-worker \ + gdm-wayland-session \ + gdm-x-session \ + $(NULL) + + gdm_session_worker_SOURCES = \ + session-worker-main.c \ ++ com.redhat.AccountsServiceUser.System.h \ ++ com.redhat.AccountsServiceUser.System.c \ + gdm-session.c \ + gdm-session.h \ + gdm-session-settings.h \ + gdm-session-settings.c \ + gdm-session-auditor.h \ + gdm-session-auditor.c \ + gdm-session-record.c \ + gdm-session-record.h \ + gdm-session-worker.h \ + gdm-session-worker.c \ + gdm-session-worker-job.c \ + gdm-session-worker-common.c \ + gdm-session-worker-common.h \ + gdm-dbus-util.c \ + gdm-dbus-util.h \ + $(NULL) + + if SUPPORTS_PAM_EXTENSIONS + gdm_session_worker_SOURCES += $(top_srcdir)/pam-extensions/gdm-pam-extensions.h + endif + + nodist_gdm_session_worker_SOURCES = \ + gdm-session-glue.h \ + gdm-session-glue.c \ + gdm-session-worker-glue.c \ + gdm-session-worker-glue.h \ + gdm-session-enum-types.c \ + gdm-session-enum-types.h \ + $(NULL) + +diff --git a/daemon/gdm-session-settings.c b/daemon/gdm-session-settings.c +index 8463fad32..921e4d501 100644 +--- a/daemon/gdm-session-settings.c ++++ b/daemon/gdm-session-settings.c +@@ -1,70 +1,77 @@ + /* gdm-session-settings.c - Loads session and language from ~/.dmrc + * + * Copyright (C) 2008 Red Hat, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * Written by: Ray Strode + */ + #include "config.h" + #include "gdm-session-settings.h" ++#include "gdm-common.h" ++ ++#include "com.redhat.AccountsServiceUser.System.h" + + #include + #include + #include + #include + #include + + #include + #include + #include + + #include + + struct _GdmSessionSettingsPrivate + { + ActUserManager *user_manager; + ActUser *user; ++ ++ /* used for retrieving the last OS user logged in with */ ++ GdmAccountsServiceUserSystem *user_system_proxy; ++ + char *session_name; + char *session_type; + char *language_name; + }; + + static void gdm_session_settings_finalize (GObject *object); + static void gdm_session_settings_class_install_properties (GdmSessionSettingsClass * + settings_class); + + static void gdm_session_settings_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec); + static void gdm_session_settings_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec); + + enum { + PROP_0 = 0, + PROP_SESSION_NAME, + PROP_SESSION_TYPE, + PROP_LANGUAGE_NAME, + PROP_IS_LOADED + }; + + G_DEFINE_TYPE (GdmSessionSettings, gdm_session_settings, G_TYPE_OBJECT) + + static void + gdm_session_settings_class_init (GdmSessionSettingsClass *settings_class) +@@ -107,60 +114,62 @@ gdm_session_settings_class_install_properties (GdmSessionSettingsClass *settings + g_object_class_install_property (object_class, PROP_LANGUAGE_NAME, param_spec); + + param_spec = g_param_spec_boolean ("is-loaded", NULL, NULL, + FALSE, G_PARAM_READABLE); + g_object_class_install_property (object_class, PROP_IS_LOADED, param_spec); + } + + static void + gdm_session_settings_init (GdmSessionSettings *settings) + { + settings->priv = G_TYPE_INSTANCE_GET_PRIVATE (settings, + GDM_TYPE_SESSION_SETTINGS, + GdmSessionSettingsPrivate); + + settings->priv->user_manager = act_user_manager_get_default (); + + } + + static void + gdm_session_settings_finalize (GObject *object) + { + GdmSessionSettings *settings; + GObjectClass *parent_class; + + settings = GDM_SESSION_SETTINGS (object); + + if (settings->priv->user != NULL) { + g_object_unref (settings->priv->user); + } + ++ g_clear_object (&settings->priv->user_system_proxy); ++ + g_free (settings->priv->session_name); + g_free (settings->priv->language_name); + + parent_class = G_OBJECT_CLASS (gdm_session_settings_parent_class); + + if (parent_class->finalize != NULL) { + parent_class->finalize (object); + } + } + + void + gdm_session_settings_set_language_name (GdmSessionSettings *settings, + const char *language_name) + { + g_return_if_fail (GDM_IS_SESSION_SETTINGS (settings)); + + if (settings->priv->language_name == NULL || + strcmp (settings->priv->language_name, language_name) != 0) { + settings->priv->language_name = g_strdup (language_name); + g_object_notify (G_OBJECT (settings), "language-name"); + } + } + + void + gdm_session_settings_set_session_name (GdmSessionSettings *settings, + const char *session_name) + { + g_return_if_fail (GDM_IS_SESSION_SETTINGS (settings)); + + if (settings->priv->session_name == NULL || +@@ -261,69 +270,86 @@ gdm_session_settings_get_property (GObject *object, + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } + } + + GdmSessionSettings * + gdm_session_settings_new (void) + { + GdmSessionSettings *settings; + + settings = g_object_new (GDM_TYPE_SESSION_SETTINGS, + NULL); + + return settings; + } + + gboolean + gdm_session_settings_is_loaded (GdmSessionSettings *settings) + { + if (settings->priv->user == NULL) { + return FALSE; + } + + return act_user_is_loaded (settings->priv->user); + } + + static void + load_settings_from_user (GdmSessionSettings *settings) + { ++ const char *object_path; + const char *session_name; + const char *session_type; + const char *language_name; + + if (!act_user_is_loaded (settings->priv->user)) { + g_warning ("GdmSessionSettings: trying to load user settings from unloaded user"); + return; + } + ++ object_path = act_user_get_object_path (settings->priv->user); ++ ++ if (object_path != NULL) { ++ g_autoptr (GError) error = NULL; ++ settings->priv->user_system_proxy = gdm_accounts_service_user_system_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_NONE, ++ "org.freedesktop.Accounts", ++ object_path, ++ NULL, ++ &error); ++ if (error != NULL) { ++ g_debug ("GdmSessionSettings: couldn't retrieve user system proxy from accountsservice: %s", ++ error->message); ++ } ++ } ++ + /* if the user doesn't have saved state, they don't have any settings worth reading */ + if (!act_user_get_saved (settings->priv->user)) + goto out; + + session_type = act_user_get_session_type (settings->priv->user); + session_name = act_user_get_session (settings->priv->user); + + g_debug ("GdmSessionSettings: saved session is %s (type %s)", session_name, session_type); + + if (session_type != NULL && session_type[0] != '\0') { + gdm_session_settings_set_session_type (settings, session_type); + } + + if (session_name != NULL && session_name[0] != '\0') { + gdm_session_settings_set_session_name (settings, session_name); + } + + language_name = act_user_get_language (settings->priv->user); + + g_debug ("GdmSessionSettings: saved language is %s", language_name); + if (language_name != NULL && language_name[0] != '\0') { + gdm_session_settings_set_language_name (settings, language_name); + } + + out: + g_object_notify (G_OBJECT (settings), "is-loaded"); + } + + static void + on_user_is_loaded_changed (ActUser *user, +@@ -349,64 +375,136 @@ gdm_session_settings_load (GdmSessionSettings *settings, + g_return_val_if_fail (!gdm_session_settings_is_loaded (settings), FALSE); + + if (settings->priv->user != NULL) { + old_user = settings->priv->user; + + g_signal_handlers_disconnect_by_func (G_OBJECT (settings->priv->user), + G_CALLBACK (on_user_is_loaded_changed), + settings); + } else { + old_user = NULL; + } + + settings->priv->user = act_user_manager_get_user (settings->priv->user_manager, + username); + + g_clear_object (&old_user); + + if (!act_user_is_loaded (settings->priv->user)) { + g_signal_connect (settings->priv->user, + "notify::is-loaded", + G_CALLBACK (on_user_is_loaded_changed), + settings); + return FALSE; + } + + load_settings_from_user (settings); + + return TRUE; + } + ++static void ++save_os_release (GdmSessionSettings *settings, ++ ActUser *user) ++{ ++ g_autoptr(GFile) file = NULL; ++ g_autoptr(GError) error = NULL; ++ g_autofree char *contents = NULL; ++ g_auto(GStrv) lines = NULL; ++ size_t i; ++ ++ if (settings->priv->user_system_proxy == NULL) { ++ g_debug ("GdmSessionSettings: not saving OS version to user account because accountsservice doesn't support it"); ++ return; ++ } ++ ++ file = g_file_new_for_path ("/etc/os-release"); ++ ++ if (!g_file_load_contents (file, NULL, &contents, NULL, NULL, &error)) { ++ g_debug ("GdmSessionSettings: couldn't load /etc/os-release: %s", error->message); ++ return; ++ } ++ ++ lines = g_strsplit (contents, "\n", -1); ++ for (i = 0; lines[i] != NULL; i++) { ++ char *p, *name, *name_end, *value, *value_end; ++ ++ p = lines[i]; ++ ++ while (g_ascii_isspace (*p)) ++ p++; ++ ++ if (*p == '#' || *p == '\0') ++ continue; ++ name = p; ++ while (gdm_shell_var_is_valid_char (*p, p == name)) ++ p++; ++ name_end = p; ++ while (g_ascii_isspace (*p)) ++ p++; ++ if (name == name_end || *p != '=') { ++ continue; ++ } ++ *name_end = '\0'; ++ ++ p++; ++ ++ while (g_ascii_isspace (*p)) ++ p++; ++ ++ value = p; ++ value_end = value + strlen(value) - 1; ++ ++ if (value != value_end && *value == '"' && *value_end == '"') { ++ value++; ++ *value_end = '\0'; ++ } ++ ++ if (strcmp (name, "ID") == 0) { ++ gdm_accounts_service_user_system_set_id (settings->priv->user_system_proxy, ++ value); ++ g_debug ("GdmSessionSettings: setting system OS for user to '%s'", value); ++ } else if (strcmp (name, "VERSION_ID") == 0) { ++ gdm_accounts_service_user_system_set_version_id (settings->priv->user_system_proxy, ++ value); ++ g_debug ("GdmSessionSettings: setting system OS version for user to '%s'", value); ++ } ++ } ++} ++ + gboolean + gdm_session_settings_save (GdmSessionSettings *settings, + const char *username) + { + ActUser *user; + + g_return_val_if_fail (GDM_IS_SESSION_SETTINGS (settings), FALSE); + g_return_val_if_fail (username != NULL, FALSE); + g_return_val_if_fail (gdm_session_settings_is_loaded (settings), FALSE); + + user = act_user_manager_get_user (settings->priv->user_manager, + username); + + + if (!act_user_is_loaded (user)) { + g_object_unref (user); + return FALSE; + } + + if (settings->priv->session_name != NULL) { + act_user_set_session (user, settings->priv->session_name); + } + + if (settings->priv->session_type != NULL) { + act_user_set_session_type (user, settings->priv->session_type); + } + + if (settings->priv->language_name != NULL) { + act_user_set_language (user, settings->priv->language_name); + } ++ ++ save_os_release (settings, user); ++ + g_object_unref (user); + + return TRUE; + } +diff --git a/data/Makefile.am b/data/Makefile.am +index 192dfa052..d69021985 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -8,60 +8,62 @@ SUBDIRS = \ + $(NULL) + + initdir = $(gdmconfdir)/Init + postdir = $(gdmconfdir)/PostSession + predir = $(gdmconfdir)/PreSession + postlogindir = $(gdmconfdir)/PostLogin + workingdir = $(GDM_WORKING_DIR) + xauthdir = $(GDM_XAUTH_DIR) + screenshotdir = $(GDM_SCREENSHOT_DIR) + cachedir = $(localstatedir)/cache/gdm + + Init: $(srcdir)/Init.in + sed -e 's,[@]X_PATH[@],$(X_PATH),g' \ + <$(srcdir)/Init.in >Init + + PreSession: $(srcdir)/PreSession.in + sed -e 's,[@]X_PATH[@],$(X_PATH),g' \ + <$(srcdir)/PreSession.in >PreSession + PostSession: $(srcdir)/PostSession.in + sed -e 's,[@]X_PATH[@],$(X_PATH),g' \ + <$(srcdir)/PostSession.in >PostSession + + gdm.conf-custom: $(srcdir)/gdm.conf-custom.in + sed -e 's,[@]GDM_DEFAULTS_CONF[@],$(GDM_DEFAULTS_CONF),g' \ + <$(srcdir)/gdm.conf-custom.in >gdm.conf-custom + + dbusconfdir = $(DBUS_SYS_DIR) + dbusconf_in_files = gdm.conf.in + dbusconf_DATA = $(dbusconf_in_files:.conf.in=.conf) + ++EXTRA_DIST += com.redhat.AccountsServiceUser.System.xml ++ + @INTLTOOL_SCHEMAS_RULE@ + @INTLTOOL_XML_NOMERGE_RULE@ + + # dconf database and profile + dconf_db_files = \ + dconf/defaults/00-upstream-settings \ + dconf/defaults/locks/00-upstream-settings-locks + + dconfdbdir = $(pkgdatadir) + dconfdb_DATA = greeter-dconf-defaults + greeter-dconf-defaults: $(dconf_db_files) + $(AM_V_GEN) dconf compile $@ $(srcdir)/dconf/defaults + + dconfprofiledir = $(DATADIR)/dconf/profile + dconfprofile_DATA = dconf/gdm + + gsettings_SCHEMAS = org.gnome.login-screen.gschema.xml + @GSETTINGS_RULES@ + + schemasdir = $(pkgdatadir) + schemas_in_files = gdm.schemas.in + schemas_DATA = $(schemas_in_files:.schemas.in=.schemas) + + gdm.schemas.in: $(srcdir)/gdm.schemas.in.in + sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \ + -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \ + -e 's,[@]GDM_USER_PATH[@],$(GDM_USER_PATH),g' \ + -e 's,[@]GDM_USERNAME[@],$(GDM_USERNAME),g' \ + -e 's,[@]GDM_GROUPNAME[@],$(GDM_GROUPNAME),g' \ + -e 's,[@]HALT_COMMAND[@],$(HALT_COMMAND),g' \ +diff --git a/data/com.redhat.AccountsServiceUser.System.xml b/data/com.redhat.AccountsServiceUser.System.xml +new file mode 100644 +index 000000000..67f5f302c +--- /dev/null ++++ b/data/com.redhat.AccountsServiceUser.System.xml +@@ -0,0 +1,10 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +-- +2.17.1 + diff --git a/SOURCES/0003-session-Don-t-allow-greeter-operations-on-an-running.patch b/SOURCES/0003-session-Don-t-allow-greeter-operations-on-an-running.patch new file mode 100644 index 0000000..cc60c6f --- /dev/null +++ b/SOURCES/0003-session-Don-t-allow-greeter-operations-on-an-running.patch @@ -0,0 +1,227 @@ +From 7b83c1dc9645cabadfeb253d7eca427f6a26d10f Mon Sep 17 00:00:00 2001 +From: Iain Lane +Date: Thu, 31 Jan 2019 17:51:52 +0000 +Subject: [PATCH 3/4] session: Don't allow greeter operations on an running + session + +If a client has a reference to a session that starts running, +refuse to allow further operations on the session. + +CVE-2019-3825 +--- + daemon/gdm-session.c | 75 ++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 75 insertions(+) + +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index f23a83c5e..a8263ba11 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -1401,130 +1401,205 @@ gdm_session_handle_client_begin_verification_for_user (GdmDBusUserVerifier *u + static gboolean + gdm_session_handle_client_answer_query (GdmDBusUserVerifier *user_verifier_interface, + GDBusMethodInvocation *invocation, + const char *service_name, + const char *answer, + GdmSession *self) + { + gdm_dbus_user_verifier_complete_answer_query (user_verifier_interface, + invocation); + gdm_session_answer_query (self, service_name, answer); + return TRUE; + } + + static gboolean + gdm_session_handle_client_cancel (GdmDBusUserVerifier *user_verifier_interface, + GDBusMethodInvocation *invocation, + GdmSession *self) + { + gdm_dbus_user_verifier_complete_cancel (user_verifier_interface, + invocation); + gdm_session_cancel (self); + return TRUE; + } + + static gboolean + gdm_session_handle_client_select_session (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *session, + GdmSession *self) + { ++ if (gdm_session_is_running (self)) { ++ const char *username; ++ ++ username = gdm_session_get_username (self); ++ g_debug ("GdmSession: refusing to select session %s since it's already running (for user %s)", ++ session, ++ username); ++ g_dbus_method_invocation_return_error (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_INVALID_ARGS, ++ "Session already running for user %s", ++ username); ++ return TRUE; ++ } ++ + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_select_session (greeter_interface, + invocation); + } + gdm_session_select_session (self, session); + return TRUE; + } + + static gboolean + gdm_session_handle_client_select_user (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *username, + GdmSession *self) + { ++ if (gdm_session_is_running (self)) { ++ const char *session_username; ++ ++ session_username = gdm_session_get_username (self); ++ g_debug ("GdmSession: refusing to select user %s, since session (%p) already running (for user %s)", ++ username, ++ self, ++ session_username); ++ g_dbus_method_invocation_return_error (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_INVALID_ARGS, ++ "Session already running for user %s", ++ session_username); ++ return TRUE; ++ } ++ + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_select_user (greeter_interface, + invocation); + } + g_debug ("GdmSession: client selected user '%s' on session (%p)", username, self); + gdm_session_select_user (self, username); + return TRUE; + } + + static gboolean + gdm_session_handle_client_start_session_when_ready (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *service_name, + gboolean client_is_ready, + GdmSession *self) + { ++ if (gdm_session_is_running (self)) { ++ const char *username; ++ ++ username = gdm_session_get_username (self); ++ g_debug ("GdmSession: refusing to start session (%p), since it's already running (for user %s)", ++ self, ++ username); ++ g_dbus_method_invocation_return_error (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_INVALID_ARGS, ++ "Session already running for user %s", ++ username); ++ return TRUE; ++ } + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_start_session_when_ready (greeter_interface, + invocation); + } + g_signal_emit (G_OBJECT (self), + signals [CLIENT_READY_FOR_SESSION_TO_START], + 0, + service_name, + client_is_ready); + return TRUE; + } + + static gboolean + gdm_session_handle_get_timed_login_details (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + GdmSession *self) + { ++ if (gdm_session_is_running (self)) { ++ const char *username; ++ ++ username = gdm_session_get_username (self); ++ g_debug ("GdmSession: refusing to give timed login details, session (%p) already running (for user %s)", ++ self, ++ username); ++ g_dbus_method_invocation_return_error (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_INVALID_ARGS, ++ "Session already running for user %s", ++ username); ++ return TRUE; ++ } + + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_get_timed_login_details (greeter_interface, + invocation, + self->priv->timed_login_username != NULL, + self->priv->timed_login_username != NULL? self->priv->timed_login_username : "", + self->priv->timed_login_delay); + if (self->priv->timed_login_username != NULL) { + gdm_dbus_greeter_emit_timed_login_requested (self->priv->greeter_interface, + self->priv->timed_login_username, + self->priv->timed_login_delay); + } + } + return TRUE; + } + + static gboolean + gdm_session_handle_client_begin_auto_login (GdmDBusGreeter *greeter_interface, + GDBusMethodInvocation *invocation, + const char *username, + GdmSession *self) + { ++ const char *session_username; ++ ++ if (gdm_session_is_running (self)) { ++ session_username = gdm_session_get_username (self); ++ g_debug ("GdmSession: refusing auto login operation, session (%p) already running for user %s (%s requested)", ++ self, ++ session_username, ++ username); ++ g_dbus_method_invocation_return_error (invocation, ++ G_DBUS_ERROR, ++ G_DBUS_ERROR_INVALID_ARGS, ++ "Session already owned by user %s", ++ session_username); ++ return TRUE; ++ } ++ + if (self->priv->greeter_interface != NULL) { + gdm_dbus_greeter_complete_begin_auto_login (greeter_interface, + invocation); + } + + g_debug ("GdmSession: client requesting automatic login for user '%s' on session '%s' (%p)", + username, + gdm_session_get_session_id (self), + self); + + gdm_session_setup_for_user (self, "gdm-autologin", username); + + return TRUE; + } + + static void + export_user_verifier_interface (GdmSession *self, + GDBusConnection *connection) + { + GdmDBusUserVerifier *user_verifier_interface; + user_verifier_interface = GDM_DBUS_USER_VERIFIER (gdm_dbus_user_verifier_skeleton_new ()); + + g_object_set_data (G_OBJECT (connection), "gdm-session", self); + + g_signal_connect (user_verifier_interface, + "handle-enable-extensions", + G_CALLBACK (gdm_session_handle_client_enable_extensions), + connection); + g_signal_connect (user_verifier_interface, + "handle-begin-verification", +-- +2.21.0 + diff --git a/SOURCES/0003-session-worker-uninitialize-pam-if-worker-is-killed.patch b/SOURCES/0003-session-worker-uninitialize-pam-if-worker-is-killed.patch new file mode 100644 index 0000000..e79e546 --- /dev/null +++ b/SOURCES/0003-session-worker-uninitialize-pam-if-worker-is-killed.patch @@ -0,0 +1,85 @@ +From 1987a539495f38ade3efc561f65b56316080356e Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 24 Jun 2019 16:21:59 -0400 +Subject: [PATCH 3/3] session-worker: uninitialize pam if worker is killed + +Right nowe don't uninitialize pam or switch back to the +starting VT if the worker is killed before the session. + +This commit fixes that. +--- + daemon/gdm-session-worker.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c +index aa288ac8e..0322037e0 100644 +--- a/daemon/gdm-session-worker.c ++++ b/daemon/gdm-session-worker.c +@@ -3552,60 +3552,64 @@ gdm_session_worker_init (GdmSessionWorker *worker) + static void + gdm_session_worker_unwatch_child (GdmSessionWorker *worker) + { + if (worker->priv->child_watch_id == 0) + return; + + g_source_remove (worker->priv->child_watch_id); + worker->priv->child_watch_id = 0; + } + + + static void + gdm_session_worker_finalize (GObject *object) + { + GdmSessionWorker *worker; + + g_return_if_fail (object != NULL); + g_return_if_fail (GDM_IS_SESSION_WORKER (object)); + + worker = GDM_SESSION_WORKER (object); + + g_return_if_fail (worker->priv != NULL); + + gdm_session_worker_unwatch_child (worker); + + if (worker->priv->child_pid > 0) { + gdm_signal_pid (worker->priv->child_pid, SIGTERM); + gdm_wait_on_pid (worker->priv->child_pid); + } + ++ if (worker->priv->pam_handle != NULL) { ++ gdm_session_worker_uninitialize_pam (worker, PAM_SUCCESS); ++ } ++ + g_clear_object (&worker->priv->user_settings); + g_free (worker->priv->service); + g_free (worker->priv->x11_display_name); + g_free (worker->priv->x11_authority_file); + g_free (worker->priv->display_device); + g_free (worker->priv->display_seat_id); + g_free (worker->priv->hostname); + g_free (worker->priv->username); + g_free (worker->priv->server_address); + g_strfreev (worker->priv->arguments); + g_strfreev (worker->priv->extensions); + + g_hash_table_unref (worker->priv->reauthentication_requests); + + G_OBJECT_CLASS (gdm_session_worker_parent_class)->finalize (object); + } + + GdmSessionWorker * + gdm_session_worker_new (const char *address, + gboolean is_reauth_session) + { + GObject *object; + + object = g_object_new (GDM_TYPE_SESSION_WORKER, + "server-address", address, + "is-reauth-session", is_reauth_session, + NULL); + + return GDM_SESSION_WORKER (object); + } +-- +2.18.1 + diff --git a/SOURCES/0004-GdmManager-Don-t-perform-timed-login-if-session-gets.patch b/SOURCES/0004-GdmManager-Don-t-perform-timed-login-if-session-gets.patch new file mode 100644 index 0000000..158e15a --- /dev/null +++ b/SOURCES/0004-GdmManager-Don-t-perform-timed-login-if-session-gets.patch @@ -0,0 +1,105 @@ +From 15a19ac7856c539aa9cfbf76997d18b0275aae35 Mon Sep 17 00:00:00 2001 +From: Iain Lane +Date: Mon, 4 Feb 2019 15:12:38 +0000 +Subject: [PATCH 4/4] GdmManager: Don't perform timed login if session gets + started + +At the moment it's possible for the login screen to initiate +a timed login operation shortly after a user successfully starts +their session. + +GDM won't complete the timed login operation, since a session is +already running, but will erroneously overwrite the username +associated with the session, misattributing the users session +to the timed login user. + +Later, attempts to log in as the timed user will instead unlock the +session for the other user, since that session is now associated +with the timed login user. + +This commit refuses timed login requests on sessions that are +already running, so the username doesn't get corrupted. + +CVE-2019-3825 + +Closes https://gitlab.gnome.org/GNOME/gdm/issues/460 +--- + daemon/gdm-manager.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index 0cc06a978..056560b20 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -2116,60 +2116,68 @@ on_session_client_ready_for_session_to_start (GdmSession *session, + } else { + g_debug ("GdmManager: Will start session when ready and told"); + } + + waiting_to_start_user_session = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (session), + "waiting-to-start")); + + g_object_set_data (G_OBJECT (session), + "start-when-ready", + GINT_TO_POINTER (client_is_ready)); + + if (client_is_ready && waiting_to_start_user_session) { + start_user_session_if_ready (manager, session, service_name); + } + } + + static void + on_session_client_connected (GdmSession *session, + GCredentials *credentials, + GPid pid_of_client, + GdmManager *manager) + { + GdmDisplay *display; + char *username; + int delay; + gboolean enabled; + gboolean allow_timed_login = FALSE; + + g_debug ("GdmManager: client with pid %d connected", (int) pid_of_client); + ++ if (gdm_session_is_running (session)) { ++ const char *session_username; ++ session_username = gdm_session_get_username (session); ++ g_debug ("GdmManager: ignoring connection, since session already running (for user %s)", ++ session_username); ++ return; ++ } ++ + display = get_display_for_user_session (session); + + if (display == NULL) { + return; + } + + if (!display_is_on_seat0 (display)) { + return; + } + + #ifdef WITH_PLYMOUTH + if (manager->priv->plymouth_is_running) { + plymouth_quit_with_transition (); + manager->priv->plymouth_is_running = FALSE; + } + #endif + + g_object_get (G_OBJECT (display), "allow-timed-login", &allow_timed_login, NULL); + + if (!allow_timed_login) { + return; + } + + enabled = get_timed_login_details (manager, &username, &delay); + + if (! enabled) { + return; + } + + gdm_session_set_timed_login_details (session, username, delay); +-- +2.21.0 + diff --git a/SOURCES/0004-daemon-handle-upgrades-from-RHEL-7.patch b/SOURCES/0004-daemon-handle-upgrades-from-RHEL-7.patch new file mode 100644 index 0000000..cad7650 --- /dev/null +++ b/SOURCES/0004-daemon-handle-upgrades-from-RHEL-7.patch @@ -0,0 +1,138 @@ +From c673a7dd781da5ae0d64e13eb83c17e130231931 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 20 Aug 2018 14:30:59 -0400 +Subject: [PATCH 4/4] daemon: handle upgrades from RHEL 7 + +RHEL 7 users need to stay on X if they were using X, +and they need to stay on gnome-classic if they were using +gnome-classic. + +This commit examines the user's config to deduce whether +or not they were using RHEL 7 and in the event they were +try to get the right settings. +--- + daemon/gdm-session-settings.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/daemon/gdm-session-settings.c b/daemon/gdm-session-settings.c +index 921e4d501..0ce2e7de2 100644 +--- a/daemon/gdm-session-settings.c ++++ b/daemon/gdm-session-settings.c +@@ -270,95 +270,114 @@ gdm_session_settings_get_property (GObject *object, + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } + } + + GdmSessionSettings * + gdm_session_settings_new (void) + { + GdmSessionSettings *settings; + + settings = g_object_new (GDM_TYPE_SESSION_SETTINGS, + NULL); + + return settings; + } + + gboolean + gdm_session_settings_is_loaded (GdmSessionSettings *settings) + { + if (settings->priv->user == NULL) { + return FALSE; + } + + return act_user_is_loaded (settings->priv->user); + } + + static void + load_settings_from_user (GdmSessionSettings *settings) + { ++ const char *system_id = NULL, *system_version_id = NULL; + const char *object_path; + const char *session_name; + const char *session_type; + const char *language_name; + + if (!act_user_is_loaded (settings->priv->user)) { + g_warning ("GdmSessionSettings: trying to load user settings from unloaded user"); + return; + } + + object_path = act_user_get_object_path (settings->priv->user); + + if (object_path != NULL) { + g_autoptr (GError) error = NULL; + settings->priv->user_system_proxy = gdm_accounts_service_user_system_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_NONE, + "org.freedesktop.Accounts", + object_path, + NULL, + &error); + if (error != NULL) { + g_debug ("GdmSessionSettings: couldn't retrieve user system proxy from accountsservice: %s", + error->message); ++ } else { ++ system_id = gdm_accounts_service_user_system_get_id (settings->priv->user_system_proxy); ++ system_version_id = gdm_accounts_service_user_system_get_version_id (settings->priv->user_system_proxy); + } + } + + /* if the user doesn't have saved state, they don't have any settings worth reading */ + if (!act_user_get_saved (settings->priv->user)) + goto out; + + session_type = act_user_get_session_type (settings->priv->user); + session_name = act_user_get_session (settings->priv->user); + + g_debug ("GdmSessionSettings: saved session is %s (type %s)", session_name, session_type); + ++ if (system_id == NULL || (g_strcmp0 (system_id, "rhel") == 0 && g_str_has_prefix (system_version_id, "7."))) { ++ /* if there's also no session name in the file and we're coming from RHEL 7, ++ * then we should assume classic session ++ */ ++ if (session_name == NULL || session_name[0] == '\0') ++ session_name = "gnome-classic"; ++ ++ /* only presume wayland if the user specifically picked it in RHEL 7 ++ */ ++ if (g_strcmp0 (session_name, "gnome-wayland") == 0) ++ session_type = "wayland"; ++ else ++ session_type = "x11"; ++ } ++ + if (session_type != NULL && session_type[0] != '\0') { + gdm_session_settings_set_session_type (settings, session_type); + } + + if (session_name != NULL && session_name[0] != '\0') { + gdm_session_settings_set_session_name (settings, session_name); + } + + language_name = act_user_get_language (settings->priv->user); + + g_debug ("GdmSessionSettings: saved language is %s", language_name); + if (language_name != NULL && language_name[0] != '\0') { + gdm_session_settings_set_language_name (settings, language_name); + } + + out: + g_object_notify (G_OBJECT (settings), "is-loaded"); + } + + static void + on_user_is_loaded_changed (ActUser *user, + GParamSpec *pspec, + GdmSessionSettings *settings) + { + if (act_user_is_loaded (settings->priv->user)) { + load_settings_from_user (settings); + g_signal_handlers_disconnect_by_func (G_OBJECT (settings->priv->user), + G_CALLBACK (on_user_is_loaded_changed), + settings); + } +-- +2.17.1 + diff --git a/SOURCES/0004-data-reap-gdm-sessions-on-shutdown.patch b/SOURCES/0004-data-reap-gdm-sessions-on-shutdown.patch new file mode 100644 index 0000000..d0c0451 --- /dev/null +++ b/SOURCES/0004-data-reap-gdm-sessions-on-shutdown.patch @@ -0,0 +1,28 @@ +From f32adbe9bf26d502cb055b3a6cb98fc57e06bf13 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Fri, 26 Jul 2019 14:06:16 -0400 +Subject: [PATCH 4/4] data: reap gdm sessions on shutdown + +If GDM gets shutdown we should make sure all sessions get shutdown too. + +This is a bit of a safety net in case any processes in the session are +lingering after the orderly shutdown. +--- + data/gdm.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/gdm.service.in b/data/gdm.service.in +index 72201c1fd..202ab6753 100644 +--- a/data/gdm.service.in ++++ b/data/gdm.service.in +@@ -21,6 +21,7 @@ OnFailure=plymouth-quit.service + + [Service] + ExecStart=@sbindir@/gdm ++ExecStopPost=-/usr/bin/bash -c 'for f in /run/systemd/sessions/*; do [ -f $f ] && /usr/bin/fgrep -q SERVICE=gdm $f && loginctl terminate-session $(basename $f); done' + KillMode=mixed + Restart=always + IgnoreSIGPIPE=no +-- +2.18.1 + diff --git a/SOURCES/default.pa-for-gdm b/SOURCES/default.pa-for-gdm new file mode 100644 index 0000000..d633aee --- /dev/null +++ b/SOURCES/default.pa-for-gdm @@ -0,0 +1,10 @@ +load-module module-device-restore +load-module module-card-restore +load-module module-udev-detect +load-module module-native-protocol-unix +load-module module-default-device-restore +load-module module-rescue-streams +load-module module-always-sink +load-module module-intended-roles +load-module module-suspend-on-idle +load-module module-position-event-sounds diff --git a/SOURCES/org.gnome.login-screen.gschema.override b/SOURCES/org.gnome.login-screen.gschema.override new file mode 100644 index 0000000..d018c5e --- /dev/null +++ b/SOURCES/org.gnome.login-screen.gschema.override @@ -0,0 +1,3 @@ +[org.gnome.login-screen] +logo='/usr/share/pixmaps/fedora-gdm-logo.png' +enable-smartcard-authentication=false diff --git a/SOURCES/system-dconf.patch b/SOURCES/system-dconf.patch new file mode 100644 index 0000000..83d2999 --- /dev/null +++ b/SOURCES/system-dconf.patch @@ -0,0 +1,22 @@ +From 29d374ce6781df6f3b168a8c57163ddb582c998a Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 31 Jul 2013 17:32:55 -0400 +Subject: [PATCH] data: add system dconf databases to gdm profile + +This way system settings can affect the login screen. +--- + data/dconf/gdm.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/data/dconf/gdm.in b/data/dconf/gdm.in +index 4d8bf174..9694078f 100644 +--- a/data/dconf/gdm.in ++++ b/data/dconf/gdm.in +@@ -1,2 +1,5 @@ + user-db:user ++system-db:local ++system-db:site ++system-db:distro + file-db:@DATADIR@/@PACKAGE@/greeter-dconf-defaults +-- +2.11.1 diff --git a/SPECS/gdm.spec b/SPECS/gdm.spec new file mode 100644 index 0000000..eda8f91 --- /dev/null +++ b/SPECS/gdm.spec @@ -0,0 +1,3206 @@ +%global _changelog_trimtime %(date +%s -d "1 year ago") +%global _hardened_build 1 + +%define libauditver 1.0.6 +%define gtk3_version 2.99.2 +%define pam_version 0.99.8.1-11 +%define desktop_file_utils_version 0.2.90 +%define nss_version 3.11.1 + +Name: gdm +Epoch: 1 +Version: 3.28.3 +Release: 29%{?dist} +Summary: The GNOME Display Manager + +License: GPLv2+ +URL: https://wiki.gnome.org/Projects/GDM +Source0: http://download.gnome.org/sources/gdm/3.28/gdm-%{version}.tar.xz +Source1: org.gnome.login-screen.gschema.override +Patch00001: 0001-Honor-initial-setup-being-disabled-by-distro-install.patch + +Patch10001: 0001-utils-add-new-gdm-disable-wayland-binary.patch + +Patch20001: 0001-display-access-file-drop-unused-function.patch + +Patch30001: 0001-data-disable-wayland-for-proprietary-nvidia-machines.patch +Patch30002: 0001-data-disable-wayland-on-server-chips-and-dual-gpu-se.patch +Patch30003: 0001-data-enable-wayland-on-cirrus.patch +Patch30004: 0001-data-only-disable-wayland-on-passthrough-virt-setups.patch + +Patch40001: 0001-local-display-factory-pause-for-a-few-seconds-before.patch + +Patch50001: 0001-manager-ensure-is-initial-is-transfered-to-autologin.patch + +Patch60001: 0001-session-ensure-login-screen-over-XDMCP-connects-to-i.patch + +Patch70001: 0001-worker-don-t-load-user-settings-for-program-sessions.patch +Patch70002: 0002-session-support-new-accountsservice-Session-and-Sess.patch +Patch70003: 0003-daemon-save-os-release-in-accountsservice.patch +Patch70004: 0004-daemon-handle-upgrades-from-RHEL-7.patch + +Patch80001: 0001-session-worker-expose-worker-state-enum-to-type-syst.patch +Patch80002: 0002-session-worker-kill-user-sessions-when-stop-gdm-serv.patch +Patch80003: 0003-session-worker-uninitialize-pam-if-worker-is-killed.patch +Patch80004: 0004-data-reap-gdm-sessions-on-shutdown.patch + +# CVE-2019-3825 +Patch90001: 0001-manager-don-t-kill-timed-login-session-immediately-a.patch +Patch90002: 0002-manager-session-Add-some-debugging-around-starting-r.patch +Patch90003: 0003-session-Don-t-allow-greeter-operations-on-an-running.patch +Patch90004: 0004-GdmManager-Don-t-perform-timed-login-if-session-gets.patch + +Patch100001: 0001-manager-allow-multiple-xdmcp-logins-for-the-same-use.patch +Patch100002: 0002-gdm-x-session-run-session-bus-on-non-seat0-seats.patch + +Patch110001: 0001-display-ask-accountservice-if-there-are-users-rather.patch + +Patch120001: 0001-daemon-fix-wayland-detection-when-deciding-to-bypass.patch + +Patch999999: system-dconf.patch + +BuildRequires: pam-devel >= 0:%{pam_version} +BuildRequires: desktop-file-utils >= %{desktop_file_utils_version} +BuildRequires: libtool automake autoconf +BuildRequires: libattr-devel +BuildRequires: gettext +BuildRequires: git +BuildRequires: libdmx-devel +BuildRequires: audit-libs-devel >= %{libauditver} +BuildRequires: autoconf automake libtool +BuildRequires: intltool +%ifnarch s390 s390x ppc ppc64 +BuildRequires: xorg-x11-server-Xorg +%endif +BuildRequires: nss-devel >= %{nss_version} +BuildRequires: pkgconfig(accountsservice) >= 0.6.3 +BuildRequires: pkgconfig(check) +BuildRequires: pkgconfig(gobject-introspection-1.0) +BuildRequires: pkgconfig(gtk+-3.0) >= %{gtk3_version} +BuildRequires: pkgconfig(iso-codes) +BuildRequires: pkgconfig(libcanberra-gtk3) +BuildRequires: pkgconfig(libselinux) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(ply-boot-client) +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xau) +BuildRequires: pkgconfig(xorg-server) +BuildRequires: libXdmcp-devel +BuildRequires: systemd +BuildRequires: keyutils-libs-devel +BuildRequires: dconf + +Requires(pre): /usr/sbin/useradd +%{?systemd_requires} + +Provides: service(graphical-login) = %{name} + +Requires: accountsservice >= 0.6.50-3.el8 +Requires: audit-libs >= %{libauditver} +Requires: dconf +# since we use it, and pam spams the log if the module is missing +Requires: gnome-keyring-pam +Requires: gnome-session +Requires: gnome-session-wayland-session +Requires: gnome-settings-daemon >= 3.27.90 +Requires: gnome-shell +Requires: iso-codes +# We need 1.0.4-5 since it lets us use "localhost" in auth cookies +Requires: libXau >= 1.0.4-4 +Requires: pam >= 0:%{pam_version} +Requires: /sbin/nologin +Requires: setxkbmap +Requires: systemd >= 186 +Requires: system-logos +Requires: xorg-x11-server-utils +Requires: xorg-x11-xinit +Recommends: xorg-x11-server-Xorg + +Obsoletes: gdm-libs < 1:3.12.0-3 +Provides: gdm-libs%{?_isa} = %{epoch}:%{version}-%{release} + +# Swallow up old fingerprint/smartcard plugins +Obsoletes: gdm-plugin-smartcard < 1:3.2.1 +Provides: gdm-plugin-smartcard = %{epoch}:%{version}-%{release} + +Obsoletes: gdm-plugin-fingerprint < 1:3.2.1 +Provides: gdm-plugin-fingerprint = %{epoch}:%{version}-%{release} + +# moved here from pulseaudio-gdm-hooks-11.1-16 +Source5: default.pa-for-gdm +Obsoletes: pulseaudio-gdm-hooks < 1:11.1-17 +Provides: pulseaudio-gdm-hooks = 1:%{version}-%{release} + +%description +GDM, the GNOME Display Manager, handles authentication-related backend +functionality for logging in a user and unlocking the user's session after +it's been locked. GDM also provides functionality for initiating user-switching, +so more than one user can be logged in at the same time. It handles +graphical session registration with the system for both local and remote +sessions (in the latter case, via the XDMCP protocol). In cases where the +session doesn't provide it's own display server, GDM can start the display +server on behalf of the session. + +%package devel +Summary: Development files for gdm +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Requires: gdm-pam-extensions-devel = %{epoch}:%{version}-%{release} + +%description devel +The gdm-devel package contains headers and other +files needed to build custom greeters. + +%package pam-extensions-devel +Summary: Macros for developing GDM extensions to PAM +Group: Development/Libraries +Requires: pam-devel + +%description pam-extensions-devel +The gdm-pam-extensions-devel package contains headers and other +files that are helpful to PAM modules wishing to support +GDM specific authentication features. + +%prep +%autosetup -S git + +autoreconf -i -f +intltoolize -f + +%build + +%configure --with-pam-prefix=%{_sysconfdir} \ + --with-run-dir=/run/gdm \ + --with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \ + --enable-split-authentication \ + --enable-profiling \ + --enable-console-helper \ + --with-plymouth \ + --with-selinux + +# drop unneeded direct library deps with --as-needed +# libtool doesn't make this easy, so we do it the hard way +sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' -e 's/ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then/ func_append compile_command " -Wl,-O1,--as-needed"\n func_append finalize_command " -Wl,-O1,--as-needed"\n\0/' libtool + +%make_build + + +%install +mkdir -p %{buildroot}%{_sysconfdir}/gdm/Init +mkdir -p %{buildroot}%{_sysconfdir}/gdm/PreSession +mkdir -p %{buildroot}%{_sysconfdir}/gdm/PostSession + +%make_install + +install -p -m644 -D %{SOURCE5} %{buildroot}%{_localstatedir}/lib/gdm/.config/pulse/default.pa + +rm -f %{buildroot}%{_sysconfdir}/pam.d/gdm + +# add logo to shell greeter +cp -a %{SOURCE1} %{buildroot}%{_datadir}/glib-2.0/schemas + +# docs go elsewhere +rm -rf %{buildroot}/%{_prefix}/doc + +# create log dir +mkdir -p %{buildroot}/var/log/gdm + +(cd %{buildroot}%{_sysconfdir}/gdm; ln -sf ../X11/xinit/Xsession .) + +mkdir -p %{buildroot}%{_datadir}/gdm/autostart/LoginWindow + +mkdir -p %{buildroot}/run/gdm + +rm -f %{buildroot}%{_bindir}/gdm-screenshot + +find %{buildroot} -name '*.a' -delete +find %{buildroot} -name '*.la' -delete + +%find_lang gdm --with-gnome + +%pre +/usr/sbin/useradd -M -u 42 -d /var/lib/gdm -s /sbin/nologin -r gdm > /dev/null 2>&1 +/usr/sbin/usermod -d /var/lib/gdm -s /sbin/nologin gdm >/dev/null 2>&1 +# ignore errors, as we can't disambiguate between gdm already existed +# and couldn't create account with the current adduser. +exit 0 + +%post +%{?ldconfig} + +# if the user already has a config file, then migrate it to the new +# location; rpm will ensure that old file will be renamed + +custom=/etc/gdm/custom.conf + +if [ $1 -ge 2 ] ; then + if [ -f /usr/share/gdm/config/gdm.conf-custom ]; then + oldconffile=/usr/share/gdm/config/gdm.conf-custom + elif [ -f /etc/X11/gdm/gdm.conf ]; then + oldconffile=/etc/X11/gdm/gdm.conf + fi + + # Comment out some entries from the custom config file that may + # have changed locations in the update. Also move various + # elements to their new locations. + + [ -n "$oldconffile" ] && sed \ + -e 's@^command=/usr/X11R6/bin/X@#command=/usr/bin/Xorg@' \ + -e 's@^Xnest=/usr/X11R6/bin/Xnest@#Xnest=/usr/X11R6/bin/Xnest@' \ + -e 's@^BaseXsession=/etc/X11/xdm/Xsession@#BaseXsession=/etc/X11/xinit/Xsession@' \ + -e 's@^BaseXsession=/etc/X11/gdm/Xsession@#&@' \ + -e 's@^BaseXsession=/etc/gdm/Xsession@#&@' \ + -e 's@^Greeter=/usr/bin/gdmgreeter@#Greeter=/usr/libexec/gdmgreeter@' \ + -e 's@^RemoteGreeter=/usr/bin/gdmlogin@#RemoteGreeter=/usr/libexec/gdmlogin@' \ + -e 's@^GraphicalTheme=Bluecurve@#&@' \ + -e 's@^BackgroundColor=#20305a@#&@' \ + -e 's@^DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin@#&@' \ + -e 's@^RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin@#&@' \ + -e 's@^HostImageDir=/usr/share/hosts/@#HostImageDir=/usr/share/pixmaps/faces/@' \ + -e 's@^LogDir=/var/log/gdm@#&@' \ + -e 's@^PostLoginScriptDir=/etc/X11/gdm/PostLogin@#&@' \ + -e 's@^PreLoginScriptDir=/etc/X11/gdm/PreLogin@#&@' \ + -e 's@^PreSessionScriptDir=/etc/X11/gdm/PreSession@#&@' \ + -e 's@^PostSessionScriptDir=/etc/X11/gdm/PostSession@#&@' \ + -e 's@^DisplayInitDir=/var/run/gdm.pid@#&@' \ + -e 's@^RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot@#&@' \ + -e 's@^HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff@#&@' \ + -e 's@^ServAuthDir=/var/gdm@#&@' \ + -e 's@^Greeter=/usr/bin/gdmlogin@Greeter=/usr/libexec/gdmlogin@' \ + -e 's@^RemoteGreeter=/usr/bin/gdmgreeter@RemoteGreeter=/usr/libexec/gdmgreeter@' \ + $oldconffile > $custom +fi + +if [ $1 -ge 2 -a -f $custom ] && grep -q /etc/X11/gdm $custom ; then + sed -i -e 's@/etc/X11/gdm@/etc/gdm@g' $custom +fi + +%systemd_post gdm.service + +%preun +%systemd_preun gdm.service + +%postun +%{?ldconfig} +%systemd_postun gdm.service + +%files -f gdm.lang +%doc AUTHORS NEWS README +%license COPYING +%dir %{_sysconfdir}/gdm +%config(noreplace) %{_sysconfdir}/gdm/custom.conf +%config %{_sysconfdir}/gdm/Init/* +%config %{_sysconfdir}/gdm/PostLogin/* +%config %{_sysconfdir}/gdm/PreSession/* +%config %{_sysconfdir}/gdm/PostSession/* +%config %{_sysconfdir}/pam.d/gdm-autologin +%config %{_sysconfdir}/pam.d/gdm-password +# not config files +%{_sysconfdir}/gdm/Xsession +%{_datadir}/gdm/gdm.schemas +%{_sysconfdir}/dbus-1/system.d/gdm.conf +%dir %{_sysconfdir}/gdm/Init +%dir %{_sysconfdir}/gdm/PreSession +%dir %{_sysconfdir}/gdm/PostSession +%dir %{_sysconfdir}/gdm/PostLogin +%{_datadir}/pixmaps/*.png +%{_datadir}/glib-2.0/schemas/org.gnome.login-screen.gschema.xml +%{_datadir}/glib-2.0/schemas/org.gnome.login-screen.gschema.override +%{_libexecdir}/gdm-disable-wayland +%{_libexecdir}/gdm-host-chooser +%{_libexecdir}/gdm-session-worker +%{_libexecdir}/gdm-simple-chooser +%{_libexecdir}/gdm-wayland-session +%{_libexecdir}/gdm-x-session +%{_sbindir}/gdm +%{_bindir}/gdmflexiserver +%dir %{_datadir}/dconf +%dir %{_datadir}/dconf/profile +%{_datadir}/dconf/profile/gdm +%dir %{_datadir}/gdm/greeter +%dir %{_datadir}/gdm/greeter/applications +%{_datadir}/gdm/greeter/applications/* +%dir %{_datadir}/gdm/greeter/autostart +%{_datadir}/gdm/greeter/autostart/* +%{_datadir}/gdm/greeter-dconf-defaults +%{_datadir}/gdm/locale.alias +%{_datadir}/gdm/gdb-cmd +%{_datadir}/gnome-session/sessions/gnome-login.session +%{_libdir}/girepository-1.0/Gdm-1.0.typelib +%{_libdir}/security/pam_gdm.so +%{_libdir}/libgdm*.so* +%dir %{_localstatedir}/log/gdm +%attr(1770, gdm, gdm) %dir %{_localstatedir}/lib/gdm +%attr(0700, gdm, gdm) %dir %{_localstatedir}/lib/gdm/.config +%attr(0700, gdm, gdm) %dir %{_localstatedir}/lib/gdm/.config/pulse +%attr(0600, gdm, gdm) %{_localstatedir}/lib/gdm/.config/pulse/default.pa +%attr(0711, root, gdm) %dir /run/gdm +%attr(1755, root, gdm) %dir %{_localstatedir}/cache/gdm +%{_datadir}/icons/hicolor/*/*/*.png +%config %{_sysconfdir}/pam.d/gdm-pin +%config %{_sysconfdir}/pam.d/gdm-smartcard +%config %{_sysconfdir}/pam.d/gdm-fingerprint +%{_sysconfdir}/pam.d/gdm-launch-environment +%{_udevrulesdir}/61-gdm.rules +%{_unitdir}/gdm.service + +%files devel +%dir %{_includedir}/gdm +%{_includedir}/gdm/*.h +%exclude %{_includedir}/gdm/gdm-pam-extensions.h +%dir %{_datadir}/gir-1.0 +%{_datadir}/gir-1.0/Gdm-1.0.gir +%{_libdir}/pkgconfig/gdm.pc + +%files pam-extensions-devel +%{_includedir}/gdm/gdm-pam-extensions.h +%{_libdir}/pkgconfig/gdm-pam-extensions.pc + +%changelog +* Wed Feb 05 2020 Ray Strode - 3.28.3-29 +- Make GNOME work slightly better in the multiple logins case. + Related: #1710882 + +* Sun Dec 15 2019 Ray Strode - 3.28.3-28 +- Correct wayland session detection logic when deciding + whether or not to run Xsession script + Resolves: #1728330 + +* Sun Dec 15 2019 Ray Strode - 3.28.3-27 +- Don't run initial-setup for machines enrolled in IPA setup. + Resolves: #1750516 + +* Fri Dec 13 2019 Ray Strode - 3.28.3-26 +- Forward port RHEL 7 patch to allow multiple logins for the + same user with XDMCP connections. + Resolves: #1710882 + +* Thu Dec 12 2019 Ray Strode - 3.28.3-25 +- Reenable wayland on hybrid setups (except virt pass through) + Resolves: #1749960 +- Reenable wayland on qxl + Resolves: #1744452 + +* Fri Dec 06 2019 Ray Strode - 3.28.3-24 +- Reenable wayland on cirrus + Resolves: #1744527 + +* Thu Nov 21 2019 Ray Strode - 3.28.3-23 +- Correct timedlogin based screenlock bypass + Resolves: #1672829 + +* Mon Jun 24 2019 Ray Strode - 3.28.3-22 +- Ensure user session is killed with its worker and that all + user sessions are cleaned up on shutdown + Resolves: #1690714 + +* Mon Jun 17 2019 Ray Strode - 3.28.3-21 +- Drop gdm-screenshot + Resolves: #1680164 + +* Mon Feb 11 2019 Ray Strode - 3.28.3-20 +- Disable wayland on hybrid gpu machines, and server machines + again + Related: #1662087 + Related: #1591250 1670273 + +* Mon Feb 11 2019 Ray Strode - 3.28.3-19 +- Fix XDMCP sessions when local console is using wayland + Resolves: #1640043 + +* Thu Jan 31 2019 Adam Jackson - 3.28.3-18 +- Add Recommends: xorg-x11-server-Xorg to fix more fallback cases + Resolves: #1617991 + +* Mon Jan 14 2019 Ray Strode - 3.28.3-17 +- Reenable wayland on other server cards (missed one in -14) + Related: #1591250 + +* Mon Jan 14 2019 Ray Strode - 3.28.3-15 +- Disable wayland on QXL devices + Related: #1641763 + +* Fri Jan 04 2019 Ray Strode - 3.28.3-14 +- Reenable wayland on server cards + Related: #1591250 + +* Wed Nov 28 2018 Ray Strode - 3.28.3-13 +- rebuild + Related: #1625683 + +* Tue Nov 13 2018 Ray Strode - 3.28.3-12 +- rebuild + Related: #1625683 + +* Fri Nov 02 2018 Ray Strode - 3.28.3-11 +- Fix non-autologin which go broken in previous build + Related: #1645135 + +* Thu Nov 01 2018 Ray Strode - 3.28.3-10 +- Fix autologin when X falls back + Resolves: #1645135 + +* Mon Oct 29 2018 Ray Strode - 3.28.3-9 +- workaround logind bug that breaks X fallback + Resolves: #1643874 + +* Wed Oct 24 2018 Ray Strode - 3.28.3-8 +- Disable wayland on proprietary nvidia + Related: #1639782 + +* Mon Oct 15 2018 Ray Strode - 3.28.3-7 +- Drop dead code that makes coverity unhappy + Resolves: #1602510 + +* Fri Oct 12 2018 Ray Strode - 3.28.3-6 +- Move AccountsServiceUser extension from gdm to accountsservice, + since we need to use it when creating users from gnome-initial-setup + Related: #1628060 + +* Mon Oct 08 2018 Ray Strode - 3.28.3-5 +- Fix WaylandEnable=false for autologin displays + Resolves: #1637102 + +* Wed Sep 12 2018 Ray Strode - 3.28.3-4 +- Fix typo in RHEL-7 upgrade patch causing classic to get + picked too often + Resolves: #1628060 + Related: #1595825 + +* Thu Aug 23 2018 Ray Strode - 3.28.3-3 +- Fix crash when wayland is disabled + Related: #1612915 1621226 + +* Tue Aug 21 2018 Ray Strode - 3.28.3-2 +- Handle upgrades from RHEL 7 better + Related: #1612915 1595825 +- Fix wayland blacklisting and blacklist mga200 cards from + using wayland. + Related: #1591250 + +* Mon Aug 13 2018 Ray Strode - 3.28.3-1 +- Update to 3.28.3 + Resolves: #1615447 + +* Thu May 17 2018 Kalev Lember - 1:3.28.2-1 +- Update to 3.28.2 + +* Tue Apr 10 2018 Kalev Lember - 1:3.28.1-1 +- Update to 3.28.1 + +* Thu Mar 22 2018 Igor Gnatenko - 3.28.0-6 +- Fixup ldconfig in postun + +* Wed Mar 21 2018 Kevin Fenzi - 3.28.0-5 +- Fix my ldconfig fix to be actually correct. + +* Wed Mar 21 2018 Kevin Fenzi - 3.28.0-4 +- Fix post/postun calls to ldconfig scriptlet. + +* Tue Mar 20 2018 Ray Strode - 1:3.28.0-3 +- Drop /etc/dconf/db/gdm.d from list of dconf sources, that's + not longer used. + Related: #1546644 + +* Tue Mar 20 2018 Rex Dieter - 1:3.28.0-2 +- move pulseaudio-gdm-hooks content here +- use %%ldconfig %%make_build %%make_install %%systemd_requires + +* Tue Mar 13 2018 Kalev Lember - 1:3.28.0-1 +- Update to 3.28.0 + +* Sun Mar 11 2018 Kalev Lember - 1:3.27.92-1 +- Update to 3.27.92 + +* Fri Mar 02 2018 Kalev Lember - 1:3.27.91-1 +- Update to 3.27.91 + +* Mon Feb 19 2018 Ray Strode - 1:3.27.4-4 +- Make sure GDM checks systemd dconf databases + Related: #1546644 + +* Fri Feb 09 2018 Bastien Nocera - 3.27.4-3 ++ gdm-3.27.4-4 +- Update for gnome-settings-daemon changes + +* Wed Feb 07 2018 Fedora Release Engineering - 1:3.27.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 09 2018 Ray Strode - 3.27.4-1 +- Update to 3.27.4 + +* Sat Jan 06 2018 Igor Gnatenko - 1:3.26.2.1-4 +- Remove obsolete scriptlets + +* Thu Nov 30 2017 Ray Strode - 1:3.26.2.1-3 +- Add buildrequires for X server so it knows which -listen + variant to use. + https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/K2ZPZ43355YKAU66A5TDI3OSFU3U4T3M/ + +* Wed Nov 15 2017 Ray Strode - 1:3.26.2.1-2 +- Split PAM macros off into a new subpackage + Resolves: #1512212 + +* Wed Nov 01 2017 Kalev Lember - 1:3.26.2.1-1 +- Update to 3.26.2.1 + +* Tue Oct 24 2017 Ray Strode - 3.26.1-2 +- make sure initial-setup starts when wayland fails + Resolves: #1502827 + +* Sun Oct 08 2017 Kalev Lember - 1:3.26.1-1 +- Update to 3.26.1 + +* Thu Sep 14 2017 Kalev Lember - 1:3.26.0-1 +- Update to 3.26.0 + +* Fri Sep 08 2017 Kalev Lember - 1:3.25.92-1 +- Update to 3.25.92 + +* Tue Aug 15 2017 Kalev Lember - 1:3.25.90.1-1 +- Update to 3.25.90.1 + +* Mon Aug 14 2017 Ville Skyttä - 1:3.25.4.1-2 +- Own %%{_datadir}/{dconf,gdm/greeter,gir-1.0} dirs + +* Mon Jul 31 2017 Kalev Lember - 1:3.25.4.1-1 +- Update to 3.25.4.1 + +* Wed Jul 26 2017 Fedora Release Engineering - 1:3.25.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 25 2017 Kalev Lember - 1:3.25.3-1 +- Update to 3.25.3 + +* Wed May 10 2017 Kalev Lember - 1:3.24.2-1 +- Update to 3.24.2 + +* Wed Apr 12 2017 Kalev Lember - 1:3.24.1-1 +- Update to 3.24.1 + +* Sat Mar 25 2017 Ray Strode - 1:3.24.0-2 +- Fix fallback to X logic + Resolves: #1435010 + +* Tue Mar 21 2017 Kalev Lember - 1:3.24.0-1 +- Update to 3.24.0 + +* Fri Mar 17 2017 Kalev Lember - 1:3.23.92-1 +- Update to 3.23.92 + +* Mon Mar 06 2017 Kalev Lember - 1:3.23.91.1-1 +- Update to 3.23.91.1 + +* Mon Feb 13 2017 Richard Hughes - 1:3.23.4-1 +- Update to 3.23.4 + +* Fri Feb 10 2017 Fedora Release Engineering - 1:3.22.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 31 2017 Rui Matos - 1:3.22.1-2 +- Honor anaconda's firstboot being disabled + +* Wed Oct 12 2016 Kalev Lember - 1:3.22.1-1 +- Update to 3.22.1 +- Don't set group tags + +* Wed Sep 21 2016 Ray Strode - 3.22.0-2 +- Fix log in after log out + Resolves: #1373169 + +* Tue Sep 20 2016 Kalev Lember - 1:3.22.0-1 +- Update to 3.22.0 + +* Thu Sep 01 2016 Ray Strode - 1:3.21.91-2 +- Add buildrequire on kernel keyring development headers + +* Tue Aug 30 2016 Ray Strode - 1:3.21.91-1 +- Update to 3.21.91 + +* Tue Aug 30 2016 Ray Strode - 1:3.21.90-2 +- Fix autologin + +* Tue Aug 23 2016 Kalev Lember - 1:3.21.90-1 +- Update to 3.21.90 + +* Tue Jul 26 2016 Kalev Lember - 1:3.21.4-1 +- Update to 3.21.4 + +* Wed Jun 22 2016 Richard Hughes - 1:3.21.3-1 +- Update to 3.21.3 + +* Thu Apr 21 2016 Kalev Lember - 1:3.20.1-1 +- Update to 3.20.1 + +* Tue Mar 22 2016 Kalev Lember - 1:3.20.0-1 +- Update to 3.20.0 + +* Tue Mar 15 2016 Kalev Lember - 1:3.19.92-1 +- Update to 3.19.92 + +* Fri Mar 04 2016 Kalev Lember - 1:3.19.91-1 +- Update to 3.19.91 + +* Thu Feb 18 2016 Richard Hughes - 1:3.19.90-1 +- Update to 3.19.90 + +* Tue Feb 09 2016 Ray Strode - 3.19.4.1-4 +- More fixes need to get get gnome-terminal, gedit, etc working + Resolves: #1281675 + +* Thu Feb 04 2016 Ray Strode - 3.19.4.1-3 +- Fix gnome-terminal launched in an X session (and gedit etc) + Resolves: #1281675 + +* Wed Feb 03 2016 Fedora Release Engineering - 1:3.19.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 25 2016 Ray Strode - 3.19.4.1-1 +- Update to 3.19.4.1 + +* Thu Jan 21 2016 Kalev Lember 3.19.4-1 +- Update to 3.19.4 + +* Thu Dec 17 2015 Kalev Lember 3.19.2-1 +- Update to 3.19.2 + +* Tue Nov 10 2015 Ray Strode 3.19.2-0.1.20151110gitaf5957ad9 +- Update to git snapshot + +* Mon Sep 21 2015 Kalev Lember - 1:3.18.0-1 +- Update to 3.18.0 + +* Wed Sep 16 2015 Kalev Lember 3.17.92-1 +- Update to 3.17.92 + +* Mon Aug 24 2015 Ray Strode 3.17.90-1 +- Update to 3.17.90 +- Fixes sporadic failure to login and corruption of GDM_LANG + environment variable + +* Thu Aug 06 2015 Ray Strode 3.17.4-2 +- drop /bin and /sbin from default path + They don't make since given /usr merge + Resolves: #1251192 + +* Tue Jul 28 2015 Kalev Lember - 1:3.17.4-1 +- Update to 3.17.4 + +* Tue Jun 23 2015 Ray Strode 3.17.3.1-1 +- Update to 3.17.3.1 + +* Wed Jun 17 2015 Fedora Release Engineering - 1:3.17.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Ray Strode 3.17.2-1 +- Update to 3.17.2 + +* Thu Apr 16 2015 Ray Strode 3.16.1.1-1 +- Update to 3.16.1.1 + +* Thu Apr 16 2015 Kalev Lember 3.16.1-1 +- Update to 3.16.1 + +* Tue Apr 07 2015 Ray Strode 3.16.0.1-3 +- Fix permissions on /var/lib/gdm/.local/share +- Fixes starting Xorg without root on machines that started out + as Fedora 15 machines. + +* Fri Mar 27 2015 Ray Strode 3.16.0.1-2 +- set XORG_RUN_AS_USER_OK in environment + +* Tue Mar 24 2015 Kalev Lember - 1:3.16.0.1-1 +- Update to 3.16.0.1 + +* Tue Mar 24 2015 Ray Strode 3.16.0-2 +- actually quit plymouth at startup + +* Mon Mar 23 2015 Kalev Lember - 1:3.16.0-1 +- Update to 3.16.0 + +* Fri Mar 20 2015 Kalev Lember - 1:3.15.92-1 +- Update to 3.15.92 + +* Tue Mar 03 2015 Ray Strode 3.15.91.2-1 +- Update to 3.15.92.2 +- fixes "black screen on logout" of wayland sessions + +* Mon Mar 02 2015 Ray Strode 3.15.91.1-1 +- Update to 3.15.91.1 +- fixes deadlock on VT switch in some cases + +* Fri Feb 27 2015 Ray Strode 3.15.91-1 +- Update for 3.15.91 +- Reduces flicker +- Fixes hang for autologin + Resolves: #1197224 +- Fixes users that disable root running X in /etc/X11/Xwrapper.conf +- Fixes intermittent crash at login + +* Tue Feb 24 2015 Ray Strode - 1:3.15.90.5-1 +- Update to 3.15.90.5 +- gnome-initial-setup should work again + Resolves: #1194948 +- X will work better when configured to not need root + (still not perfect though) + +* Sun Feb 22 2015 Ray Strode - 1:3.15.90.4-1 +- Update to 3.15.90.4 +- Fixes bus activated X clients + +* Sat Feb 21 2015 Ray Strode - 1:3.15.90.3-1 +- Update to 3.15.90.3 +- Disables gnome-initial-setup support for now, which isn't functional + +* Fri Feb 20 2015 Ray Strode - 1:3.15.90.2-1 +- Update to 3.15.90.2 +- Fixes "no user list in the middle of my login screen" bug +- Require gnome-session-wayland-session since we default to wayland now + +* Fri Feb 20 2015 David King - 1:3.15.90.1-1 +- Update to 3.15.90.1 +- Use license macro for COPYING +- Use pkgconfig for BuildRequires +- Update URL + +* Thu Feb 19 2015 Richard Hughes - 1:3.15.90-1 +- Update to 3.15.90 + +* Fri Jan 23 2015 Ray Strode 3.15.3.1-4 +- Another user switching fix + Related: #1184933 + +* Thu Jan 22 2015 Ray Strode 3.15.3.1-3 +- Fix user switching + Resolves: #1184933 + +* Fri Jan 16 2015 Ray Strode 3.13.91-2 +- Fix pam_ecryptfs. unfortunately adds back gross last login messages. + Resolves: #1174366 + +* Fri Dec 19 2014 Richard Hughes - 1:3.15.3.1-1 +- Update to 3.15.3.1 + +* Fri Dec 19 2014 Richard Hughes - 1:3.15.3-1 +- Update to 3.15.3 + +* Tue Nov 25 2014 Kalev Lember - 1:3.15.2-1 +- Update to 3.15.2 + +* Tue Oct 14 2014 Kalev Lember - 1:3.14.1-1 +- Update to 3.14.1 + +* Mon Sep 22 2014 Kalev Lember - 1:3.14.0-1 +- Update to 3.14.0 + +* Wed Sep 17 2014 Kalev Lember - 1:3.13.92-1 +- Update to 3.13.92 + +* Wed Sep 03 2014 Kalev Lember - 1:3.13.91-2 +- Drop last GConf remnants + +* Wed Sep 03 2014 Kalev Lember - 1:3.13.91-1 +- Update to 3.13.91 + +* Sat Aug 16 2014 Fedora Release Engineering - 1:3.12.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 22 2014 Kalev Lember - 1:3.12.2-3 +- Rebuilt for gobject-introspection 1.41.4 + +* Sat Jun 07 2014 Fedora Release Engineering - 1:3.12.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 16 2014 Kalev Lember - 1:3.12.2-1 +- Update to 3.12.2 + +* Thu May 08 2014 Ray Strode - 1:3.12.1-3 +- Fix PATH + Resolves: #1095344 + +* Wed May 07 2014 Kalev Lember - 1:3.12.1-2 +- Drop gnome-icon-theme-symbolic dependency + +* Wed Apr 16 2014 Kalev Lember - 1:3.12.1-1 +- Update to 3.12.1 + +* Sat Apr 05 2014 Kalev Lember - 1:3.12.0-3 +- Fold -libs into the main gdm package + +* Sat Apr 05 2014 Kalev Lember - 1:3.12.0-2 +- Tighten subpackage deps + +* Tue Mar 25 2014 Richard Hughes - 1:3.12.0-1 +- Update to 3.12.0 + +* Thu Mar 20 2014 Richard Hughes - 1:3.11.92.1-1 +- Update to 3.11.92.1 + +* Fri Feb 21 2014 Richard Hughes - 1:3.11.90-1 +- Update to 3.11.90 + +* Wed Jan 15 2014 Richard Hughes - 1:3.11.4-1 +- Update to 3.11.4 + +* Sun Dec 22 2013 Ville Skyttä - 1:3.11.3-2 +- Drop empty TODO from docs, trivial rpmlint fixes. + +* Tue Dec 17 2013 Richard Hughes - 1:3.11.3-1 +- Update to 3.11.3 + +* Tue Nov 19 2013 Richard Hughes - 1:3.11.2-1 +- Update to 3.11.2 + +* Mon Oct 28 2013 Richard Hughes - 1:3.10.0.1-1 +- Update to 3.10.0.1 + +* Wed Sep 25 2013 Kalev Lember - 1:3.10.0-1 +- Update to 3.10.0 + +* Thu Aug 22 2013 Kalev Lember - 1:3.9.90-1 +- Update to 3.9.90 + +* Sat Aug 10 2013 Kalev Lember - 1:3.9.5-1 +- Update to 3.9.5 + +* Tue Jul 16 2013 Richard Hughes - 1:3.8.3.1-1 +- Update to 3.8.3.1 + +* Sat Jun 22 2013 Matthias Clasen - 3.8.3-2 +- Trim %%changelog + +* Fri Jun 14 2013 Ray Strode 3.8.3-1 +- Update to 3.8.3 + +* Tue May 21 2013 Matthias Clasen 1:3.8.1.1-6 +- Don't include the fallback greeter + +* Mon May 20 2013 Ray Strode 1:3.8.1.1-5 +- Fix permissions on /run/gdm + Resolves: #fudge + (http://lists.fedoraproject.org/pipermail/devel/2013-May/182906.html) + +* Mon May 20 2013 Ray Strode 1:3.8.1.1-4 +- Require gnome-shell. We no longer use the fallback greeter. + (Since gdm 3.7.92). + +* Fri May 17 2013 Ray Strode - 1:3.8.1.1-3 +- Build with -fpie + Resolves: #955154 + +* Thu May 16 2013 Florian Müllner - 1:3.8.1.1-2 +- Update branding + +* Wed Apr 17 2013 Richard Hughes - 1:3.8.1.1-1 +- Update to 3.8.1.1 + +* Mon Apr 15 2013 Kalev Lember - 1:3.8.1-1 +- Update to 3.8.1 + +* Mon Apr 01 2013 Kalev Lember - 1:3.8.0-2 +- Drop the metacity dep now that the fallback greeter is gone + +* Tue Mar 26 2013 Kalev Lember - 1:3.8.0-1 +- Update to 3.8.0 + +* Thu Mar 21 2013 Kalev Lember - 1:3.7.92-2 +- Drop the polkit-gnome dep now that the fallback greeter is gone + +* Wed Mar 20 2013 Richard Hughes - 1:3.7.92-1 +- Update to 3.7.92 + +* Wed Mar 6 2013 Matthias Clasen 3.7.91-1 +- Update to 3.7.91 + +* Wed Feb 27 2013 Ray Strode 3.7.90-3 +- Fix up runtime dir for real + +* Tue Feb 26 2013 Ray Strode 3.7.90-2 +- Fix up runtime dir path (spotted by dwalsh) + +* Fri Feb 22 2013 Kalev Lember - 1:3.7.90-1 +- Update to 3.7.90 + +* Wed Feb 06 2013 Kalev Lember - 1:3.7.5-1 +- Update to 3.7.5 + +* Wed Jan 09 2013 Richard Hughes - 1:3.7.3.1-1 +- Update to 3.7.3.1 + +* Tue Nov 20 2012 Richard Hughes - 1:3.7.2-1 +- Update to 3.7.2 + +* Tue Nov 20 2012 Matthias Clasen - 1:3.6.2-2 +- Remove patch fuzz of 999 + +* Wed Nov 14 2012 Kalev Lember - 1:3.6.2-1 +- Update to 3.6.2 + +* Mon Nov 05 2012 Ray Strode - 1:3.6.1-4 +- Fix GDM auth cookie problem + Related: #870695 + +* Mon Oct 29 2012 Matthias Clasen - 1:3.6.1-3 +- Add ppc to %%ExcludeArch + +* Thu Oct 18 2012 Matthias Clasen - 1:3.6.1-2 +- Require gnome-icon-theme-symbolic (#867718) + +* Tue Oct 16 2012 Kalev Lember - 1:3.6.1-1 +- Update to 3.6.1 + +* Tue Sep 25 2012 Richard Hughes - 1:3.6.0-1 +- Update to 3.6.0 + +* Wed Sep 19 2012 Matthias Clasen 1:3.5.92.1-1 +- Update to 3.5.92.1 + +* Fri Sep 07 2012 Ray Strode 1:3.5.91-2 +- Fix autologin +- Fix selinux context after forking session + +* Thu Sep 06 2012 Richard Hughes - 1:3.5.91-1 +- Update to 3.5.91 + +* Tue Aug 21 2012 Richard Hughes - 1:3.5.90-1 +- Update to 3.5.90 + +* Tue Aug 7 2012 Lennart Poettering - 1:3.5.5-2 +- https://fedoraproject.org/wiki/Features/DisplayManagerRework +- https://bugzilla.redhat.com/show_bug.cgi?id=846135 +- Ship and use gdm.service +- Force gdm onto VT1 + +* Tue Aug 07 2012 Richard Hughes - 1:3.5.5-1 +- Update to 3.5.5 + +* Fri Jul 27 2012 Fedora Release Engineering - 1:3.5.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jul 19 2012 Ray Strode 3.5.4.2-1 +- Update to 3.5.4.2 +- Fixes non-autologin + +* Thu Jul 19 2012 Ray Strode 3.5.4.1-1 +- Update to 3.5.4.1 +- Fixes autologin +- Fixes logind integration +- Fixes dconf incompatibility + +* Thu Jul 19 2012 Matthias Clasen - 1:3.5.4-3 +- Fix dconf profile syntax + +* Thu Jul 19 2012 Kalev Lember - 1:3.5.4-2 +- Require systemd >= 186 for libsystemd-login + +* Tue Jul 17 2012 Richard Hughes - 1:3.5.4-1 +- Update to 3.5.4 + +* Thu Jun 28 2012 Ray Strode 3.5.2-4 +- Build with plymouth support (woops). + +* Wed Jun 13 2012 Ray Strode 3.5.2-3 +- Drop unused spool dir + Related: #819254 + +* Sat Jun 9 2012 Matthias Clasen - 1:3.5.2-2 +- Fix gnome-shell detection + +* Thu Jun 07 2012 Richard Hughes - 1:3.5.2-1 +- Update to 3.5.2 + +* Sat Apr 14 2012 Matthias Clasen - 3.4.1-1 +- Update to 3.4.1 + +* Mon Apr 09 2012 Ray Strode 3.4.0.1-5 +- One more try at fixing crash + Resolves: #810451 + +* Mon Apr 09 2012 Ray Strode 3.4.0.1-4 +- Fix crash + Resolves: #810451 + +* Thu Apr 5 2012 Matthias Clasen 3.4.0.1-3 +- Make session unlocking after user switching work + +* Mon Apr 02 2012 Ray Strode 3.4.0.1-2 +- Move pam_gnome_keyring after XDG_RUNTIME_DIR is setup + Resolves: #809152 + +* Tue Mar 27 2012 Ray Strode 3.4.0.1-1 +- Update to 3.4.0.1 +- fixes autologin + +* Tue Mar 27 2012 Richard Hughes - 1:3.4.0-1 +- Update to 3.4.0 + +* Tue Mar 20 2012 Ray Strode 3.3.92.1-1 +- Update to 3.3.92.1 + +* Wed Feb 15 2012 Ray Strode 3.2.1.1-14 +- More consolekit registration fixes + +* Mon Feb 13 2012 Ray Strode 3.2.1.1-12 +- Restore ConsoleKit registration if ConsoleKit is installed + +* Tue Feb 7 2012 Lennart Poettering - 1:3.2.1.1-11 +- Add multi-seat patch from gdm git master + +* Thu Jan 26 2012 Ray Strode 3.2.1.1-10 +- Drop system-icon-theme requirement since we don't depend + on it anymore + +* Fri Jan 13 2012 Fedora Release Engineering - 1:3.2.1.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Nov 09 2011 Adam Williamson 1:3.2.1.1-8 +- sync with recent changes on f16 branch: + + update to 3.2.1.1 + + properly set up PAM files + + auth fixes + + put fallback plugin development files in -devel + + require metacity to fix #746693 + + fix logo in fallback mode - just set it to a Fedora file + +* Thu Nov 03 2011 Ray Strode 3.2.1-3 +- Drop fprintd-pam dependency and make Harald's laptop + more lean and streamlined. + +* Wed Oct 26 2011 Fedora Release Engineering - 1:3.2.1-2 +- Rebuilt for glibc bug#747377 + +* Tue Oct 18 2011 Ray Strode 3.2.1-1 +- Update to 3.2.1 +- Move plugins into main package + +* Wed Oct 5 2011 Adam Williamson - 1:3.2.0-2 +- shell_check.patch (upstream): re-add check for gnome-shell presence + before using it to handle login (RH #743596) + +* Wed Sep 28 2011 Ray - 1:3.2.0-1 +- Update to 3.2.0 + +* Tue Jun 28 2011 Ray Strode 3.1.2-3 +- Disable fatal critcals + Resolves: #717324 + +* Tue Jun 21 2011 Michael Schwendt - 3.1.2-2 +- Fix /dev/ull typo in scriptlets (#693046). + +* Mon Jun 13 2011 Ray Strode 3.1.2-1 +- Update for release + +* Mon Jun 06 2011 Ray Strode 3.0.4-1 +- Update to latest version + Resolves CVE-2011-1709 + +* Fri Apr 15 2011 Matthias Clasen - 3.0.0-2 +- Put the Fedora logo back in the greeter + +* Mon Apr 4 2011 Matthias Clasen - 3.0.0-1 +- Update to 3.0.0 + +* Tue Mar 22 2011 Ray Strode 2.91.94-1 +- Update to 2.91.94 + +* Wed Mar 09 2011 Ray Strode 2.91.93-2 +- Fix autologin crash + +* Tue Mar 08 2011 Ray Strode 2.91.93-1 +- Update to 2.91.93 + +* Tue Feb 22 2011 Ray Strode 2.91.6-11 +- Dropping async code didn't work. The bug was still + around. This commit should fix it. + +* Fri Feb 18 2011 Ray Strode 2.91.6-10 +- Fix user list async bugs by dropping async code and + moving to accounts service library + Resolves: #678236 +- Add requires for accounts service to spec since it isn't + optional (and hasn't been for a while) + +* Thu Feb 17 2011 Ray Strode 2.91.6-9 +- Add back session chooser + Resolves: #539638 + +* Mon Feb 14 2011 Ray Strode 2.91.6-8 +- Do build with pam stack changes need to get ecryptfs + working. + Resolves: #665061 + +* Mon Feb 14 2011 Ray Strode 2.91.6-7 +- Fix crasher and rendering glitches + Resolves: #674978 + +* Fri Feb 11 2011 Matthias Clasen - 2.91.6-6 +- Rebuild against newer gtk + +* Wed Feb 09 2011 Christopher Aillon - 2.91.6-5 +- Drop the requires on plymouth-gdm-hooks since it no longer exists + +* Tue Feb 08 2011 Fedora Release Engineering - 1:2.91.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Feb 07 2011 Bastien Nocera 2.91.6-3 +- Really disable gnome-settings-daemon plugins in the greeter + +* Fri Feb 04 2011 Ray Strode 2.91.6-2 +- Drop some unimportant patches +- Attempt to fix bug 674978 (theme related crash) + +* Wed Feb 02 2011 Ray Strode 2.91.6-1 +- Update to 2.91.6 + +* Sat Jan 29 2011 Ville Skyttä - 1:2.91.4-6 +- Dir ownership fixes. + +* Wed Jan 19 2011 Ray Strode 2.91.4-5 +- Fix swapped LHS and RHS in more-aggressive-about-loading-icons + patch + +* Wed Jan 19 2011 Ray Strode 2.91.4-4 +- Update previous patch to handle NULL better + +* Wed Jan 19 2011 Ray Strode 2.91.4-3 +- Fix icon ref counting issue + +* Wed Jan 19 2011 Ray Strode 2.91.4-2 +- Be more aggresive about loading icons + (right now we fail, which combined with fatal criticals + gives us crashes) + +* Fri Dec 17 2010 Ray Strode 2.91.4-1 +- Update to 2.91.4 + +* Wed Dec 15 2010 Christopher Aillon 2.32.0-4 +- Add maybe-set-is-loaded.patch to ensure we end up with a loaded user + +* Wed Dec 01 2010 Peter Hutterer 1:2.32.0-3 +- plymouth.patch: xserver 1.10 takes "-background none" root argument + instead of the fedora-specific "-nr". +- Add missing BuildRequires for dbus-glib-devel + +* Mon Nov 15 2010 Dan Williams 2.32.0-2 +- Fix upower build requirement + +* Wed Sep 29 2010 Ray Strode 2.32.0-1 +- Update to 2.32.0 + +* Tue Aug 17 2010 Ray Strode 2.31.90-1 +- Update to 2.31.90 + +* Wed Jun 16 2010 Matthias Clasen 2.30.2-3 +- Kill explicit library deps + +* Tue Apr 27 2010 Ray Strode 2.30.2-2 +- Update multistack patch +- Add accounts service patch +- Update plymouth patch + +* Tue Apr 27 2010 Matthias Clasen 2.30.2-1 +- Update to 2.30.2 +- Spec file cleanups + +* Tue Apr 06 2010 Ray Strode 2.30.0-2 +- Update plymouth patch to work with 0.8.1 + +* Mon Mar 29 2010 Matthias Clasen 2.30.0-1 +- Update to 2.30.0 + +* Wed Mar 24 2010 Matthias Clasen 2.29.92-4 +- Drop hal dependency + +* Tue Mar 09 2010 Ray Strode 2.29.92-3 +- Drop Prereq in favor of Requires(pre) + +* Tue Mar 09 2010 Ray Strode 2.29.92-2 +- Rebase multistack patch + +* Tue Mar 09 2010 Bastien Nocera 2.29.92-1 +- Update to 2.29.92 + +* Thu Feb 11 2010 Matthias Clasen 2.29.6-1 +- Update to 2.29.6 + +* Thu Jan 28 2010 Ray Strode 2.29.5-2 +- name graphical-login vprovides (bug 559268) + +* Tue Jan 26 2010 Ray Strode 2.29.5-1 +- Update to 2.29.5 + +* Sun Jan 17 2010 Matthias Clasen - 2.29.4-3 +- Rebuild + +* Thu Jan 14 2010 Ray Strode 2.29.4-2 +- Fix boot + +* Tue Dec 22 2009 Matthias Clasen - 2.29.4-1 +- Update to 2.29.4 + +* Wed Dec 09 2009 Ray Strode 2.29.1-3 +- Update to work better with latest plymouth + +* Thu Dec 03 2009 Ray Strode 2.29.1-2 +- Drop upstreamed patches +- rebase multi-stack patch + +* Tue Dec 01 2009 Bastien Nocera 2.29.1-1 +- Update to 2.29.1 + +* Sat Oct 31 2009 Matthias Clasen 2.28.1-20 +- Don't show 'Lock Screen' in the user switcher if locked down + +* Sat Oct 31 2009 Matthias Clasen 2.28.1-18 +- Actually set up statusicon padding + +* Fri Oct 30 2009 Ray Strode 2.28.1-17 +- Make the user list slide animation smoother + +* Thu Oct 29 2009 Ray Strode 2.28.1-16 +- Shrink autologin timer +- Make language dialog not double spaced + +* Thu Oct 29 2009 Ray Strode 2.28.1-15 +- Don't show fingerprint task button unless fingerprint is + enabled +- Don't show smartcard task button and list item unless + pcscd is running. + +* Wed Oct 28 2009 Ray Strode 2.28.1-14 +- Don't show image on login button + +* Wed Oct 28 2009 Ray Strode 2.28.1-13 +- Fix double free during user switching (might address + bug 512944) + +* Tue Oct 27 2009 Ray Strode 2.28.1-12 +- One more go at bug 527920 + +* Tue Oct 27 2009 Ray Strode 2.28.1-11 +- Tighten permissions on /var/run/gdm (bug 531063) + +* Mon Oct 26 2009 Ray Strode 2.28.1-10 +- Position shutdown menu properly on multihead machines + +* Fri Oct 23 2009 Ray Strode 2.28.1-9 +- Don't show hostname by default if it's localhost + +* Fri Oct 23 2009 Ray Strode 2.28.1-8 +- Attempt to fix crash some users see. +- Clean up rebase + +* Fri Oct 23 2009 Ray Strode 2.28.1-7 +- Show Other user even when there are no other users + (bug 527920) + +* Fri Oct 23 2009 Ray Strode 2.28.1-6 +- Properly read default keyboard layout (bug 530452) + +* Fri Oct 23 2009 Ray Strode 2.28.1-5 +- Remove tool tip from login button + +* Thu Oct 22 2009 Ray Strode 2.28.1-4 +- Fix autologin window spasms +- Fix autologin timer animation +- Make autologin and multistack play better together +- Add padding to notification tray + +* Wed Oct 21 2009 Ray Strode 2.28.1-3 +- Move date from panel to clock tooltip + +* Tue Oct 20 2009 Ray Strode 2.28.1-2 +- Move shutdown functions to panel from login window + +* Tue Oct 20 2009 Ray Strode 2.28.1-1 +- Update to 2.28.1 + +* Fri Oct 09 2009 Ray Strode 2.28.0-9 +- Fix Other... user. + +* Fri Oct 9 2009 Matthias Clasen - 1:2.28.0-8 +- Move bubbles to the lower right on the login screen + +* Wed Oct 07 2009 Ray Strode - 1:2.28.0-7 +- Fix gdm-password / xguest interaction (bug 524421) + +* Mon Oct 5 2009 Matthias Clasen - 1:2.28.4-6 +- Fix the autostart file for at-spi-registryd + +* Thu Oct 1 2009 Matthias Clasen - 1:2.28.4-5 +- Handle keyboard layout variants + +* Mon Sep 28 2009 Ray Strode - 1:2.28.0-4 +- Add cache dir to package manifest + +* Mon Sep 28 2009 Richard Hughes - 1:2.28.0-3 +- Add a patch to use DeviceKit-power rather than the removed methods in + gnome-power-manager. + +* Fri Sep 25 2009 Ray Strode 1:2.28.0-2 +- Fix autologin + +* Wed Sep 23 2009 Matthias Clasen 1:2.28.0-1 +- Update to 2.28.0 + +* Sat Aug 29 2009 Caolán McNamara 1:2.27.90-2 +- rebuild with new audit + +* Mon Aug 24 2009 Ray Strode 1:2.27.90-1 +- update to 2.27.90 + +* Fri Aug 21 2009 Tomas Mraz - 1:2.27.4-7 +- rebuilt with new audit + +* Wed Aug 19 2009 Lennart Poettering 1:2.27.4-6 +- Add pulseaudio-gdm-hooks to dependencies + +* Thu Aug 06 2009 Ray Strode 1:2.27.4-5 +- rebuild + +* Sat Aug 1 2009 Matthias Clasen 1:2.27.4-4 +- Drop unneeded direct deps + +* Fri Jul 24 2009 Ray Strode 1:2.27.4-3 +- Fix delay during login + +* Mon Jul 20 2009 Ray Strode 1:2.27.4-2 +- Use correct multi-stack patch + +* Mon Jul 20 2009 Ray Strode 1:2.27.4-1 +- Update to 2.27.4 + +* Thu Jul 02 2009 Adam Jackson 1:2.26.1-13 +- Requires: xorg-x11-xkb-utils -> Requires: setxkbmap + +* Wed Jul 01 2009 Ray Strode - 1:2.26.1-12 +- Drop defunct arch conditional buildrequires + +* Tue Jun 30 2009 Matthias Clasen - 1:2.26.1-11 +- Rebuild against new libxklavier + +* Fri Jun 12 2009 Matthias Clasen - 1:2.26.1-10 +- Bump rev to fix upgrade path + +* Tue Jun 9 2009 Matthias Clasen - 1:2.26.1-8 +- Port to PolicyKit 1 + +* Wed Jun 03 2009 Ray Strode - 1:2.26.1-5 +- Fix language parsing code (bug 502778) + +* Mon Apr 27 2009 Matthias Clasen - 1:2.26.1-4 +- Don't drop schemas translations from po files + +* Fri Apr 24 2009 Ray Strode - 1:2.26.1-3 +- Add Requires for pam modules in plugins + +* Tue Apr 21 2009 Ray Strode - 1:2.26.1-2 +- Stop inactive pam conversations when one succeeds. + Should fix bug 496234 + +* Tue Apr 14 2009 Ray Strode - 1:2.26.1-1 +- Update to 2.26.1 + +* Mon Apr 13 2009 Ray Strode - 1:2.26.0-8 +- Add less boring multistack patch for testing + +* Mon Mar 23 2009 Ray Strode - 1:2.26.0-7 +- Load session and language settings when username is read on + Other user + +* Fri Mar 20 2009 Ray Strode - 1:2.26.0-6 +- Fix problem in keyboard layout selector (483195) + +* Thu Mar 19 2009 Ray Strode - 1:2.26.0-5 +- Use gethostname() _properly_ instead of g_get_host_name() when writing + out xauth files, because the hostname may change out from + under us and glib caches it. + +* Thu Mar 19 2009 Ray Strode - 1:2.26.0-4 +- Use gethostname() instead of g_get_host_name() when writing + out xauth files, because the hostname may change out from + under us and glib caches it. + +* Wed Mar 18 2009 Ray Strode - 1:2.26.0-3 +- emit "user-selected" signal for non-user items in the list + as well. + +* Mon Mar 16 2009 Ray Strode - 1:2.26.0-2 +- Clean up empty auth dirs so they don't hang around forever + (bug 485974) + +* Mon Mar 16 2009 Ray Strode - 1:2.26.0-1 +- Update to 2.26.0 +- Drop gcc workaround. it might not be needed now. + +* Sat Mar 14 2009 Ray Strode - 1:2.25.2-20 +- Drop the use localhost patch because it broke things. + Instead add authorization that doesn't depend on a hostname + +* Thu Mar 12 2009 Ray Strode - 1:2.25.2-19 +- Add a lame patch in the off chance it might work around a + gcc bug on ppc: + unable to find register to spill in class 'LINK_OR_CTR_REGS' + Probably won't work. + +* Thu Mar 12 2009 Ray Strode - 1:2.25.2-18 +- Add Requires: libXau >= 1.0.4-4 to use localhost in xauth cookies +- Use localhost instead of g_get_host_name () + +* Thu Mar 12 2009 Ray Strode - 1:2.25.2-17 +- Don't force X server on active vt more than once + +* Tue Mar 10 2009 Ray Strode - 1:2.25.2-16 +- Store greeter's auth cookie under "localhost" instead + of g_get_host_name() since NetworkManager tries to synchronize + the internal hostname with the externally resolvable one. + +* Mon Mar 9 2009 Ray Strode - 1:2.25.2-15 +- Don't race with PAM modules that ask questions during + pam_open_session (and don't subsequently go bonkers when + losing the race). + +* Fri Mar 6 2009 Ray Strode - 1:2.25.2-14 +- Reset "start session when ready" state to FALSE when starting + new greeter from existing slave. May fix problem Chris Ball + is seeing with language selection in autologin the second time + after boot up. + +* Thu Mar 5 2009 Ray Strode - 1:2.25.2-13 +- 2.25.2-10 fixes were actually only for timed login. + Add same fix for auto login + +* Thu Mar 5 2009 Ray Strode - 1:2.25.2-12 +- Create settings object early to prevent assertion failures + when one pam conversation completes before another starts. + +* Wed Mar 4 2009 Ray Strode - 1:2.25.2-11 +- Bring back language/session/layout selector for autologin + +* Wed Mar 4 2009 Ray Strode - 1:2.25.2-10 +- Add some fixes for autologin + +* Tue Mar 3 2009 Ray Strode - 1:2.25.2-9 +- Add limited 'one-stack-only' version of multistack patch + (See https://fedoraproject.org/wiki/Features/MultiplePAMStacksInGDM) +- Drop 10 second delay in start up because of broken autostart + file + +* Fri Feb 27 2009 Matthias Clasen +- Require PolicyKit-authentication-agent + +* Tue Feb 24 2009 Matthias Clasen +- Refine the hal patch + +* Tue Feb 24 2009 Fedora Release Engineering - 1:2.25.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 20 2009 Matthias Clasen - 1:2.25.2-5 +- Get the default keyboard layout out of hal device properties + instead of /etc/sysconfig/keyboard + +* Fri Feb 20 2009 Ray Strode - 1:2.25.2-4 +- add Provides: service(graphical-login) to help anaconda + +* Thu Jan 22 2009 Ray Strode - 1:2.25.2-3 +- Open log files for append to make selinux lock down easier + +* Wed Dec 17 2008 Matthias Clasen - 1:2.25.2-2 +- Update to 2.25.2 +- Drop the xkb groups workaround to see if the issue disappeared + +* Thu Dec 4 2008 Matthias Clasen - 1:2.25.1-2 +- Update to 2.25.1 + +* Mon Oct 20 2008 Matthias Clasen - 1:2.24.0-11 +- Respect system keyboard setting + +* Wed Oct 15 2008 Ray Strode - 1:2.24.0-10 +- Rework "force X on vt1" code to work after the user logs out + +* Wed Oct 15 2008 Matthias Clasen - 1:2.24.0-9 +- Save some space + +* Fri Oct 3 2008 Matthias Clasen - 1:2.24.0-8 +- Don't show a non-functional help menuitem + +* Tue Sep 30 2008 Ray Strode - 1:2.24.0-7 +- Make panel slide in initially like the gnome panel + +* Tue Sep 30 2008 Ray Strode - 1:2.24.0-6 +- drop background priority change. Choppyiness in -3 ended up + being a bug in gnome-settings-daemon. +- pull patch from upstream to scale face icons with fontsize + +* Thu Sep 25 2008 Matthias Clasen - 1:2.24.0-5 +- Require gnome-session + +* Tue Sep 23 2008 Matthias Clasen - 1:2.24.0-4 +- Let /var/lib/gdm be owned by gdm, to make pulseaudio happy + +* Tue Sep 23 2008 Ray Strode - 1:2.24.0-3 +- Load background after everything else, so the crossfade + isn't choppy. + +* Mon Sep 22 2008 Ray Strode - 1:2.24.0-2 +- Fix permssions on spool dir + +* Mon Sep 22 2008 Matthias Clasen - 1:2.24.0-1 +- Update to 2.24.0 + +* Mon Sep 22 2008 Ray Strode - 1:2.23.92-10 +- Flush X event queue after setting _XROOTPMAP_ID so there's + no race with settings daemon reading the property + +* Fri Sep 19 2008 Ray Strode - 1:2.23.92-9 +- Fix crash from language dialog + +* Wed Sep 17 2008 Ray Strode - 1:2.23.92-8 +- canonicalize codeset to match output of locale -m +- filter duplicates from language list + +* Tue Sep 16 2008 Matthias Clasen - 1:2.23.92-7 +- Plug a few memory leaks + +* Tue Sep 16 2008 Ray Strode - 1:2.23.92-6 +- Use _XROOTPMAP_ID instead of _XSETROOT_ID + +* Tue Sep 16 2008 Ray Strode - 1:2.23.92-5 +- Save root window in XSETROOTID property for transition + +* Fri Sep 12 2008 Ray Strode - 1:2.23.92-4 +- Fix bug in last patch + +* Thu Sep 11 2008 Ray Strode - 1:2.23.92-3 +- Add hook to allow for plymouth transition + +* Tue Sep 9 2008 Jon McCann - 1:2.23.92-2 +- Disallow root login + +* Mon Sep 8 2008 Jon McCann - 1:2.23.92-1 +- Update to 2.23.92-1 + +* Thu Aug 28 2008 Jon McCann - 1:2.23.91-0.20080828.2 +- Update to non-broken snapshot + +* Thu Aug 28 2008 Jon McCann - 1:2.23.91-0.20080828.1 +- Update to snapshot + +* Mon Aug 25 2008 Jon McCann - 1:2.23.90-2 +- Add desktop file for metacity + +* Mon Aug 25 2008 Jon McCann - 1:2.23.90-1 +- Update to 2.23.90 + +* Thu Aug 14 2008 Behdad Esfahbod - 1:2.23.2-3 +- Add upstreamed patch gdm-2.23.2-unknown-lang.patch + +* Wed Aug 13 2008 Ray Strode - 1:2.23.2-2 +- Require plymouth-gdm-hooks so plymouth-log-viewer gets pulled + in on upgrades + +* Wed Jul 30 2008 Jon McCann - 1:2.23.2-1 +- Update to 2.23.2 + +* Mon Jul 28 2008 Jon McCann - 1:2.23.1.0.2008.07.28.1 +- Update to newer snapshot + +* Mon Jul 21 2008 Jon McCann - 1:2.23.1.0.2008.07.21.3 +- Update to newer snapshot + +* Mon Jul 21 2008 Jon McCann - 1:2.23.1.0.2008.07.21.2 +- Update to new snapshot + +* Mon Jul 21 2008 Jon McCann - 1:2.23.1.0.2008.07.21.1 +- Update to snapshot + +* Fri Jul 11 2008 Matthias Clasen - 1:2.22.0-12 +- Actually apply the patch + +* Thu Jul 10 2008 Matthias Clasen - 1:2.22.0-11 +- Fix some broken icons on the login screen + +* Thu Jul 10 2008 Matthias Clasen - 1:2.22.0-10 +- Improve rendering of languages + +* Thu Jul 3 2008 Jon McCann - 1:2.22.0-9 +- Check for a null filesystem type + +* Wed Jun 25 2008 Ray Strode - 1:2.22.0-8 +- After discussion with X team, turn tcp connections off by default, + but add back option to toggle on (bug 446672) + +* Wed Jun 25 2008 Ray Strode - 1:2.22.0-7 +- enable tcp connections by default + +* Thu May 8 2008 Matthias Clasen - 1:2.22.0-6 +- Add a GConf key to disable the user list + +* Mon May 5 2008 Matthias Clasen - 1:2.22.0-5 +- Autoreconf +- Bump rev + +* Mon May 5 2008 Matthias Clasen - 1:2.22.0-4 +- Add a keyboard chooser to the greeter + +* Sun May 4 2008 Matthias Clasen - 1:2.22.0-3 +- Fix source url + +* Fri May 1 2008 Jon McCann - 1:2.22.0-2 +- Retry tagging + +* Fri May 1 2008 Jon McCann - 1:2.22.0-1 +- Update to 2.22.0 +- Fix restarting when bus goes away + +* Thu May 1 2008 Ray Strode - 1:2.21.10-0.2008.05.01.1 +- ConsoleKit fixes +- Don't show session selector if only one session installed +- automatically pop up language/session selectors when using mnemonics + +* Tue Apr 29 2008 Jon McCann - 1:2.21.10-0.2008.04.29.2 +- Fix debugging +- Fix resetting slave after session migration +- Desensitize power buttons briefly after page switch +- Remove Users: label from greeter + +* Tue Apr 29 2008 Jon McCann - 1:2.21.10-0.2008.04.29.1 +- make transient greeter less transient to workaround spurious vt switch + +* Mon Apr 28 2008 Ray Strode - 1:2.21.10-0.2008.04.28.1 +- a11y improvements +- make "Suspend" desensitize properly when not-available +- make resize animation faster +- user switcher fixes + +* Fri Apr 18 2008 Ray Strode - 1:2.21.10-0.2008.04.18.2 +- Get Chinese back in language list + +* Fri Apr 18 2008 Ray Strode - 1:2.21.10-0.2008.04.18.1 +- start orca without main window +- add missing priorities for plugins +- add more failsafe lockdown + +* Wed Apr 16 2008 Ray Strode - 1:2.21.10-0.2008.04.16.1 +- Disable typeahead when asking for password so password can't get shown + in clear text (bug 442300) + +* Wed Apr 16 2008 Ray Strode - 1:2.21.10-0.2008.04.11.4 +- Use start-here instead of fedora-logo-icon to aid generic-logos + +* Fri Apr 11 2008 Matthias Clasen - 1:2.21.10-0.2008.04.11.3 +- Fix up the XKB workaround + +* Fri Apr 11 2008 Ray Strode - 1:2.21.10-0.2008.04.11.2 +- Fix security issue in last commit + +* Fri Apr 11 2008 Ray Strode - 1:2.21.10-0.2008.04.11.1 +- Fix focus handling when tabbing from user-chooser to buttons +- don't set real uid to user before setcred +- fix permissions on /var/run/gdm ... again + +* Thu Apr 10 2008 Matthias Clasen - 1:2.21.10-0.2008.04.08.4 +- Work around a XKB problem + +* Tue Apr 8 2008 Ray Strode - 1:2.21.10-0.2008.04.08.3 +- Language list was incomplete (bug 441613) + +* Tue Apr 8 2008 Ray Strode - 1:2.21.10-0.2008.04.08.2 +- Fix permissions on /var/run/gdm + +* Tue Apr 8 2008 Ray Strode - 1:2.21.10-0.2008.04.08.1 +- Install X auth cookies in /var/run/gdm instead of /tmp + +* Mon Apr 7 2008 Ray Strode - 1:2.21.10-0.2008.04.07.3 +- Disable image for automatic login and other user +- Act more sanely if gnome isn't installed + +* Mon Apr 7 2008 Ray Strode - 1:2.21.10-0.2008.04.07.2 +- Allow double-click to select language from list + +* Mon Apr 7 2008 Ray Strode - 1:2.21.10-0.2008.04.07.1 +- Make automatic login timer fade in +- No more checkboxes in user-switch applet + +* Sun Apr 6 2008 Ray Strode - 1:2.21.10-0.2008.04.06.1 +- Focus face browser after failed login attempt +- disable debug messages until 2.22.0 is released + +* Sat Apr 5 2008 Matthias Clasen - 1:2.21.10-0.2008.04.04.2 +- Improve handling of CK error messages + +* Sat Apr 5 2008 Ray Strode - 1:2.21.10-0.2008.04.04.1 +- Fix jump in animation for autologin +- Fix crash if LANG="somethingbogus" + +* Sat Apr 5 2008 Ray Strode - 1:2.21.10-0.2008.04.03.3 +- Fix crash when canceling autologin + +* Fri Apr 4 2008 Matthias Clasen - 1:2.21.10-0.2008.04.03.2 +- Uninstall gconf schemas before the files are gone + +* Thu Apr 3 2008 Ray Strode - 1:2.21.10-0.2008.04.03.1 +- Update to snapshot +- Improves shrink/grow animation of login window + +* Wed Apr 2 2008 Jon McCann - 1:2.21.10-0.2008.04.02.1 +- Update to snapshot + +* Mon Mar 31 2008 Matthias Clasen - 1:2.21.10-0.2008.03.26.4 +- Fix a directory ownership oversight + +* Wed Mar 26 2008 Jon McCann - 1:2.21.10-0.2008.03.26.3 +- Fix build due to #436349 + +* Wed Mar 26 2008 Jon McCann - 1:2.21.10-0.2008.03.26.2 +- Update to newer snapshot that includes more lockdown + +* Wed Mar 26 2008 Ray Strode - 1:2.21.10-0.2008.03.26.1 +- Update to snapshot +- Turn on profiling + +* Fri Mar 21 2008 Matthias Clasen - 1:2.21.10-0.2008.03.18.3 +- Don't require a theme we don't use + +* Wed Mar 19 2008 Ray Strode - 1:2.21.10-0.2008.03.18.2 +- Fix default path (bug 430187) + +* Tue Mar 18 2008 Jon McCann - 1:2.21.10-0.2008.03.18.1 +- Update to snapshot + +* Mon Mar 17 2008 Matthias Clasen - 1:2.21.9-5 +- Implement tooltips in the language selection dialog + +* Mon Mar 17 2008 Matthias Clasen - 1:2.21.9-4 +- Stop gvfs from using fuse in the sandbox session + +* Tue Mar 11 2008 Ray Strode - 1:2.21.9-3 +- remove duplication signal definition from bad patch merge + which led to crash for "Other" user + +* Mon Mar 10 2008 Jon McCann - 1:2.21.9-2 +- Fix case where we can't lookup a user. + +* Mon Mar 10 2008 Jon McCann - 1:2.21.9-1 +- Update to 2.21.9 + +* Mon Mar 10 2008 Ray Strode - 1:2.21.9-0.2008.03.10.2 +- Prevent some spurious wake ups caused by the + timed login timer animation + +* Mon Mar 10 2008 Ray Strode - 1:2.21.9-0.2008.03.10.1 +- Update to latest snapshot + +* Fri Mar 7 2008 David Woodhouse - 1:2.21.9-0.2008.02.29.3 +- Fix endianness breakage in signal pipes (#436333) + +* Mon Mar 3 2008 Ray Strode - 1:2.21.9-0.2008.02.29.2 +- Be more explicit in file list; use less globs +- Don't package user-switcher in both packages! + +* Fri Feb 29 2008 Ray Strode - 1:2.21.9-0.2008.02.29.1 +- Update to snapshot +- Split user-switcher out + +* Mon Feb 25 2008 Jon McCann - 1:2.21.8-1 +- Update to 2.21.8 + +* Tue Feb 12 2008 Jon McCann - 1:2.21.7-1 +- Update to 2.21.7 + +* Fri Feb 8 2008 Ray Strode - 1:2.21.7-0.2008.02.08.1 +- Update to snapshot + +* Wed Jan 30 2008 Jon McCann - 1:2.21.6-1 +- Update to 2.21.6 + +* Thu Jan 24 2008 Ray Strode - 1:2.21.5-2 +- add BuildRequires for iso-codes-devel + +* Fri Jan 18 2008 Jon McCann - 1:2.21.5-1 +- Update to 2.21.5 + +* Thu Jan 17 2008 Jon McCann - 1:2.21.2-0.2007.11.20.11 +- Rebuild + +* Mon Jan 15 2008 Dan Walsh - 1:2.21.2-0.2007.11.20.10 +- Fix gdm.pam file so that session include system-auth happens after other session setup + +* Mon Jan 7 2008 Ray Strode - 1:2.21.2-0.2007.11.20.9 +- hide guest account since it doesn't work + +* Fri Dec 21 2007 Ray Strode - 1:2.21.2-0.2007.11.20.8 +- Fix background (and other settings) + +* Wed Dec 19 2007 Ray Strode - 1:2.21.2-0.2007.11.20.7 +- Improve animation to be less jumpy + +* Fri Dec 14 2007 Ray Strode - 1:2.21.2-0.2007.11.20.6 +- Fix an uninitialized variable that makes the session list stop + growing before its finished sometimes + +* Thu Dec 13 2007 Ray Strode - 1:2.21.2-0.2007.11.20.5 +- add session chooser to login screen +- add hoaky animations + +* Fri Nov 30 2007 Matthias Clasen - 1:2.21.2-0.2007.11.20.4 +- Use the new "substack" support in pam to make keyring unlocking work + +* Tue Nov 20 2007 Ray Strode - 1:2.21.2-0.2007.11.20.3 +- use metacity for now + +* Tue Nov 20 2007 Ray Strode - 1:2.21.2-0.2007.11.20.2 +- Drop dont run profile patch since dwalsh changed /usr/sbin/gdm label + +* Tue Nov 20 2007 Ray Strode - 1:2.21.2-0.2007.11.20.1 +- Update to today's snapshot + +* Mon Nov 19 2007 Ray Strode - 1:2.21.2-0.2007.11.19.3 +- fix permissions on homedir + +* Mon Nov 19 2007 Ray Strode - 1:2.21.2-0.2007.11.19.2 +- move homedir to /var/lib/gdm + +* Mon Nov 19 2007 Ray Strode - 1:2.21.2-0.2007.11.19.1 +- Update to today's snapshot + +* Thu Nov 15 2007 Ray Strode - 1:2.21.2-0.2007.11.14.2 +- don't source /etc/profile at startup + +* Wed Nov 14 2007 Ray Strode - 1:2.21.2-0.2007.11.14.1 +- Update to today's snapshot + +* Fri Nov 9 2007 Ray Strode - 1:2.21.2-0.2007.11.09.1 +- Update to today's snapshot + +* Tue Oct 30 2007 Ray Strode - 1:2.21.1-0.2007.10.30.1 +- Update to today's snapshot + +* Tue Oct 23 2007 Ray Strode - 1:2.21.1-0.2007.10.23.1 +- Update to today's snapshot + +* Mon Oct 22 2007 Ray Strode - 1:2.21.1-0.2007.10.22.1 +- Add a snapshot gdm trunk, totally different unfinished ui... + +* Fri Oct 5 2007 Dan Walsh - 1:2.20.0-14 +- Added pam_selinux_permit and pam_namespace to gdm-pam + - This pam module allows user without a password to login when selinux is in enforcing mode +- Added pam_namespace to gdm-autologin-pam +- These changes were made to make it easier to setup the xguest user account + +* Tue Oct 3 2007 Alexander Larsson - 1:2.20.0-14 +- Fix up pam keyring integration to be what the latest version + of the docs says + +* Tue Oct 2 2007 Ray Strode - 1:2.20.0-13 +- Actually add said escape == cancel behavior back + +* Tue Oct 2 2007 Ray Strode - 1:2.20.0-12 +- Add escape == cancel behavior back + +* Mon Oct 1 2007 Matthias Clasen - 1:2.20.0-11 +- Fix a refcounting problem with user faces + +* Mon Oct 1 2007 Ray Strode - 1:2.20.0-10 +- apply upstream patch from Brady Anderson + to fix writing out .dmrc file when setting default language + (upstream bug 453916) + +* Fri Sep 28 2007 Ray Strode - 1:2.20.0-9 +- drop redhat-artwork dep, add fedorainfinity-gdm-theme dep + +* Fri Sep 28 2007 Ray Strode - 1:2.20.0-8 +- Another crack at 240853 + +* Fri Sep 28 2007 Matthias Clasen - 1:2.20.0-7 +- Fix the stupid bullets again + +* Thu Sep 27 2007 Ray Strode - 1:2.20.0-6 +- The previously mentioned typo didn't matter before because the + compiled in default matched what the config file was supposed to + say. This commit restores matched default behavior (bug 301031) + +* Thu Sep 27 2007 Ray Strode - 1:2.20.0-5 +- Fix an apparent typo in the securitytokens.conf config file + (bug 301031) + +* Thu Sep 20 2007 Matthias Clasen - 1:2.20.0-4 +- Reenable root login due to popular demand + +* Wed Sep 19 2007 Matthias Clasen - 1:2.20.0-3 +- Change default theme to FedoraInfinity + +* Wed Sep 19 2007 Matthias Clasen - 1:2.20.0-2 +- Fix a hang on restart (#240853) + +* Tue Sep 18 2007 Matthias Clasen - 1:2.20.0-1 +- Update to 2.20.0 + +* Wed Sep 12 2007 Ray Strode - 1:2.19.8-4 +- Change default password character back to circle instead of + asterisk (bug 287951) + +* Fri Sep 7 2007 Ray Strode - 1:2.19.8-3 +- rebuild --with-selinux + +* Fri Sep 7 2007 Ray Strode - 1:2.19.8-2 +- make things work better for xguest users (bug 254164) + +* Fri Sep 7 2007 Matthias Clasen - 1:2.19.8-1 +- Update to 2.19.8 + +* Tue Sep 4 2007 Matthias Clasen - 1:2.19.7-1 +- Update to 2.19.7 + +* Fri Aug 24 2007 Ray Strode - 1:2.19.6-5 +- use pam_selinux instead of home grown selinux code (bug 254164) + +* Wed Aug 22 2007 Kristian Høgsberg - 1:2.19.6-4 +- Pass -br to the default X server too. + +* Sat Aug 18 2007 Ray Strode - 1:2.19.6-3 +- disable root login (see "low-hanging fruit" discussion on + fedora-desktop-list) + +* Thu Aug 16 2007 Ray Strode - 1:2.19.6-2 +- disable type ahead in user list (bug 252991) + +* Wed Aug 15 2007 Matthias Clasen - 1:2.19.6-1 +- Update to 2.19.6 +- Use %%find_lang for help files + +* Sun Aug 12 2007 Adam Jackson 1:2.19.5-9 +- Remove the filereq on /etc/pam.d/system-auth, pam alone is sufficient. +- Bump the pam requirement to 0.99, 0.75 is ancient. + +* Sun Aug 12 2007 Matthias Clasen - 1:2.19.5-8 +- Make the previous fix actually work + +* Sun Aug 12 2007 Matthias Clasen - 1:2.19.5-7 +- Make gdmsetup work with consolehelper and pam again + +* Mon Aug 6 2007 Matthias Clasen - 1:2.19.5-6 +- Require gnome-keyring-pam + +* Mon Aug 6 2007 Ray Strode - 1:2.19.5-5 +- change previous patch to drop even more code + +* Mon Aug 6 2007 Ray Strode - 1:2.19.5-4 +- turn off dwellmouselistener if devices don't send core events. + don't warp pointer to stylus ever (upstream bug 457998) + +* Fri Aug 3 2007 Ray Strode - 1:2.19.5-3 +- remove dwellmouselistener module from default configuration. + It's pretty broken (bug 248752) + +* Fri Aug 3 2007 Matthias Clasen - 1:2.19.5-2 +- Update license field + +* Tue Jul 31 2007 Matthias Clasen - 1:2.19.5-1 +- Update to 2.19.5 + +* Mon Jul 30 2007 Matthias Clasen - 1:2.19.4-2 +- Add optional gnome-keyring support to the gdm pam stack + +* Tue Jul 10 2007 Ray Strode - 1:2.19.4-1 +- Update to 2.19.4 + +* Wed Jun 27 2007 Ray Strode - 1:2.19.3-3 +- set Browser=true by default + +* Wed Jun 27 2007 Matthias Clasen - 1:2.19.3-2 +- Drop an unnecessary file dependency + +* Mon Jun 18 2007 Ray Strode - 1:2.19.3-1 +- Update to 2.19.3 + +* Tue Jun 5 2007 Matthias Clasen - 1:2.19.2-1 +- Update to 2.19.2 + +* Mon May 21 2007 Matthias Clasen - 1:2.19.1-1 +- Update to 2.19.1 + +* Tue May 15 2007 Ray Strode - 1:2.18.0-14 +- hide users from userlist that have disabled shells + (bug 240148) + +* Thu May 10 2007 Matthias Clasen - 1:2.18.0-13 +- Follow packaging guidelines for scrollkeeper dependencies + +* Mon May 7 2007 Ray Strode - 1:2.18.0-12 +- reenable utmp logging (bug 209537) + +* Tue Apr 17 2007 Ray Strode - 1:2.18.0-11 +- Be more verbose to help isolate the problem in bug 234567 + +* Thu Apr 12 2007 Ray Strode - 1:2.18.0-10 +- add "Default" session back to the sessions menu (bug 234218) + +* Thu Apr 5 2007 Ray Strode - 1:2.18.0-9 +- don't expect utf-8 usernames for plain greeter face browser + either. + +* Thu Apr 5 2007 Ray Strode - 1:2.18.0-8 +- don't expect utf-8 usernames for face browser (bug 235351). + +* Thu Mar 29 2007 Ray Strode - 1:2.18.0-7 +- don't strcpy overlapping strings (bug 208181). + +* Tue Mar 27 2007 Matthias Clasen - 1:2.18.0-6 +- Hide gdmphotosetup by default, since About Me does the same + +* Tue Mar 20 2007 Ray Strode - 1:2.18.0-5 +- add fix to allow themes to cope with low resolution modes + better (bug 232672) + +* Mon Mar 19 2007 Ray Strode - 1:2.18.0-4 +- update and reenable security token patch + +* Mon Mar 19 2007 David Zeuthen - 1:2.18.0-3 +- Also pass AT's to the session from the plain greeter (#232518) +- New faces including new subpackage gdm-extra-faces + +* Tue Mar 13 2007 David Zeuthen - 1:2.18.0-2 +- Update to upstream release 2.18.0 +- Switch default theme to FedoraFlyingHigh and show /etc/passwd users +- Fix accessibility in the themed greeter (GNOME #412576) +- Enable accessible login, make sure gdm can access devices and + pass activated AT's to the login session (#229912) +- Disable smart card login for now as patch doesn't apply anymore + +* Fri Mar 9 2007 Ray Strode - 1:2.17.8-3 +- hide langauges that aren't displayable from the list (bug 206048) + +* Tue Mar 6 2007 Ray Strode - 1:2.17.8-2 +- turn off pam sanity check because it conflicts with audit + +* Wed Feb 28 2007 Matthias Clasen - 1:2.17.8-1 +- Update to 2.17.8 + +* Sat Feb 24 2007 Matthias Clasen - 1:2.17.7-5 +- Fix keynav in the face browser + +* Fri Feb 23 2007 David Zeuthen - 1:2.17.7-4 +- Add some enhancements to the greeter (bgo #411427) + +* Fri Feb 23 2007 Ray Strode - 1:2.17.7-3 +- Update to 2.17.7 + +* Fri Feb 23 2007 Matthias Clasen - 1:2.17.7-2 +- Don't own /usr/share/icons/hicolor +- Install all desktop files + +* Mon Feb 12 2007 Matthias Clasen - 1:2.17.7-1 +- try to update to 2.17.7 +- Drop upstreamed patches + +* Mon Feb 12 2007 Matthias Clasen - 1:2.17.6-4 +- Reuse existing sessions without asking +- Don't show failsafe sessions + +* Sat Feb 10 2007 Matthias Clasen - 1:2.17.6-3 +- Fix a problem with the ConsoleKit support + +* Tue Feb 6 2007 Matthias Clasen - 1:2.17.6-2 +- Apply a patch to improve fast user switching experience + +* Tue Jan 23 2007 Matthias Clasen - 1:2.17.6-1 +- Update to 2.17.6 + +* Sat Jan 13 2007 Matthias Clasen - 1:2.17.5-2 +- Enable ConsoleKit support + +* Thu Jan 11 2007 Matthias Clasen - 1:2.17.5-1 +- Update to 2.17.5 + +* Fri Dec 15 2006 Matthias Clasen - 1:2.17.4-1 +- Update to 2.17.4, which fixes CVE-2006-6105 + +* Tue Dec 5 2006 Matthias Clasen - 1:2.17.3-1 +- Update to 2.17.3 +- Update some patches + +* Tue Nov 7 2006 Matthias Clasen - 1:2.17.2-1 +- Update to 2.17.2 + +* Sun Nov 5 2006 Matthias Clasen - 1:2.17.1-1 +- Update to 2.17.1 + +* Thu Oct 26 2006 Matthias Clasen - 1:2.17.0-2 +- Fix a crash with launching a11y support + +* Sun Oct 22 2006 Matthias Clasen - 1:2.17.0-1 +- Update to 2.17.0 + +* Tue Oct 17 2006 Matthias Clasen - 1:2.16.0-17 +- Make photosetup help button work (#198138) + +* Sun Oct 15 2006 Ray Strode - 1:2.16.0-16.fc7 +- don't log canceled pam conversations as failed login attempts + +* Sun Oct 15 2006 Ray Strode - 1:2.16.0-15.fc7 +- Prefer modules in secmod db over hardcoded coolkey path + +* Sat Oct 14 2006 Ray Strode - 1:2.16.0-14.fc7 +- have security token monitor helper process kill itself when + the communication pipe to the main process goes away (bug 210677). + +* Wed Oct 10 2006 Ray Strode - 1:2.16.0-13.fc6 +- desensitize entry fields until pam asks for input, so if pam + doesn't initially ask for input (like in smart card required mode) + the user can't type something and confuse gdm (bug 201344) + +* Fri Oct 6 2006 Ray Strode - 1:2.16.0-12.fc6 +- invoke standard X server with -br option to ensure we get a + black root on startup + +* Thu Oct 5 2006 Ray Strode - 1:2.16.0-11.fc6 +- make monitoring code more reliable (bug 208018) + +* Wed Sep 27 2006 Matthias Clasen - 1:2.16.0-10.fc6 +- Fix small issues in gdmsetup (#208225) + +* Wed Sep 27 2006 Matthias Clasen - 1:2.16.0-9.fc6 +- Fix a problem with the display of the FedoraDNA theme + in gdmsetup + +* Tue Sep 19 2006 Ray Strode - 1:2.16.0-8.fc6 +- Add as_IN, si_LK to language list (bug 203917) + +* Mon Sep 18 2006 Ray Strode - 1:2.16.0-7.fc6 +- fix a problem recently introduced in the smart card forking + code + +* Mon Sep 18 2006 Ray Strode - 1:2.16.0-6.fc6 +- fix a problem recently introduced in the smart card driver + loading code (bug 206882) + +* Thu Sep 14 2006 Ray Strode - 1:2.16.0-5.fc6 +- don't leak pipe fds (bug 206709) + +* Thu Sep 14 2006 Ray Strode - 1:2.16.0-4.fc6 +- update security token patch to not poll + +* Fri Sep 8 2006 Jesse Keating - 1:2.16.0-3.fc6 +- Apply correct defaults patch + +* Thu Sep 7 2006 Matthias Clasen - 1:2.16.0-2.fc6 +- Change the default theme to FedoraDNA +- Bump redhat-artwork requirement + +* Tue Sep 5 2006 Matthias Clasen - 1:2.16.0-1.fc6 +- Update to 2.16.0 + +* Sat Aug 26 2006 Karsten Hopp - 1:2.15.10-2.fc6 +- buildrequire inttools as this isn't a requirement of scrollkeeper anymore + and thus missing from the buildroot + +* Mon Aug 21 2006 Matthias Clasen - 1:2.15.10-1.fc6 +- Update to 2.15.10 +- Drop upstreamed patch + +* Fri Aug 4 2006 Ray Strode - 1:2.15.9-1 +- update to 2.15.9 + +* Fri Aug 4 2006 Ray Strode - 1:2.15.7-2 +- update gdmsetup pam file to use config-util stacks + +* Thu Aug 3 2006 Ray Strode - 1:2.15.7-1 +- update to 2.15.7 +- drop selinux patch that I don't think was ever finished + +* Thu Aug 3 2006 Ray Strode - 1:2.15.6-14 +- fix face browser + (http://bugzilla.gnome.org/show_bug.cgi?id=349640) +- fix error message reporting + (http://bugzilla.gnome.org/show_bug.cgi?id=349758) + +* Fri Jul 21 2006 Ray Strode - 1:2.15.6-13 +- simply all the security token code by only using one pam stack +- drop lame kill on token removal feature + +* Fri Jul 21 2006 Ray Strode - 1:2.15.6-12 +- move authcookies out of home directories to prevent problems + on nfs/afs mounted home directories (bug 178233). + +* Fri Jul 21 2006 Ray Strode - 1:2.15.6-11 +- really fix annoying dialog problem mentioned in 2.15.6-6 + +* Wed Jul 19 2006 Ray Strode - 1:2.15.6-10 +- center cursor on xinerama head (bug 180085) + +* Tue Jul 18 2006 Ray Strode - 1:2.15.6-9 +- add "kill all sessions on token removal" feature + +* Tue Jul 18 2006 Ray Strode - 1:2.15.6-8 +- reenable session keyring support in pam module (bug 198629) + +* Mon Jul 17 2006 Ray Strode - 1:2.15.6-7 +- make security token support use its own config file in + preparation for modularizing it. + +* Mon Jul 17 2006 Ray Strode - 1:2.15.6-6 +- fix off-by-one in the process-all-ops patch that was causing + an anoying dialog to pop up on each login + +* Sun Jul 16 2006 Ray Strode - 1:2.15.6-5 +- add initial wtmp and btmp logging support + +* Fri Jul 14 2006 Ray Strode - 1:2.15.6-4 +- fix bug in security token support + +* Fri Jul 14 2006 Ray Strode - 1:2.15.6-3 +- fix hang in gdmsetup + +* Fri Jul 14 2006 Ray Strode - 1:2.15.6-2 +- put new pam module at top of stack (bug 198629) + +* Wed Jul 12 2006 Ray Strode - 1:2.15.6-1 +- Update to 2.15.6 + +* Wed Jul 12 2006 Ray Strode - 1:2.15.5-4 +- add new pam module to pam files to support kernel session keyring + +* Wed Jul 12 2006 Jesse Keating - 1:2.15.5-3.1 +- rebuild + +* Tue Jul 11 2006 Ray Strode 1:2.15.5-3 +- add initial support for smart card security tokens + +* Fri Jul 7 2006 Ray Strode 1:2.15.5-2 +- add patch to process all operations when more than one comes + in really quickly +- move default "Please enter your username" message to the + greeter instead of the slave so that it doesn't get stacked if + a pam module has a non default message +- add new message for reseting the current login operation + (like the cancel button does, but accessible via the gdm fifo) + +* Tue Jun 13 2006 Matthias Clasen 1:2.15.5-1 +- Update to 2.15.5 + +* Mon Jun 12 2006 Bill Nottingham 1:2.15.3-8 +- replace automake14 buildreq with automake + +* Thu Jun 8 2006 Ray Strode 1:2.15.3-7 +- fix CVE-2006-2452 + +* Wed Jun 7 2006 Jeremy Katz - 1:2.15.3-6 +- buildrequire the server so that we get the path right in the config file + +* Tue Jun 06 2006 Karsten Hopp 1:2.15.3-5 +- buildrequire libdmx-devel + +* Mon Jun 5 2006 Matthias Clasen - 1:2.15.3-4 +- Require system-logos, not fedora-logos + +* Tue May 23 2006 Ray Strode - 1:2.15.3-3 +- Support xdm -nodaemon option (bug 192461) + +* Mon May 22 2006 Matthias Clasen - 1:2.15.3-2 +- Add missing BuildRequires (#192494) + +* Wed May 17 2006 Matthias Clasen - 1:2.15.3-1 +- Update to 2.15.3 + +* Wed May 10 2006 Matthias Clasen - 1:2.15.0-1 +- Update to 2.15.0 + +* Wed Apr 26 2006 Matthias Clasen - 1:2.14.4-2 +- Update to 2.14.4 + +* Wed Apr 12 2006 Ray Strode - 1:2.14.1-4 +- fix libexecdir substitution problem in configuration file + +* Tue Apr 11 2006 Ray Strode - 1:2.14.1-3 +- Add gdmthemetester.in to the mix (upstream bug 338079) + +* Tue Apr 11 2006 Matthias Clasen - 1:2.14.1-2 +- Update to 2.14.1 + +* Mon Mar 13 2006 Ray Strode - 1:2.14.0-1 +- Update to 2.14.0 + +* Tue Mar 7 2006 Ray Strode - 1:2.13.0.9-4 +- Follow Solaris's lead and default to AlwaysRestartServer=True + (may work around bug 182957) + +* Mon Mar 6 2006 Ray Strode - 1:2.13.0.9-3 +- migrate users with baseXsession=/etc/X11/gdm/Xsession to + /etc/X11/xinit/Xsession + +* Mon Mar 6 2006 Ray Strode - 1:2.13.0.9-2 +- disable sounds completely when disabled in configuration file + (upstream bug 333435) + +* Tue Feb 28 2006 Ray Strode - 1:2.13.0.9-1 +- Update to 2.13.0.9 +- Use new %%post section, written by + Michal Jaegermann (bug 183082) + +* Sat Feb 25 2006 Ray Strode - 1:2.13.0.8-6 +- fix a broken link + +* Fri Feb 24 2006 Ray Strode - 1:2.13.0.8-5 +- change some /etc/X11 bits in the spec file to /etc + +* Sun Feb 19 2006 Ray Strode - 1:2.13.0.8-3 +- add server entry for accel-indirect branch of xorg + +* Wed Feb 15 2006 Ray and Matthias - 1:2.13.0.8-2 +- malloc memory that is later freed + +* Mon Feb 13 2006 Ray Strode - 1:2.13.0.8-1 +- update to 2.13.0.8 + +* Mon Feb 13 2006 Ray Strode - 1:2.13.0.7.0.2006.02.12-2 +- migrate custom.conf settings with /etc/X11/gdm to /etc/gdm + +* Sun Feb 12 2006 Ray Strode - 1:2.13.0.7.0.2006.02.12-1 +- update to cvs snapshot +- move gdm to /etc instead of /etc/X11 +- move custom gdm.conf to sysconfdir instead of symlinking from + datadir (bug 180364) + +* Fri Feb 10 2006 Jesse Keating - 1:2.13.0.7-2.1 +- bump again for double-long bug on ppc(64) + +* Thu Feb 9 2006 Matthias Clasen - 2.13.0.7-2 +- Make gdmsetup use consolehelper +- Don't use deprecated pam_stack + +* Tue Feb 07 2006 Jesse Keating - 1:2.13.0.7-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 31 2006 Ray Strode - 1:2.13.0.7-1 +- update to 2.13.0.7 + +* Mon Jan 30 2006 Bill Nottingham +- silence gdm-safe-restart + +* Thu Jan 19 2006 Ray Strode - 1:2.13.0.5-7 +- sed -ie isn't the same as sed -i -e (we want the latter) + +* Wed Jan 18 2006 Christopher Aillon - 1:2.13.0.5-6 +- Add patch to fix clock to default to 24h in locales that expect it (175453) + +* Tue Jan 17 2006 Ray Strode - 1:2.13.0.5-1 +- update to 2.13.0.5 (bug 178099) + +* Tue Jan 17 2006 Ray Strode - 1:2.13.0.4-5 +- add new theme by Diana Fong, Máirín Duffy, and me + +* Mon Jan 16 2006 Ray Strode - 1:2.13.0.4-4 +- improve migration snippet (bug 177443). + +* Fri Jan 13 2006 Ray Strode - 1:2.13.0.4-3 +- migrate X server configuration for pre-modular X configurations. + Problems reported by Dennis Gregorovic + +* Mon Jan 9 2006 Ray Strode - 1:2.13.0.4-2 +- use xinit Xsession again. + +* Mon Jan 9 2006 Ray Strode - 1:2.13.0.4-1 +- update to 2.13.0.4 + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Mon Nov 16 2005 Ray Strode - 1:2.8.0.4-13 +- Don't fallback to xsm, try gnome-session instead +- Require xorg-x11-xinit + +* Mon Nov 14 2005 Ray Strode - 1:2.8.0.4-12 +- Make sure that dbus-launch gets called if available + +* Mon Nov 14 2005 Ray Strode - 1:2.8.0.4-11 +- Don't use X session / setup files anymore. +- Don't install early login init scripts +- remove xsri dependency +- don't prune language lists anymore + +* Sun Nov 13 2005 Jeremy Katz - 1:2.8.0.4-10 +- also fix default xsession for where its moved in modular X + +* Sun Nov 13 2005 Jeremy Katz - 1:2.8.0.4-9 +- change requirements for modular X +- patch to find x server with modular X + +* Thu Oct 20 2005 Ray Strode 1:2.8.0.4-8 +- redhat-artwork was busted, require new version + +* Tue Oct 18 2005 Ray Strode 1:2.8.0.4-7 +- zero-initialize message buffer, + bug fixed by Josh Parson (jbparsons@usdavis.edu) (bug 160603) +- fix typo in redhat-artwork requires line + +* Mon Oct 17 2005 Steve Grubb 1:2.8.0.4-6 +- add login audit patch (bug 170569) + +* Mon Oct 17 2005 Ray Strode 1:2.8.0.4-5 +- bump redhat-artwork requirement to get rid of the boot + throbber for now, since it seems to have reappeared + mysteriously (bug 171025) +p +* Thu Oct 13 2005 Dan Walsh 1:2.8.0.4-4 +- Change to use getseuserbyname + +* Thu Sep 28 2005 Dan Walsh 1:2.8.0.4-3 +- Fix selinux not to fail when in permissive mode + +* Thu Sep 27 2005 Ray Strode 1:2.8.0.4-2 +- remove flexiserver from menus + +* Thu Sep 8 2005 Ray Strode 1:2.8.0.4-1 +- update to 2.8.0.4 + +* Tue Sep 6 2005 Ray Strode 1:2.8.0.2-4 +- Apply clean up patch from Steve Grubb (gnome bug 315388). + +* Tue Aug 30 2005 Ray Strode 1:2.8.0.2-3 +- Prune language list of installed languages +- Make config file noreplace again (bug 167087). + +* Sat Aug 20 2005 Ray Strode 1:2.8.0.2-2 +- hide throbber + +* Fri Aug 19 2005 Ray Strode 1:2.8.0.2-1 +- update to 2.8.0.2 +- disable early login stuff temporarily + +* Thu Aug 18 2005 Ray Strode 1:2.6.0.8-18 +- rebuild + +* Wed Aug 10 2005 Ray Strode 1:2.6.0.8-17 +- Prune uninstalled languages from language list. + +* Mon May 23 2005 Ray Strode 1:2.6.0.8-16 +- Make sure username/password incorrect message gets displayed + (bug 158127). +- reread system locale before starting gdm in early login mode + (bug 158376). + +* Thu May 19 2005 Ray Strode 1:2.6.0.8-15 +- Take out some syslog spew (bug 157711). + +* Thu May 12 2005 Ray Strode 1:2.6.0.8-14 +- Fix processing of new-line characters that got broken + in 2.6.0.8-11 (bug 157442). + +* Tue May 3 2005 Ray Strode 1:2.6.0.8-12 +- Fix processing of non-ascii characters that got broken + in 2.6.0.8-11, found by Miloslav Trmac , + (bug 156590). + +* Thu Apr 28 2005 Ray Strode 1:2.6.0.8-11 +- Fix halt command (bug 156299) +- Process all messages sent to the greeter in a read, not just + the first + +* Wed Apr 27 2005 Jeremy Katz - 1:2.6.0.8-10 +- silence %%postun + +* Tue Apr 26 2005 Ray Strode 1:2.6.0.8-9 +- Change default standard greeter theme to clearlooks and + default graphical greeter theme to Bluecurve specifically. + +- Change default path values (bug 154280) + +* Mon Apr 25 2005 Matthias Clasen 1:2.6.0.8-8 +- for early-login, delay XDMCP initialization until allow-login + +* Sun Apr 24 2005 Ray Strode 1:2.6.0.8-7 +- calling gdm_debug and g_strdup_printf from signal handlers are + bad news (Spotted by Mark McLoughlin ). + +* Tue Apr 19 2005 Matthias Clasen 1:2.6.0.8-6 +- Add a throbber for early login + +* Mon Apr 18 2005 Ray Strode 1:2.6.0.8-5 +- Don't install gnome.desktop to /usr/share/xsessions (bug 145791) + +* Thu Apr 14 2005 Matthias Clasen 1:2.6.0.8-4 +- Don't do early-login if firstboot is going to run +- Make early-login work with timed and automatic logins + +* Wed Apr 13 2005 Ray Strode 1:2.6.0.8-3 +- Don't hard code dpi setting to 96.0, but instead look at + Xft.dpi + +* Wed Apr 13 2005 Ray Strode 1:2.6.0.8-2 +- touch /var/lock/subsys/gdm-early-login so gdm gets killed on + runlevel changes (bug 154414) +- don't try to use system dpi settings for canvas text (bug 127532) +- merge resource database from displays other than :0 + +* Sat Apr 2 2005 Ray Strode 1:2.6.0.8-1 +- update to 2.6.0.8 +- add new init scripts to support early-login mode + +* Tue Mar 29 2005 Ray Strode 1:2.6.0.7-8 +- Add a --wait-for-bootup cmdline option. + +* Mon Mar 28 2005 Christopher Aillon +- rebuilt + +* Fri Mar 25 2005 Christopher Aillon 1:2.6.0.7-6 +- Update the GTK+ theme icon cache on (un)install + +* Fri Mar 11 2005 Alexandre Oliva 1:2.6.0.7-5 +- fix patch for bug 149899 (fixes bug 150745) + +* Wed Mar 09 2005 Than Ngo 1:2.6.0.7-4 +- add OnlyShowIn=GNOME; + +* Mon Feb 28 2005 Ray Strode 1:2.6.0.7-3 +- seteuid/egid as user before testing for presence of + user's home directory (fixes bug 149899) + +* Thu Feb 10 2005 Ray Strode 1:2.6.0.7-2 +- Turn off "switchdesk" mode by default which accidentally got + turned on by default in 2.6.0.5-4 + +* Wed Feb 2 2005 Matthias Clasen 1:2.6.0.7-1 +- Update to 2.6.0.7 + +* Tue Jan 25 2005 Ray Strode 1:2.6.0.5-11 +- Fix bug in greeter sort-session-list patch where selecting + a session did nothing (bug 145626) + +* Thu Dec 9 2004 Dan Walsh 1:2.6.0.5-10 +- Remove pam_selinux from gdmsetup pam file + +* Wed Dec 1 2004 Ray Strode 1:2.6.0.5-9 +- Look up and use username instead of assuming that user entered + login is cannonical. Patch from + Mike Patnode (fixes bug 141380). + +* Thu Nov 11 2004 Ray Strode 1:2.6.0.5-8 +- Sort session list so that default session comes out on top + (fixes bug 107324) + +* Wed Nov 10 2004 Ray Strode 1:2.6.0.5-7 +- Make desktop file symlink instead of absolute (bug 104390) +- Add flexiserver back to menus + +* Wed Oct 20 2004 Ray Strode 1:2.6.0.5-6 +- Clean up xses if the session was successfullly completed. + (fixes bug #136382) + +* Tue Oct 19 2004 Ray Strode 1:2.6.0.5-5 +- Prefer nb_NO over no_NO for Norwegian (fixes bug #136033) + +* Thu Oct 7 2004 Alexander Larsson - 1:2.6.0.5-4 +- Change default greeter theme to "Default", require + redhat-artwork with Default symlink. + +* Wed Sep 29 2004 Ray Strode 1:2.6.0.5-3 +- Check if there is a selected node before using iterator. + (fixes bug #133329). + +* Fri Sep 24 2004 Ray Strode 1:2.6.0.5-2 +- Don't mess with gdmphotosetup categories. Upstream categories + are fine. + +* Mon Sep 20 2004 Ray Strode 1:2.6.0.5-1 +- update to 2.6.0.5 + +* Tue Aug 3 2004 Matthias Clasen 1:2.6.0.3-5 +- fix messed up changelog + +* Tue Aug 3 2004 Matthias Clasen 1:2.6.0.3-4 +- rebuilt + +* Thu Aug 2 2004 Ray Strode 1:2.6.0.3-3 +- rebuilt + +* Mon Jul 26 2004 Bill Nottingham 1:2.6.0.3-2 +- fix theme (#128599) + +* Thu Jun 17 2004 Ray Strode 1:2.6.0.3-1 +- update to 2.6.0.3 (fixes bug #117677) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri May 21 2004 Matthias Clasen 1:2.6.0.0-5 +- rebuild + +* Mon May 17 2004 Than Ngo 1:2.6.0.0-4 +- add patch to build gdm-binary with PIE + +* Thu Apr 22 2004 Mark McLoughlin - 1:2.6.0.0-3 +- Update the "use switchdesk" message to only be display when + switchdesk-gui is installed and to not reference a non existant + menu item (bug #121460) + +* Fri Apr 2 2004 Colin Walters 1:2.6.0.0-2 +- Always put session errors in /tmp, in preparation for + completely preventing gdm from writing to /home/ + +* Thu Apr 1 2004 Alex Larsson 1:2.6.0.0-1 +- update to 2.6.0.0 + +* Tue Mar 16 2004 Dan Walsh 1:2.5.90.3-1 +- Use selinux patch again + +* Tue Mar 16 2004 Dan Walsh 1:2.5.90.3-1 +- Stop using selinux patch and use pam_selinux instead. + +* Wed Mar 10 2004 Alex Larsson 1:2.5.90.2-1 +- update to 2.5.90.2 + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Thu Feb 26 2004 Alexander Larsson 1:2.5.90.1-1 +- update to 2.5.90.1 + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Feb 03 2004 Warren Togami 1:2.4.4.5-9 +- add two lines to match upstream CVS to xdmcp_sessions.patch + Fully resolves #110315 and #113154 + +* Sun Feb 01 2004 Warren Togami 1:2.4.4.5-8 +- patch30 xdmcp_session counter fix from gdm-2.5.90.0 #110315 +- automake14 really needed, not automake +- BR libcroco-devel, libcroco-devel, libattr-devel, gettext +- conditionally BR libselinux-devel +- explicit epoch in all deps +- make the ja.po time format change with a sed expression rather than + overwriting the whole file (Petersen #113995) + +* Thu Jan 29 2004 Jeremy Katz - 1:2.4.4.5-7 +- fix build with current auto* + +* Tue Jan 27 2004 Jeremy Katz 1:2.4.4.5-5 +- try a simple rebuild for libcroco abi change + +* Mon Jan 26 2004 Dan Walsh 1:2.4.4.5-4 +- Fix call to is_selinux_enabled + +* Fri Jan 16 2004 Dan Walsh 1:2.4.4.5-3 +- Use /sbin/reboot and /sbin/poweroff instead of consolehelper version + +* Thu Oct 30 2003 Dan Walsh 1:2.4.4.5-2.sel +- turn on SELinux + +* Mon Oct 20 2003 Jonathan Blandford 2:2.4.4.5-1 +- get rid of the teal + +* Fri Oct 17 2003 Jonathan Blandford 1:2.4.4.5-1 +- new version + +* Thu Oct 9 2003 Jonathan Blandford 1:2.4.4.3-6.sel +- new patch from George to fix #106189 +- change bg color in rhdefaults patch +- turn off SELinux + +* Thu Oct 8 2003 Dan Walsh 1:2.4.4.3-6.sel +- turn on SELinux + +* Tue Oct 7 2003 Alexander Larsson 1:2.4.4.3-5 +- Fix greeter line-breaking crash (rest of #106189) + +* Tue Oct 7 2003 Alexander Larsson 1:2.4.4.3-4 +- Set the BaseXSession properly in the config. +- This fixes parts of bug #106189 + +* Mon Oct 6 2003 Havoc Pennington 1:2.4.4.3-3 +- change DefaultSession=Default.desktop to DefaultSession=default.desktop +- SELinux off again + +* Fri Oct 3 2003 Dan Walsh 1:2.4.4.3-2.sel +- turn on SELinux + +* Thu Oct 2 2003 Havoc Pennington 1:2.4.4.3-1 +- 2.4.4.3 +- --without-selinux for now, since libselinux not in the buildroot + +* Mon Sep 8 2003 Dan Walsh 1:2.4.4.0-4 +- turn off SELinux + +* Fri Sep 5 2003 Dan Walsh 1:2.4.4.0-3.sel +- turn on SELinux + +* Thu Sep 4 2003 Alexander Larsson 1:2.4.4.0-2 +- Use the right default session (#103546) + +* Wed Sep 3 2003 Alexander Larsson 1:2.4.4.0-1 +- update to 2.4.4.0 +- update to georges new selinux patch + +* Fri Aug 29 2003 Elliot Lee 1:2.4.2.102-2 +- Remove scrollkeeper files + +* Tue Aug 26 2003 George Lebl 1:2.4.2.102-1 +- updated to 2.4.2.102 +- removed outdated patches +- Use Xsetup_0 only for :0 since that's the way it works + for xdm +- remove the gnome.desktop file, its going into gnome-session + +* Thu Aug 14 2003 Havoc Pennington 1:2.4.1.6-1 +- update to latest bugfix version on george's advice +- remove setlocale patch that's upstream +- remove console setup patches that are upstream + +* Thu Jun 12 2003 Dan Walsh 2.4.1.3-9 +- Port to SELinux + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Jun 3 2003 Jeff Johnson +- add explicit epoch's where needed. + +* Sun May 04 2003 Florian La Roche +- fix post: localstatedir -> _localstatedir + +* Thu May 1 2003 Havoc Pennington 1:2.4.1.3-6 +- enable UTF-8 for CJK + +* Mon Feb 24 2003 Elliot Lee +- debuginfo rebuild + +* Thu Feb 20 2003 Owen Taylor +- Run the error dialogs under /bin/sh --login, so we + get lang.sh, and thus unicode_start running. Fixes + the X-doesn't-start dialog showing up as random + blinking characters. + +* Fri Feb 14 2003 Havoc Pennington 1:2.4.1.3-2 +- nuke buildreq Xft + +* Wed Feb 5 2003 Havoc Pennington 1:2.4.1.3-1 +- upgrade to 2.4.1.3 + +* Mon Feb 3 2003 Matt Wilson 1:2.4.1.1-6 +- added gdm-2.4.1.1-64bit.patch to fix 64 bit crash in cookie + generation (#83334) + +* Mon Feb 3 2003 Owen Taylor +- Add patch to fix problem where setting LC_COLLATE=C would give LC_MESSAGES=wa_BE (#82019) + +* Thu Jan 30 2003 Matt Wilson 1:2.4.1.1-3 +- fix pam.d entry, pam_env wasn't properly patched +- disable optimizations on x86_64 to work around gcc bug + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Mon Jan 20 2003 Owen Taylor +- Upgrade to 2.4.1.1 (Fixes #81907) +- Redirect stdout of kill to /dev/null (#80814) + +* Thu Jan 9 2003 Havoc Pennington +- 2.4.1.0 +- add patch from george to ask "are you sure?" for shutdown/reboot since it's now just one click away + +* Thu Dec 19 2002 Havoc Pennington +- 2.4.0.12 +- update new patch for no-utf8-in-cjk +- drop patch to photo setup, now upstream +- drop confdocs patch now upstream +- move all the gdm.conf changes into single "rhconfig" patch +- remove "sid-fix" patch now upstream + +* Mon Nov 11 2002 Nalin Dahyabhai 2.4.0.7-14 +- remove the directory part of module specifications from the PAM config files, + allowing the same PAM config to work for either arch on multilib boxes + +* Thu Sep 5 2002 Owen Taylor +- Change zh_CN entry in language menu to zh_CN.GB18030 + +* Thu Sep 5 2002 Akira TAGOH 2.4.0.7-12 +- copied gdm-ja.po to ja.po. + +* Mon Sep 2 2002 Owen Taylor +- Fix problem where gdm was opening ~/.xsession-errors itself to bad effect + +* Sat Aug 31 2002 Havoc Pennington +- include ja.po with new date format + +* Wed Aug 28 2002 Havoc Pennington +- remove noreplace on gdm.conf #71309 +- make gnome-gdmsetup absolute, #72910 + +* Wed Aug 28 2002 Havoc Pennington +- put /usr/X11R6/bin in path for now fixes #72781 +- use proper i18n algorithm for word wrap, #71937 +- remove greek text from language picker due to lack + of greek font +- reorder PAM config file #72657 + +* Wed Aug 28 2002 Havoc Pennington +- improve gdmsetup icon +- remove GNOME session, we will instead put it in gnome-session +- apply patch from george to make gdmphotosetup file selector + work + +* Mon Aug 26 2002 Elliot Lee 2.4.0.7-6 +- Patches for #64902, #66486, #68483, #71308 +- post-install script changes from the gdm.spec mentioned in #70965 +- noreplace on gdm.conf for #71309 + +* Sun Aug 25 2002 Havoc Pennington +- put in a patch from george to fix some setsid()/kill() confusion + possibly fixing #72295 +- turn off UseCirclesInEntry for now, fixes #72433 + +* Tue Aug 20 2002 Alexander Larsson +- Set UseCirclesInEntry to true in config + +* Thu Aug 15 2002 Havoc Pennington +- rename Gnome session to GNOME, this was just bugging me + +* Thu Aug 8 2002 Havoc Pennington +- 2.4.0.7 with bugfixes George kindly did for me, + including mnemonics for the graphical greeter +- use Wonderland gtk theme for the nongraphical greeter +- remove patches that are now upstream + +* Tue Jul 30 2002 Havoc Pennington +- update rhconfig patch +- use pam_timestamp for the config tool +- link to a desktop file in redhat-menus +- update .gnome2 patch, filed upstream bug +- 2.4.0.4 +- rebuild with new gail, librsvg2 + +* Tue Jun 25 2002 Owen Taylor +- Require redhat-artwork, make the default greeter theme Wonderland +- Look for all configuration in .gnome2 not .gnome. This avoids problems + with changes in the set of session/lang. +- Remove English from locale.alias, make most locales UTF-8 +- Call find_lang with the right name + +* Sun Jun 16 2002 Havoc Pennington +- rebuild for new libs +- put gdm-autologin pam config file in file list, hope + its absence wasn't deliberate +- use desktop-file-install + +* Mon Jun 10 2002 Havoc Pennington +- rebuild in different environment + +* Mon Jun 10 2002 Havoc Pennington +- 2.4.0.0 + +* Tue May 21 2002 Havoc Pennington +- rebuild in different environment + +* Tue May 21 2002 Havoc Pennington +- 2.3.90.3 + +* Tue May 14 2002 Matt Wilson 2.3.90.2.90-1 +- pulled from current CVS, named it 2.3.90.2.90-1 + +* Thu Feb 14 2002 Havoc Pennington +- rebuild for new libs +- add URL tag + +* Mon Feb 11 2002 Alex Larsson 2.3.90.1.90-1 +- Updated to a cvs snapshot that has the new greeter. + +* Thu Jan 24 2002 Havoc Pennington +- rebuild in rawhide + +* Tue Sep 4 2001 Havoc Pennington +- fix #52997 (ukrainian in language list) + +* Fri Aug 31 2001 Havoc Pennington +- Add po files from sources.redhat.com + +* Mon Aug 27 2001 Havoc Pennington +- Add po files from sources.redhat.com + +* Wed Aug 15 2001 Nalin Dahyabhai +- set SESSION to true in console.apps control file + +* Tue Aug 14 2001 Havoc Pennington +- change default title font to work in CJK, #51698 + +* Wed Aug 8 2001 Bill Nottingham +- fix %%pre for using /var/gdm as home dir + +* Sun Aug 5 2001 Nalin Dahyabhai +- Tweak PAM setup for gdmconfig to match other consolehelper users + +* Fri Aug 3 2001 Owen Taylor +- Set RUNNING_UNDER_GDM when running display init script +- Run xsri as the background program + +* Thu Aug 02 2001 Havoc Pennington +- Change how session switching works, #49480 +- don't offer to make Failsafe the default, #49479 + +* Thu Aug 02 2001 Havoc Pennington +- clean up some format string mess, and don't + log username to syslog, #5681 +- own some directories #50692 + +* Wed Aug 01 2001 Havoc Pennington +- require/buildrequire latest gnome-libs, to compensate + for upstream crackrock. #50554 + +* Tue Jul 31 2001 Havoc Pennington +- get rid of GiveConsole/TakeConsole, bug #33710 + +* Sun Jul 22 2001 Havoc Pennington +- use Raleigh theme for gdm + +* Thu Jul 19 2001 Havoc Pennington +- depend on usermode, xinitrc + +* Thu Jul 19 2001 Havoc Pennington +- build requires pam-devel, should fix #49448 + +* Mon Jul 16 2001 Havoc Pennington +- log to /var/log/gdm/* + +* Mon Jul 16 2001 Havoc Pennington +- make Halt... power off + +* Tue Jul 10 2001 Havoc Pennington +- gdm user's homedir to /var/gdm not /home/gdm + +* Mon Jul 09 2001 Havoc Pennington +- put pam.d/gdm back in file list + +* Sun Jul 08 2001 Havoc Pennington +- upgrade to 2.2.3.1, pray this fixes more than it breaks + +* Thu Jul 05 2001 Havoc Pennington +- add "rpm" user to those not to show in greeter + +* Tue Jul 03 2001 Havoc Pennington +- Upgrade to 2.2.3 +- require usermode since configure script now checks for it + +* Fri Jun 01 2001 Havoc Pennington +- Prereq for scrollkeeper-update + +* Thu May 30 2001 Havoc Pennington +- New CVS snap with the "no weird sessions" options; + more default settings changes + +* Wed May 30 2001 Havoc Pennington +- Change a bunch of default settings; remaining fixes will involve C hacking + +* Wed May 30 2001 Havoc Pennington +- After, oh, 2 years or so, finally upgrade version and set + release to 1. Remove all hacks and patches, pretty much; + this will break a few things, will be putting them back + via GNOME CVS. All changes should go in 'gdm2' module in + CVS for now. + + This RPM enables all kinds of features that I'm going to turn + off shortly, so don't get excited about them. ;-) + +* Thu Mar 22 2001 Nalin Dahyabhai +- reinitialize pam credentials after calling initgroups() -- the + credentials may be group memberships + +* Mon Mar 19 2001 Owen Taylor +- Fix colors patch + +* Thu Mar 15 2001 Havoc Pennington +- translations + +* Mon Mar 5 2001 Preston Brown +- don't screw up color map on 8 bit displays + +* Fri Feb 23 2001 Trond Eivind Glomsrød +- langify +- Don't define and use "ver" and "nam" at the top of the spec file +- use %%{_tmppath} + +* Tue Feb 13 2001 Tim Powers +- don't allow gdm to show some system accounts in the browser bugzilla + #26898 + +* Fri Jan 19 2001 Akira TAGOH +- Updated Japanese translation. + +* Tue Jan 02 2001 Havoc Pennington +- add another close() to the fdleak patch, bugzilla #22794 + +* Sun Aug 13 2000 Owen Taylor +- Return to toplevel main loop and start Xdcmp if enabled + (Bug #16106) + +* Fri Aug 11 2000 Jonathan Blandford +- Up Epoch and release + +* Wed Aug 02 2000 Havoc Pennington +- Requires Xsession script + +* Wed Jul 19 2000 Owen Taylor +- Italian is better as it_IT than it_CH (bugzilla 12425) + +* Mon Jul 17 2000 Jonathan Blandford +- Don't instally gdmconfig as it doesn't work. + +* Fri Jul 14 2000 Havoc Pennington +- Rearrange code to avoid calling innumerable system calls + in a signal handler + +* Fri Jul 14 2000 Havoc Pennington +- Verbose debug spew for infinite loop stuff + +* Fri Jul 14 2000 Havoc Pennington +- Try to fix infinite loops on X server failure + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Thu Jun 29 2000 Havoc Pennington +- Remove Docdir + +* Mon Jun 19 2000 Havoc Pennington +- Fix file descriptor leak (Bugzilla 12301) + +* Mon Jun 19 2000 Havoc Pennington +- Apply security errata patch we released for 6.2 +- Add Gnome.session back, don't know when it disappeared or why + +* Thu Jun 1 2000 Nalin Dahyabhai +- modify PAM setup to use system-auth + +* Fri May 19 2000 Havoc Pennington +- rebuild for the Winston tree + +* Fri Feb 04 2000 Havoc Pennington +- Modify Default.session and Failsafe.session not to add -login option to bash +- exec the session scripts with the user's shell with a hyphen prepended +- doesn't seem to actually work yet with tcsh, but it doesn't seem to + break anything. needs a look to see why it doesn't work + +* Fri Feb 04 2000 Havoc Pennington +- Link PreSession/Default to xdm/GiveConsole +- Link PostSession/Default to xdm/TakeConsole + +* Fri Feb 04 2000 Havoc Pennington +- Fix the fix to the fix (8877) +- remove docs/gdm-manual.txt which doesn't seem to exist from %%doc + +* Fri Feb 04 2000 Havoc Pennington +- Enhance 8877 fix by not deleting the "Please login" + message + +* Fri Feb 04 2000 Havoc Pennington +- Try to fix bug 8877 by clearing the message below + the entry box when the prompt changes. may turn + out to be a bad idea. + +* Mon Jan 17 2000 Elliot Lee +- Fix bug #7666: exec Xsession instead of just running it + +* Mon Oct 25 1999 Jakub Jelinek +- Work around so that russian works (uses koi8-r instead + of the default iso8859-5) + +* Tue Oct 12 1999 Owen Taylor +- Try again + +* Tue Oct 12 1999 Owen Taylor +- More fixes for i18n + +* Tue Oct 12 1999 Owen Taylor +- Fixes for i18n + +* Fri Sep 26 1999 Elliot Lee +- Fixed pipewrite bug (found by mkj & ewt). + +* Fri Sep 17 1999 Michael Fulbright +- added requires for pam >= 0.68 + +* Fri Sep 10 1999 Elliot Lee +- I just update this package every five minutes, so any recent changes are my fault. + +* Thu Sep 02 1999 Michael K. Johnson +- built gdm-2.0beta2 + +* Mon Aug 30 1999 Michael K. Johnson +- built gdm-2.0beta1 + +* Tue Aug 17 1999 Michael Fulbright +- included rmeier@liberate.com patch for tcp socket X connections + +* Mon Apr 19 1999 Michael Fulbright +- fix to handling ancient gdm config files with non-standard language specs +- dont close display connection for xdmcp connections, else we die if remote + end dies. + +* Fri Apr 16 1999 Michael Fulbright +- fix language handling to set GDM_LANG variable so gnome-session + can pick it up + +* Wed Apr 14 1999 Michael Fulbright +- fix so certain dialog boxes dont overwrite background images + +* Wed Apr 14 1999 Michael K. Johnson +- do not specify -r 42 to useradd -- it doesn't know how to fall back + if id 42 is already taken + +* Fri Apr 9 1999 Michael Fulbright +- removed suspend feature + +* Mon Apr 5 1999 Jonathan Blandford +- added patch from otaylor to not call gtk funcs from a signal. +- added patch to tab when username not added. +- added patch to center About box (and bring up only one) and ignore "~" + and ".rpm" files. + +* Fri Mar 26 1999 Michael Fulbright +- fixed handling of default session, merged all gdmgreeter patches into one + +* Tue Mar 23 1999 Michael Fulbright +- remove GNOME/KDE/AnotherLevel session scripts, these have been moved to + the appropriate packages instead. +- added patch to make option menus always active (security problem otherwise) +- added jrb's patch to disable stars in passwd entry field + +* Fri Mar 19 1999 Michael Fulbright +- made sure /usr/bin isnt in default path twice +- strip binaries + +* Wed Mar 17 1999 Michael Fulbright +- fixed to use proper system path when root logs in + +* Tue Mar 16 1999 Michael Fulbright +- linked Init/Default to Red Hat default init script for xdm +- removed logo from login dialog box + +* Mon Mar 15 1999 Michael Johnson +- pam_console integration + +* Tue Mar 09 1999 Michael Fulbright +- added session files for GNOME/KDE/AnotherLevel/Default/Failsafe +- patched gdmgreeter to not complete usernames +- patched gdmgreeter to not safe selected session permanently +- patched gdmgreeter to center dialog boxes + +* Mon Mar 08 1999 Michael Fulbright +- removed comments from gdm.conf file, these are not parsed correctly + +* Sun Mar 07 1999 Michael Fulbright +- updated source line for accuracy + +* Fri Feb 26 1999 Owen Taylor +- Updated patches for 1.0.0 +- Fixed some problems in 1.0.0 with installation directories +- moved /usr/var/gdm /var/gdm + +* Thu Feb 25 1999 Michael Fulbright +- moved files from /usr/etc to /etc + +* Tue Feb 16 1999 Michael Johnson +- removed commented-out #1 definition -- put back after testing gnome-libs + comment patch + +* Sat Feb 06 1999 Michael Johnson +- initial packaging