From 0e0bd2c04883940d02afc3dd327bb5cc10d4003cd7b0c6bc475963495d5b97e2 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 30 Jul 2007 18:15:18 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gdm?expand=0&rev=23 --- gdm-2.19.3-dbus-security-tokens.patch | 98 +++++++++++ gdm-2.19.3-reset-pam.patch | 189 ++++++++++++++++++++ gdm-2.19.3-token-login.patch | 240 ++++++++++++++++++++++++++ gdm.changes | 5 + gdm.spec | 10 +- 5 files changed, 541 insertions(+), 1 deletion(-) create mode 100644 gdm-2.19.3-dbus-security-tokens.patch create mode 100644 gdm-2.19.3-reset-pam.patch create mode 100644 gdm-2.19.3-token-login.patch diff --git a/gdm-2.19.3-dbus-security-tokens.patch b/gdm-2.19.3-dbus-security-tokens.patch new file mode 100644 index 0000000..ad34d5d --- /dev/null +++ b/gdm-2.19.3-dbus-security-tokens.patch @@ -0,0 +1,98 @@ +--- gdm-2.8.0.7/configure.ac~ 2007-01-19 14:00:55.000000000 -0500 ++++ gdm-2.8.0.7/configure.ac 2007-01-19 14:07:11.000000000 -0500 +@@ -141,7 +142,7 @@ PKG_CHECK_MODULES(VICIOUS, gtk+-2.0 >= $ + AC_SUBST(VICIOUS_CFLAGS) + AC_SUBST(VICIOUS_LIBS) + +-PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED) ++PKG_CHECK_MODULES(DAEMON, gtk+-2.0 >= $GTK_REQUIRED dbus-glib-1 >= $DBUS_REQUIRED) + AC_SUBST(DAEMON_CFLAGS) + AC_SUBST(DAEMON_LIBS) + +--- gdm-2.8.0.7/daemon/gdm.c~ 2007-01-19 14:00:55.000000000 -0500 ++++ gdm-2.8.0.7/daemon/gdm.c 2007-01-19 14:14:12.000000000 -0500 +@@ -42,6 +42,9 @@ + #include + #include + ++#define DBUS_API_SUBJECT_TO_CHANGE ++#include ++ + /* This should be moved to auth.c I suppose */ + + #include +@@ -70,6 +73,10 @@ + #include + #endif /* HAVE_LOGINDEVPERM */ + ++#define MONITOR_SERVICE "com.novell.Pkcs11Monitor" ++#define MONITOR_PATH "/com/novell/Pkcs11Monitor" ++#define MONITOR_INTERFACE "com.novell.Pkcs11Monitor" ++ + /* Local functions */ + static void gdm_config_parse (void); + static void gdm_handle_message (GdmConnection *conn, +@@ -78,6 +85,8 @@ static void gdm_handle_message (GdmConne + static void gdm_handle_user_message (GdmConnection *conn, + const char *msg, + gpointer data); ++static void gdm_reset_local_displays (void); ++static void gdm_watch_for_security_tokens (void); + static void gdm_daemonify (void); + static void gdm_safe_restart (void); + static void gdm_try_logout_action (GdmDisplay *disp); +--- gdm-2.19.3/daemon/gdm.c~ 2007-07-25 14:52:56.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm.c 2007-07-25 14:56:18.000000000 -0400 +@@ -1800,6 +1800,8 @@ main (int argc, char *argv[]) + gdm_xdmcp_run (); + } + ++ gdm_watch_for_security_tokens (); ++ + /* We always exit via exit (), and sadly we need to g_main_quit () + * at times not knowing if it's this main or a recursive one we're + * quitting. +@@ -4355,3 +4357,43 @@ gdm_handle_user_message (GdmConnection * + gdm_connection_close (conn); + } + } ++ ++static void ++gdm_reset_local_displays (void) ++{ ++ GSList *li; ++ ++ for (li = gdm_daemon_config_get_display_list (); li != NULL; li = li->next) { ++ GdmDisplay *d = li->data; ++ ++ if (d->attached) ++ send_slave_command (d, GDM_NOTIFY_RESET); ++ } ++} ++ ++static void ++gdm_watch_for_security_tokens (void) ++{ ++ DBusGConnection *conn; ++ GError *err = NULL; ++ DBusGProxy *monitor; ++ ++ conn = dbus_g_bus_get (DBUS_BUS_SYSTEM, &err); ++ if (!conn) { ++ gdm_error (_("Cannot connect to dbus bus; smart card support disabled: %s"), ++ err->message); ++ g_error_free (err); ++ return; ++ } ++ ++ monitor = dbus_g_proxy_new_for_name (conn, ++ MONITOR_SERVICE, ++ MONITOR_PATH, ++ MONITOR_INTERFACE); ++ ++ dbus_g_proxy_add_signal (monitor, "SecurityTokenInserted", G_TYPE_STRING, G_TYPE_INVALID); ++ dbus_g_proxy_connect_signal (monitor, "SecurityTokenInserted", G_CALLBACK (gdm_reset_local_displays), NULL, NULL); ++ ++ dbus_g_proxy_add_signal (monitor, "SecurityTokenRemoved", G_TYPE_STRING, G_TYPE_INVALID); ++ dbus_g_proxy_connect_signal (monitor, "SecurityTokenRemoved", G_CALLBACK (gdm_reset_local_displays), NULL, NULL); ++} diff --git a/gdm-2.19.3-reset-pam.patch b/gdm-2.19.3-reset-pam.patch new file mode 100644 index 0000000..ec991a7 --- /dev/null +++ b/gdm-2.19.3-reset-pam.patch @@ -0,0 +1,189 @@ +--- gdm-2.16.4/gui/greeter/greeter.c.reset-pam 2006-10-30 15:56:34.000000000 -0500 ++++ gdm-2.16.4/gui/greeter/greeter.c 2006-12-15 11:11:07.000000000 -0500 +@@ -168,7 +168,6 @@ + GtkWidget *dlg; + char *tmp; + char *session; +- GreeterItemInfo *conversation_info; + static GnomeCanvasItem *disabled_cover = NULL; + gchar *language; + gchar *selected_user = NULL; +@@ -328,16 +327,9 @@ + if (gtk_start_again_button != NULL) + gtk_widget_set_sensitive (gtk_start_again_button, FALSE); + +- conversation_info = greeter_lookup_id ("pam-conversation"); +- +- if (conversation_info) +- { +- tmp = ve_locale_to_utf8 (args); +- g_object_set (G_OBJECT (conversation_info->item), +- "text", tmp, +- NULL); +- g_free (tmp); +- } ++ greeter_item_ulist_unset_selected_user (); ++ greeter_item_pam_prompt ("", PW_ENTRY_SIZE, TRUE); ++ greeter_item_pam_message (""); + + printf ("%c\n", STX); + fflush (stdout); +--- gdm-2.16.4/daemon/slave.c.reset-pam 2006-12-15 11:03:01.000000000 -0500 ++++ gdm-2.16.4/daemon/slave.c 2006-12-15 11:03:01.000000000 -0500 +@@ -128,6 +128,12 @@ + static int greeter_fd_out = -1; + static int greeter_fd_in = -1; + ++/* a dup of the other side of greeter_fd_in so that ++ * the slave can talk to itself from its sig handler ++ * using the greeter ipc mechanism ++ */ ++static int slave_fd_out = -1; ++ + #ifdef HAVE_TSOL + static gboolean have_suntsol_extension = FALSE; + #endif +@@ -620,7 +626,7 @@ + } + + static void +-whack_greeter_fds (void) ++whack_greeter_and_slave_fds (void) + { + if (greeter_fd_out > 0) + VE_IGNORE_EINTR (close (greeter_fd_out)); +@@ -628,6 +634,9 @@ + if (greeter_fd_in > 0) + VE_IGNORE_EINTR (close (greeter_fd_in)); + greeter_fd_in = -1; ++ if (slave_fd_out > 0) ++ VE_IGNORE_EINTR (close (slave_fd_out)); ++ slave_fd_out = -1; + } + + static void +@@ -1078,7 +1087,7 @@ + + d->greetpid = 0; + +- whack_greeter_fds (); ++ whack_greeter_and_slave_fds (); + + gdm_slave_send_num (GDM_SOP_GREETPID, 0); + +@@ -1844,7 +1853,7 @@ + + d->greetpid = 0; + +- whack_greeter_fds (); ++ whack_greeter_and_slave_fds (); + + gdm_slave_send_num (GDM_SOP_GREETPID, 0); + } +@@ -2076,6 +2085,12 @@ + break; + } + ++ if (do_cancel) { ++ gdm_debug ("canceling..."); ++ gdm_slave_greeter_ctl_no_ret (GDM_RESETOK, ""); ++ continue; ++ } ++ + if (login == NULL) { + char *failuresound = gdm_get_value_string (GDM_KEY_SOUND_ON_LOGIN_FAILURE_FILE); + +@@ -4673,7 +4688,7 @@ + continue; + } + +- whack_greeter_fds (); ++ whack_greeter_and_slave_fds (); + + /* if greet is TRUE, then the greeter died outside of our + * control really, so clean up and die, something is wrong +@@ -4816,6 +4831,11 @@ + gdm_wait_for_go = FALSE; + } else if (strcmp (&s[1], GDM_NOTIFY_TWIDDLE_POINTER) == 0) { + gdm_twiddle_pointer (d); ++ } else if (strcmp (&s[1], GDM_NOTIFY_RESET) == 0) { ++ if (!d->logged_in) { ++ gdm_fdprintf (slave_fd_out, "%c%c%c\n", ++ STX, BEL, GDM_INTERRUPT_CANCEL); ++ } + } + } + } +--- gdm-2.19.3/daemon/slave.c~ 2007-07-18 14:10:20.000000000 -0400 ++++ gdm-2.19.3/daemon/slave.c 2007-07-18 14:12:23.000000000 -0400 +@@ -2877,10 +2877,11 @@ gdm_slave_greeter (void) + + default: + VE_IGNORE_EINTR (close (pipe1[0])); +- VE_IGNORE_EINTR (close (pipe2[1])); + + whack_greeter_and_slave_fds (); + ++ slave_fd_out = pipe2[1]; ++ + greeter_fd_out = pipe1[1]; + greeter_fd_in = pipe2[0]; + +@@ -4858,7 +4859,7 @@ gdm_slave_child_handler (int sig) + + greet = FALSE; + d->greetpid = 0; +- whack_greeter_fds (); ++ whack_greeter_and_slave_fds (); + gdm_slave_send_num (GDM_SOP_GREETPID, 0); + + do_restart_greeter = TRUE; +--- gdm-2.19.3/daemon/gdm-socket-protocol.h~ 2007-06-17 13:07:39.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm-socket-protocol.h 2007-07-25 14:47:23.000000000 -0400 +@@ -155,6 +155,8 @@ + #define GDM_SOP_SHOW_QUESTION_DIALOG "SHOW_QUESTION_DIALOG" /* show the question dialog from daemon */ + #define GDM_SOP_SHOW_ASKBUTTONS_DIALOG "SHOW_ASKBUTTON_DIALOG" /* show the askbutton dialog from daemon */ + ++/* Reset any in progress authentication conversations */ ++#define GDM_SOP_CANCEL_LOGIN_REQUESTS "CANCEL_LOGIN_REQUESTS" /* no arguments */ + + /* Ack for a slave message */ + /* Note that an extra response can follow an 'ack' */ +--- gdm-2.19.3/daemon/gdm-daemon-config-keys.h~ 2007-06-17 13:07:38.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm-daemon-config-keys.h 2007-07-25 14:46:49.000000000 -0400 +@@ -226,6 +226,7 @@ + #define GDM_NOTIFY_SOFT_RESTART_SERVERS "SOFT_RESTART_SERVERS" + #define GDM_NOTIFY_GO "GO" + #define GDM_NOTIFY_TWIDDLE_POINTER "TWIDDLE_POINTER" ++#define GDM_NOTIFY_RESET "RESET" + + G_END_DECLS + +--- gdm-2.19.3/daemon/slave.c~ 2007-07-25 15:25:09.000000000 -0400 ++++ gdm-2.19.3/daemon/slave.c 2007-07-25 15:26:22.000000000 -0400 +@@ -4881,7 +4881,7 @@ gdm_slave_child_handler (int sig) + continue; + } + +- whack_greeter_fds (); ++ whack_greeter_and_slave_fds (); + + /* if greet is TRUE, then the greeter died outside of our + * control really, so clean up and die, something is wrong +--- gdm-2.19.3/daemon/gdm.c~ 2007-07-25 15:40:40.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm.c 2007-07-25 15:41:39.000000000 -0400 +@@ -4344,6 +4344,14 @@ gdm_handle_user_message (GdmConnection * + gdm_connection_write (conn, "OK false\n"); + } else if (strcmp (msg, GDM_SUP_CLOSE) == 0) { + gdm_connection_close (conn); ++ } else if (strcmp (msg, GDM_SOP_CANCEL_LOGIN_REQUESTS) == 0) { ++ GSList *li; ++ for (li = gdm_daemon_config_get_display_list (); li != NULL; li = li->next) { ++ GdmDisplay *d = li->data; ++ if (!d->logged_in) { ++ send_slave_command (d, GDM_NOTIFY_RESET); ++ } ++ } + } else { + gdm_connection_write (conn, "ERROR 0 Not implemented\n"); + gdm_connection_close (conn); diff --git a/gdm-2.19.3-token-login.patch b/gdm-2.19.3-token-login.patch new file mode 100644 index 0000000..a2e2e84 --- /dev/null +++ b/gdm-2.19.3-token-login.patch @@ -0,0 +1,240 @@ +--- gdm-2.19.3/daemon/slave.c~ 2007-07-25 15:00:30.000000000 -0400 ++++ gdm-2.19.3/daemon/slave.c 2007-07-25 15:05:46.000000000 -0400 +@@ -116,6 +116,8 @@ static gboolean do_configurator = + static gboolean do_cancel = FALSE; /* If this is true, go back to + username entry & unselect + face browser (if present) */ ++static gboolean do_token_login = FALSE; /* if true, auth with smart ++ cards */ + static gboolean do_restart_greeter = FALSE; /* If this is true, whack the + greeter and try again */ + static gboolean restart_greeter_now = FALSE; /* Restart_greeter_when the +@@ -2081,11 +2083,14 @@ play_login_sound (const char *sound_file + static void + gdm_slave_wait_for_login (void) + { ++ gboolean verify_token; + const char *successsound; + char *username; + g_free (login); + login = NULL; + ++ do_token_login = FALSE; ++ + /* Chat with greeter */ + while (login == NULL) { + /* init to a sane value */ +@@ -2109,11 +2114,16 @@ gdm_slave_wait_for_login (void) + gdm_debug ("gdm_slave_wait_for_login: In loop"); + username = d->preset_user; + d->preset_user = NULL; ++ ++ verify_token = do_token_login; ++ do_token_login = FALSE; ++ + login = gdm_verify_user (d /* the display */, +- username /* username */, ++ verify_token ? "" : username /* username */, + d->name /* display name */, + d->attached /* display attached? */, +- TRUE /* allow retry */); ++ TRUE /* allow retry */, ++ verify_token); + g_free (username); + + gdm_debug ("gdm_slave_wait_for_login: end verify for '%s'", +@@ -2162,7 +2172,7 @@ gdm_slave_wait_for_login (void) + pwent->pw_name, + d->name, + d->attached, +- FALSE); ++ FALSE, FALSE); + gdm_daemon_config_set_value_bool (GDM_KEY_ALLOW_ROOT, oldAllowRoot); + + /* Clear message */ +@@ -5019,6 +5029,11 @@ gdm_slave_handle_usr2_message (void) + gdm_fdprintf (slave_fd_out, "%c%c%c\n", + STX, BEL, GDM_INTERRUPT_CANCEL); + } ++ } else if (strcmp (&s[1], GDM_NOTIFY_TOKEN_LOGIN) == 0) { ++ if (!d->logged_in && d->attached) { ++ gdm_fdprintf (slave_fd_out, "%c%c%c\n", ++ STX, BEL, GDM_INTERRUPT_TOKEN_LOGIN); ++ } + } + } else if (s[0] == GDM_SLAVE_NOTIFY_RESPONSE) { + gdm_got_ack = TRUE; +@@ -5219,6 +5234,10 @@ check_for_interruption (const char *msg) + do_restart_greeter = TRUE; + } + break; ++ case GDM_INTERRUPT_TOKEN_LOGIN: ++ do_token_login = TRUE; ++ do_cancel = TRUE; ++ break; + default: + break; + } +--- gdm-2.19.3/daemon/gdm.c~ 2007-07-25 15:00:37.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm.c 2007-07-25 15:08:09.000000000 -0400 +@@ -4359,7 +4359,7 @@ gdm_handle_user_message (GdmConnection * + } + + static void +-gdm_reset_local_displays (void) ++send_command_to_locals (const char *msg) + { + GSList *li; + +@@ -4367,11 +4367,23 @@ gdm_reset_local_displays (void) + GdmDisplay *d = li->data; + + if (d->attached) +- send_slave_command (d, GDM_NOTIFY_RESET); ++ send_slave_command (d, msg); + } + } + + static void ++gdm_reset_local_displays (void) ++{ ++ send_command_to_locals (GDM_NOTIFY_RESET); ++} ++ ++static void ++gdm_do_token_login (void) ++{ ++ send_command_to_locals (GDM_NOTIFY_TOKEN_LOGIN); ++} ++ ++static void + gdm_watch_for_security_tokens (void) + { + DBusGConnection *conn; +@@ -4392,7 +4404,7 @@ gdm_watch_for_security_tokens (void) + MONITOR_INTERFACE); + + dbus_g_proxy_add_signal (monitor, "SecurityTokenInserted", G_TYPE_STRING, G_TYPE_INVALID); +- dbus_g_proxy_connect_signal (monitor, "SecurityTokenInserted", G_CALLBACK (gdm_reset_local_displays), NULL, NULL); ++ dbus_g_proxy_connect_signal (monitor, "SecurityTokenInserted", G_CALLBACK (gdm_do_token_login), NULL, NULL); + + dbus_g_proxy_add_signal (monitor, "SecurityTokenRemoved", G_TYPE_STRING, G_TYPE_INVALID); + dbus_g_proxy_connect_signal (monitor, "SecurityTokenRemoved", G_CALLBACK (gdm_reset_local_displays), NULL, NULL); +--- gdm-2.19.3/daemon/gdm-socket-protocol.h~ 2007-07-25 15:00:30.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm-socket-protocol.h 2007-07-25 15:09:02.000000000 -0400 +@@ -75,6 +75,7 @@ + #define GDM_INTERRUPT_CUSTOM_CMD 'M' + #define GDM_INTERRUPT_CANCEL 'X' + #define GDM_INTERRUPT_SELECT_LANG 'O' ++#define GDM_INTERRUPT_TOKEN_LOGIN '$' + + /* List delimiter for config file lists */ + #define GDM_DELIMITER_MODULES ":" +--- gdm-2.19.3/daemon/gdm-daemon-config-keys.h~ 2007-07-25 15:00:30.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm-daemon-config-keys.h 2007-07-25 15:10:22.000000000 -0400 +@@ -105,6 +105,7 @@ G_BEGIN_DECLS + #define GDM_KEY_RETRY_DELAY "security/RetryDelay=1" + #define GDM_KEY_DISALLOW_TCP "security/DisallowTCP=true" + #define GDM_KEY_PAM_STACK "security/PamStack=gdm" ++#define GDM_KEY_PAM_STACK_SMARTCARD "security/SmartCardPamStack=gdm-smartcard" + #define GDM_KEY_NEVER_PLACE_COOKIES_ON_NFS "security/NeverPlaceCookiesOnNFS=true" + #define GDM_KEY_PASSWORD_REQUIRED "security/PasswordRequired=false" + #define GDM_KEY_XDMCP "xdmcp/Enable=false" +@@ -227,6 +228,7 @@ G_BEGIN_DECLS + #define GDM_NOTIFY_GO "GO" + #define GDM_NOTIFY_TWIDDLE_POINTER "TWIDDLE_POINTER" + #define GDM_NOTIFY_RESET "RESET" ++#define GDM_NOTIFY_TOKEN_LOGIN "TOKEN_LOGIN" + + G_END_DECLS + +--- gdm-2.19.3/daemon/verify.h~ 2007-06-17 13:07:39.000000000 -0400 ++++ gdm-2.19.3/daemon/verify.h 2007-07-25 15:12:17.000000000 -0400 +@@ -28,7 +28,8 @@ gchar *gdm_verify_user (GdmDisplay *d + const char *username, + const gchar *display, + gboolean local, +- gboolean allow_retry); ++ gboolean allow_retry, ++ gboolean token); + void gdm_verify_cleanup (GdmDisplay *d); + void gdm_verify_check (void); + void gdm_verify_select_user (const char *user); +--- gdm-2.19.3/daemon/verify-pam.c~ 2007-06-17 13:07:38.000000000 -0400 ++++ gdm-2.19.3/daemon/verify-pam.c 2007-07-25 15:11:57.000000000 -0400 +@@ -866,7 +866,8 @@ gdm_verify_user (GdmDisplay *d, + const char *username, + const gchar *display, + gboolean local, +- gboolean allow_retry) ++ gboolean allow_retry, ++ gboolean verify_token) + { + gint pamerr = 0; + struct passwd *pwent = NULL; +@@ -926,7 +927,10 @@ gdm_verify_user (GdmDisplay *d, + * PAM Stacks, in case one display should use a different + * authentication mechanism than another display. + */ +- pam_stack = gdm_daemon_config_get_value_string_per_display (GDM_KEY_PAM_STACK, (char *)display); ++ pam_stack = gdm_daemon_config_get_value_string_per_display (verify_token ++ ? GDM_KEY_PAM_STACK_SMARTCARD ++ : GDM_KEY_PAM_STACK, ++ (char *)display); + + if ( ! create_pamh (d, pam_stack, login, &pamc, display, &pamerr)) { + if (started_timer) +--- gdm-2.19.3/daemon/verify-shadow.c~ 2007-06-17 13:07:38.000000000 -0400 ++++ gdm-2.19.3/daemon/verify-shadow.c 2007-07-25 15:12:30.000000000 -0400 +@@ -106,7 +106,8 @@ gdm_verify_user (GdmDisplay *d, + const char *username, + const gchar *display, + gboolean local, +- gboolean allow_retry) ++ gboolean allow_retry, ++ gboolean token) + { + gchar *login, *passwd, *ppasswd; + struct passwd *pwent; +--- gdm-2.19.3/daemon/verify-crypt.c~ 2007-06-17 13:07:39.000000000 -0400 ++++ gdm-2.19.3/daemon/verify-crypt.c 2007-07-25 15:12:53.000000000 -0400 +@@ -105,7 +105,8 @@ gdm_verify_user (GdmDisplay *d, + const char *username, + const gchar *display, + gboolean local, +- gboolean allow_retry) ++ gboolean allow_retry, ++ gboolean token) + { + gchar *login, *passwd, *ppasswd; + struct passwd *pwent; +--- gdm-2.19.3/daemon/gdm-daemon-config.c~ 2007-06-17 13:07:39.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm-daemon-config.c 2007-07-25 15:17:46.000000000 -0400 +@@ -552,7 +552,8 @@ gdm_daemon_config_key_to_string_per_disp + + if (strcmp (group, "greeter") == 0 || + strcmp (group, "gui") == 0 || +- is_key (keystring, GDM_KEY_PAM_STACK)) { ++ is_key (keystring, GDM_KEY_PAM_STACK) || ++ is_key (keystring, GDM_KEY_PAM_STACK_SMARTCARD)) { + ret = gdm_daemon_config_key_to_string (file, keystring, retval); + } + +--- gdm-2.19.3/daemon/gdm-daemon-config-entries.h~ 2007-06-17 13:07:38.000000000 -0400 ++++ gdm-2.19.3/daemon/gdm-daemon-config-entries.h 2007-07-25 17:12:25.000000000 -0400 +@@ -208,6 +208,7 @@ typedef enum { + GDM_ID_SYSTEM_COMMANDS_IN_MENU, + GDM_ID_ALLOW_LOGOUT_ACTIONS, + GDM_ID_RBAC_SYSTEM_COMMAND_KEYS, ++ GDM_ID_SMART_CARD_PAM_STACK, + GDK_ID_LAST + } GdmConfigKey; + +@@ -363,6 +364,7 @@ static const GdmConfigEntry gdm_daemon_c + { GDM_CONFIG_GROUP_SECURITY, "RetryDelay", GDM_CONFIG_VALUE_INT, "1", GDM_ID_RETRY_DELAY }, + { GDM_CONFIG_GROUP_SECURITY, "DisallowTCP", GDM_CONFIG_VALUE_BOOL, "true", GDM_ID_DISALLOW_TCP }, + { GDM_CONFIG_GROUP_SECURITY, "PamStack", GDM_CONFIG_VALUE_STRING, "gdm", GDM_ID_PAM_STACK }, ++ { GDM_CONFIG_GROUP_SECURITY, "SmartCardPamStack", GDM_CONFIG_VALUE_STRING, "gdm-smartcard", GDM_ID_SMART_CARD_PAM_STACK }, + + { GDM_CONFIG_GROUP_SECURITY, "NeverPlaceCookiesOnNFS", GDM_CONFIG_VALUE_BOOL, "true", GDM_ID_NEVER_PLACE_COOKIES_ON_NFS }, + { GDM_CONFIG_GROUP_SECURITY, "PasswordRequired", GDM_CONFIG_VALUE_BOOL, "false", GDM_ID_PASSWORD_REQUIRED }, diff --git a/gdm.changes b/gdm.changes index 3f0e4ca..50a7277 100644 --- a/gdm.changes +++ b/gdm.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jul 30 16:41:29 CEST 2007 - jberkman@novell.com + +- use smartcard pam stack when cards are inserted + ------------------------------------------------------------------- Wed Jul 25 18:11:38 CEST 2007 - jpr@suse.de diff --git a/gdm.spec b/gdm.spec index 85baf8c..9314017 100644 --- a/gdm.spec +++ b/gdm.spec @@ -22,7 +22,7 @@ PreReq: %insserv_prereq License: GPL v2 or later Group: System/GUI/GNOME Version: 2.19.3 -Release: 9 +Release: 12 Summary: The GNOME 2.x Display Manager Source: %{name}-%{version}.tar.bz2 Source1: gdm.pamd @@ -53,6 +53,9 @@ Patch29: gdm-gdmsetup.patch Patch30: gdm-conf-custom-sysconfig.patch Patch33: gdm-2.13.0.4-audit-login.patch Patch34: gdm-2.17.7-vt-fallback.patch +Patch35: gdm-2.19.3-reset-pam.patch +Patch36: gdm-2.19.3-dbus-security-tokens.patch +Patch37: gdm-2.19.3-token-login.patch URL: http://www.gnome.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Docdir: %{_defaultdocdir} @@ -106,6 +109,9 @@ gnome-patch-translation-prepare %patch30 #%patch33 -p1 #%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 #gnome-patch-translation-update %build @@ -227,6 +233,8 @@ sed -i s:DISPLAYMANAGER=/opt/gnome/sbin/gdm:DISPLAYMANAGER=/usr/sbin/gdm:g etc/i %endif %changelog +* Mon Jul 30 2007 - jberkman@novell.com +- use smartcard pam stack when cards are inserted * Wed Jul 25 2007 - jpr@suse.de - Re-enable gdm-xdm-sessions.patch (#294498) * Tue Jul 24 2007 - jpr@suse.de