File gdm-2.19.3-token-login.patch of Package gdmfactory
--- gdm-2.19.3/daemon/slave.c~ 2007-07-25 15:00:30.000000000 -0400
+++ gdm-2.19.3/daemon/slave.c 2007-07-25 15:05:46.000000000 -0400
@@ -116,6 +116,8 @@ static gboolean do_configurator =
static gboolean do_cancel = FALSE; /* If this is true, go back to
username entry & unselect
face browser (if present) */
+static gboolean do_token_login = FALSE; /* if true, auth with smart
+ cards */
static gboolean do_restart_greeter = FALSE; /* If this is true, whack the
greeter and try again */
static gboolean restart_greeter_now = FALSE; /* Restart_greeter_when the
@@ -2081,11 +2083,14 @@ play_login_sound (const char *sound_file
static void
gdm_slave_wait_for_login (void)
{
+ gboolean verify_token;
const char *successsound;
char *username;
g_free (login);
login = NULL;
+ do_token_login = FALSE;
+
/* Chat with greeter */
while (login == NULL) {
/* init to a sane value */
@@ -2109,11 +2114,16 @@ gdm_slave_wait_for_login (void)
gdm_debug ("gdm_slave_wait_for_login: In loop");
username = d->preset_user;
d->preset_user = NULL;
+
+ verify_token = do_token_login;
+ do_token_login = FALSE;
+
login = gdm_verify_user (d /* the display */,
- username /* username */,
+ verify_token ? "" : username /* username */,
d->name /* display name */,
d->attached /* display attached? */,
- TRUE /* allow retry */);
+ TRUE /* allow retry */,
+ verify_token);
g_free (username);
gdm_debug ("gdm_slave_wait_for_login: end verify for '%s'",
@@ -2162,7 +2172,7 @@ gdm_slave_wait_for_login (void)
pwent->pw_name,
d->name,
d->attached,
- FALSE);
+ FALSE, FALSE);
gdm_daemon_config_set_value_bool (GDM_KEY_ALLOW_ROOT, oldAllowRoot);
/* Clear message */
@@ -5019,6 +5029,11 @@ gdm_slave_handle_usr2_message (void)
gdm_fdprintf (slave_fd_out, "%c%c%c\n",
STX, BEL, GDM_INTERRUPT_CANCEL);
}
+ } else if (strcmp (&s[1], GDM_NOTIFY_TOKEN_LOGIN) == 0) {
+ if (!d->logged_in && d->attached) {
+ gdm_fdprintf (slave_fd_out, "%c%c%c\n",
+ STX, BEL, GDM_INTERRUPT_TOKEN_LOGIN);
+ }
}
} else if (s[0] == GDM_SLAVE_NOTIFY_RESPONSE) {
gdm_got_ack = TRUE;
@@ -5219,6 +5234,10 @@ check_for_interruption (const char *msg)
do_restart_greeter = TRUE;
}
break;
+ case GDM_INTERRUPT_TOKEN_LOGIN:
+ do_token_login = TRUE;
+ do_cancel = TRUE;
+ break;
default:
break;
}
--- gdm-2.19.3/daemon/gdm.c~ 2007-07-25 15:00:37.000000000 -0400
+++ gdm-2.19.3/daemon/gdm.c 2007-07-25 15:08:09.000000000 -0400
@@ -4359,7 +4359,7 @@ gdm_handle_user_message (GdmConnection *
}
static void
-gdm_reset_local_displays (void)
+send_command_to_locals (const char *msg)
{
GSList *li;
@@ -4367,11 +4367,23 @@ gdm_reset_local_displays (void)
GdmDisplay *d = li->data;
if (d->attached)
- send_slave_command (d, GDM_NOTIFY_RESET);
+ send_slave_command (d, msg);
}
}
static void
+gdm_reset_local_displays (void)
+{
+ send_command_to_locals (GDM_NOTIFY_RESET);
+}
+
+static void
+gdm_do_token_login (void)
+{
+ send_command_to_locals (GDM_NOTIFY_TOKEN_LOGIN);
+}
+
+static void
gdm_watch_for_security_tokens (void)
{
DBusGConnection *conn;
@@ -4392,7 +4404,7 @@ gdm_watch_for_security_tokens (void)
MONITOR_INTERFACE);
dbus_g_proxy_add_signal (monitor, "SecurityTokenInserted", G_TYPE_STRING, G_TYPE_INVALID);
- dbus_g_proxy_connect_signal (monitor, "SecurityTokenInserted", G_CALLBACK (gdm_reset_local_displays), NULL, NULL);
+ dbus_g_proxy_connect_signal (monitor, "SecurityTokenInserted", G_CALLBACK (gdm_do_token_login), NULL, NULL);
dbus_g_proxy_add_signal (monitor, "SecurityTokenRemoved", G_TYPE_STRING, G_TYPE_INVALID);
dbus_g_proxy_connect_signal (monitor, "SecurityTokenRemoved", G_CALLBACK (gdm_reset_local_displays), NULL, NULL);
--- gdm-2.19.3/daemon/gdm-socket-protocol.h~ 2007-07-25 15:00:30.000000000 -0400
+++ gdm-2.19.3/daemon/gdm-socket-protocol.h 2007-07-25 15:09:02.000000000 -0400
@@ -75,6 +75,7 @@
#define GDM_INTERRUPT_CUSTOM_CMD 'M'
#define GDM_INTERRUPT_CANCEL 'X'
#define GDM_INTERRUPT_SELECT_LANG 'O'
+#define GDM_INTERRUPT_TOKEN_LOGIN '$'
/* List delimiter for config file lists */
#define GDM_DELIMITER_MODULES ":"
--- gdm-2.19.3/daemon/gdm-daemon-config-keys.h~ 2007-07-25 15:00:30.000000000 -0400
+++ gdm-2.19.3/daemon/gdm-daemon-config-keys.h 2007-07-25 15:10:22.000000000 -0400
@@ -105,6 +105,7 @@ G_BEGIN_DECLS
#define GDM_KEY_RETRY_DELAY "security/RetryDelay=1"
#define GDM_KEY_DISALLOW_TCP "security/DisallowTCP=true"
#define GDM_KEY_PAM_STACK "security/PamStack=gdm"
+#define GDM_KEY_PAM_STACK_SMARTCARD "security/SmartCardPamStack=gdm-smartcard"
#define GDM_KEY_NEVER_PLACE_COOKIES_ON_NFS "security/NeverPlaceCookiesOnNFS=true"
#define GDM_KEY_PASSWORD_REQUIRED "security/PasswordRequired=false"
#define GDM_KEY_XDMCP "xdmcp/Enable=false"
@@ -227,6 +228,7 @@ G_BEGIN_DECLS
#define GDM_NOTIFY_GO "GO"
#define GDM_NOTIFY_TWIDDLE_POINTER "TWIDDLE_POINTER"
#define GDM_NOTIFY_RESET "RESET"
+#define GDM_NOTIFY_TOKEN_LOGIN "TOKEN_LOGIN"
G_END_DECLS
--- gdm-2.19.3/daemon/verify.h~ 2007-06-17 13:07:39.000000000 -0400
+++ gdm-2.19.3/daemon/verify.h 2007-07-25 15:12:17.000000000 -0400
@@ -28,7 +28,8 @@ gchar *gdm_verify_user (GdmDisplay *d
const char *username,
const gchar *display,
gboolean local,
- gboolean allow_retry);
+ gboolean allow_retry,
+ gboolean token);
void gdm_verify_cleanup (GdmDisplay *d);
void gdm_verify_check (void);
void gdm_verify_select_user (const char *user);
--- gdm-2.19.3/daemon/verify-pam.c~ 2007-06-17 13:07:38.000000000 -0400
+++ gdm-2.19.3/daemon/verify-pam.c 2007-07-25 15:11:57.000000000 -0400
@@ -866,7 +866,8 @@ gdm_verify_user (GdmDisplay *d,
const char *username,
const gchar *display,
gboolean local,
- gboolean allow_retry)
+ gboolean allow_retry,
+ gboolean verify_token)
{
gint pamerr = 0;
struct passwd *pwent = NULL;
@@ -926,7 +927,10 @@ gdm_verify_user (GdmDisplay *d,
* PAM Stacks, in case one display should use a different
* authentication mechanism than another display.
*/
- pam_stack = gdm_daemon_config_get_value_string_per_display (GDM_KEY_PAM_STACK, (char *)display);
+ pam_stack = gdm_daemon_config_get_value_string_per_display (verify_token
+ ? GDM_KEY_PAM_STACK_SMARTCARD
+ : GDM_KEY_PAM_STACK,
+ (char *)display);
if ( ! create_pamh (d, pam_stack, login, &pamc, display, &pamerr)) {
if (started_timer)
--- gdm-2.19.3/daemon/verify-shadow.c~ 2007-06-17 13:07:38.000000000 -0400
+++ gdm-2.19.3/daemon/verify-shadow.c 2007-07-25 15:12:30.000000000 -0400
@@ -106,7 +106,8 @@ gdm_verify_user (GdmDisplay *d,
const char *username,
const gchar *display,
gboolean local,
- gboolean allow_retry)
+ gboolean allow_retry,
+ gboolean token)
{
gchar *login, *passwd, *ppasswd;
struct passwd *pwent;
--- gdm-2.19.3/daemon/verify-crypt.c~ 2007-06-17 13:07:39.000000000 -0400
+++ gdm-2.19.3/daemon/verify-crypt.c 2007-07-25 15:12:53.000000000 -0400
@@ -105,7 +105,8 @@ gdm_verify_user (GdmDisplay *d,
const char *username,
const gchar *display,
gboolean local,
- gboolean allow_retry)
+ gboolean allow_retry,
+ gboolean token)
{
gchar *login, *passwd, *ppasswd;
struct passwd *pwent;
--- gdm-2.19.3/daemon/gdm-daemon-config.c~ 2007-06-17 13:07:39.000000000 -0400
+++ gdm-2.19.3/daemon/gdm-daemon-config.c 2007-07-25 15:17:46.000000000 -0400
@@ -552,7 +552,8 @@ gdm_daemon_config_key_to_string_per_disp
if (strcmp (group, "greeter") == 0 ||
strcmp (group, "gui") == 0 ||
- is_key (keystring, GDM_KEY_PAM_STACK)) {
+ is_key (keystring, GDM_KEY_PAM_STACK) ||
+ is_key (keystring, GDM_KEY_PAM_STACK_SMARTCARD)) {
ret = gdm_daemon_config_key_to_string (file, keystring, retval);
}
--- gdm-2.19.3/daemon/gdm-daemon-config-entries.h~ 2007-06-17 13:07:38.000000000 -0400
+++ gdm-2.19.3/daemon/gdm-daemon-config-entries.h 2007-07-25 17:12:25.000000000 -0400
@@ -208,6 +208,7 @@ typedef enum {
GDM_ID_SYSTEM_COMMANDS_IN_MENU,
GDM_ID_ALLOW_LOGOUT_ACTIONS,
GDM_ID_RBAC_SYSTEM_COMMAND_KEYS,
+ GDM_ID_SMART_CARD_PAM_STACK,
GDK_ID_LAST
} GdmConfigKey;
@@ -363,6 +364,7 @@ static const GdmConfigEntry gdm_daemon_c
{ GDM_CONFIG_GROUP_SECURITY, "RetryDelay", GDM_CONFIG_VALUE_INT, "1", GDM_ID_RETRY_DELAY },
{ GDM_CONFIG_GROUP_SECURITY, "DisallowTCP", GDM_CONFIG_VALUE_BOOL, "true", GDM_ID_DISALLOW_TCP },
{ GDM_CONFIG_GROUP_SECURITY, "PamStack", GDM_CONFIG_VALUE_STRING, "gdm", GDM_ID_PAM_STACK },
+ { GDM_CONFIG_GROUP_SECURITY, "SmartCardPamStack", GDM_CONFIG_VALUE_STRING, "gdm-smartcard", GDM_ID_SMART_CARD_PAM_STACK },
{ GDM_CONFIG_GROUP_SECURITY, "NeverPlaceCookiesOnNFS", GDM_CONFIG_VALUE_BOOL, "true", GDM_ID_NEVER_PLACE_COOKIES_ON_NFS },
{ GDM_CONFIG_GROUP_SECURITY, "PasswordRequired", GDM_CONFIG_VALUE_BOOL, "false", GDM_ID_PASSWORD_REQUIRED },
