From 0ecacfd6123e4026c78d5d61670da0abdcbf7559 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Thu, 22 Jan 2015 11:51:18 -0500 Subject: [PATCH] manager: allow the login screen to do reauthentication At the moment, we only allow the user session to do reauthentication from its lock screen. If a user does user switching we instead open a new session for checking the user's password. This commit enables reauthentication from the login screen as well. --- daemon/gdm-manager.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index 8c41045..0278512 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -1161,84 +1161,89 @@ open_temporary_reauthentication_channel (GdmManager *self, self); address = gdm_session_get_server_address (session); return g_strdup (address); } static gboolean gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager, GDBusMethodInvocation *invocation, const char *username) { GdmManager *self = GDM_MANAGER (manager); const char *sender; GdmDisplay *display = NULL; GdmSession *session; GDBusConnection *connection; char *seat_id = NULL; char *session_id = NULL; GPid pid = 0; uid_t uid = (uid_t) -1; gboolean is_login_screen = FALSE; gboolean is_remote = FALSE; g_debug ("GdmManager: trying to open reauthentication channel for user %s", username); sender = g_dbus_method_invocation_get_sender (invocation); connection = g_dbus_method_invocation_get_connection (invocation); get_display_and_details_for_bus_sender (self, connection, sender, &display, &seat_id, &session_id, &pid, &uid, &is_login_screen, &is_remote); - if (is_login_screen) { - g_dbus_method_invocation_return_error_literal (invocation, - G_DBUS_ERROR, - G_DBUS_ERROR_ACCESS_DENIED, - "Login screen not allow to open reauthentication channel"); - return TRUE; - } - if (session_id == NULL || pid == 0 || uid == (uid_t) -1) { g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR, G_DBUS_ERROR_ACCESS_DENIED, _("No session available")); return TRUE; } - session = get_seed_session_for_display (display); + if (is_login_screen) { + session = find_session_for_user_on_seat (self, + username, + seat_id, + NULL); + } else { + session = get_seed_session_for_display (display); + } if (session != NULL && gdm_session_is_running (session)) { gdm_session_start_reauthentication (session, pid, uid); g_hash_table_insert (self->priv->open_reauthentication_requests, GINT_TO_POINTER (pid), invocation); + } else if (is_login_screen) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Login screen only allowed to open reauthentication channels for running sessions"); + return TRUE; } else { char *address; address = open_temporary_reauthentication_channel (self, seat_id, session_id, pid, uid, is_remote); gdm_dbus_manager_complete_open_reauthentication_channel (GDM_DBUS_MANAGER (manager), invocation, address); g_free (address); } return TRUE; } static void manager_interface_init (GdmDBusManagerIface *interface) { interface->handle_open_session = gdm_manager_handle_open_session; interface->handle_open_reauthentication_channel = gdm_manager_handle_open_reauthentication_channel; } static void set_up_greeter_session (GdmManager *manager, GdmDisplay *display) { char *allowed_user; struct passwd *passwd_entry; -- 2.2.1