void mdm_verify_set_user_settings (const char *user) {
char * session;
char * language;
gboolean savesess = FALSE;
if (mdm_verify_check_selectable_user(user)) {
mdm_debug("mdm_verify_set_user_settings: Checking settings for '%s'", user);
char * home_dir = g_strdup_printf("/home/%s", user);
if ( !(g_file_test(home_dir, G_FILE_TEST_EXISTS))) {
mdm_debug("mdm_verify_set_user_settings: user '%s' doesn't exist.", user);
return;
}
mdm_daemon_config_get_user_session_lang (&session, &language, home_dir, &savesess);
if (!ve_string_empty(session)) {
mdm_debug("mdm_verify_set_user_settings: Found session '%s'.", session);
mdm_slave_greeter_ctl_no_ret (MDM_SETSESS, session);
}
else {
mdm_debug("mdm_verify_set_user_settings: No session found, setting to default '%s'.", "default");
mdm_slave_greeter_ctl_no_ret (MDM_SETSESS, "default"); // Do not translate "default" here, it's a value
}
if (!ve_string_empty(language)) {
mdm_debug("mdm_verify_set_user_settings: Found language '%s'.", language);
mdm_slave_greeter_ctl_no_ret (MDM_SETLANG, language);
}
else {
const char * mdmlang = g_getenv ("LANG");
if (mdmlang) {
mdm_debug("mdm_verify_set_user_settings: No language found, setting to default '%s'.", mdmlang);
mdm_slave_greeter_ctl_no_ret (MDM_SETLANG, mdmlang);
}
}
}
}
gboolean
mdm_common_is_action_available (gchar *action)
{
gchar **allowsyscmd = NULL;
const gchar *allowsyscmdval;
gboolean ret = FALSE;
int i;
allowsyscmdval = mdm_config_get_string (MDM_KEY_SYSTEM_COMMANDS_IN_MENU);
if (allowsyscmdval)
allowsyscmd = g_strsplit (allowsyscmdval, ";", 0);
if (allowsyscmd) {
for (i = 0; allowsyscmd[i] != NULL; i++) {
if (strcmp (allowsyscmd[i], action) == 0) {
ret = TRUE;
break;
}
}
}
#ifdef HAVE_CHKAUTHATTR
if (ret == TRUE) {
gchar **rbackeys = NULL;
const gchar *rbackeysval;
const char *mdmuser;
mdmuser = mdm_config_get_string (MDM_KEY_USER);
rbackeysval = mdm_config_get_string (MDM_KEY_RBAC_SYSTEM_COMMAND_KEYS);
if (rbackeysval)
rbackeys = g_strsplit (rbackeysval, ";", 0);
if (rbackeys) {
for (i = 0; rbackeys[i] != NULL; i++) {
gchar **rbackey = g_strsplit (rbackeys[i], ":", 2);
if (mdm_vector_len (rbackey) == 2 &&
! ve_string_empty (rbackey[0]) &&
! ve_string_empty (rbackey[1]) &&
strcmp (rbackey[0], action) == 0) {
if (!chkauthattr (rbackey[1], mdmuser)) {
g_strfreev (rbackey);
ret = FALSE;
break;
}
}
g_strfreev (rbackey);
}
}
g_strfreev (rbackeys);
}
#endif
g_strfreev (allowsyscmd);
return ret;
}
static int
get_vt_num (char **vec, char *vtpart, int depth)
{
int i;
if (ve_string_empty (vtpart) || depth <= 0)
return -1;
if (strchr (vtpart, ':') == NULL)
return atoi (vtpart);
for (i = 0; vec[i] != NULL; i++) {
char **rvec;
rvec = g_strsplit (vec[i], ",", -1);
if (mdm_vector_len (rvec) != 3) {
g_strfreev (rvec);
continue;
}
if (strcmp (rvec[0], vtpart) == 0) {
/* could be nested? */
int r = get_vt_num (vec, rvec[2], depth-1);
g_strfreev (rvec);
return r;
}
g_strfreev (rvec);
}
return -1;
}
/* change to an existing vt */
static void
change_vt (int vt)
{
char *cmd;
char *ret;
cmd = g_strdup_printf (MDM_SUP_SET_VT " %d", vt);
ret = mdmcomm_call_mdm (cmd, auth_cookie, "1.0.0.0", 5);
g_free (cmd);
if (ve_string_empty (ret) ||
strcmp (ret, "OK") != 0) {
GtkWidget *dialog;
const char *message = mdmcomm_get_error_message (ret, use_xnest);
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot change display"),
message);
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
}
g_free (ret);
}
static void
print_cant_auth_errbox (void)
{
gboolean is_capslock = FALSE;
const char *basemsg;
char *msg;
char *ret;
ret = mdm_slave_greeter_ctl (MDM_QUERY_CAPSLOCK, "");
if ( ! ve_string_empty (ret))
is_capslock = TRUE;
g_free (ret);
basemsg = _("\nIncorrect username or password. "
"Letters must be typed in the correct "
"case.");
if (is_capslock) {
msg = g_strconcat (basemsg, " ",
_("Caps Lock is on."),
NULL);
} else {
msg = g_strdup (basemsg);
}
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX, msg);
g_free (msg);
}
/**
* mdm_config_get_xserver_details
*
* Calls daemon to get details for an xserver config.
*/
static gchar *
mdm_config_get_xserver_details (const gchar *xserver,
const gchar *key)
{
gchar *command = NULL;
gchar *result = NULL;
gchar *temp;
command = g_strdup_printf ("GET_SERVER_DETAILS %s %s", xserver, key);
result = mdmcomm_call_mdm (command, NULL /* auth cookie */,
"1.0.0.0", comm_tries);
g_free (command);
if (! result || ve_string_empty (result) ||
strncmp (result, "OK ", 3) != 0) {
mdm_common_error ("Could not access xserver configuration");
if (result)
g_free (result);
return NULL;
}
/* skip the "OK " */
temp = g_strdup (result + 3);
g_free (result);
return temp;
}
static int
get_cur_vt (void)
{
char *result;
static int cur_vt;
static gboolean checked = FALSE;
char *ret = NULL;
result = NULL;
if (checked) {
return cur_vt;
}
ret = mdmcomm_send_cmd_to_daemon_with_args (MDM_SUP_QUERY_VT, auth_cookie, 5);
if (ve_string_empty (ret) || strncmp (ret, "OK ", 3) != 0) {
goto out;
}
if (sscanf (ret, "OK %d", &cur_vt) != 1) {
cur_vt = -1;
}
checked = TRUE;
out:
g_free (ret);
return cur_vt;
}
static void
check_for_users (void)
{
char *result_string;
char **servers;
int i;
// Return if we're not on a VT
if (auth_cookie == NULL || get_cur_vt () < 0) {
return;
}
// Get the list of running servers from the daemon
result_string = mdmcomm_send_cmd_to_daemon_with_args (MDM_SUP_ATTACHED_SERVERS, auth_cookie, 5);
// Return if the daemon didn't send us the list
if (ve_string_empty (result_string) || strncmp (result_string, "OK ", 3) != 0) {
g_free (result_string);
return;
}
// Place the servers into the servers variable
servers = g_strsplit (&result_string[3], ";", -1);
g_free (result_string);
// Return if there are no servers running
if (servers == NULL)
return;
// Each server is composed of 3 parts: [display, user, tty]
for (i = 0; servers[i] != NULL; i++) {
char **server;
int vt;
server = g_strsplit (servers[i], ",", -1);
if (mdm_vector_len (server) != 3) {
g_strfreev (server);
continue;
}
// Get the VT of the server
vt = get_vt_num (servers, server[2], 5);
// If the server's username is empty, this is a greeter and we want to switch to it
if (strcmp (server[1], "") == 0 && vt >= 0) {
// lock the screen
if ( ! no_lock && vt != get_cur_vt () && vt >= 0) {
maybe_lock_screen ();
}
// Switch VT
change_vt (vt);
printf ("Switching to MDM server on VT #%d\n", vt);
exit (0);
}
g_strfreev (server);
}
printf ("Found no MDM server, ordering a new one\n");
g_strfreev (servers);
}
static int
get_cur_vt (void)
{
char *result;
static int cur_vt;
static gboolean checked = FALSE;
char *ret = NULL;
result = NULL;
if (checked) {
return cur_vt;
}
ret = mdmcomm_call_mdm ("QUERY_VT", auth_cookie, "1.0.0.0", 5);
if (ve_string_empty (ret) || strncmp (ret, "OK ", 3) != 0) {
goto out;
}
if (sscanf (ret, "OK %d", &cur_vt) != 1) {
cur_vt = -1;
}
checked = TRUE;
out:
g_free (ret);
return cur_vt;
}
void
mdm_verify_select_user (const char *user)
{
g_free (selected_user);
if (ve_string_empty (user))
selected_user = NULL;
else
selected_user = g_strdup (user);
}
static void
check_for_users (void)
{
char *ret;
char **vec;
int i;
int extra;
/* only for console logins on vt supporting systems */
if (auth_cookie == NULL ||
get_cur_vt () < 0)
return;
ret = mdmcomm_call_mdm ("CONSOLE_SERVERS", auth_cookie, "1.0.0.0", 5);
if (ve_string_empty (ret) ||
strncmp (ret, "OK ", 3) != 0) {
g_free (ret);
return;
}
vec = g_strsplit (&ret[3], ";", -1);
g_free (ret);
if (vec == NULL)
return;
extra = 0;
for (i = 0; vec[i] != NULL; i++) {
char **rvec;
int vt;
rvec = g_strsplit (vec[i], ",", -1);
if (mdm_vector_len (rvec) != 3) {
g_strfreev (rvec);
continue;
}
vt = get_vt_num (vec, rvec[2], 5);
if (strcmp (rvec[0], mdmcomm_get_display ()) != 0 &&
vt >= 0) {
/* this is not the current display */
extra++;
}
g_strfreev (rvec);
}
if (extra == 0) {
g_strfreev (vec);
return;
}
run_logged_in_dialogue (vec);
g_strfreev (vec);
}
void
greeter_item_timed_start (void)
{
int timeddelay = mdm_config_get_int (MDM_KEY_TIMED_LOGIN_DELAY);
if (timed_handler_id == 0 &&
mdm_config_get_bool (MDM_KEY_TIMED_LOGIN_ENABLE) &&
! ve_string_empty (mdm_config_get_string (MDM_KEY_TIMED_LOGIN)) &&
timeddelay > 0)
{
mdm_timed_delay = timeddelay;
timed_handler_id = g_timeout_add (1000, mdm_timer, NULL);
}
}
static void
check_for_displays (void)
{
char *ret;
char **vec;
char *auth_cookie = NULL;
int i;
/*
* Might be nice to move this call into read_config() so that it happens
* on the same socket call as reading the configuration.
*/
ret = mdmcomm_call_mdm (MDM_SUP_ATTACHED_SERVERS, auth_cookie, "1.0.0.0", 5);
if (ve_string_empty (ret) || strncmp (ret, "OK ", 3) != 0) {
g_free (ret);
return;
}
vec = g_strsplit (&ret[3], ";", -1);
g_free (ret);
if (vec == NULL)
return;
if (displays_hash == NULL)
displays_hash = g_hash_table_new_full (g_str_hash,
g_str_equal,
g_free,
g_free);
for (i = 0; vec[i] != NULL; i++) {
char **rvec;
rvec = g_strsplit (vec[i], ",", -1);
if (mdm_vector_len (rvec) != 3) {
g_strfreev (rvec);
continue;
}
g_hash_table_insert (displays_hash,
g_strdup (rvec[1]),
g_strdup (rvec[0]));
g_strfreev (rvec);
}
g_strfreev (vec);
}
void
greeter_item_ulist_set_user (const char *user)
{
gboolean old_selecting_user = selecting_user;
GtkTreeSelection *selection;
GtkTreeIter iter = {0};
GtkTreeModel *tm = NULL;
if (user_list == NULL)
return;
selection = gtk_tree_view_get_selection (GTK_TREE_VIEW (user_list));
gtk_tree_selection_unselect_all (selection);
if (ve_string_empty (user))
return;
/* Make sure we don't set the pam_entry and pam label stuff,
this is programatic selection, not user selection */
selecting_user = FALSE;
tm = gtk_tree_view_get_model (GTK_TREE_VIEW (user_list));
if (gtk_tree_model_get_iter_first (tm, &iter)) {
do {
char *login;
gtk_tree_model_get (tm, &iter, GREETER_ULIST_LOGIN_COLUMN,
&login, -1);
if (login != NULL && strcmp (user, login) == 0) {
GtkTreePath *path = gtk_tree_model_get_path (tm, &iter);
gtk_tree_selection_select_iter (selection, &iter);
gtk_tree_view_scroll_to_cell (GTK_TREE_VIEW (user_list),
path, NULL,
FALSE, 0.0, 0.0);
gtk_tree_path_free (path);
break;
}
} while (gtk_tree_model_iter_next (tm, &iter));
}
selecting_user = old_selecting_user;
}
/* doesn't check for executability, just for existance */
static gboolean
bin_exists (const char *command)
{
char *bin;
if (ve_string_empty (command))
return FALSE;
/* Note, check only for existance, not for executability */
bin = ve_first_word (command);
if (bin != NULL &&
g_access (bin, F_OK) == 0) {
g_free (bin);
return TRUE;
} else {
g_free (bin);
return FALSE;
}
}
/* Callback function for list style custom lists */
static void
list_selected (GtkTreeSelection *selection, GreeterItemInfo *item)
{
GtkTreeModel *tm = NULL;
GtkTreeIter iter = {0};
char *id = NULL;
char *file;
if (ve_string_empty (item->id))
return;
if (gtk_tree_selection_get_selected (selection, &tm, &iter))
{
gtk_tree_model_get (tm, &iter, GREETER_LIST_ID,
&id, -1);
}
/*
* Note for session and language we are using the id to store the
* value to pass in.
*/
if (strcmp (item->id, "session") == 0)
{
if (id != NULL)
greeter_set_session (id);
}
else if (strcmp (item->id, "language") == 0)
{
if (id != NULL)
mdm_lang_set_restart_dialog (id);
}
else
{
if (DOING_MDM_DEVELOPMENT)
return;
file = g_strdup_printf ("%s/%s.GreeterInfo",
ve_sure_string (mdm_config_get_string (MDM_KEY_SERV_AUTHDIR)),
ve_sure_string (g_getenv ("DISPLAY")));
mdm_save_customlist_data (file, item->id, id);
}
}
gboolean
greeter_item_timed_setup (void)
{
/* if in timed mode, delay timeout on keyboard or menu activity */
if ( ! ve_string_empty (mdm_config_get_string (MDM_KEY_TIMED_LOGIN)))
{
guint sid;
g_type_class_ref (GTK_TYPE_MENU_ITEM);
sid = g_signal_lookup ("activate",
GTK_TYPE_MENU_ITEM);
g_signal_add_emission_hook (sid,
0 /* detail */,
mdm_timer_up_delay,
NULL /* data */,
NULL /* destroy_notify */);
sid = g_signal_lookup ("key_press_event",
GTK_TYPE_WIDGET);
g_signal_add_emission_hook (sid,
0 /* detail */,
mdm_timer_up_delay,
NULL /* data */,
NULL /* destroy_notify */);
sid = g_signal_lookup ("button_press_event",
GTK_TYPE_WIDGET);
g_signal_add_emission_hook (sid,
0 /* detail */,
mdm_timer_up_delay,
NULL /* data */,
NULL /* destroy_notify */);
}
return TRUE;
}
static void
greeter_system_handler (GreeterItemInfo *info,
gpointer user_data)
{
GtkWidget *w = NULL;
GtkWidget *hbox = NULL;
GtkWidget *main_vbox = NULL;
GtkWidget *vbox = NULL;
GtkWidget *cat_vbox = NULL;
GtkWidget *group_radio = NULL;
GtkWidget *halt_radio = NULL;
GtkWidget *suspend_radio = NULL;
GtkWidget *restart_radio = NULL;
GtkWidget *config_radio = NULL;
gchar *s;
int ret;
gint i;
GSList *radio_group = NULL;
static GtkTooltips *tooltips = NULL;
/* should never be allowed by the UI */
if ( ! mdm_config_get_bool (MDM_KEY_SYSTEM_MENU) ||
ve_string_empty (g_getenv ("MDM_IS_LOCAL")))
return;
dialog = gtk_dialog_new ();
if (tooltips == NULL)
tooltips = gtk_tooltips_new ();
gtk_container_set_border_width (GTK_CONTAINER (dialog), 5);
gtk_window_set_resizable (GTK_WINDOW (dialog), FALSE);
gtk_dialog_set_has_separator (GTK_DIALOG (dialog), FALSE);
main_vbox = gtk_vbox_new (FALSE, 18);
gtk_container_set_border_width (GTK_CONTAINER (main_vbox), 5);
gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox),
main_vbox,
FALSE, FALSE, 0);
cat_vbox = gtk_vbox_new (FALSE, 6);
gtk_box_pack_start (GTK_BOX (main_vbox),
cat_vbox,
FALSE, FALSE, 0);
s = g_strdup_printf ("<b>%s</b>",
_("Choose an Action"));
w = gtk_label_new (s);
gtk_label_set_use_markup (GTK_LABEL (w), TRUE);
g_free (s);
gtk_misc_set_alignment (GTK_MISC (w), 0.0, 0.5);
gtk_box_pack_start (GTK_BOX (cat_vbox), w, FALSE, FALSE, 0);
hbox = gtk_hbox_new (FALSE, 0);
gtk_box_pack_start (GTK_BOX (cat_vbox),
hbox, FALSE, FALSE, 0);
gtk_box_pack_start (GTK_BOX (hbox),
gtk_label_new (" "),
FALSE, FALSE, 0);
vbox = gtk_vbox_new (FALSE, 6);
gtk_box_pack_start (GTK_BOX (hbox),
vbox,
TRUE, TRUE, 0);
if (MdmHaltFound) {
if (group_radio != NULL)
radio_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (group_radio));
halt_radio = gtk_radio_button_new_with_mnemonic (radio_group,
_("Shut _down the computer"));
group_radio = halt_radio;
gtk_tooltips_set_tip (tooltips, GTK_WIDGET (halt_radio),
_("Shut Down your computer so that "
"you may turn it off."),
NULL);
g_signal_connect (G_OBJECT(halt_radio), "button_press_event",
G_CALLBACK(radio_button_press_event), NULL);
gtk_box_pack_start (GTK_BOX (vbox),
halt_radio,
FALSE, FALSE, 4);
gtk_widget_show (halt_radio);
}
if (MdmRebootFound) {
if (group_radio != NULL)
radio_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (group_radio));
restart_radio = gtk_radio_button_new_with_mnemonic (radio_group,
_("_Restart the computer"));
group_radio = restart_radio;
gtk_tooltips_set_tip (tooltips, GTK_WIDGET (restart_radio),
_("Restart your computer"),
NULL);
g_signal_connect (G_OBJECT(restart_radio), "button_press_event",
G_CALLBACK(radio_button_press_event), NULL);
gtk_box_pack_start (GTK_BOX (vbox),
restart_radio,
FALSE, FALSE, 4);
gtk_widget_show (restart_radio);
}
if (MdmSuspendFound) {
if (group_radio != NULL)
radio_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (group_radio));
suspend_radio = gtk_radio_button_new_with_mnemonic (radio_group,
_("Sus_pend the computer"));
group_radio = suspend_radio;
gtk_tooltips_set_tip (tooltips, GTK_WIDGET (suspend_radio),
_("Suspend your computer"),
NULL);
g_signal_connect (G_OBJECT(suspend_radio), "button_press_event",
G_CALLBACK(radio_button_press_event), NULL);
gtk_box_pack_start (GTK_BOX (vbox),
suspend_radio,
FALSE, FALSE, 4);
gtk_widget_show (suspend_radio);
}
/*
* Disable Configuration if using accessibility (AddGtkModules) since
* using it with accessibility causes a hang.
*/
if (mdm_config_get_bool (MDM_KEY_CONFIG_AVAILABLE) &&
!mdm_config_get_bool (MDM_KEY_ADD_GTK_MODULES) &&
bin_exists (mdm_config_get_string (MDM_KEY_CONFIGURATOR))) {
if (group_radio != NULL)
radio_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (group_radio));
config_radio = gtk_radio_button_new_with_mnemonic (radio_group,
_("Confi_gure the login manager"));
group_radio = config_radio;
gtk_tooltips_set_tip (tooltips, GTK_WIDGET (config_radio),
_("Configure MDM (this login manager). "
"This will require the root password."),
NULL);
g_signal_connect (G_OBJECT(config_radio), "button_press_event",
G_CALLBACK(radio_button_press_event), NULL);
gtk_box_pack_start (GTK_BOX (vbox),
config_radio,
FALSE, FALSE, 4);
gtk_widget_show (config_radio);
}
gtk_dialog_add_button (GTK_DIALOG (dialog),
GTK_STOCK_CANCEL,
GTK_RESPONSE_CANCEL);
gtk_dialog_add_button (GTK_DIALOG (dialog),
GTK_STOCK_OK,
GTK_RESPONSE_OK);
gtk_dialog_set_default_response (GTK_DIALOG (dialog),
GTK_RESPONSE_OK);
gtk_widget_show_all (dialog);
mdm_wm_center_window (GTK_WINDOW (dialog));
mdm_wm_no_login_focus_push ();
ret = gtk_dialog_run (GTK_DIALOG (dialog));
mdm_wm_no_login_focus_pop ();
if (ret != GTK_RESPONSE_OK)
{
gtk_widget_destroy (dialog);
return;
}
if (halt_radio != NULL && gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (halt_radio)))
greeter_halt_handler ();
else if (restart_radio != NULL && gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (restart_radio)))
greeter_restart_handler ();
else if (suspend_radio != NULL && gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (suspend_radio)))
greeter_suspend_handler ();
else if (config_radio != NULL && gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (config_radio)))
greeter_config_handler ();
gtk_widget_destroy (dialog);
}
void
greeter_system_append_system_menu (GtkWidget *menu)
{
GtkWidget *w, *sep;
gint i = 0;
/* should never be allowed by the UI */
if ( ! mdm_config_get_bool (MDM_KEY_SYSTEM_MENU) ||
ve_string_empty (g_getenv ("MDM_IS_LOCAL")))
return;
/*
* Disable Configuration if using accessibility (AddGtkModules) since
* using it with accessibility causes a hang.
*/
if (mdm_config_get_bool (MDM_KEY_CONFIG_AVAILABLE) &&
!mdm_config_get_bool (MDM_KEY_ADD_GTK_MODULES) &&
bin_exists (mdm_config_get_string (MDM_KEY_CONFIGURATOR))) {
w = gtk_image_menu_item_new_with_mnemonic (_("Confi_gure Login Manager..."));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("mdmsetup", GTK_ICON_SIZE_MENU));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (greeter_config_handler),
NULL);
}
if (MdmRebootFound || MdmHaltFound || MdmSuspendFound) {
sep = gtk_separator_menu_item_new ();
gtk_menu_shell_append (GTK_MENU_SHELL (menu), sep);
gtk_widget_show (sep);
}
if (MdmRebootFound && mdm_common_is_action_available ("REBOOT")) {
w = gtk_image_menu_item_new_with_mnemonic (_("_Restart"));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("system-restart", GTK_ICON_SIZE_MENU));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (query_greeter_restart_handler),
NULL);
}
if (MdmHaltFound && mdm_common_is_action_available ("HALT")) {
w = gtk_image_menu_item_new_with_mnemonic (_("Shut _Down"));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("system-shut-down", GTK_ICON_SIZE_MENU));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (query_greeter_halt_handler),
NULL);
}
if (MdmSuspendFound && mdm_common_is_action_available ("SUSPEND")) {
w = gtk_image_menu_item_new_with_mnemonic (_("Sus_pend"));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("system-suspend", GTK_ICON_SIZE_MENU));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (query_greeter_suspend_handler),
NULL);
}
}
/**
* mdm_config_get_string
*
* Gets string configuration value from daemon via GET_CONFIG
* socket command. It stores the value in a hash so subsequent
* access is faster.
*/
static gchar *
_mdm_config_get_string (const gchar *key,
gboolean reload,
gboolean *changed,
gboolean doing_translated)
{
gchar *hashretval = NULL;
gchar *result = NULL;
gchar *temp;
if (string_hash == NULL)
string_hash = g_hash_table_new (g_str_hash, g_str_equal);
hashretval = mdm_config_hash_lookup (string_hash, key);
if (reload == FALSE && hashretval != NULL)
return hashretval;
result = mdm_config_get_result (key);
if ( ! result || ve_string_empty (result) ||
strncmp (result, "OK ", 3) != 0) {
gchar *getdefault;
/*
* If looking for a translated string, and not found, just return
* NULL.
*/
if (doing_translated) {
if (result)
g_free (result);
return NULL;
}
mdm_common_error ("Could not access configuration key <%s>", key);
/* Return the compiled in value associated with the key, if available. */
getdefault = strchr (key, '=');
if (getdefault != NULL)
getdefault++;
temp = g_strdup (getdefault);
mdm_common_error ("Using compiled in value <%s> for <%s>", temp, key);
} else {
/* skip the "OK " */
temp = g_strdup (result + 3);
}
if (result)
g_free (result);
if (hashretval == NULL) {
if (changed != NULL)
*changed = TRUE;
mdm_config_add_hash (string_hash, key, temp);
} else {
if (changed != NULL) {
if (strcmp (ve_sure_string (hashretval), temp) != 0)
*changed = TRUE;
else
*changed = FALSE;
}
g_hash_table_replace (string_hash, (void *)key, temp);
}
return temp;
}
/**
* mdm_config_get_int
*
* Gets int configuration value from daemon via GET_CONFIG
* socket command. It stores the value in a hash so subsequent
* access is faster.
*/
static gint
_mdm_config_get_int (const gchar *key,
gboolean reload,
gboolean *changed)
{
gint *hashretval = NULL;
gchar *result = NULL;
gint temp;
if (int_hash == NULL)
int_hash = g_hash_table_new (g_str_hash, g_str_equal);
hashretval = mdm_config_hash_lookup (int_hash, key);
if (reload == FALSE && hashretval != NULL)
return *hashretval;
result = mdm_config_get_result (key);
if ( ! result || ve_string_empty (result) ||
strncmp (result, "OK ", 3) != 0) {
gchar *getdefault;
mdm_common_error ("Could not access configuration key <%s>", key);
/* Return the compiled in value associated with the key, if available. */
getdefault = strchr (key, '=');
if (getdefault != NULL)
getdefault++;
temp = atoi (getdefault);
mdm_common_error ("Using compiled in value <%d> for <%s>", temp, key);
} else {
/* skip the "OK " */
temp = atoi (result + 3);
}
if (result)
g_free (result);
if (hashretval == NULL) {
gint *intval = g_new0 (gint, 1);
*intval = temp;
mdm_config_add_hash (int_hash, key, intval);
if (changed != NULL)
*changed = TRUE;
return *intval;
} else {
if (changed != NULL) {
if (*hashretval != temp)
*changed = TRUE;
else
*changed = FALSE;
}
*hashretval = temp;
return *hashretval;
}
}
void
greeter_session_init (void)
{
GtkWidget *w = NULL;
GtkWidget *hbox = NULL;
GtkWidget *main_vbox = NULL;
GtkWidget *vbox = NULL;
GtkWidget *cat_vbox = NULL;
GtkWidget *radio;
GtkWidget *dialog;
GtkWidget *button;
GList *tmp;
static GtkTooltips *tooltips = NULL;
GtkRequisition req;
char *s;
int num = 1;
char *label;
greeter_set_session (NULL);
session_dialog = dialog = gtk_dialog_new ();
if (tooltips == NULL)
tooltips = gtk_tooltips_new ();
gtk_dialog_add_button (GTK_DIALOG (dialog),
GTK_STOCK_CANCEL,
GTK_RESPONSE_CANCEL);
button = gtk_button_new_with_mnemonic (_("Change _Session"));
GTK_WIDGET_SET_FLAGS (button, GTK_CAN_DEFAULT);
gtk_widget_show (button);
gtk_dialog_add_action_widget (GTK_DIALOG (dialog), button,
GTK_RESPONSE_OK);
gtk_container_set_border_width (GTK_CONTAINER (dialog), 5);
gtk_box_set_spacing (GTK_BOX (GTK_DIALOG (dialog)->vbox), 2);
gtk_window_set_resizable (GTK_WINDOW (dialog), FALSE);
gtk_dialog_set_has_separator (GTK_DIALOG (dialog), FALSE);
main_vbox = gtk_vbox_new (FALSE, 18);
gtk_container_set_border_width (GTK_CONTAINER (main_vbox), 5);
gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox),
main_vbox,
FALSE, FALSE, 0);
cat_vbox = gtk_vbox_new (FALSE, 6);
gtk_box_pack_start (GTK_BOX (main_vbox),
cat_vbox,
FALSE, FALSE, 0);
s = g_strdup_printf ("<b>%s</b>", _("Sessions"));
w = gtk_label_new (s);
gtk_label_set_use_markup (GTK_LABEL (w), TRUE);
g_free (s);
gtk_misc_set_alignment (GTK_MISC (w), 0.0, 0.5);
gtk_box_pack_start (GTK_BOX (cat_vbox), w, FALSE, FALSE, 0);
hbox = gtk_hbox_new (FALSE, 0);
gtk_box_pack_start (GTK_BOX (cat_vbox),
hbox, FALSE, FALSE, 0);
gtk_box_pack_start (GTK_BOX (hbox),
gtk_label_new (" "),
FALSE, FALSE, 0);
vbox = gtk_vbox_new (FALSE, 6);
/* we will pack this later depending on size */
if (mdm_config_get_bool (MDM_KEY_SHOW_LAST_SESSION))
{
greeter_set_session (LAST_SESSION);
radio = gtk_radio_button_new_with_mnemonic (session_group, _("_Last session"));
g_object_set_data (G_OBJECT (radio),
SESSION_NAME,
LAST_SESSION);
session_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radio));
gtk_tooltips_set_tip (tooltips, radio,
_("Log in using the session that you have used "
"last time you logged in"),
NULL);
gtk_box_pack_start (GTK_BOX (vbox), radio, FALSE, FALSE, 0);
gtk_widget_show (radio);
}
mdm_session_list_init ();
for (tmp = sessions; tmp != NULL; tmp = tmp->next)
{
MdmSession *session;
char *file;
file = (char *) tmp->data;
session = g_hash_table_lookup (sessnames, file);
if (num < 10 &&
(strcmp (file, MDM_SESSION_FAILSAFE_GNOME) != 0) &&
(strcmp (file, MDM_SESSION_FAILSAFE_XTERM) != 0))
label = g_strdup_printf ("_%d. %s", num, session->name);
else
label = g_strdup (session->name);
num++;
radio = gtk_radio_button_new_with_mnemonic (session_group, label);
g_free (label);
g_object_set_data_full (G_OBJECT (radio), SESSION_NAME,
file, (GDestroyNotify) g_free);
session_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radio));
gtk_box_pack_start (GTK_BOX (vbox), radio, FALSE, FALSE, 0);
gtk_widget_show (radio);
if (! ve_string_empty (session->comment))
gtk_tooltips_set_tip
(tooltips, GTK_WIDGET (radio), session->comment, NULL);
}
gtk_widget_show_all (vbox);
gtk_widget_size_request (vbox, &req);
/* if too large */
if (req.height > 0.7 * mdm_wm_screen.height) {
GtkWidget *sw = gtk_scrolled_window_new (NULL, NULL);
gtk_widget_set_size_request (sw,
req.width,
0.7 * mdm_wm_screen.height);
gtk_scrolled_window_set_shadow_type
(GTK_SCROLLED_WINDOW (sw),
GTK_SHADOW_NONE);
gtk_scrolled_window_set_policy
(GTK_SCROLLED_WINDOW (sw),
GTK_POLICY_NEVER,
GTK_POLICY_AUTOMATIC);
gtk_scrolled_window_add_with_viewport
(GTK_SCROLLED_WINDOW (sw), vbox);
gtk_widget_show (sw);
gtk_box_pack_start (GTK_BOX (hbox),
sw,
TRUE, TRUE, 0);
} else {
gtk_box_pack_start (GTK_BOX (hbox),
vbox,
TRUE, TRUE, 0);
}
}
gchar *
mdm_verify_user (MdmDisplay *d,
const char *username,
gboolean allow_retry)
{
gint pamerr = 0;
struct passwd *pwent = NULL;
char *login, *passreq;
char *pam_stack = NULL;
MDM_PAM_QUAL void *p;
int null_tok = 0;
gboolean credentials_set = FALSE;
gboolean error_msg_given = FALSE;
gboolean started_timer = FALSE;
verify_user_again:
pamerr = 0;
login = NULL;
error_msg_given = FALSE;
credentials_set = FALSE;
started_timer = FALSE;
null_tok = 0;
/* Don't start a timed login if we've already entered a username */
if (username != NULL) {
login = g_strdup (username);
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
} else {
/* start the timer for timed logins */
if ( ! ve_string_empty (mdm_daemon_config_get_value_string (MDM_KEY_TIMED_LOGIN)) &&
d->timed_login_ok && (d->attached)) {
mdm_slave_greeter_ctl_no_ret (MDM_STARTTIMER, "");
started_timer = TRUE;
}
}
cur_mdm_disp = d;
authenticate_again:
if (prev_user && !login) {
login = g_strdup (prev_user);
} else if (login && !prev_user) {
prev_user = g_strdup (login);
auth_retries = 0;
} else if (login && prev_user && strcmp (login, prev_user)) {
g_free (prev_user);
prev_user = g_strdup (login);
auth_retries = 0;
}
/*
* Initialize a PAM session for the user...
* Get value per-display so different displays can use different
* PAM Stacks, in case one display should use a different
* authentication mechanism than another display.
*/
pam_stack = mdm_daemon_config_get_value_string_per_display (MDM_KEY_PAM_STACK,
(char *)d->name);
if ( ! create_pamh (d, pam_stack, login, &pamc, d->name, &pamerr)) {
if (started_timer)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
g_free (pam_stack);
goto pamerr;
}
g_free (pam_stack);
/*
* have to unset login otherwise there is no chance to ever enter
* a different user
*/
g_free (login);
login = NULL;
pam_set_item (pamh, PAM_USER_PROMPT, _("Username:"******"PASSREQ=");
if (mdm_daemon_config_get_value_bool (MDM_KEY_PASSWORD_REQUIRED) ||
((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0))
null_tok |= PAM_DISALLOW_NULL_AUTHTOK;
mdm_verify_select_user (NULL);
/* Start authentication session */
did_we_ask_for_password = FALSE;
if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) {
if ( ! ve_string_empty (selected_user)) {
pam_handle_t *tmp_pamh;
/* Face browser was used to select a user,
just completely rewhack everything since it
seems various PAM implementations are
having goats with just setting PAM_USER
and trying to pam_authenticate again */
g_free (login);
login = selected_user;
selected_user = NULL;
mdm_sigterm_block_push ();
mdm_sigchld_block_push ();
tmp_pamh = pamh;
pamh = NULL;
mdm_sigchld_block_pop ();
mdm_sigterm_block_pop ();
/* FIXME: what about errors */
/* really this has been a sucess, not a failure */
pam_end (tmp_pamh, pamerr);
g_free (prev_user);
prev_user = NULL;
auth_retries = 0;
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
goto authenticate_again;
}
if (started_timer)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
if (mdm_slave_action_pending ()) {
/* FIXME: see note above about PAM_FAIL_DELAY */
/* #ifndef PAM_FAIL_DELAY */
mdm_sleep_no_signal (mdm_daemon_config_get_value_int (MDM_KEY_RETRY_DELAY));
/* wait up to 100ms randomly */
usleep (g_random_int_range (0, 100000));
/* #endif */ /* PAM_FAIL_DELAY */
mdm_error ("Couldn't authenticate user");
if (prev_user) {
unsigned max_auth_retries = 3;
char *val = mdm_read_default ("LOGIN_RETRIES=");
if (val) {
max_auth_retries = atoi (val);
g_free (val);
}
if (allow_retry == FALSE || pamerr == PAM_MAXTRIES ||
++auth_retries >= max_auth_retries) {
g_free (prev_user);
prev_user = NULL;
auth_retries = 0;
}
}
} else {
/* cancel, configurator etc pressed */
g_free (prev_user);
prev_user = NULL;
auth_retries = 0;
}
goto pamerr;
}
/* stop the timer for timed logins */
if (started_timer)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
g_free (login);
login = NULL;
g_free (prev_user);
prev_user = NULL;
if ((pamerr = pam_get_item (pamh, PAM_USER, &p)) != PAM_SUCCESS) {
login = NULL;
/* is not really an auth problem, but it will
pretty much look as such, it shouldn't really
happen */
if (mdm_slave_action_pending ())
mdm_error ("Couldn't authenticate user");
goto pamerr;
}
login = g_strdup ((const char *)p);
/* kind of anal, the greeter likely already knows, but it could have
been changed */
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
if ( ! mdm_slave_check_user_wants_to_log_in (login)) {
/* cleanup stuff */
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, "");
g_free (login);
login = NULL;
mdm_slave_greeter_ctl_no_ret (MDM_RESETOK, "");
mdm_verify_cleanup (d);
goto verify_user_again;
}
/* Check if user is root and is allowed to log in */
pwent = getpwnam (login);
if (( ! mdm_daemon_config_get_value_bool (MDM_KEY_ALLOW_ROOT) ||
( ! d->attached )) &&
(pwent != NULL && pwent->pw_uid == 0)) {
mdm_error ("Root login disallowed on display '%s'", d->name);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator "
"is not allowed to login "
"from this screen"));
/*mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG,
_("Root login disallowed"));*/
error_msg_given = TRUE;
goto pamerr;
}
if (mdm_daemon_config_get_value_bool (MDM_KEY_DISPLAY_LAST_LOGIN)) {
char *info = mdm_get_last_info (login);
mdm_slave_greeter_ctl_no_ret (MDM_MSG, info);
g_free (info);
}
/* Check if the user's account is healthy. */
pamerr = pam_acct_mgmt (pamh, null_tok);
switch (pamerr) {
case PAM_SUCCESS :
break;
case PAM_NEW_AUTHTOK_REQD :
if ((pamerr = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK)) != PAM_SUCCESS) {
mdm_error ("Authentication token change failed for user %s", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe change of the authentication token failed. "
"Please try again later or contact the system administrator."));
error_msg_given = TRUE;
goto pamerr;
}
break;
case PAM_ACCT_EXPIRED :
mdm_error ("User %s no longer permitted to access the system", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator has disabled your account."));
error_msg_given = TRUE;
goto pamerr;
case PAM_PERM_DENIED :
mdm_error ("User %s not permitted to gain access at this time", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator has disabled access to the system temporarily."));
error_msg_given = TRUE;
goto pamerr;
default :
if (mdm_slave_action_pending ())
mdm_error ("Couldn't set acct. mgmt for %s", login);
goto pamerr;
}
pwent = getpwnam (login);
if (/* paranoia */ pwent == NULL ||
! mdm_setup_gids (login, pwent->pw_gid)) {
mdm_error ("Cannot set user group for %s", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nCannot set your user group; "
"you will not be able to log in. "
"Please contact your system administrator."));
goto pamerr;
}
did_setcred = TRUE;
/* Set credentials */
pamerr = pam_setcred (pamh, PAM_ESTABLISH_CRED);
if (pamerr != PAM_SUCCESS) {
did_setcred = FALSE;
if (mdm_slave_action_pending ())
mdm_error ("Couldn't set credentials for %s", login);
goto pamerr;
}
credentials_set = TRUE;
opened_session = TRUE;
/* Register the session */
pamerr = pam_open_session (pamh, 0);
if (pamerr != PAM_SUCCESS) {
opened_session = FALSE;
/* we handle this above */
did_setcred = FALSE;
if (mdm_slave_action_pending ())
mdm_error ("Couldn't open session for %s", login);
goto pamerr;
}
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
cur_mdm_disp = NULL;
/*
* Login succeeded.
* This function is a no-op if libaudit is not present.
*/
log_to_audit_system(login, d->hostname, d->name, AU_SUCCESS);
return login;
pamerr:
/*
* Take care of situation where we get here before setting pwent.
* Since login can be passed in as NULL, get the actual value if
* possible.
*/
if ((pam_get_item (pamh, PAM_USER, &p)) == PAM_SUCCESS) {
g_free (login);
login = g_strdup ((const char *)p);
}
if (pwent == NULL && login != NULL) {
pwent = getpwnam (login);
}
/*
* Log the failed login attempt.
* This function is a no-op if libaudit is not present.
*/
log_to_audit_system(login, d->hostname, d->name, AU_FAILED);
/* The verbose authentication is turned on, output the error
* message from the PAM subsystem */
if ( ! error_msg_given &&
mdm_slave_action_pending ()) {
mdm_slave_write_utmp_wtmp_record (d,
MDM_SESSION_RECORD_TYPE_FAILED_ATTEMPT,
login, getpid ());
/*
* I'm not sure yet if I should display this message for any
* other issues - heeten
* Adding AUTHINFO_UNAVAIL to the list - its what an unknown
* user is.
*/
if (pamerr == PAM_AUTH_ERR ||
pamerr == PAM_USER_UNKNOWN ||
pamerr == PAM_AUTHINFO_UNAVAIL) {
gboolean is_capslock = FALSE;
const char *basemsg;
char *msg;
char *ret;
ret = mdm_slave_greeter_ctl (MDM_QUERY_CAPSLOCK, "");
if ( ! ve_string_empty (ret))
is_capslock = TRUE;
g_free (ret);
/* Only give this message if we actually asked for
password, otherwise it would be silly to say that
the password may have been wrong */
if (did_we_ask_for_password) {
basemsg = _("\nIncorrect username or password. "
"Letters must be typed in the correct "
"case.");
} else {
basemsg = _("\nAuthentication failed. "
"Letters must be typed in the correct "
"case.");
}
if (is_capslock) {
msg = g_strconcat (basemsg, " ",
_("Caps Lock is on."),
NULL);
} else {
msg = g_strdup (basemsg);
}
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX, msg);
g_free (msg);
} else {
mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG, _("Authentication failed"));
}
}
did_setcred = FALSE;
opened_session = FALSE;
if (pamh != NULL) {
pam_handle_t *tmp_pamh;
mdm_sigterm_block_push ();
mdm_sigchld_block_push ();
tmp_pamh = pamh;
pamh = NULL;
mdm_sigchld_block_pop ();
mdm_sigterm_block_pop ();
/* Throw away the credentials */
if (credentials_set)
pam_setcred (tmp_pamh, PAM_DELETE_CRED);
pam_end (tmp_pamh, pamerr);
}
pamh = NULL;
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
g_free (login);
cur_mdm_disp = NULL;
return NULL;
}
static int
mdm_verify_pam_conv (int num_msg,
MDM_PAM_QUAL struct pam_message **msg,
struct pam_response **resp,
void *appdata_ptr)
{
int replies = 0;
int i;
char *s = NULL;
struct pam_response *reply = NULL;
MDM_PAM_QUAL void *p;
const char *login;
if (pamh == NULL)
return PAM_CONV_ERR;
/* Should never happen unless PAM is on crack and keeps asking questions
after we told it to go away. So tell it to go away again and
maybe it will listen */
/* well, it actually happens if there are multiple pam modules
* with conversations */
if ( ! mdm_slave_action_pending () || selected_user)
return PAM_CONV_ERR;
reply = malloc (sizeof (struct pam_response) * num_msg);
if (reply == NULL)
return PAM_CONV_ERR;
memset (reply, 0, sizeof (struct pam_response) * num_msg);
/* Here we set the login if it wasn't already set,
* this is kind of anal, but this way we guarantee that
* the greeter always is up to date on the login */
if (pam_get_item (pamh, PAM_USER, &p) == PAM_SUCCESS) {
login = (const char *)p;
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
}
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
for (replies = 0; replies < num_msg; replies++) {
const char *m = (*msg)[replies].msg;
m = perhaps_translate_message (m);
switch ((*msg)[replies].msg_style) {
/* PAM requested textual input with echo on */
case PAM_PROMPT_ECHO_ON:
if (strcmp (m, _("Username:"******"Please enter your username"));
s = mdm_slave_greeter_ctl (MDM_PROMPT, m);
/* this will clear the message */
mdm_slave_greeter_ctl_no_ret (MDM_MSG, "");
}
} else {
s = mdm_slave_greeter_ctl (MDM_PROMPT, m);
}
if (mdm_slave_greeter_check_interruption ()) {
g_free (s);
for (i = 0; i < replies; i++)
if (reply[replies].resp != NULL)
free (reply[replies].resp);
free (reply);
return PAM_CONV_ERR;
}
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup (ve_sure_string (s));
g_free (s);
break;
case PAM_PROMPT_ECHO_OFF:
if (strcmp (m, _("Password:")) == 0)
did_we_ask_for_password = TRUE;
/* PAM requested textual input with echo off */
s = mdm_slave_greeter_ctl (MDM_NOECHO, m);
if (mdm_slave_greeter_check_interruption ()) {
g_free (s);
for (i = 0; i < replies; i++)
if (reply[replies].resp != NULL)
free (reply[replies].resp);
free (reply);
return PAM_CONV_ERR;
}
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup (ve_sure_string (s));
g_free (s);
break;
case PAM_ERROR_MSG:
/* PAM sent a message that should displayed to the user */
mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG, m);
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
case PAM_TEXT_INFO:
/* PAM sent a message that should displayed to the user */
mdm_slave_greeter_ctl_no_ret (MDM_MSG, m);
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
default:
/* PAM has been smoking serious crack */
for (i = 0; i < replies; i++)
if (reply[replies].resp != NULL)
free (reply[replies].resp);
free (reply);
return PAM_CONV_ERR;
}
}
*resp = reply;
return PAM_SUCCESS;
}
/**
* mdm_config_get_bool
*
* Gets int configuration value from daemon via GET_CONFIG
* socket command. It stores the value in a hash so subsequent
* access is faster.
*/
static gboolean
_mdm_config_get_bool (const gchar *key,
gboolean reload,
gboolean *changed)
{
gboolean *hashretval = NULL;
gchar *result;
gboolean temp;
if (bool_hash == NULL)
bool_hash = g_hash_table_new (g_str_hash, g_str_equal);
hashretval = mdm_config_hash_lookup (bool_hash, key);
if (reload == FALSE && hashretval != NULL)
return *hashretval;
result = mdm_config_get_result (key);
if ( ! result || ve_string_empty (result) ||
strncmp (result, "OK ", 3) != 0) {
gchar *getdefault;
mdm_common_error ("Could not access configuration key <%s>", key);
/* Return the compiled in value associated with the key, if available. */
getdefault = strchr (key, '=');
if (getdefault != NULL)
getdefault++;
/* Same logic as used in ve_config_get_bool */
if (getdefault != NULL &&
(getdefault[0] == 'T' ||
getdefault[0] == 't' ||
getdefault[0] == 'Y' ||
getdefault[0] == 'y' ||
atoi (getdefault) != 0)) {
temp = TRUE;
mdm_common_error ("Using compiled in value <TRUE> for <%s>", key);
} else {
temp = FALSE;
mdm_common_error ("Using compiled in value <FALSE> for <%s>", key);
}
} else {
/* skip the "OK " */
if (strcmp (ve_sure_string (result + 3), "true") == 0)
temp = TRUE;
else
temp = FALSE;
}
if (result)
g_free (result);
if (hashretval == NULL) {
gboolean *boolval = g_new0 (gboolean, 1);
*boolval = temp;
mdm_config_add_hash (bool_hash, key, boolval);
if (changed != NULL)
*changed = TRUE;
return *boolval;
} else {
if (changed != NULL) {
if (*hashretval != temp)
*changed = TRUE;
else
*changed = FALSE;
}
*hashretval = temp;
return *hashretval;
}
}
static GtkWidget *
make_menubar (void)
{
GtkWidget *w, *menu;
GtkWidget *menubar = gtk_menu_bar_new ();
/* FIXME: add translatable string here */
w = gtk_menu_item_new_with_label ("Menu");
gtk_menu_shell_append (GTK_MENU_SHELL (menubar), w);
gtk_widget_show (GTK_WIDGET (w));
menu = gtk_menu_new ();
gtk_menu_item_set_submenu (GTK_MENU_ITEM (w), menu);
w = gtk_image_menu_item_new_with_mnemonic (_("Select _Language..."));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("preferences-desktop-locale", GTK_ICON_SIZE_MENU));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (activate_button),
"language_button");
w = gtk_image_menu_item_new_with_mnemonic (_("Select _Session..."));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("user-desktop", GTK_ICON_SIZE_MENU));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (activate_button),
"session_button");
greeter_system_append_system_menu (menu);
/* Add a quit/disconnect item when in xdmcp mode or flexi mode */
/* Do note that the order is important, we always want "Quit" for
* flexi, even if not local (non-local xnest). and Disconnect
* only for xdmcp */
if ( ! ve_string_empty (g_getenv ("MDM_FLEXI_SERVER"))) {
w = gtk_image_menu_item_new_with_mnemonic (_("_Quit"));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("system-log-out", GTK_ICON_SIZE_MENU));
} else if (ve_string_empty (g_getenv ("MDM_IS_LOCAL"))) {
w = gtk_image_menu_item_new_with_mnemonic (_("D_isconnect"));
gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (w),
gtk_image_new_from_icon_name ("system-log-out", GTK_ICON_SIZE_MENU));
} else {
w = NULL;
}
if (w != NULL) {
GtkWidget *sep;
/* add separator before the quit */
sep = gtk_separator_menu_item_new ();
gtk_menu_shell_append (GTK_MENU_SHELL (menu), sep);
gtk_widget_show (GTK_WIDGET (sep));
gtk_menu_shell_append (GTK_MENU_SHELL (menu), w);
gtk_widget_show (GTK_WIDGET (w));
g_signal_connect (G_OBJECT (w), "activate",
G_CALLBACK (gtk_main_quit), NULL);
}
g_signal_connect (G_OBJECT(gtk_menu_item_get_submenu(
gtk_container_get_children(GTK_CONTAINER(menubar))->data)), "selection-done", G_CALLBACK (menubar_done), NULL);
return menubar;
}
gboolean
greeter_item_is_visible (GreeterItemInfo *info)
{
static gboolean checked = FALSE;
static gboolean MDM_IS_LOCAL = FALSE;
static gboolean MDM_FLEXI_SERVER = FALSE;
gboolean sysmenu = FALSE;
gint i = 0;
if ( ! checked)
{
if (g_getenv ("MDM_IS_LOCAL") != NULL)
MDM_IS_LOCAL = TRUE;
if (g_getenv ("MDM_FLEXI_SERVER") != NULL)
MDM_FLEXI_SERVER = TRUE;
}
if (MDM_IS_LOCAL && ! MDM_FLEXI_SERVER &&
! (info->show_modes & GREETER_ITEM_SHOW_CONSOLE_FIXED))
return FALSE;
if (MDM_IS_LOCAL && MDM_FLEXI_SERVER &&
! (info->show_modes & GREETER_ITEM_SHOW_CONSOLE_FLEXI))
return FALSE;
if ( ! MDM_IS_LOCAL && MDM_FLEXI_SERVER &&
! (info->show_modes & GREETER_ITEM_SHOW_REMOTE_FLEXI))
return FALSE;
if ( ! MDM_IS_LOCAL && ! MDM_FLEXI_SERVER &&
! (info->show_modes & GREETER_ITEM_SHOW_REMOTE))
return FALSE;
if ((mdm_wm_screen.width < info->minimum_required_screen_width) ||
(mdm_wm_screen.height < info->minimum_required_screen_height))
return FALSE;
sysmenu = mdm_config_get_bool (MDM_KEY_SYSTEM_MENU);
/*
* Disable Configuration if using accessibility (AddGtkModules) since
* using it with accessibility causes a hang.
*/
if (( ! mdm_config_get_bool (MDM_KEY_CONFIG_AVAILABLE) ||
mdm_config_get_bool (MDM_KEY_ADD_GTK_MODULES) ||
! sysmenu ||
! MdmConfiguratorFound) &&
(info->show_type != NULL &&
strcmp (info->show_type, "config") == 0))
return FALSE;
if (( ! mdm_config_get_bool (MDM_KEY_CHOOSER_BUTTON) || ! sysmenu) &&
(info->show_type != NULL &&
strcmp (info->show_type, "chooser") == 0))
return FALSE;
if ( ! sysmenu && info->show_type != NULL &&
strcmp (info->show_type, "system") == 0)
return FALSE;
if (( ! sysmenu || ! MdmHaltFound) &&
(info->show_type != NULL &&
strcmp (info->show_type, "halt") == 0))
return FALSE;
if (( ! sysmenu || ! MdmRebootFound) &&
(info->show_type != NULL &&
strcmp (info->show_type, "reboot") == 0))
return FALSE;
if (( ! sysmenu || ! MdmSuspendFound) &&
(info->show_type != NULL &&
strcmp (info->show_type, "suspend") == 0))
return FALSE;
if (info->show_type != NULL &&
sscanf (info->show_type, "custom_cmd%d", &i) == 1 &&
i >= 0 && i < MDM_CUSTOM_COMMAND_MAX &&
(! sysmenu || ! MdmCustomCmdsFound[i])) {
return FALSE;
}
if (( ! mdm_config_get_bool (MDM_KEY_TIMED_LOGIN_ENABLE) ||
ve_string_empty (mdm_config_get_string (MDM_KEY_TIMED_LOGIN)) ||
NULL == g_getenv("MDM_TIMED_LOGIN_OK")) &&
(info->show_type != NULL &&
strcmp (info->show_type, "timed") == 0))
return FALSE;
return TRUE;
}
gchar *
mdm_verify_user (MdmDisplay *d,
const char *username,
gboolean allow_retry)
{
gchar *login, *passwd, *ppasswd;
struct passwd *pwent;
struct spwd *sp;
#if defined (HAVE_PASSWDEXPIRED) && defined (HAVE_CHPASS) \
|| defined (HAVE_LOGINRESTRICTIONS)
gchar *message = NULL;
#endif
#if defined (HAVE_PASSWDEXPIRED) && defined (HAVE_CHPASS)
gchar *info_msg = NULL, *response = NULL;
gint reEnter, ret;
#endif
if (d->attached && d->timed_login_ok)
mdm_slave_greeter_ctl_no_ret (MDM_STARTTIMER, "");
if (username == NULL) {
authenticate_again:
/* Ask for the user's login */
mdm_verify_select_user (NULL);
mdm_slave_greeter_ctl_no_ret (MDM_MSG, _("Please enter your username"));
login = mdm_slave_greeter_ctl (MDM_PROMPT, _("Username:"******"");
g_free (login);
return NULL;
}
}
mdm_slave_greeter_ctl_no_ret (MDM_MSG, "");
if (mdm_daemon_config_get_value_bool (MDM_KEY_DISPLAY_LAST_LOGIN)) {
char *info = mdm_get_last_info (login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX, info);
g_free (info);
}
} else {
login = g_strdup (username);
}
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
pwent = getpwnam (login);
setspent ();
/* Lookup shadow password */
sp = getspnam (login);
/* Use shadow password when available */
if (sp != NULL) {
ppasswd = g_strdup (sp->sp_pwdp);
} else {
/* In case shadow password cannot be retrieved (when using NIS
authentication for example), use standard passwd */
if (pwent != NULL &&
pwent->pw_passwd != NULL)
ppasswd = g_strdup (pwent->pw_passwd);
else
/* If no password can be retrieved, set it to NULL */
ppasswd = NULL;
}
endspent ();
/* Request the user's password */
if (pwent != NULL &&
ve_string_empty (ppasswd)) {
/* eeek a passwordless account */
passwd = g_strdup ("");
} else {
passwd = mdm_slave_greeter_ctl (MDM_NOECHO, _("Password:"******"");
if (mdm_slave_greeter_check_interruption ()) {
if (d->attached)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
g_free (login);
g_free (passwd);
g_free (ppasswd);
return NULL;
}
}
if (d->attached)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
if (pwent == NULL) {
mdm_sleep_no_signal (mdm_daemon_config_get_value_int (MDM_KEY_RETRY_DELAY));
mdm_debug ("Couldn't authenticate user");
print_cant_auth_errbox ();
g_free (login);
g_free (passwd);
g_free (ppasswd);
return NULL;
}
/* Check whether password is valid */
if (ppasswd == NULL || (ppasswd[0] != '\0' &&
strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
mdm_sleep_no_signal (mdm_daemon_config_get_value_int (MDM_KEY_RETRY_DELAY));
mdm_debug ("Couldn't authenticate user");
print_cant_auth_errbox ();
g_free (login);
g_free (passwd);
g_free (ppasswd);
return NULL;
}
if (( ! mdm_daemon_config_get_value_bool (MDM_KEY_ALLOW_ROOT) ||
( ! mdm_daemon_config_get_value_bool (MDM_KEY_ALLOW_REMOTE_ROOT) &&
! d->attached)) && pwent->pw_uid == 0) {
mdm_debug ("Root login disallowed on display '%s'", d->name);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("The system administrator "
"is not allowed to login "
"from this screen"));
/*mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG,
_("Root login disallowed"));*/
g_free (login);
g_free (passwd);
g_free (ppasswd);
return NULL;
}
#ifdef HAVE_LOGINRESTRICTIONS
/* Check with the 'loginrestrictions' function
if the user has been disallowed */
if (loginrestrictions (login, 0, NULL, &message) != 0) {
mdm_debug ("User not allowed to log in");
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator "
"has disabled your "
"account."));
g_free (login);
g_free (passwd);
g_free (ppasswd);
if (message != NULL)
free (message);
return NULL;
}
if (message != NULL)
free (message);
message = NULL;
#else /* ! HAVE_LOGINRESTRICTIONS */
/* check for the standard method of disallowing users */
if (pwent->pw_shell != NULL &&
(strcmp (pwent->pw_shell, NOLOGIN) == 0 ||
strcmp (pwent->pw_shell, "/bin/true") == 0 ||
strcmp (pwent->pw_shell, "/bin/false") == 0)) {
mdm_debug ("User not allowed to log in");
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator "
"has disabled your "
"account."));
/*mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG,
_("Login disabled"));*/
g_free (login);
g_free (passwd);
g_free (ppasswd);
return NULL;
}
#endif /* HAVE_LOGINRESTRICTIONS */
g_free (passwd);
g_free (ppasswd);
if ( ! mdm_slave_check_user_wants_to_log_in (login)) {
g_free (login);
login = NULL;
goto authenticate_again;
}
if ( ! mdm_setup_gids (login, pwent->pw_gid)) {
mdm_debug ("Cannot set user group");
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nCannot set your user group; "
"you will not be able to log in. "
"Please contact your system administrator."));
g_free (login);
return NULL;
}
#if defined (HAVE_PASSWDEXPIRED) && defined (HAVE_CHPASS)
switch (passwdexpired (login, &info_msg)) {
case 1 :
mdm_debug ("User password has expired");
mdm_errorgui_error_box (d, GTK_MESSAGE_ERROR,
_("You are required to change your password.\n"
"Please choose a new one."));
g_free (info_msg);
do {
ret = chpass (login, response, &reEnter, &message);
g_free (response);
if (ret != 1) {
if (ret != 0) {
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nCannot change your password; "
"you will not be able to log in. "
"Please try again later or contact "
"your system administrator."));
} else if ((reEnter != 0) && (message)) {
response = mdm_slave_greeter_ctl (MDM_NOECHO, message);
if (response == NULL)
response = g_strdup ("");
}
}
g_free (message);
message = NULL;
} while ( ((reEnter != 0) && (ret == 0))
|| (ret ==1) );
g_free (response);
g_free (message);
if ((ret != 0) || (reEnter != 0)) {
return NULL;
}
#if defined (CAN_CLEAR_ADMCHG)
/* The password is changed by root, clear the ADM_CHG
flag in the passwd file */
ret = setpwdb (S_READ | S_WRITE);
if (!ret) {
upwd = getuserpw (login);
if (upwd == NULL) {
ret = -1;
}
else {
upwd->upw_flags &= ~PW_ADMCHG;
ret = putuserpw (upwd);
if (!ret) {
ret = endpwdb ();
}
}
}
if (ret) {
mdm_errorgui_error_box (d, GTK_MESSAGE_WARNING,
_("Your password has been changed but "
"you may have to change it again. "
"Please try again later or contact "
"your system administrator."));
}
#else /* !CAN_CLEAR_ADMCHG */
mdm_errorgui_error_box (d, GTK_MESSAGE_WARNING,
_("Your password has been changed but you "
"may have to change it again. Please try again "
"later or contact your system administrator."));
#endif /* CAN_CLEAR_ADMCHG */
break;
case 2 :
mdm_debug ("User password has expired");
mdm_errorgui_error_box (d, GTK_MESSAGE_ERROR,
_("Your password has expired.\n"
"Only a system administrator can now change it"));
g_free (info_msg);
return NULL;
break;
case -1 :
mdm_debug ("Internal error on passwdexpired");
mdm_errorgui_error_box (d, GTK_MESSAGE_ERROR,
_("An internal error occurred. You will not be able to log in.\n"
"Please try again later or contact your system administrator."));
g_free (info_msg);
return NULL;
break;
default :
g_free (info_msg);
break;
}
#endif /* HAVE_PASSWDEXPIRED && HAVE_CHPASS */
return login;
}
static char *
do_command (int fd, const char *command, gboolean get_response)
{
GString *str;
char buf[1];
char *cstr;
int ret;
#ifndef MSG_NOSIGNAL
void (*old_handler)(int);
#endif
mdm_common_debug ("Sending command: '%s'", command);
cstr = g_strdup_printf ("%s\n", command);
#ifdef MSG_NOSIGNAL
ret = send (fd, cstr, strlen (cstr), MSG_NOSIGNAL);
#else
old_handler = signal (SIGPIPE, SIG_IGN);
ret = send (fd, cstr, strlen (cstr), 0);
signal (SIGPIPE, old_handler);
#endif
g_free (cstr);
num_cmds++;
if (ret < 0) {
if ( !quiet)
mdm_common_debug ("Command failed, no data returned");
return NULL;
}
/* No need to print debug, this is only used when closing */
if ( ! get_response)
return NULL;
str = g_string_new (NULL);
while (read (fd, buf, 1) == 1 &&
buf[0] != '\n') {
g_string_append_c (str, buf[0]);
}
mdm_common_debug (" Got response: '%s'", str->str);
cstr = str->str;
g_string_free (str, FALSE);
/*
* If string is empty, then the daemon likely closed the connection
* because of too many subconnections. At any rate the daemon should
* not return an empty string. All return values should start with
* "OK" or "ERROR". Daemon should never complain about too many
* messages since the slave keeps track of the number of commands sent
* and should not send too many, but it does not hurt to check and
* manage it if it somehow happens. In either case return NULL
* instead so the caller can try again.
*/
if (ve_string_empty (cstr) ||
strcmp (ve_sure_string (cstr), "ERROR 200 Too many messages") == 0) {
if ( !quiet)
mdm_common_debug ("Command failed, daemon busy.");
g_free (cstr);
return NULL;
}
return cstr;
}
static GtkTreeModel *
create_model (char **vec)
{
int i;
GtkListStore *store;
GtkTreeIter iter;
/* create list store */
store = gtk_list_store_new (COLUMN_NUM,
G_TYPE_STRING /* login */,
G_TYPE_STRING /* display */,
G_TYPE_INT /* vt */);
for (i = 0; vec[i] != NULL; i++) {
char **rvec;
int vt;
rvec = g_strsplit (vec[i], ",", -1);
if (mdm_vector_len (rvec) != 3) {
g_strfreev (rvec);
continue;
}
vt = get_vt_num (vec, rvec[2], 5);
if (strcmp (rvec[0], mdmcomm_get_display ()) != 0 &&
vt >= 0) {
char *user;
char *disp;
if (ve_string_empty (rvec[1])) {
user = g_strdup (_("Nobody"));
} else {
struct passwd *pw = getpwnam (rvec[1]);
if (pw == NULL ||
ve_string_empty (pw->pw_gecos)) {
char *login;
login = g_markup_escape_text (rvec[1], -1);
user = g_strdup_printf ("<b>%s</b>",
login);
g_free (login);
} else {
char *utf8gecos;
char *gecos, *login;
login = g_markup_escape_text (rvec[1], -1);
if ( ! g_utf8_validate (pw->pw_gecos, -1, NULL))
utf8gecos = ve_locale_to_utf8 (pw->pw_gecos);
else
utf8gecos = g_strdup (pw->pw_gecos);
gecos = g_markup_escape_text (utf8gecos, -1);
user = g_strdup_printf ("<b>%s</b>\n%s",
login,
gecos);
g_free (login);
g_free (gecos);
g_free (utf8gecos);
}
}
if (strchr (rvec[2], ':') == NULL) {
disp = g_strdup_printf
(_("Display %s on virtual "
"terminal %d"),
rvec[0], vt);
} else {
disp = g_strdup_printf
(_("Nested display %s on virtual "
"terminal %d"),
rvec[0], vt);
}
/* this is not the current display */
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter,
COLUMN_LOGIN, user,
COLUMN_DISPLAY, disp,
COLUMN_VT, vt,
-1);
g_free (user);
g_free (disp);
}
g_strfreev (rvec);
}
return GTK_TREE_MODEL (store);
}
