void
mdm_verify_cleanup (MdmDisplay *d)
{
gid_t groups[1] = { 0 };
cur_mdm_disp = d;
if (pamh != NULL) {
gint pamerr;
pam_handle_t *tmp_pamh;
gboolean old_opened_session;
gboolean old_did_setcred;
mdm_debug ("Running mdm_verify_cleanup and pamh != NULL");
mdm_sigterm_block_push ();
mdm_sigchld_block_push ();
tmp_pamh = pamh;
pamh = NULL;
old_opened_session = opened_session;
opened_session = FALSE;
old_did_setcred = did_setcred;
did_setcred = FALSE;
mdm_sigchld_block_pop ();
mdm_sigterm_block_pop ();
pamerr = PAM_SUCCESS;
/* Close the users session */
if (old_opened_session) {
mdm_debug ("Running pam_close_session");
pamerr = pam_close_session (tmp_pamh, 0);
}
/* Throw away the credentials */
if (old_did_setcred) {
mdm_debug ("Running pam_setcred with PAM_DELETE_CRED");
pamerr = pam_setcred (tmp_pamh, PAM_DELETE_CRED);
}
pam_end (tmp_pamh, pamerr);
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
}
/* Clear the group setup */
setgid (0);
/* this will get rid of any suplementary groups etc... */
setgroups (1, groups);
cur_mdm_disp = NULL;
/* reset limits */
mdm_reset_limits ();
}
void
mdm_log_default_handler (const gchar *log_domain,
GLogLevelFlags log_level,
const gchar *message,
gpointer unused_data)
{
GString *gstring;
int priority;
const char *level_prefix;
char *string;
gboolean do_log;
gboolean is_fatal;
is_fatal = (log_level & G_LOG_FLAG_FATAL) != 0;
do_log = (log_level & syslog_levels);
if (! do_log) {
return;
}
if (! initialized) {
mdm_log_init ();
}
log_level_to_priority_and_prefix (log_level,
&priority,
&level_prefix);
gstring = g_string_new (NULL);
if (log_domain != NULL) {
g_string_append (gstring, log_domain);
g_string_append_c (gstring, '-');
}
g_string_append (gstring, level_prefix);
g_string_append (gstring, ": ");
if (message == NULL) {
g_string_append (gstring, "(NULL) message");
} else {
g_string_append (gstring, message);
}
if (is_fatal) {
g_string_append (gstring, "\naborting...\n");
} else {
g_string_append (gstring, "\n");
}
string = g_string_free (gstring, FALSE);
syslog (priority, "%s", string);
g_free (string);
}
static void
test_log (void)
{
mdm_log_init ();
g_debug ("Test debug 1");
mdm_log_set_debug (TRUE);
g_debug ("Test debug 2");
g_message ("Test message");
g_warning ("Test warning");
g_critical ("Test critical");
g_error ("Test error");
}
int
main (int argc, char **argv)
{
struct sigaction sa;
GError *error;
char *display_str;
CsmManager *manager;
CsmStore *client_store;
MdmSignalHandler *signal_handler;
static char **override_autostart_dirs = NULL;
static char *session_name = NULL;
static GOptionEntry entries[] = {
{ "autostart", 'a', 0, G_OPTION_ARG_STRING_ARRAY, &override_autostart_dirs, N_("Override standard autostart directories"), N_("AUTOSTART_DIR") },
{ "session", 0, 0, G_OPTION_ARG_STRING, &session_name, N_("Session to use"), N_("SESSION_NAME") },
{ "debug", 0, 0, G_OPTION_ARG_NONE, &debug, N_("Enable debugging code"), NULL },
{ "failsafe", 'f', 0, G_OPTION_ARG_NONE, &failsafe, N_("Do not load user-specified applications"), NULL },
{ "version", 0, 0, G_OPTION_ARG_NONE, &show_version, N_("Version of this application"), NULL },
/* Translators: the 'fail whale' is the black dialog we show when something goes seriously wrong */
{ "whale", 0, 0, G_OPTION_ARG_NONE, &please_fail, N_("Show the fail whale dialog for testing"), NULL },
{ NULL, 0, 0, 0, NULL, NULL, NULL }
};
/* Make sure that we have a session bus */
if (!require_dbus_session (argc, argv, &error)) {
csm_util_init_error (TRUE, "%s", error->message);
}
bindtextdomain (GETTEXT_PACKAGE, LOCALE_DIR);
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
textdomain (GETTEXT_PACKAGE);
GSettings *settings = g_settings_new ("org.cinnamon.SessionManager");
if (g_settings_get_boolean (settings, "debug")) {
debug = TRUE;
}
g_object_unref(settings);
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
sigemptyset (&sa.sa_mask);
sigaction (SIGPIPE, &sa, 0);
error = NULL;
gtk_init_with_args (&argc, &argv,
(char *) _(" - the Cinnamon session manager"),
entries, GETTEXT_PACKAGE,
&error);
if (error != NULL) {
g_warning ("%s", error->message);
exit (1);
}
if (show_version) {
g_print ("%s %s\n", argv [0], VERSION);
exit (1);
}
if (please_fail) {
csm_fail_whale_dialog_we_failed (TRUE, TRUE);
gtk_main ();
exit (1);
}
mdm_log_init ();
mdm_log_set_debug (debug);
/* Set DISPLAY explicitly for all our children, in case --display
* was specified on the command line.
*/
display_str = gdk_get_display ();
csm_util_setenv ("DISPLAY", display_str);
g_free (display_str);
const gchar *gtk_modules;
gchar *new_gtk_modules = NULL;
gtk_modules = g_getenv ("GTK_MODULES");
if (gtk_modules != NULL && g_strstr_len (gtk_modules, -1, "overlay-scrollbar")) {
int i = 0;
new_gtk_modules = g_strconcat ("", NULL);
gchar **module_list = g_strsplit (gtk_modules, ":", -1);
for (i = 0; i < g_strv_length (module_list); i++) {
if (!g_strstr_len (module_list[i], -1, "overlay-scrollbar")) {
gchar *tmp = new_gtk_modules;
new_gtk_modules = g_strconcat (tmp, ":", module_list[i], NULL);
g_free (tmp);
}
}
g_strfreev (module_list);
}
if (new_gtk_modules) {
csm_util_setenv ("GTK_MODULES", new_gtk_modules);
}
g_free (new_gtk_modules);
/* Some third-party programs rely on GNOME_DESKTOP_SESSION_ID to
* detect if GNOME is running. We keep this for compatibility reasons.
*/
csm_util_setenv ("GNOME_DESKTOP_SESSION_ID", "this-is-deprecated");
/* Make QT5 apps follow the GTK style */
csm_util_setenv ("QT_STYLE_OVERRIDE", "gtk");
client_store = csm_store_new ();
/* Talk to logind before acquiring a name, since it does synchronous
* calls at initialization time that invoke a main loop and if we
* already owned a name, then we would service too early during
* that main loop.
*/
g_object_unref (csm_get_system ());
if (!acquire_name ()) {
csm_fail_whale_dialog_we_failed (TRUE, TRUE);
gtk_main ();
exit (1);
}
manager = csm_manager_new (client_store, failsafe);
/*
signal_handler = mdm_signal_handler_new ();
mdm_signal_handler_add_fatal (signal_handler);
mdm_signal_handler_add (signal_handler, SIGFPE, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGHUP, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGUSR1, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGTERM, signal_cb, manager);
mdm_signal_handler_add (signal_handler, SIGINT, signal_cb, manager);
mdm_signal_handler_set_fatal_func (signal_handler, shutdown_cb, manager);
*/
if (IS_STRING_EMPTY (session_name))
session_name = _csm_manager_get_default_session (manager);
csm_util_set_autostart_dirs (override_autostart_dirs);
if (!csm_session_fill (manager, session_name)) {
csm_util_init_error (TRUE, "Failed to load session \"%s\"", session_name ? session_name : "(null)");
}
csm_manager_start (manager);
gtk_main ();
if (manager != NULL) {
g_debug ("Unreffing manager");
g_object_unref (manager);
}
if (client_store != NULL) {
g_object_unref (client_store);
}
if (bus_proxy != NULL) {
g_object_unref (bus_proxy);
}
mdm_log_shutdown ();
return 0;
}
int
main (int argc,
char **argv)
{
GMainLoop *main_loop;
GOptionContext *context;
DBusGConnection *connection;
MdmSlave *slave;
static char *display_id = NULL;
MdmSignalHandler *signal_handler;
static GOptionEntry entries [] = {
{ "display-id", 0, 0, G_OPTION_ARG_STRING, &display_id, N_("Display ID"), N_("ID") },
{ NULL }
};
bindtextdomain (GETTEXT_PACKAGE, MATELOCALEDIR);
textdomain (GETTEXT_PACKAGE);
setlocale (LC_ALL, "");
mdm_set_fatal_warnings_if_unstable ();
g_type_init ();
context = g_option_context_new (_("MATE Display Manager Slave"));
g_option_context_add_main_entries (context, entries, NULL);
g_option_context_parse (context, &argc, &argv, NULL);
g_option_context_free (context);
connection = get_system_bus ();
if (connection == NULL) {
goto out;
}
mdm_xerrors_init ();
mdm_log_init ();
settings = mdm_settings_new ();
if (settings == NULL) {
g_warning ("Unable to initialize settings");
goto out;
}
if (! mdm_settings_direct_init (settings, DATADIR "/mdm/mdm.schemas", "/")) {
g_warning ("Unable to initialize settings");
goto out;
}
mdm_log_set_debug (is_debug_set ());
if (display_id == NULL) {
g_critical ("No display ID set");
exit (1);
}
main_loop = g_main_loop_new (NULL, FALSE);
signal_handler = mdm_signal_handler_new ();
mdm_signal_handler_set_fatal_func (signal_handler,
(GDestroyNotify)g_main_loop_quit,
main_loop);
mdm_signal_handler_add (signal_handler, SIGTERM, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGINT, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGILL, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGBUS, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGFPE, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGHUP, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGSEGV, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGABRT, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGUSR1, signal_cb, NULL);
mdm_signal_handler_add (signal_handler, SIGUSR2, signal_cb, NULL);
slave = mdm_product_slave_new (display_id);
if (slave == NULL) {
goto out;
}
g_signal_connect (slave,
"stopped",
G_CALLBACK (on_slave_stopped),
main_loop);
mdm_slave_start (slave);
g_main_loop_run (main_loop);
if (slave != NULL) {
g_object_unref (slave);
}
if (signal_handler != NULL) {
g_object_unref (signal_handler);
}
if (main_loop != NULL) {
g_main_loop_unref (main_loop);
}
out:
g_debug ("Slave finished");
return mdm_return_code;
}
gchar *
mdm_verify_user (MdmDisplay *d,
const char *username,
gboolean allow_retry)
{
gint pamerr = 0;
struct passwd *pwent = NULL;
char *login, *passreq;
char *pam_stack = NULL;
MDM_PAM_QUAL void *p;
int null_tok = 0;
gboolean credentials_set = FALSE;
gboolean error_msg_given = FALSE;
gboolean started_timer = FALSE;
verify_user_again:
pamerr = 0;
login = NULL;
error_msg_given = FALSE;
credentials_set = FALSE;
started_timer = FALSE;
null_tok = 0;
/* Don't start a timed login if we've already entered a username */
if (username != NULL) {
login = g_strdup (username);
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
} else {
/* start the timer for timed logins */
if ( ! ve_string_empty (mdm_daemon_config_get_value_string (MDM_KEY_TIMED_LOGIN)) &&
d->timed_login_ok && (d->attached)) {
mdm_slave_greeter_ctl_no_ret (MDM_STARTTIMER, "");
started_timer = TRUE;
}
}
cur_mdm_disp = d;
authenticate_again:
if (prev_user && !login) {
login = g_strdup (prev_user);
} else if (login && !prev_user) {
prev_user = g_strdup (login);
auth_retries = 0;
} else if (login && prev_user && strcmp (login, prev_user)) {
g_free (prev_user);
prev_user = g_strdup (login);
auth_retries = 0;
}
/*
* Initialize a PAM session for the user...
* Get value per-display so different displays can use different
* PAM Stacks, in case one display should use a different
* authentication mechanism than another display.
*/
pam_stack = mdm_daemon_config_get_value_string_per_display (MDM_KEY_PAM_STACK,
(char *)d->name);
if ( ! create_pamh (d, pam_stack, login, &pamc, d->name, &pamerr)) {
if (started_timer)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
g_free (pam_stack);
goto pamerr;
}
g_free (pam_stack);
/*
* have to unset login otherwise there is no chance to ever enter
* a different user
*/
g_free (login);
login = NULL;
pam_set_item (pamh, PAM_USER_PROMPT, _("Username:"******"PASSREQ=");
if (mdm_daemon_config_get_value_bool (MDM_KEY_PASSWORD_REQUIRED) ||
((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0))
null_tok |= PAM_DISALLOW_NULL_AUTHTOK;
mdm_verify_select_user (NULL);
/* Start authentication session */
did_we_ask_for_password = FALSE;
if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) {
if ( ! ve_string_empty (selected_user)) {
pam_handle_t *tmp_pamh;
/* Face browser was used to select a user,
just completely rewhack everything since it
seems various PAM implementations are
having goats with just setting PAM_USER
and trying to pam_authenticate again */
g_free (login);
login = selected_user;
selected_user = NULL;
mdm_sigterm_block_push ();
mdm_sigchld_block_push ();
tmp_pamh = pamh;
pamh = NULL;
mdm_sigchld_block_pop ();
mdm_sigterm_block_pop ();
/* FIXME: what about errors */
/* really this has been a sucess, not a failure */
pam_end (tmp_pamh, pamerr);
g_free (prev_user);
prev_user = NULL;
auth_retries = 0;
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
goto authenticate_again;
}
if (started_timer)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
if (mdm_slave_action_pending ()) {
/* FIXME: see note above about PAM_FAIL_DELAY */
/* #ifndef PAM_FAIL_DELAY */
mdm_sleep_no_signal (mdm_daemon_config_get_value_int (MDM_KEY_RETRY_DELAY));
/* wait up to 100ms randomly */
usleep (g_random_int_range (0, 100000));
/* #endif */ /* PAM_FAIL_DELAY */
mdm_error ("Couldn't authenticate user");
if (prev_user) {
unsigned max_auth_retries = 3;
char *val = mdm_read_default ("LOGIN_RETRIES=");
if (val) {
max_auth_retries = atoi (val);
g_free (val);
}
if (allow_retry == FALSE || pamerr == PAM_MAXTRIES ||
++auth_retries >= max_auth_retries) {
g_free (prev_user);
prev_user = NULL;
auth_retries = 0;
}
}
} else {
/* cancel, configurator etc pressed */
g_free (prev_user);
prev_user = NULL;
auth_retries = 0;
}
goto pamerr;
}
/* stop the timer for timed logins */
if (started_timer)
mdm_slave_greeter_ctl_no_ret (MDM_STOPTIMER, "");
g_free (login);
login = NULL;
g_free (prev_user);
prev_user = NULL;
if ((pamerr = pam_get_item (pamh, PAM_USER, &p)) != PAM_SUCCESS) {
login = NULL;
/* is not really an auth problem, but it will
pretty much look as such, it shouldn't really
happen */
if (mdm_slave_action_pending ())
mdm_error ("Couldn't authenticate user");
goto pamerr;
}
login = g_strdup ((const char *)p);
/* kind of anal, the greeter likely already knows, but it could have
been changed */
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
if ( ! mdm_slave_check_user_wants_to_log_in (login)) {
/* cleanup stuff */
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, "");
g_free (login);
login = NULL;
mdm_slave_greeter_ctl_no_ret (MDM_RESETOK, "");
mdm_verify_cleanup (d);
goto verify_user_again;
}
/* Check if user is root and is allowed to log in */
pwent = getpwnam (login);
if (( ! mdm_daemon_config_get_value_bool (MDM_KEY_ALLOW_ROOT) ||
( ! d->attached )) &&
(pwent != NULL && pwent->pw_uid == 0)) {
mdm_error ("Root login disallowed on display '%s'", d->name);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator "
"is not allowed to login "
"from this screen"));
/*mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG,
_("Root login disallowed"));*/
error_msg_given = TRUE;
goto pamerr;
}
if (mdm_daemon_config_get_value_bool (MDM_KEY_DISPLAY_LAST_LOGIN)) {
char *info = mdm_get_last_info (login);
mdm_slave_greeter_ctl_no_ret (MDM_MSG, info);
g_free (info);
}
/* Check if the user's account is healthy. */
pamerr = pam_acct_mgmt (pamh, null_tok);
switch (pamerr) {
case PAM_SUCCESS :
break;
case PAM_NEW_AUTHTOK_REQD :
if ((pamerr = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK)) != PAM_SUCCESS) {
mdm_error ("Authentication token change failed for user %s", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe change of the authentication token failed. "
"Please try again later or contact the system administrator."));
error_msg_given = TRUE;
goto pamerr;
}
break;
case PAM_ACCT_EXPIRED :
mdm_error ("User %s no longer permitted to access the system", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator has disabled your account."));
error_msg_given = TRUE;
goto pamerr;
case PAM_PERM_DENIED :
mdm_error ("User %s not permitted to gain access at this time", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nThe system administrator has disabled access to the system temporarily."));
error_msg_given = TRUE;
goto pamerr;
default :
if (mdm_slave_action_pending ())
mdm_error ("Couldn't set acct. mgmt for %s", login);
goto pamerr;
}
pwent = getpwnam (login);
if (/* paranoia */ pwent == NULL ||
! mdm_setup_gids (login, pwent->pw_gid)) {
mdm_error ("Cannot set user group for %s", login);
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX,
_("\nCannot set your user group; "
"you will not be able to log in. "
"Please contact your system administrator."));
goto pamerr;
}
did_setcred = TRUE;
/* Set credentials */
pamerr = pam_setcred (pamh, PAM_ESTABLISH_CRED);
if (pamerr != PAM_SUCCESS) {
did_setcred = FALSE;
if (mdm_slave_action_pending ())
mdm_error ("Couldn't set credentials for %s", login);
goto pamerr;
}
credentials_set = TRUE;
opened_session = TRUE;
/* Register the session */
pamerr = pam_open_session (pamh, 0);
if (pamerr != PAM_SUCCESS) {
opened_session = FALSE;
/* we handle this above */
did_setcred = FALSE;
if (mdm_slave_action_pending ())
mdm_error ("Couldn't open session for %s", login);
goto pamerr;
}
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
cur_mdm_disp = NULL;
/*
* Login succeeded.
* This function is a no-op if libaudit is not present.
*/
log_to_audit_system(login, d->hostname, d->name, AU_SUCCESS);
return login;
pamerr:
/*
* Take care of situation where we get here before setting pwent.
* Since login can be passed in as NULL, get the actual value if
* possible.
*/
if ((pam_get_item (pamh, PAM_USER, &p)) == PAM_SUCCESS) {
g_free (login);
login = g_strdup ((const char *)p);
}
if (pwent == NULL && login != NULL) {
pwent = getpwnam (login);
}
/*
* Log the failed login attempt.
* This function is a no-op if libaudit is not present.
*/
log_to_audit_system(login, d->hostname, d->name, AU_FAILED);
/* The verbose authentication is turned on, output the error
* message from the PAM subsystem */
if ( ! error_msg_given &&
mdm_slave_action_pending ()) {
mdm_slave_write_utmp_wtmp_record (d,
MDM_SESSION_RECORD_TYPE_FAILED_ATTEMPT,
login, getpid ());
/*
* I'm not sure yet if I should display this message for any
* other issues - heeten
* Adding AUTHINFO_UNAVAIL to the list - its what an unknown
* user is.
*/
if (pamerr == PAM_AUTH_ERR ||
pamerr == PAM_USER_UNKNOWN ||
pamerr == PAM_AUTHINFO_UNAVAIL) {
gboolean is_capslock = FALSE;
const char *basemsg;
char *msg;
char *ret;
ret = mdm_slave_greeter_ctl (MDM_QUERY_CAPSLOCK, "");
if ( ! ve_string_empty (ret))
is_capslock = TRUE;
g_free (ret);
/* Only give this message if we actually asked for
password, otherwise it would be silly to say that
the password may have been wrong */
if (did_we_ask_for_password) {
basemsg = _("\nIncorrect username or password. "
"Letters must be typed in the correct "
"case.");
} else {
basemsg = _("\nAuthentication failed. "
"Letters must be typed in the correct "
"case.");
}
if (is_capslock) {
msg = g_strconcat (basemsg, " ",
_("Caps Lock is on."),
NULL);
} else {
msg = g_strdup (basemsg);
}
mdm_slave_greeter_ctl_no_ret (MDM_ERRBOX, msg);
g_free (msg);
} else {
mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG, _("Authentication failed"));
}
}
did_setcred = FALSE;
opened_session = FALSE;
if (pamh != NULL) {
pam_handle_t *tmp_pamh;
mdm_sigterm_block_push ();
mdm_sigchld_block_push ();
tmp_pamh = pamh;
pamh = NULL;
mdm_sigchld_block_pop ();
mdm_sigterm_block_pop ();
/* Throw away the credentials */
if (credentials_set)
pam_setcred (tmp_pamh, PAM_DELETE_CRED);
pam_end (tmp_pamh, pamerr);
}
pamh = NULL;
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
g_free (login);
cur_mdm_disp = NULL;
return NULL;
}
static int
mdm_verify_pam_conv (int num_msg,
MDM_PAM_QUAL struct pam_message **msg,
struct pam_response **resp,
void *appdata_ptr)
{
int replies = 0;
int i;
char *s = NULL;
struct pam_response *reply = NULL;
MDM_PAM_QUAL void *p;
const char *login;
if (pamh == NULL)
return PAM_CONV_ERR;
/* Should never happen unless PAM is on crack and keeps asking questions
after we told it to go away. So tell it to go away again and
maybe it will listen */
/* well, it actually happens if there are multiple pam modules
* with conversations */
if ( ! mdm_slave_action_pending () || selected_user)
return PAM_CONV_ERR;
reply = malloc (sizeof (struct pam_response) * num_msg);
if (reply == NULL)
return PAM_CONV_ERR;
memset (reply, 0, sizeof (struct pam_response) * num_msg);
/* Here we set the login if it wasn't already set,
* this is kind of anal, but this way we guarantee that
* the greeter always is up to date on the login */
if (pam_get_item (pamh, PAM_USER, &p) == PAM_SUCCESS) {
login = (const char *)p;
mdm_slave_greeter_ctl_no_ret (MDM_SETLOGIN, login);
}
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
for (replies = 0; replies < num_msg; replies++) {
const char *m = (*msg)[replies].msg;
m = perhaps_translate_message (m);
switch ((*msg)[replies].msg_style) {
/* PAM requested textual input with echo on */
case PAM_PROMPT_ECHO_ON:
if (strcmp (m, _("Username:"******"Please enter your username"));
s = mdm_slave_greeter_ctl (MDM_PROMPT, m);
/* this will clear the message */
mdm_slave_greeter_ctl_no_ret (MDM_MSG, "");
}
} else {
s = mdm_slave_greeter_ctl (MDM_PROMPT, m);
}
if (mdm_slave_greeter_check_interruption ()) {
g_free (s);
for (i = 0; i < replies; i++)
if (reply[replies].resp != NULL)
free (reply[replies].resp);
free (reply);
return PAM_CONV_ERR;
}
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup (ve_sure_string (s));
g_free (s);
break;
case PAM_PROMPT_ECHO_OFF:
if (strcmp (m, _("Password:")) == 0)
did_we_ask_for_password = TRUE;
/* PAM requested textual input with echo off */
s = mdm_slave_greeter_ctl (MDM_NOECHO, m);
if (mdm_slave_greeter_check_interruption ()) {
g_free (s);
for (i = 0; i < replies; i++)
if (reply[replies].resp != NULL)
free (reply[replies].resp);
free (reply);
return PAM_CONV_ERR;
}
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = strdup (ve_sure_string (s));
g_free (s);
break;
case PAM_ERROR_MSG:
/* PAM sent a message that should displayed to the user */
mdm_slave_greeter_ctl_no_ret (MDM_ERRDLG, m);
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
case PAM_TEXT_INFO:
/* PAM sent a message that should displayed to the user */
mdm_slave_greeter_ctl_no_ret (MDM_MSG, m);
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
default:
/* PAM has been smoking serious crack */
for (i = 0; i < replies; i++)
if (reply[replies].resp != NULL)
free (reply[replies].resp);
free (reply);
return PAM_CONV_ERR;
}
}
*resp = reply;
return PAM_SUCCESS;
}
gboolean
mdm_verify_setup_user (MdmDisplay *d, const gchar *login, char **new_login)
{
gint pamerr = 0;
struct passwd *pwent = NULL;
MDM_PAM_QUAL void *p;
char *passreq;
char *pam_stack = NULL;
char *pam_service_name = NULL;
int null_tok = 0;
gboolean credentials_set;
const char *after_login;
credentials_set = FALSE;
*new_login = NULL;
if (login == NULL)
return FALSE;
cur_mdm_disp = d;
g_free (extra_standalone_message);
extra_standalone_message = g_strdup_printf ("%s (%s)",
_("Automatic login"),
login);
/*
* Initialize a PAM session for the user...
* Get value per-display so different displays can use different
* PAM Stacks, in case one display should use a different
* authentication mechanism than another display.
*/
pam_stack = mdm_daemon_config_get_value_string_per_display (MDM_KEY_PAM_STACK,
(char *)d->name);
pam_service_name = g_strdup_printf ("%s-autologin", pam_stack);
if ( ! create_pamh (d, pam_service_name, login, &standalone_pamc,
d->name, &pamerr)) {
g_free (pam_stack);
g_free (pam_service_name);
goto setup_pamerr;
}
g_free (pam_stack);
g_free (pam_service_name);
passreq = mdm_read_default ("PASSREQ=");
if (mdm_daemon_config_get_value_bool (MDM_KEY_PASSWORD_REQUIRED) ||
((passreq != NULL) && g_ascii_strcasecmp (passreq, "YES") == 0))
null_tok |= PAM_DISALLOW_NULL_AUTHTOK;
/* Start authentication session */
did_we_ask_for_password = FALSE;
if ((pamerr = pam_authenticate (pamh, null_tok)) != PAM_SUCCESS) {
if (mdm_slave_action_pending ()) {
mdm_error ("Couldn't authenticate user");
mdm_errorgui_error_box (cur_mdm_disp,
GTK_MESSAGE_ERROR,
_("Authentication failed"));
}
goto setup_pamerr;
}
if ((pamerr = pam_get_item (pamh, PAM_USER, &p)) != PAM_SUCCESS) {
/* is not really an auth problem, but it will
pretty much look as such, it shouldn't really
happen */
mdm_error ("Couldn't authenticate user");
mdm_errorgui_error_box (cur_mdm_disp,
GTK_MESSAGE_ERROR,
_("Authentication failed"));
goto setup_pamerr;
}
after_login = p;
if (after_login != NULL /* should never be */ &&
strcmp (after_login, login) != 0) {
*new_login = g_strdup (after_login);
}
/* Check if the user's account is healthy. */
pamerr = pam_acct_mgmt (pamh, null_tok);
switch (pamerr) {
case PAM_SUCCESS :
break;
case PAM_NEW_AUTHTOK_REQD :
/* XXX: this is for automatic and timed logins,
* we shouldn't be asking for new pw since we never
* authenticated the user. I suppose just ignoring
* this would be OK */
#if 0 /* don't change password */
if ((pamerr = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK)) != PAM_SUCCESS) {
mdm_error ("Authentication token change failed for user %s", login);
mdm_errorgui_error_box (cur_mdm_disp,
GTK_MESSAGE_ERROR,
_("\nThe change of the authentication token failed. "
"Please try again later or contact the system administrator."));
goto setup_pamerr;
}
#endif /* 0 */
break;
case PAM_ACCT_EXPIRED :
mdm_error ("User %s no longer permitted to access the system", login);
mdm_errorgui_error_box (cur_mdm_disp,
GTK_MESSAGE_ERROR,
_("The system administrator has disabled your account."));
goto setup_pamerr;
case PAM_PERM_DENIED :
mdm_error ("User %s not permitted to gain access at this time", login);
mdm_errorgui_error_box (cur_mdm_disp,
GTK_MESSAGE_ERROR,
_("The system administrator has disabled your access to the system temporarily."));
goto setup_pamerr;
default :
if (mdm_slave_action_pending ())
mdm_error ("Couldn't set acct. mgmt for %s", login);
goto setup_pamerr;
}
pwent = getpwnam (login);
if (/* paranoia */ pwent == NULL ||
! mdm_setup_gids (login, pwent->pw_gid)) {
mdm_error ("Cannot set user group for %s", login);
mdm_errorgui_error_box (cur_mdm_disp,
GTK_MESSAGE_ERROR,
_("Cannot set your user group; "
"you will not be able to log in. "
"Please contact your system administrator."));
goto setup_pamerr;
}
did_setcred = TRUE;
/* Set credentials */
pamerr = pam_setcred (pamh, PAM_ESTABLISH_CRED);
if (pamerr != PAM_SUCCESS) {
did_setcred = FALSE;
if (mdm_slave_action_pending ())
mdm_error ("Couldn't set credentials for %s", login);
goto setup_pamerr;
}
credentials_set = TRUE;
opened_session = TRUE;
/* Register the session */
pamerr = pam_open_session (pamh, 0);
if (pamerr != PAM_SUCCESS) {
did_setcred = FALSE;
opened_session = FALSE;
/* Throw away the credentials */
pam_setcred (pamh, PAM_DELETE_CRED);
if (mdm_slave_action_pending ())
mdm_error ("Couldn't open session for %s", login);
goto setup_pamerr;
}
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
cur_mdm_disp = NULL;
g_free (extra_standalone_message);
extra_standalone_message = NULL;
/*
* Login succeeded.
* This function is a no-op if libaudit is not present
*/
log_to_audit_system(login, d->hostname, d->name, AU_SUCCESS);
return TRUE;
setup_pamerr:
/*
* Take care of situation where we get here before setting pwent.
* Note login is never NULL when this function is called.
*/
if (pwent == NULL) {
pwent = getpwnam (login);
}
/*
* Log the failed login attempt.
* This function is a no-op if libaudit is not present
*/
log_to_audit_system(login, d->hostname, d->name, AU_FAILED);
did_setcred = FALSE;
opened_session = FALSE;
if (pamh != NULL) {
pam_handle_t *tmp_pamh;
mdm_sigterm_block_push ();
mdm_sigchld_block_push ();
tmp_pamh = pamh;
pamh = NULL;
mdm_sigchld_block_pop ();
mdm_sigterm_block_pop ();
/* Throw away the credentials */
if (credentials_set)
pam_setcred (tmp_pamh, PAM_DELETE_CRED);
pam_end (tmp_pamh, pamerr);
}
pamh = NULL;
/* Workaround to avoid mdm messages being logged as PAM_pwdb */
mdm_log_shutdown ();
mdm_log_init ();
cur_mdm_disp = NULL;
g_free (extra_standalone_message);
extra_standalone_message = NULL;
return FALSE;
}
int
main (int argc, char *argv[])
{
GtkWidget *dialog;
char *command;
char *version;
char *ret;
const char *message;
GOptionContext *ctx;
bindtextdomain (GETTEXT_PACKAGE, GNOMELOCALEDIR);
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
textdomain (GETTEXT_PACKAGE);
/* Option parsing */
ctx = g_option_context_new ("- New mdm login");
g_option_context_add_main_entries (ctx, options, _("main options"));
g_option_context_parse (ctx, &argc, &argv, NULL);
g_option_context_free (ctx);
if (monte_carlo_pi) {
calc_pi ();
return 0;
}
mdm_log_init ();
mdm_log_set_debug (debug_in);
if (args_remaining != NULL && args_remaining[0] != NULL)
server = args_remaining[0];
if (send_command != NULL) {
if ( ! mdmcomm_check (FALSE)) {
mdm_common_error (_("Error: MDM (MDM Display Manager) is not running."));
mdm_common_error (_("You might be using a different display manager."));
return 1;
}
} else {
/*
* The --command argument does not display anything, so avoid
* running gtk_init until it finishes. Sometimes the
* --command argument is used when there is no display so it
* will fail and cause the program to exit, complaining about
* "no display".
*/
gtk_init (&argc, &argv);
if ( ! mdmcomm_check (TRUE)) {
return 1;
}
}
/* Start reading config data in bulk */
mdmcomm_comm_bulk_start ();
/* Process --command option */
g_type_init ();
if (send_command != NULL) {
/* gdk_init is needed for cookie code to get display */
gdk_init (&argc, &argv);
if (authenticate)
auth_cookie = mdmcomm_get_auth_cookie ();
/*
* If asking for a translatable config value, then try to get
* the translated value first. If this fails, then go ahead
* and call the normal sockets command.
*/
if (strncmp (send_command, MDM_SUP_GET_CONFIG " ",
strlen (MDM_SUP_GET_CONFIG " ")) == 0) {
gchar *value = NULL;
const char *key = &send_command[strlen (MDM_SUP_GET_CONFIG " ")];
if (is_key (MDM_KEY_WELCOME, key) ||
is_key (MDM_KEY_REMOTE_WELCOME, key)) {
value = mdm_config_get_translated_string ((gchar *)key);
if (value != NULL) {
ret = g_strdup_printf ("OK %s", value);
}
}
/*
* If the above didn't return a value, then must be a
* different key, so call mdmcomm_call_mdm.
*/
if (value == NULL)
ret = mdmcomm_call_mdm (send_command, auth_cookie,
"1.0.0.0", 5);
} else {
ret = mdmcomm_call_mdm (send_command, auth_cookie,
"1.0.0.0", 5);
}
/* At this point we are done using the socket, so close it */
mdmcomm_comm_bulk_stop ();
if (ret != NULL) {
g_print ("%s\n", ret);
return 0;
} else {
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot communicate with MDM "
"(The MDM Display Manager)"),
_("Perhaps you have an old version "
"of MDM running."));
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
return 1;
}
}
/*
* Now process what mdmflexiserver is more frequently used to
* do, start VT (Virtual Terminal) sesions - at least on
* systems where it is supported. On systems where it is not
* supporteed VT stands for "Very Tight" and will mess up your
* display if you use it. Tight! So do not use it.
*
* I would accept a patch to disable it on such systems, but it
* is easy to avoid not using it as long as your distro does not
* put the menu choice in the application launch button on the
* panel (don't ship the desktop file).
*/
/*
* Always attempt to get cookie and authenticate. On remote
* servers
*/
auth_cookie = mdmcomm_get_auth_cookie ();
if (use_xnest) {
char *cookie = mdmcomm_get_a_cookie (FALSE /* binary */);
if (cookie == NULL) {
/* At this point we are done using the socket, so close it */
mdmcomm_comm_bulk_stop ();
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("You do not seem to have the "
"authentication needed for this "
"operation"),
_("Perhaps your .Xauthority "
"file is not set up correctly."));
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
return 1;
}
command = g_strdup_printf (MDM_SUP_FLEXI_XNEST " %s %d %s %s",
mdmcomm_get_display (),
(int)getuid (),
cookie,
XauFileName ());
g_free (cookie);
version = "1.0.0.0";
auth_cookie = NULL;
} else {
/* check for other displays/logged in users */
check_for_users ();
if (auth_cookie == NULL) {
/* At this point we are done using the socket, so close it */
mdmcomm_comm_bulk_stop ();
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("You do not seem to be logged in on the "
"console"),
_("Starting a new login only "
"works correctly on the console."));
gtk_dialog_set_has_separator (GTK_DIALOG (dialog),
FALSE);
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
return 1;
}
read_servers ();
server = choose_server ();
if (server == NULL)
command = g_strdup (MDM_SUP_FLEXI_XSERVER);
else
command = g_strdup_printf (MDM_SUP_FLEXI_XSERVER " %s",
server);
version = "1.0.0.0";
}
ret = mdmcomm_call_mdm (command, auth_cookie, version, 5);
g_free (command);
g_free (auth_cookie);
g_strfreev (args_remaining);
/* At this point we are done using the socket, so close it */
mdmcomm_comm_bulk_stop ();
if (ret != NULL &&
strncmp (ret, "OK ", 3) == 0) {
/* if we switched to a different screen as a result of this,
* lock the current screen */
if ( ! no_lock && ! use_xnest) {
maybe_lock_screen ();
}
/* all fine and dandy */
g_free (ret);
return 0;
}
message = mdmcomm_get_error_message (ret, use_xnest);
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot start new display"),
message);
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
g_free (ret);
return 1;
}
int
main (int argc, char *argv[])
{
GtkWidget *dialog;
char *ret;
const char *message;
GOptionContext *ctx;
bindtextdomain (GETTEXT_PACKAGE, GNOMELOCALEDIR);
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
textdomain (GETTEXT_PACKAGE);
/* Option parsing */
ctx = g_option_context_new ("- New mdm login");
g_option_context_add_main_entries (ctx, options, _("main options"));
g_option_context_parse (ctx, &argc, &argv, NULL);
g_option_context_free (ctx);
mdm_log_init ();
mdm_log_set_debug (debug_in);
if (send_command != NULL) {
if ( ! mdmcomm_is_daemon_running (FALSE)) {
mdm_common_error (_("Error: MDM (MDM Display Manager) is not running."));
mdm_common_error (_("You might be using a different display manager."));
return 1;
}
} else {
/*
* The --command argument does not display anything, so avoid
* running gtk_init until it finishes. Sometimes the
* --command argument is used when there is no display so it
* will fail and cause the program to exit, complaining about
* "no display".
*/
gtk_init (&argc, &argv);
if ( ! mdmcomm_is_daemon_running (TRUE)) {
return 1;
}
}
mdmcomm_open_connection_to_daemon ();
/* Process --command option */
g_type_init ();
if (send_command != NULL) {
/* gdk_init is needed for cookie code to get display */
gdk_init (&argc, &argv);
if (authenticate)
auth_cookie = mdmcomm_get_auth_cookie ();
/*
* If asking for a translatable config value, then try to get
* the translated value first. If this fails, then go ahead
* and call the normal sockets command.
*/
if (strncmp (send_command, MDM_SUP_GET_CONFIG " ",
strlen (MDM_SUP_GET_CONFIG " ")) == 0) {
gchar *value = NULL;
const char *key = &send_command[strlen (MDM_SUP_GET_CONFIG " ")];
if (is_key (MDM_KEY_WELCOME, key)) {
value = mdm_config_get_translated_string ((gchar *)key);
if (value != NULL) {
ret = g_strdup_printf ("OK %s", value);
}
}
/*
* If the above didn't return a value, then must be a
* different key, so call the daemon.
*/
if (value == NULL)
ret = mdmcomm_send_cmd_to_daemon_with_args (send_command, auth_cookie, 5);
} else {
ret = mdmcomm_send_cmd_to_daemon_with_args (send_command, auth_cookie, 5);
}
/* At this point we are done using the socket, so close it */
mdmcomm_close_connection_to_daemon ();
if (ret != NULL) {
g_print ("%s\n", ret);
return 0;
} else {
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot communicate with MDM "
"(The MDM Display Manager)"),
_("Perhaps you have an old version "
"of MDM running."));
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
return 1;
}
}
/*
* Always attempt to get cookie and authenticate. On remote
* servers
*/
auth_cookie = mdmcomm_get_auth_cookie ();
/* check for other displays/logged in users */
check_for_users ();
if (auth_cookie == NULL) {
/* At this point we are done using the socket, so close it */
mdmcomm_close_connection_to_daemon ();
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("You do not seem to be logged in on the "
"console"),
_("Starting a new login only "
"works correctly on the console."));
gtk_dialog_set_has_separator (GTK_DIALOG (dialog),
FALSE);
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
return 1;
}
ret = mdmcomm_send_cmd_to_daemon_with_args (MDM_SUP_FLEXI_XSERVER, auth_cookie, 5);
g_free (auth_cookie);
g_strfreev (args_remaining);
/* At this point we are done using the socket, so close it */
mdmcomm_close_connection_to_daemon ();
if (ret != NULL &&
strncmp (ret, "OK ", 3) == 0) {
/* if we switched to a different screen as a result of this,
* lock the current screen */
if ( ! no_lock ) {
maybe_lock_screen ();
}
/* all fine and dandy */
g_free (ret);
return 0;
}
message = mdmcomm_get_error_message (ret);
dialog = hig_dialog_new (NULL /* parent */,
GTK_DIALOG_MODAL /* flags */,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot start new display"),
message);
gtk_widget_show_all (dialog);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
g_free (ret);
return 1;
}
gboolean
mdm_display_manage (MdmDisplay *d)
{
pid_t pid;
int fds[2];
if (!d)
return FALSE;
mdm_debug ("mdm_display_manage: Managing %s", d->name);
if (pipe (fds) < 0) {
mdm_error ("mdm_display_manage: Cannot create pipe");
}
if ( ! mdm_display_check_loop (d))
return FALSE;
if (d->slavepid != 0)
mdm_debug ("mdm_display_manage: Old slave pid is %d", (int)d->slavepid);
/* If we have an old slave process hanging around, kill it */
/* This shouldn't be a normal code path however, so it doesn't matter
* that we are hanging */
whack_old_slave (d, FALSE /* kill_connection */);
/* Ensure that /tmp/.ICE-unix and /tmp/.X11-unix exist and have the
* correct permissions */
mdm_ensure_sanity ();
d->managetime = time (NULL);
mdm_debug ("Forking slave process");
/* Fork slave process */
pid = d->slavepid = fork ();
switch (pid) {
case 0:
setpgid (0, 0);
/* Make the slave it's own leader. This 1) makes killing -pid of
* the daemon work more sanely because the daemon can whack the
* slave much better itself */
setsid ();
/* In the child setup empty mask and set all signals to
* default values, we'll make them more fun later */
mdm_unset_signals ();
d->slavepid = getpid ();
mdm_connection_close (pipeconn);
pipeconn = NULL;
mdm_connection_close (unixconn);
unixconn = NULL;
mdm_log_shutdown ();
/* Debian changes */
#if 0
/* upstream version */
- /* Close everything */
- mdm_close_all_descriptors (0 /* from */, fds[0] /* except */, slave_fifo_pipe_fd /* except2 */);
#endif
/* Close stdin/stdout/stderr. Leave others, as pam modules may have them open */
VE_IGNORE_EINTR (close (0));
VE_IGNORE_EINTR (close (1));
VE_IGNORE_EINTR (close (2));
/* End of Debian changes */
/* No error checking here - if it's messed the best response
* is to ignore & try to continue */
mdm_open_dev_null (O_RDONLY); /* open stdin - fd 0 */
mdm_open_dev_null (O_RDWR); /* open stdout - fd 1 */
mdm_open_dev_null (O_RDWR); /* open stderr - fd 2 */
mdm_log_init ();
d->slave_notify_fd = fds[0];
fcntl (d->slave_notify_fd, F_SETFL, fcntl (d->slave_notify_fd, F_GETFL) | O_NONBLOCK);
mdm_slave_start (d);
/* should never retern */
/* yaikes, how did we ever get here? */
mdm_server_stop (d);
_exit (DISPLAY_REMANAGE);
break;
case -1:
d->slavepid = 0;
mdm_error ("mdm_display_manage: Failed forking MDM slave process for %s", d->name);
return FALSE;
default:
mdm_debug ("mdm_display_manage: Forked slave: %d", (int)pid);
d->master_notify_fd = fds[1];
VE_IGNORE_EINTR (close (fds[0]));
break;
}
/* invalidate chosen hostname */
g_free (d->chosen_hostname);
d->chosen_hostname = NULL;
/* use_chooser can only be temporary, if you want it permanent you set it
up in the server definition with "chooser=true" and it will get set up
during server command line resolution */
d->use_chooser = FALSE;
if (SERVER_IS_LOCAL (d)) {
d->dispstat = DISPLAY_ALIVE;
}
/* reset sleep to 1, to sleep just in case (avoids X server races) */
d->sleep_before_run = 1;
return TRUE;
}
int main(int argc, char** argv)
{
struct sigaction sa;
GError* error;
#if GTK_CHECK_VERSION (3, 0, 0)
const char* display_str;
#else
char* display_str;
#endif
GsmManager* manager;
GsmStore* client_store;
GsmXsmpServer* xsmp_server;
GSettings* accessibility_settings;
MdmSignalHandler* signal_handler;
static char** override_autostart_dirs = NULL;
static GOptionEntry entries[] = {
{"autostart", 'a', 0, G_OPTION_ARG_STRING_ARRAY, &override_autostart_dirs, N_("Override standard autostart directories"), NULL},
{"debug", 0, 0, G_OPTION_ARG_NONE, &debug, N_("Enable debugging code"), NULL},
{"failsafe", 'f', 0, G_OPTION_ARG_NONE, &failsafe, N_("Do not load user-specified applications"), NULL},
{"version", 0, 0, G_OPTION_ARG_NONE, &show_version, N_("Version of this application"), NULL},
{NULL, 0, 0, 0, NULL, NULL, NULL }
};
/* Make sure that we have a session bus */
if (!require_dbus_session(argc, argv, &error))
{
gsm_util_init_error(TRUE, "%s", error->message);
}
bindtextdomain(GETTEXT_PACKAGE, LOCALE_DIR);
bind_textdomain_codeset(GETTEXT_PACKAGE, "UTF-8");
textdomain(GETTEXT_PACKAGE);
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sigaction(SIGPIPE, &sa, 0);
error = NULL;
gtk_init_with_args(&argc, &argv, (char*) _(" - the MATE session manager"), entries, GETTEXT_PACKAGE, &error);
if (error != NULL)
{
g_warning("%s", error->message);
exit(1);
}
if (show_version)
{
g_print("%s %s\n", argv [0], VERSION);
exit(1);
}
mdm_log_init();
mdm_log_set_debug(debug);
/* Set DISPLAY explicitly for all our children, in case --display
* was specified on the command line.
*/
#if GTK_CHECK_VERSION (3, 0, 0)
display_str = gdk_display_get_name (gdk_display_get_default());
#else
display_str = gdk_get_display();
#endif
gsm_util_setenv("DISPLAY", display_str);
#if !GTK_CHECK_VERSION (3, 0, 0)
g_free(display_str);
#endif
/* Some third-party programs rely on MATE_DESKTOP_SESSION_ID to
* detect if MATE is running. We keep this for compatibility reasons.
*/
gsm_util_setenv("MATE_DESKTOP_SESSION_ID", "this-is-deprecated");
/*
* Make sure gsettings is set up correctly. If not, then bail.
*/
if (initialize_gsettings () != TRUE)
exit (1);
/* Look if accessibility is enabled */
accessibility_settings = g_settings_new (ACCESSIBILITY_SCHEMA);
if (g_settings_get_boolean (accessibility_settings, ACCESSIBILITY_KEY))
{
gsm_util_setenv("GTK_MODULES", "gail:atk-bridge");
}
g_object_unref (accessibility_settings);
client_store = gsm_store_new();
xsmp_server = gsm_xsmp_server_new(client_store);
/* Now make sure they succeeded. (They'll call
* gsm_util_init_error() if they failed.)
*/
acquire_name();
/* Starts gnome compat mode */
msm_gnome_start();
manager = gsm_manager_new(client_store, failsafe);
signal_handler = mdm_signal_handler_new();
mdm_signal_handler_add_fatal(signal_handler);
mdm_signal_handler_add(signal_handler, SIGFPE, signal_cb, NULL);
mdm_signal_handler_add(signal_handler, SIGHUP, signal_cb, NULL);
mdm_signal_handler_add(signal_handler, SIGUSR1, signal_cb, NULL);
mdm_signal_handler_add(signal_handler, SIGTERM, signal_cb, manager);
mdm_signal_handler_add(signal_handler, SIGINT, signal_cb, manager);
mdm_signal_handler_set_fatal_func(signal_handler, shutdown_cb, manager);
if (override_autostart_dirs != NULL)
{
load_override_apps(manager, override_autostart_dirs);
}
else
{
load_standard_apps(manager, GSM_DEFAULT_SESSION_KEY);
}
gsm_xsmp_server_start(xsmp_server);
gsm_manager_start(manager);
gtk_main();
if (xsmp_server != NULL)
{
g_object_unref(xsmp_server);
}
if (manager != NULL)
{
g_debug("Unreffing manager");
g_object_unref(manager);
}
if (client_store != NULL)
{
g_object_unref(client_store);
}
msm_gnome_stop();
mdm_log_shutdown();
return 0;
}
