GNOME Bugzilla – Bug 727982
Quality Engineering noticed a problem with transient authentication sessions,
Last modified: 2014-04-10 17:24:53 UTC
when running vncserver as a different user than the audit session the server is running in. These patches address that problem.
Created attachment 274016 [details] [review] session: introduce new client-rejected signal If a client gets rejected because it's not allowed to connect to a particular session, we really need to inform the owner of the session object so it can do any clean up it needs to do, if necessary.
Created attachment 274017 [details] [review] manager: don't leak session objects when client is rejected if a client creates a transient reauthentication session and then we reject the client when it tries to connect to it, then we need to clean up the associated session object. This commit does that.
Created attachment 274018 [details] [review] manager: be more accepting of callers with uids different from their session If a user runs su in their session, that switched user will now be running in a session that doesn't belong to it. GDM won't allow a user access to the worker process associated with the session in this case. Instead, it will try to create a temporary just-in-time reauthentication channel so reauthentication can happen without having the user talking to another user's worker. Unfortunately, a logic error in the code means, the user won't access to its own just-in-time channel. This commit fixes that.
Attachment 274016 [details] pushed as 559fa86 - session: introduce new client-rejected signal Attachment 274017 [details] pushed as c7553e8 - manager: don't leak session objects when client is rejected Attachment 274018 [details] pushed as 243ede3 - manager: be more accepting of callers with uids different from their session