GNOME Bugzilla – Bug 726283
Support screen unlocking for startx and vncserver
Last modified: 2014-07-31 09:24:13 UTC
Right now gnome-shell gets really unhappy at unlock time if it's running on a non-GDM session. This bug is about a set of patches that tries to keep things hobbling along by creating a just in time reauthentication channel to aid in unlock.
Created attachment 271785 [details] [review] manager: explicitly disallow login screen from opening reauth channel It doesn't make sense for it to do, and right now the shell does it up front, waits for the failure, and then does the "right" thing (opens a new auth session) after. This commit makes the failure explicit, so we can subsequently make other cases where a reauth channel is requested work even if there is no session to channel to by implicitly creating a transient one just in time. That will come later.
Created attachment 271786 [details] [review] worker: support authentication without X11 display At the moment we unconditionally set PAM_XDISPLAY and PAM_XAUTHDATA based on values passed to the worker. In a future commit, those values are going to become stubs, so as a first step, this commit makes PAM_XDISPLAY and PAM_XAUTHDATA optional.
Created attachment 271787 [details] [review] manager: collect more details about bus sender In the future we're going to need to know more details about the sender to know how to move forward (such as seat id, session id, if it's remote, etc) in order to create a transient session soley for reauthentication. To prepare for that future, this commit adds the necessary functionality to get_display_and_details_for_bus_sender.
Created attachment 271788 [details] [review] manager: support just-in-time reauthentication for non-GDM sessions Right now, gnome-shell can't unlock screens running on an X server that isn't managed by GDM (say Xvnc or startx). This is because GDM handles the backend processing for unlocking, and it handles that backend processing from the worker associated with the session. If there is no worker associated with the session (as is the case with Xvnc and startx), then there's no process to handle reauthentication. This commit notices that case, and creates a transient worker on the fly just to perform one off authentication for unlock of non-GDM managed sessions.
Attachment 271785 [details] pushed as 22977b5 - manager: explicitly disallow login screen from opening reauth channel Attachment 271786 [details] pushed as 51883ec - worker: support authentication without X11 display Attachment 271787 [details] pushed as afc73ea - manager: collect more details about bus sender Attachment 271788 [details] pushed as b994e94 - manager: support just-in-time reauthentication for non-GDM sessions
*** Bug 699806 has been marked as a duplicate of this bug. ***
Ray, are these fixes backportable to 3.8 / 3.10? We seem to have multiple Fedora 19 and Fedora 20 folks running into this issue: https://bugzilla.redhat.com/show_bug.cgi?id=960149 https://bugzilla.redhat.com/show_bug.cgi?id=1098740 https://bugzilla.redhat.com/show_bug.cgi?id=1112982#c11