After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 726283 - Support screen unlocking for startx and vncserver
Support screen unlocking for startx and vncserver
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
unspecified
Other All
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
: 699806 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2014-03-13 20:12 UTC by Ray Strode [halfline]
Modified: 2014-07-31 09:24 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
manager: explicitly disallow login screen from opening reauth channel (12.18 KB, patch)
2014-03-13 20:12 UTC, Ray Strode [halfline]
committed Details | Review
worker: support authentication without X11 display (6.54 KB, patch)
2014-03-13 20:12 UTC, Ray Strode [halfline]
committed Details | Review
manager: collect more details about bus sender (15.62 KB, patch)
2014-03-13 20:12 UTC, Ray Strode [halfline]
committed Details | Review
manager: support just-in-time reauthentication for non-GDM sessions (20.40 KB, patch)
2014-03-13 20:12 UTC, Ray Strode [halfline]
committed Details | Review

Description Ray Strode [halfline] 2014-03-13 20:12:23 UTC
Right now gnome-shell gets really unhappy at unlock time if it's running on a
non-GDM session.

This bug is about a set of patches that tries to keep things hobbling along by
creating a just in time reauthentication channel to aid in unlock.
Comment 1 Ray Strode [halfline] 2014-03-13 20:12:25 UTC
Created attachment 271785 [details] [review]
manager: explicitly disallow login screen from opening reauth channel

It doesn't make sense for it to do, and right now the shell does it
up front, waits for the failure, and then does the "right" thing
(opens a new auth session) after.

This commit makes the failure explicit, so we can subsequently make
other cases where a reauth channel is requested work even if there is
no session to channel to by implicitly creating a transient one just
in time.  That will come later.
Comment 2 Ray Strode [halfline] 2014-03-13 20:12:29 UTC
Created attachment 271786 [details] [review]
worker: support authentication without X11 display

At the moment we unconditionally set PAM_XDISPLAY
and PAM_XAUTHDATA based on values passed to the worker.

In a future commit, those values are going to become
stubs, so as a first step, this commit makes PAM_XDISPLAY
and PAM_XAUTHDATA optional.
Comment 3 Ray Strode [halfline] 2014-03-13 20:12:33 UTC
Created attachment 271787 [details] [review]
manager: collect more details about bus sender

In the future we're going to need to know more details about the
sender to know how to move forward (such as seat id, session id,
if it's remote, etc) in order to create a transient session soley
for reauthentication.

To prepare for that future, this commit adds the necessary
functionality to get_display_and_details_for_bus_sender.
Comment 4 Ray Strode [halfline] 2014-03-13 20:12:36 UTC
Created attachment 271788 [details] [review]
manager: support just-in-time reauthentication for non-GDM sessions

Right now, gnome-shell can't unlock screens running on an X server that
isn't managed by GDM (say Xvnc or startx).  This is because GDM handles
the backend processing for unlocking, and it handles that backend
processing from the worker associated with the session.  If there is no
worker associated with the session (as is the case with Xvnc and startx),
then there's no process to handle reauthentication.

This commit notices that case, and creates a transient worker on the fly
just to perform one off authentication for unlock of non-GDM managed
sessions.
Comment 5 Ray Strode [halfline] 2014-03-19 19:04:40 UTC
Attachment 271785 [details] pushed as 22977b5 - manager: explicitly disallow login screen from opening reauth channel
Attachment 271786 [details] pushed as 51883ec - worker: support authentication without X11 display
Attachment 271787 [details] pushed as afc73ea - manager: collect more details about bus sender
Attachment 271788 [details] pushed as b994e94 - manager: support just-in-time reauthentication for non-GDM sessions
Comment 6 Ray Strode [halfline] 2014-04-11 12:35:05 UTC
*** Bug 699806 has been marked as a duplicate of this bug. ***
Comment 7 Adam Williamson 2014-07-23 05:12:45 UTC
Ray, are these fixes backportable to 3.8 / 3.10?

We seem to have multiple Fedora 19 and Fedora 20 folks running into this issue:

https://bugzilla.redhat.com/show_bug.cgi?id=960149
https://bugzilla.redhat.com/show_bug.cgi?id=1098740
https://bugzilla.redhat.com/show_bug.cgi?id=1112982#c11