Hello community, here is the log from the commit of package gnome-keyring checked in at Mon Nov 17 16:57:53 CET 2008. -------- --- GNOME/gnome-keyring/gnome-keyring.changes 2008-10-21 22:37:52.000000000 +0200 +++ /mounts/work_src_done/STABLE/gnome-keyring/gnome-keyring.changes 2008-11-09 02:29:38.000000000 +0100 @@ -1,0 +2,21 @@ +Sun Nov 9 02:21:56 CET 2008 - vuntz@novell.com + +- Add some patches that will make pam-config integration possible. + This is part of bnc#421603. +- Add gnome-keyring-pam-stop-passwd.patch: if the keyring is + started to update the keyring password on password change, then + stop it too. + Based on patch by Thorsten Kukuk. +- Add gnome-keyring-pam-auto-start-if.patch: support an + auto_start_if option for the pam module to specify for which + service to auto-start the keyring. + Based on patch by Thorsten Kukuk. +- Update gnome-keyring-check-session.patch: the check for the GNOME + session is only working for the gdm service. With the + gnome-keyring-pam-auto-start-if.patch patch, we need to make sure + that we only do it for gdm since someone might want to configure + the keyring to start when logging in a console, eg. +- gnome-keyring-spurious-syslog.patch: don't try to unlock the + keyring if there's no daemon running. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- gnome-keyring-pam-auto-start-if.patch gnome-keyring-pam-stop-passwd.patch gnome-keyring-spurious-syslog.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnome-keyring.spec ++++++ --- /var/tmp/diff_new_pack.o16356/_old 2008-11-17 16:54:25.000000000 +0100 +++ /var/tmp/diff_new_pack.o16356/_new 2008-11-17 16:54:25.000000000 +0100 @@ -23,15 +23,21 @@ BuildRequires: hal-devel intltool libgcrypt-devel libtasn1-devel BuildRequires: pam-devel update-desktop-files Version: 2.24.1 -Release: 1 +Release: 2 Url: http://www.gnome.org/ Group: System/GUI/GNOME License: GPL v2 or later; LGPL v2.1 or later Summary: GNOME Keyring Password Manager Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/0.6/%{name}-%{version}.tar.bz2 Patch1: gnome-keyring-use-markup-correctly.patch +# PATCH-FIX-UPSTREAM gnome-keyring-pam-stop-passwd.patch bnc421603 bgo558636 vuntz@novell.com -- Stop daemon if started for a password change +Patch2: gnome-keyring-pam-stop-passwd.patch +# PATCH-FEATURE-UPSTREAM gnome-keyring-pam-auto-start-if.patch bnc421603 bgo559781 vuntz@novell.com -- Add auto_start_if= option to the pam module +Patch3: gnome-keyring-pam-auto-start-if.patch # PATCH-FIX-OPENSUSE gnome-keyring-check-session.patch vuntz@novell.com -- Only start gnome-keyring in the pam module if GNOME is started Patch4: gnome-keyring-check-session.patch +# PATCH-FIX-UPSTREAM gnome-keyring-spurious-syslog.patch bgo559958 vuntz@novell.com -- Don't spam syslog +Patch5: gnome-keyring-spurious-syslog.patch Requires: %{name}-lang = %{version} AutoReqProv: on BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -113,7 +119,10 @@ %prep %setup -q %patch1 +%patch2 -p1 +%patch3 -p1 %patch4 +%patch5 -p1 %build autoreconf -f -i @@ -198,6 +207,24 @@ %{_datadir}/gtk-doc/html/gnome-keyring %changelog +* Sun Nov 09 2008 vuntz@novell.com +- Add some patches that will make pam-config integration possible. + This is part of bnc#421603. +- Add gnome-keyring-pam-stop-passwd.patch: if the keyring is + started to update the keyring password on password change, then + stop it too. + Based on patch by Thorsten Kukuk. +- Add gnome-keyring-pam-auto-start-if.patch: support an + auto_start_if option for the pam module to specify for which + service to auto-start the keyring. + Based on patch by Thorsten Kukuk. +- Update gnome-keyring-check-session.patch: the check for the GNOME + session is only working for the gdm service. With the + gnome-keyring-pam-auto-start-if.patch patch, we need to make sure + that we only do it for gdm since someone might want to configure + the keyring to start when logging in a console, eg. +- gnome-keyring-spurious-syslog.patch: don't try to unlock the + keyring if there's no daemon running. * Wed Oct 22 2008 mboman@suse.de - Update to version 2.24.1: + Fix crash on logout on Solaris. @@ -309,7 +336,7 @@ + Log to syslog even when running in the foreground + Add a configure option to disable building of the SSH agent + Build fixes. -* Thu Mar 13 2008 maw@suse.de +* Fri Mar 14 2008 maw@suse.de - Update to version 2.22.0: + Minor build fix. * Tue Mar 04 2008 maw@suse.de @@ -357,7 +384,7 @@ * Tue Jan 22 2008 hpj@suse.de - Remove gnome-keyring-2.21.4-getenv-returns-null.patch, and fix gnome-keyring-check-session.patch instead. -* Sun Jan 20 2008 hpj@suse.de +* Mon Jan 21 2008 hpj@suse.de - Add gnome-keyring-2.21.4-getenv-returns-null.patch to fix GNOME bug #510902. * Sat Jan 12 2008 hpj@suse.de @@ -404,7 +431,7 @@ - Now builds on Solaris [Damien Carbery] - Configure PAM module directory better [Matthias Clasen] - Fix memory leaks -* Tue Aug 07 2007 maw@suse.de +* Wed Aug 08 2007 maw@suse.de - Use %%fdupes - Split off a -lang subpackage. * Thu Aug 02 2007 jpr@suse.de @@ -489,7 +516,7 @@ - Translation updates - Fix crash when asking for password - Fix --disable-nls -* Fri May 12 2006 hpj@suse.de +* Sat May 13 2006 hpj@suse.de - Add a patch to provide better CASA integration. CASAManager is allowed by default, and the default keyring's password is saved in CASA, making most of the annoying dialogs go away. Part of ++++++ gnome-keyring-check-session.patch ++++++ --- /var/tmp/diff_new_pack.o16356/_old 2008-11-17 16:54:26.000000000 +0100 +++ /var/tmp/diff_new_pack.o16356/_new 2008-11-17 16:54:26.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- pam/gkr-pam-module.c.orig +++ pam/gkr-pam-module.c -@@ -77,9 +77,20 @@ enum { +@@ -77,9 +77,30 @@ enum { #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR #endif @@ -12,18 +12,28 @@ * HELPERS */ + -+/* we don't want to start the keyring if the session is not GNOME */ ++/* We don't want to start the keyring if the session is not GNOME. ++ * Note that this only works if the service is gdm, so we return ++ * TRUE in all other cases. */ +static int +starting_gnome (pam_handle_t *ph) +{ -+ const char *session = get_any_env (ph, "DESKTOP_SESSION"); ++ const char *session = NULL; ++ const void *service = NULL; + ++ if (pam_get_item (ph, PAM_SERVICE, &service) != PAM_SUCCESS) ++ return 1; ++ ++ if (!service || strcmp (service, "gdm") != 0) ++ return 1; ++ ++ session = get_any_env (ph, "DESKTOP_SESSION"); + return (session && strcmp (session, "gnome") == 0); +} static void close_safe (int fd) -@@ -787,7 +798,7 @@ pam_sm_authenticate (pam_handle_t *ph, i +@@ -834,7 +855,7 @@ pam_sm_authenticate (pam_handle_t *ph, i started_daemon = 0; /* Should we start the daemon? */ @@ -32,7 +42,7 @@ ret = start_daemon_if_necessary (ph, pwd, password, &started_daemon); if (ret != PAM_SUCCESS) return ret; -@@ -854,7 +865,7 @@ pam_sm_open_session (pam_handle_t *ph, i +@@ -901,7 +922,7 @@ pam_sm_open_session (pam_handle_t *ph, i started_daemon = 0; /* Should we start the daemon? */ ++++++ gnome-keyring-pam-auto-start-if.patch ++++++ Index: gnome-keyring-2.24.1/pam/gkr-pam-module.c =================================================================== --- gnome-keyring-2.24.1.orig/pam/gkr-pam-module.c +++ gnome-keyring-2.24.1/pam/gkr-pam-module.c @@ -205,6 +205,39 @@ write_string (int fd, const char* buf) return 0; } +/* Check for list match. */ +static int +evaluate_inlist (const char *needle, const char *haystack) +{ + const char *item; + const char *remaining; + + remaining = haystack; + + while (1) { + item = strstr (remaining, needle); + if (item == NULL) + break; + + /* is it really the start of an item in the list? */ + if (item == haystack || *(item - 1) == ',') { + item += strlen (needle); + /* is item really needle? */ + if (*item == '\0' || *item == ',') + return PAM_SUCCESS; + } + + remaining = strchr (item, ','); + if (remaining == NULL) + break; + + /* skip ',' */ + ++remaining; + } + + return PAM_AUTH_ERR; +} + /* ----------------------------------------------------------------------------- * DAEMON MANAGEMENT */ @@ -732,16 +765,30 @@ prompt_password (pam_handle_t *ph) } static uint -parse_args (int argc, const char **argv) +parse_args (pam_handle_t *ph, int argc, const char **argv) { uint args = 0; - + const void *svc; + int i; + + svc = NULL; + if (pam_get_item(ph, PAM_SERVICE, &svc) != PAM_SUCCESS) + svc = NULL; + /* Parse the arguments */ - for (; argc-- > 0; ++argv) { - if (strcmp (argv[0], "auto_start") == 0) + for (i = 0; i < argc; i++) { + if (strcmp (argv[i], "auto_start") == 0) args |= ARG_AUTO_START; - else - syslog (GKR_LOG_WARN, "gkr-pam: invalid option: %s", argv[0]); + else if (strncmp (argv[i], + "auto_start_if=", + strlen ("auto_start_if=")) == 0) { + if (svc && + evaluate_inlist (svc, + &argv[i][strlen ("auto_start_if=")]) == PAM_SUCCESS) + args |= ARG_AUTO_START; + + } else + syslog (GKR_LOG_WARN, "gkr-pam: invalid option: %s", argv[i]); } return args; @@ -757,7 +804,7 @@ pam_sm_authenticate (pam_handle_t *ph, i uint args; int ret; - args = parse_args (argc, argv); + args = parse_args (ph, argc, argv); /* Figure out and/or prompt for the user name */ ret = pam_get_user (ph, &user, NULL); @@ -822,7 +869,7 @@ pam_sm_open_session (pam_handle_t *ph, i const char *user = NULL, *password = NULL; struct passwd *pwd; int ret; - uint args = parse_args (argc, argv); + uint args = parse_args (ph, argc, argv); int started_daemon; /* Figure out the user name */ @@ -987,7 +1034,7 @@ pam_sm_chauthtok (pam_handle_t *ph, int uint args; int ret; - args = parse_args (argc, argv); + args = parse_args (ph, argc, argv); /* Figure out and/or prompt for the user name */ ret = pam_get_user (ph, &user, NULL); ++++++ gnome-keyring-pam-stop-passwd.patch ++++++ Index: gnome-keyring-2.24.1/pam/gkr-pam-module.c =================================================================== --- gnome-keyring-2.24.1.orig/pam/gkr-pam-module.c +++ gnome-keyring-2.24.1/pam/gkr-pam-module.c @@ -925,7 +925,7 @@ pam_chauthtok_preliminary (pam_handle_t } static int -pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd) +pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd, uint args) { const char *password, *original; int ret, started_daemon = 0; @@ -967,6 +967,12 @@ pam_chauthtok_update (pam_handle_t *ph, return ret; ret = change_keyring_password (ph, pwd, password, original); + + /* if not auto_start, kill the daemon if we started it: we don't want + * it to stay */ + if (started_daemon && !(args & ARG_AUTO_START)) + stop_daemon (ph, pwd); + if (ret != PAM_SUCCESS) return ret; @@ -978,8 +984,11 @@ pam_sm_chauthtok (pam_handle_t *ph, int { const char *user; struct passwd *pwd; + uint args; int ret; + args = parse_args (argc, argv); + /* Figure out and/or prompt for the user name */ ret = pam_get_user (ph, &user, NULL); if (ret != PAM_SUCCESS) { @@ -997,7 +1006,7 @@ pam_sm_chauthtok (pam_handle_t *ph, int if (flags & PAM_PRELIM_CHECK) return pam_chauthtok_preliminary (ph, pwd); else if (flags & PAM_UPDATE_AUTHTOK) - return pam_chauthtok_update (ph, pwd); + return pam_chauthtok_update (ph, pwd, args); else return PAM_IGNORE; } ++++++ gnome-keyring-spurious-syslog.patch ++++++ Index: gnome-keyring-2.24.1/pam/gkr-pam-module.c =================================================================== --- gnome-keyring-2.24.1.orig/pam/gkr-pam-module.c +++ gnome-keyring-2.24.1/pam/gkr-pam-module.c @@ -890,6 +890,7 @@ pam_sm_open_session (pam_handle_t *ph, i const char *user = NULL, *password = NULL; struct passwd *pwd; int ret; + const char *socket; uint args = parse_args (ph, argc, argv); int started_daemon; @@ -928,9 +929,14 @@ pam_sm_open_session (pam_handle_t *ph, i return ret; } - if (!started_daemon && password != NULL) { - if (unlock_keyring (ph, pwd, password) != PAM_SUCCESS) - return PAM_SERVICE_ERR; + socket = get_any_env (ph, ENV_SOCKET); + + /* If gnome keyring is running, then unlock now */ + if (socket) { + if (!started_daemon && password != NULL) { + if (unlock_keyring (ph, pwd, password) != PAM_SUCCESS) + return PAM_SERVICE_ERR; + } } return PAM_SUCCESS; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de