Overview of changes in lightdm 1.1.10
* Backup .xsession-errors on login
+ * Handle failures in pam_setcred
Overview of changes in lightdm 1.1.9
/* Set credentials */
result = pam_setcred (pam_handle, PAM_ESTABLISH_CRED);
+ if (result != PAM_SUCCESS)
+ {
+ g_printerr ("Failed to establish PAM credentials: %s\n", pam_strerror (pam_handle, result));
+ return EXIT_FAILURE;
+ }
/* Open the session */
result = pam_open_session (pam_handle, 0);
test-autologin-new-authtok \
test-autologin-denied \
test-autologin-expired \
+ test-autologin-cred-error \
+ test-autologin-cred-expired \
+ test-autologin-cred-unavail \
test-autologin-session-error \
test-autologin-logout \
test-autologin-previous-session \
data/xsessions/default.desktop \
scripts/autologin.conf \
scripts/autologin-crash-authenticate.conf \
+ scripts/autologin-cred-error.conf \
+ scripts/autologin-cred-expired.conf \
+ scripts/autologin-cred-unavail.conf \
scripts/autologin-denied.conf \
scripts/autologin-expired.conf \
scripts/autologin-guest.conf \
--- /dev/null
+#
+# Check automatic login stops if an account can't establish credentials
+#
+
+[LightDM]
+minimum-display-number=50
+
+[SeatDefaults]
+autologin-user=cred-error
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# (Session fails)
+
+# X server stops
+#?XSERVER :50 TERMINATE SIGNAL=15
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
--- /dev/null
+#
+# Check automatic login stops if an account has expired credentials
+#
+
+[LightDM]
+minimum-display-number=50
+
+[SeatDefaults]
+autologin-user=cred-expired
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# (Session fails)
+
+# X server stops
+#?XSERVER :50 TERMINATE SIGNAL=15
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
--- /dev/null
+#
+# Check automatic login stops if an account can't access credentials
+#
+
+[LightDM]
+minimum-display-number=50
+
+[SeatDefaults]
+autologin-user=cred-unavail
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# (Session fails)
+
+# X server stops
+#?XSERVER :50 TERMINATE SIGNAL=15
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
if (pamh == NULL)
return PAM_SYSTEM_ERR;
+ if (strcmp (pamh->user, "session-error") == 0)
+ return PAM_SESSION_ERR;
+
if (strcmp (pamh->user, "make-home-dir") == 0)
{
struct passwd *entry;
g_mkdir_with_parents (entry->pw_dir, 0755);
}
- if (strcmp (pamh->user, "session-error") == 0)
- return PAM_SESSION_ERR;
-
return PAM_SUCCESS;
}
pam_putenv (pamh, e);
g_free (e);
+ if (strcmp (pamh->user, "cred-error") == 0)
+ return PAM_CRED_ERR;
+ if (strcmp (pamh->user, "cred-expired") == 0)
+ return PAM_CRED_EXPIRED;
+ if (strcmp (pamh->user, "cred-unavail") == 0)
+ return PAM_CRED_UNAVAIL;
+
/* Join special groups if requested */
if (strcmp (pamh->user, "group-member") == 0 && flags & PAM_ESTABLISH_CRED)
{
{"make-home-dir", "", FALSE, "Make Home Dir User", NULL, NULL, NULL, NULL, 1025},
/* This account fails to open a session */
{"session-error", "password", TRUE, "Session Error", NULL, NULL, NULL, NULL, 1026},
+ /* This account can't establish credentials */
+ {"cred-error", "password", TRUE, "Cred Error", NULL, NULL, NULL, NULL, 1027},
+ /* This account has expired credentials */
+ {"cred-expired", "password", TRUE, "Cred Expired", NULL, NULL, NULL, NULL, 1028},
+ /* This account has cannot access their credentials */
+ {"cred-unavail", "password", TRUE, "Cred Unavail", NULL, NULL, NULL, NULL, 1029},
{NULL, NULL, FALSE, NULL, NULL, NULL, NULL, NULL, 0}
};
passwd_data = g_string_new ("");
--- /dev/null
+#!/bin/sh
+./src/dbus-env ./src/test-runner autologin-cred-error test-gobject-greeter
--- /dev/null
+#!/bin/sh
+./src/dbus-env ./src/test-runner autologin-cred-expired test-gobject-greeter
--- /dev/null
+#!/bin/sh
+./src/dbus-env ./src/test-runner autologin-cred-unavail test-gobject-greeter