rpms/gnome-keyring
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more fixes

Browse Source 
- Fix password handoff in non-autologin case
- Remove unneccessary part of autologin fix

Related: #1269581
This commit is contained in:
Ray Strode 2015-10-15 16:16:56 -04:00
parent 9ce4ea8d31
commit cce4de0892
2 changed files with 167 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
fix-autologin.patch
View File

@ -1,7 +1,7 @@
From eb6d8d221b34a93e57c22cefa47d924350251c4c Mon Sep 17 00:00:00 2001 From 662d241e78319b431d60be7a3b8d9eccb1cc7cf5 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com> From: Ray Strode <rstrode@redhat.com>
Date: Thu, 15 Oct 2015 14:37:33 -0400 Date: Thu, 15 Oct 2015 14:37:33 -0400
Subject: [PATCH] daemon: fork before threads are spawned Subject: [PATCH 1/2] daemon: fork before threads are spawned
It's not really a good idea to fork after glib has initialized, It's not really a good idea to fork after glib has initialized,
since it has helper threads that may have taken locks etc. since it has helper threads that may have taken locks etc.
@ -9,11 +9,11 @@ since it has helper threads that may have taken locks etc.
This commit forks really early to prevent locks from leaking This commit forks really early to prevent locks from leaking
and causing deadlock. and causing deadlock.
--- ---
daemon/gkd-main.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++--------- daemon/gkd-main.c | 88 +++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 63 insertions(+), 12 deletions(-) 1 file changed, 69 insertions(+), 19 deletions(-)
diff --git a/daemon/gkd-main.c b/daemon/gkd-main.c diff --git a/daemon/gkd-main.c b/daemon/gkd-main.c
index f567633..4cc8552 100644 index f567633..4925ee2 100644
--- a/daemon/gkd-main.c --- a/daemon/gkd-main.c
+++ b/daemon/gkd-main.c +++ b/daemon/gkd-main.c
@@ -98,60 +98,61 @@ EGG_SECURE_DECLARE (daemon_main); @@ -98,60 +98,61 @@ EGG_SECURE_DECLARE (daemon_main);
@ -189,7 +189,7 @@ index f567633..4cc8552 100644
/* /*
* The first control_directory is the environment one, always * The first control_directory is the environment one, always
@@ -577,136 +628,134 @@ discover_other_daemon (DiscoverFunc callback, gboolean acquire) @@ -577,136 +628,126 @@ discover_other_daemon (DiscoverFunc callback, gboolean acquire)
/* Or the default location when no evironment variable */ /* Or the default location when no evironment variable */
control_env = g_getenv ("XDG_RUNTIME_DIR"); control_env = g_getenv ("XDG_RUNTIME_DIR");
@ -226,7 +226,7 @@ index f567633..4cc8552 100644
{ {
int status; int status;
pid_t pid; pid_t pid;
int fd, i; - int fd, i;
+ int wakeup_fds[2] = { -1, -1 }; + int wakeup_fds[2] = { -1, -1 };
- if (run_foreground) { - if (run_foreground) {
@ -295,13 +295,12 @@ index f567633..4cc8552 100644
} }
/* Here we are in the resulting daemon or background process. */ /* Here we are in the resulting daemon or background process. */
-
for (i = 0; i < 3; ++i) { - for (i = 0; i < 3; ++i) {
fd = open ("/dev/null", O_RDONLY); - fd = open ("/dev/null", O_RDONLY);
sane_dup2 (fd, i); - sane_dup2 (fd, i);
close (fd); - close (fd);
} - }
+
+ return wakeup_fds[1]; + return wakeup_fds[1];
} }
@ -333,7 +332,55 @@ index f567633..4cc8552 100644
return TRUE; return TRUE;
} }
@@ -849,112 +898,114 @@ main (int argc, char *argv[]) @@ -802,159 +843,168 @@ gkd_main_complete_initialization (const gchar *components)
static gboolean
on_login_timeout (gpointer data)
{
if (!initialization_completed)
cleanup_and_exit (0);
return FALSE;
}
int
main (int argc, char *argv[])
{
/*
* The gnome-keyring startup is not as simple as I wish it could be.
*
* It's often started in the primordial stages of a session, where
* there's no DBus, and no proper X display. This is the strange world
* of PAM.
*
* When started with the --login option, we do as little initialization
* as possible. We expect a login password on the stdin, and unlock
* or create the login keyring.
*
* Then later we expect gnome-keyring-dameon to be run again with the
* --start option. This second gnome-keyring-daemon will hook the
* original daemon up with environment variables necessary to initialize
* itself and bring it into the session. This second daemon usually exits.
*
* Without either of these options, we follow a more boring and
* predictable startup.
*/
+ int fd, i;
/*
* Before we do ANYTHING, we drop privileges so we don't become
* a security issue ourselves.
*/
gkd_capability_obtain_capability_and_drop_privileges ();
#ifdef WITH_STRICT
g_setenv ("DBUS_FATAL_WARNINGS", "1", FALSE);
if (!g_getenv ("G_DEBUG"))
g_log_set_always_fatal (G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING);
#endif
#if !GLIB_CHECK_VERSION(2,35,0)
g_type_init ();
#endif
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H
/* internationalisation */ /* internationalisation */
setlocale (LC_ALL, ""); setlocale (LC_ALL, "");
@ -420,6 +467,12 @@ index f567633..4cc8552 100644
- /* The whole forking and daemonizing dance starts here. */ - /* The whole forking and daemonizing dance starts here. */
- fork_and_print_environment(); - fork_and_print_environment();
+ for (i = 0; i < 3; ++i) {
+ fd = open ("/dev/null", O_RDONLY);
+ sane_dup2 (fd, i);
+ close (fd);
+ }
+
+ send_environment_and_finish_parent (parent_wakeup_fd); + send_environment_and_finish_parent (parent_wakeup_fd);
g_unix_signal_add (SIGTERM, on_signal_term, loop); g_unix_signal_add (SIGTERM, on_signal_term, loop);
@ -454,3 +507,96 @@ index f567633..4cc8552 100644
-- --
2.5.0 2.5.0
From cfdb233e75f444ee7ab780b888f0928f175c4f73 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 15 Oct 2015 16:07:22 -0400
Subject: [PATCH 2/2] daemon: kill off foreground proceses when session dies
Right now gnome-keyring will keep processes around forever
in some cases. They need to die when the session goes away,
at least.
---
daemon/gkd-main.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/daemon/gkd-main.c b/daemon/gkd-main.c
index 4925ee2..db32fa2 100644
--- a/daemon/gkd-main.c
+++ b/daemon/gkd-main.c
@@ -902,62 +902,70 @@ main (int argc, char *argv[])
egg_libgcrypt_initialize ();
/* Send all warning or error messages to syslog */
prepare_logging ();
parse_arguments (&argc, &argv);
/* The --version option. This is machine parseable output */
if (run_version) {
g_print ("gnome-keyring-daemon: %s\n", VERSION);
g_print ("testing: %s\n",
#ifdef WITH_DEBUG
"enabled");
#else
"disabled");
#endif
exit (0);
}
/* The whole forking and daemonizing dance starts here. */
parent_wakeup_fd = fork_and_print_environment();
/* The --start option */
if (run_for_start) {
if (discover_other_daemon (initialize_daemon_at, TRUE)) {
/*
* Another daemon was initialized, print out environment
* for any callers, and quit or go comatose.
*/
send_environment_and_finish_parent (parent_wakeup_fd);
- if (run_foreground)
- while (sleep(0x08000000) == 0);
+ if (run_foreground) {
+ GDBusConnection *connection;
+ connection = g_bus_get_sync (G_BUS_TYPE_SESSION,
+ NULL,
+ NULL);
+ loop = g_main_loop_new (NULL, FALSE);
+ g_main_loop_run (loop);
+ g_main_loop_unref (loop);
+ loop = NULL;
+ }
cleanup_and_exit (0);
}
/* The --replace option */
} else if (run_for_replace) {
discover_other_daemon (replace_daemon_at, FALSE);
if (control_directory)
g_message ("Replacing daemon, using directory: %s", control_directory);
else
g_message ("Could not find daemon to replace, staring normally");
}
/* Initialize the main directory */
gkd_util_init_master_directory (control_directory);
/* Initialize our daemon main loop and threading */
loop = g_main_loop_new (NULL, FALSE);
/* Initialize our control socket */
if (!gkd_control_listen ())
return FALSE;
if (perform_unlock) {
login_password = read_login_password (STDIN);
atexit (clear_login_password);
}
/* The --login option. Delayed initialization */
if (run_for_login) {
timeout_id = g_timeout_add_seconds (LOGIN_TIMEOUT, (GSourceFunc) on_login_timeout, NULL);
--
2.5.0

8
gnome-keyring.spec
View File

@ -6,7 +6,7 @@
Summary: Framework for managing passwords and other secrets Summary: Framework for managing passwords and other secrets
Name: gnome-keyring Name: gnome-keyring
Version: 3.18.0 Version: 3.18.0
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
#VCS: git:git://git.gnome.org/gnome-keyring #VCS: git:git://git.gnome.org/gnome-keyring
@ -72,7 +72,6 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
rm $RPM_BUILD_ROOT%{_libdir}/security/*.la rm $RPM_BUILD_ROOT%{_libdir}/security/*.la
rm $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la rm $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/xdg/autostart/gnome-keyring-secrets.desktop
%find_lang gnome-keyring %find_lang gnome-keyring
@ -112,6 +111,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas >&/dev/null || :
%changelog %changelog
* Thu Oct 15 2015 Ray Strode <rstrode@redhat.com> 3.18.0-4
- Fix password handoff in non-autologin case
- Remove unneccessary part of autologin fix
Related: #1269581
* Thu Oct 15 2015 Ray Strode <rstrode@redhat.com> 3.18.0-3 * Thu Oct 15 2015 Ray Strode <rstrode@redhat.com> 3.18.0-3
- Fix deadlock in gnome-keyring when using autologin - Fix deadlock in gnome-keyring when using autologin
Resolves: #1269581 Resolves: #1269581