1. 20 Oct, 2017 2 commits
    • Ray Strode's avatar
      daemon: add ChoiceList PAM extension · d39ed7b7
      Ray Strode authored
      This commit adds one PAM extension, a "Choice List" using the
      new PAM_BINARY_PROMPT protocol added in the previous commit.  The
      PAM module sends a list of (key, row text) pairs, and GDM ferries
      the request to gnome-shell using a new user verifier sub-interface.
      
      gnome-shell should present the list to the user and pass back the
      corresponding key, which GDM ferries back to the PAM module.
      
      Note this commit is only the daemon side. A subsequent commit will
      add the libgdm API needed for gnome-shell to actually deal with
      this new PAM extension.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=788851
      d39ed7b7
    • Ray Strode's avatar
      daemon: introduce pam extension mechanism · d5280a38
      Ray Strode authored
      This abuses PAM_BINARY_PROMPT for our own nefarious purposes.
      The way it works is GDM advertises what "extensions" it supports
      with the environment variable, GDM_SUPPORTED_PAM_EXTENSIONS (a space
      separated list of reverse dns notation names). PAM services that
      support this protocol, will read the environment variable, and
      check for extension strings they support. They then know that sending
      PAM_BINARY_PROMPT won't blow up, and know what format to use for the
      binary data.  The type field of the structure is the index of the
      string from the environment variable.
      
      This commit is just foundation work. It doesn't actually add any
      extensions.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=788851
      d5280a38