[gdm-list] GDM smartcard hack


A while back I asked if there was any smartcard support in GDM. 

All I really want at this point is to write out a PAM prompt such as
"Insert card or enter username", and have GDM recognize if a card has
been inserted. At that point the PAM conversation would return with an
empty username and the PAM application would check if a card is present,
and get the username from the card, etc.

I've got a hacked version of GDM that starts a thread (in the greeter
process) when PAM_PROMPT is found. This thread monitors the card status
and if a card status is "present" then it writes the special symbol STX
to stdout. This is read by the slave process and returned via
gdm_slave_greeter_ctl() function. The thread exits when either a card is
found to be present or an actual username is obtained at the prompt. 

For example, in daemon/verify-pam.c:

  switch (msg[replies]->msg_style) {

      /* Start a thread that will recognize a token */
      gdm_slave_greeter_ctl_no_ret(GDM_TOKEN, _("insert"));

      /* Get a username. Token thread may force this to return */
      s = gdm_slave_greeter_ctl (GDM_PROMPT, m);

      /* Stop token thread */
      gdm_slave_greeter_ctl_no_ret(GDM_TOKEN, _("stop"));

This "sort of" emulates entering an empty username at the prompt and
seems to work, although I do worry about corrupting stdout (ie, user
enters a name at the prompt and inserts a card at the same time).

I've glossed over a lot of details, but it's quite a hack and I'm
wondering if there is a better way of doing this than starting my own
monitoring thread and writing directly to stdout. For example, is it
better to push an event on the Gtk queue rather than writing directly to

I haven't been following the GDM changes too closely, so maybe some kind
of smartcard functionality or "start a user service on demand"
functionality already exists.

Any thoughts appreciated.

-- Geoff

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]