Description: modifies pam-ck-session to create an active session Powermanagement functions like suspend or hibernate, can be accessed via dbus by any active user. This means that the user session registered via consolekit must have the flag active. This can't be done by ck-launch-session at user level for security reasons. So the session launch must be done by the display manager or login or by a pam module. There is no known display manager except gdm launches sessions by itself but gdm3 has its problems as well while gdm2 ist fading out of the distributions. This is where this modification tooks place. It modifies pam-ck-connector to start an active session except if the nonactive parameter is given to the pam module. This may fix the situation, because any xdm can be used again, until the next security issue of this patch is stated. . consolekit (0.4.6-3) unstable; urgency=low . * Upload to unstable. Author: Hans Freitag --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: other, http://blog.fnordpol.de Bug: Bug-Debian: http://bugs.debian.org/ Bug-Ubuntu: https://launchpad.net/bugs/ Forwarded: Reviewed-By: Last-Update: --- consolekit-0.4.6.orig/pam-ck-connector/pam-ck-connector.c +++ consolekit-0.4.6/pam-ck-connector/pam-ck-connector.c @@ -65,6 +65,7 @@ static int opt_debug = FALSE; static int opt_nox11 = FALSE; +static int opt_nonactive = FALSE; #ifndef HAVE_PAM_SYSLOG @@ -155,6 +156,8 @@ _parse_pam_args (const pam_handle_t *pam for (i = 0; i < argc && argv[i] != NULL; i++) { if (strcmp (argv[i] , "debug") == 0) { opt_debug = TRUE; + } else if (strcmp (argv[i] , "nonactive") == 0) { + opt_nonactive = TRUE; } else if (strcmp (argv[i] , "nox11") == 0) { opt_nox11 = TRUE; } else { @@ -247,10 +250,12 @@ pam_sm_open_session (pam_handle_t *pamh, char *ttybuf; DBusError error; dbus_bool_t is_local; + dbus_bool_t is_active; ret = PAM_IGNORE; ttybuf = NULL; is_local = TRUE; + is_active = TRUE; _parse_pam_args (pamh, flags, argc, argv); @@ -347,6 +352,12 @@ pam_sm_open_session (pam_handle_t *pamh, ck_pam_syslog (pamh, LOG_INFO, "using %d as uid", uid); } } + if (opt_nonactive) { + if (opt_debug) { + ck_pam_syslog (pamh, LOG_INFO, "opening nonactiove session"); + } + is_active = FALSE; + } /* make sure no values are NULL */ if (x11_display == NULL) { @@ -367,6 +378,7 @@ pam_sm_open_session (pam_handle_t *pamh, "x11-display", &x11_display, "x11-display-device", &x11_display_device, "remote-host-name", &remote_host_name, + "active", &is_active, "is-local", &is_local, NULL); if (opt_debug) { --- consolekit-0.4.6.orig/pam-ck-connector/pam_ck_connector.8 +++ consolekit-0.4.6/pam-ck-connector/pam_ck_connector.8 @@ -67,6 +67,9 @@ be properly unregistered. \fBdebug\fR Print debug information. .TP 3n +\fBnonactive\fR +Do not create an active session, default is to have an active one. +.TP 3n \fBnox11\fR Do not create a session if PAM specifies an X11 display instead of a /dev/tty terminal. --- consolekit-0.4.6.orig/libck-connector/ck-connector.c +++ consolekit-0.4.6/libck-connector/ck-connector.c @@ -78,6 +78,7 @@ static struct { { "x11-display", DBUS_TYPE_STRING }, { "remote-host-name", DBUS_TYPE_STRING }, { "session-type", DBUS_TYPE_STRING }, + { "active", DBUS_TYPE_BOOLEAN }, { "is-local", DBUS_TYPE_BOOLEAN }, { "unix-user", DBUS_TYPE_INT32 }, };