1. 1. Terminology
1.1. GDM Screen Saver
This is the project name. Because we plan to make use of the GDM framework to replace gnome-screensaver, the original screen saver for GNOME, we call the project GDM Screen Saver.
1.2. gdm-screensaver
This is a program running as a normal user daemon. It gets the signal of the state of the current user session from the SessionManager D-Bus interface, locks the screen and starts the screen unlock GUI.
2. 2. Overview
gdm-screensaver will be started as a normal user daemon like xscreensaver daemon. It runs for every normal user's sessions.
To meet the requirement of Trusted Path, the unlock GUI will be started as the 'gdm' user in a different DISPLAY with the normal user's current DISPLAY.
gdm-session-worker will be the pam authentication backend for both the login process and the screensaver process. This can share the PAM code and meet the requirement of Trusted Path.
gdm-simple-greeter will be shared as the login GUI of GDM and unlock GUI for Screensaver if display switching is enabled. Since accessibility has been supported by gdm-simple-greeter, accessibility can also be easily implemented for the Screensaver unlock dialog.
3. 3. Architecture
The following diagram shows the architecture of gdm-screensaver and the relationship with other components:
- gdm-screensaver runs in a normal user session, while other components of GDM run as processes of root or gdm user.
gdm-screensaver asks ConsoleKit to do the DISPLAY switching. For some terminal servers which support user switching, ConsoleKit should implement the DISPLAY switching (session activation in ConsoleKit) via the interfaces provided by the terminal servers.
- This solution supports other types of displays that support switching by providing hooks to make it easy to be implemented.
Session Manager can be gnome-session for GNOME or other session managers for different desktops. But they should implement the SessionManager D-Bus interfaces.
4. 4. Working Process of Screensaver Using Display Switching
After the user A logs in, this normal user's gdm-screensaver process will start.
Note: For every normal user's session, there will be a gdm-screensaver process running for it.When A's SessionManager tells the session is idle, gdm-screensaver will start a full-screen window, grabbing the key and pointer. Then gdm-screensaver notifies ConsoleKit to create a new ConsokeKit session whose type is “LockWindow”, so a new display will be created in gdm-binary for this session and a new set of GDM processes (gdm-simple-slave, gdm-session-worker and gdm-simple-greeter) will be started. ConsoleKit will switch to the new display which shows the unlock dialog of gdm-simple-greeter.
gdm-session-worker calls pam_start to initialize the pam and pam_set_item to set the user name, pam_authenticate should also be called at this time to start the pam conversion.- If the user does not hit the keys or move the mouse for some time, the unlock dialog will hide itself, showing the eye candy.
If a user hits the keys or move the mouse, the unlock dialog shows up. The user inputs the correct password, gdm-simple-slave knows that from gdm-session-worker, notifying ConsoleKit to destroy the 'LockWindow' session, gdm-screensaver to release the key and mouse, destroy the window, stopping the set of GDM processes. (Note: Each user session needs to be assigned two DISPLAYS)
Note: Here we can use the same GUI as that of gdm-simple-greeter, and the same PAM backend as that of gdm-session-worker. But we need to set the user name before calling pam_authenticate for gdm-session-worker.
5. 5. Screensaver without Display Switching
In the cases of XDMCP, Xvnc and Vino where there are no display switching support, we still keep the current way of lock&unlock of gnome-screensaver. The different point is that we will use the gdm-session-worker as the PAM authentication backend.
5.1. Vino
If vino server is started, gdm-screensaver will start the unlock dialog in the current display. Vino provides a D-Bus interface org.gnome.VinoScreen if the service is started. gdm-screensaver checks the interface to know whether the state of the vino service.
5.2. XDMCP and Xvnc
Under both cases, gdm-screensaver knows that the user ConsoleKit session is not local, thus it will not start the unlock dialog in a new display.
5.3. Platforms without display switching support
There are still some platforms without the display switching support, for instance, SPARC with XVR-2500. gdm-screensaver can check the ConsoleKit's D-Bus CanActivateSession to know whether the new session can be switched or not.
Note: VT has been supported on SPARC with most of graphics (XVR-50, -100, -300 and astfb) except kfb for XVR-2500. VT has also been supported on x86.
6. 6. Accessibility
Since GDM login GUI has supported accessibility, we don't need extra work to support A11Y for the enviroment with display switching support.
In the cases of having no support for display switching, we plan to continue using the appoach that xscreenserver is using: show the ATs in front of the full screen window, gdm-screensaver forwards the input events to the ATs registered in LoginHelper.
7. 7. Audit
Screen unlock should be audited in gnome-session-worker. Both authentication success and failture should be autdited.