diff options
| author | Ray Strode <rstrode@redhat.com> | 2014-02-12 14:22:31 -0500 |
|---|---|---|
| committer | Ray Strode <rstrode@redhat.com> | 2014-03-19 14:09:57 -0400 |
| commit | 22977b5dc8537f3e2cfd56cdf933e0c7d0071647 (patch) | |
| tree | ec6bcefe1ff939f3606677daab8b0aeea5067832 | |
| parent | 9808164db03447a519cc6b125b6b766c86db0ed6 (diff) | |
| download | gdm-22977b5dc8537f3e2cfd56cdf933e0c7d0071647.tar.gz | |
manager: explicitly disallow login screen from opening reauth channel
It doesn't make sense for it to do, and right now the shell does it
up front, waits for the failure, and then does the "right" thing
(opens a new auth session) after.
This commit makes the failure explicit, so we can subsequently make
other cases where a reauth channel is requested work even if there is
no session to channel to by implicitly creating a transient one just
in time. That will come later.
https://bugzilla.gnome.org/show_bug.cgi?id=726283
| -rw-r--r-- | daemon/gdm-manager.c | 116 |
1 files changed, 113 insertions, 3 deletions
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c index e09f993a..9910ba8c 100644 --- a/daemon/gdm-manager.c +++ b/daemon/gdm-manager.c @@ -282,6 +282,95 @@ lookup_by_session_id (const char *id, return g_strcmp0 (current, looking_for) == 0; } +#ifdef WITH_CONSOLE_KIT +static gboolean +is_consolekit_login_session (GdmManager *self, + GDBusConnection *connection, + const char *session_id, + GError **error) +{ + GVariant *reply; + char *session_type = NULL; + + reply = g_dbus_connection_call_sync (connection, + "org.freedesktop.ConsoleKit", + session_id, + "org.freedesktop.ConsoleKit.Session", + "GetSessionType", + NULL, + G_VARIANT_TYPE ("(s)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + NULL, + error); + if (reply == NULL) { + return FALSE; + } + + g_variant_get (reply, "(s)", &session_type); + g_variant_unref (reply); + + if (g_strcmp0 (session_type, "LoginWindow") != 0) { + g_free (session_type); + + return FALSE; + } + + g_free (session_type); + return TRUE; +} +#endif + +#ifdef WITH_SYSTEMD +static gboolean +is_systemd_login_session (GdmManager *self, + const char *session_id, + GError **error) +{ + char *session_class = NULL; + int ret; + + ret = sd_session_get_class (session_id, &session_class); + + if (ret < 0) { + g_set_error (error, + GDM_DISPLAY_ERROR, + GDM_DISPLAY_ERROR_GETTING_SESSION_INFO, + "Error getting class for session id %s from systemd: %s", + session_id, + g_strerror (-ret)); + return FALSE; + } + + if (g_strcmp0 (session_class, "greeter") != 0) { + g_free (session_class); + return FALSE; + } + + g_free (session_class); + return TRUE; +} +#endif + +static gboolean +is_login_session (GdmManager *self, + GDBusConnection *connection, + const char *session_id, + GError **error) +{ +#ifdef WITH_SYSTEMD + if (LOGIND_RUNNING()) { + return is_systemd_login_session (self, session_id, error); + } +#endif + +#ifdef WITH_CONSOLE_KIT + return is_consolekit_login_session (self, connection, session_id, error); +#endif + + return FALSE; +} + #ifdef WITH_SYSTEMD static gboolean activate_session_id_for_systemd (GdmManager *manager, @@ -486,7 +575,8 @@ get_display_and_details_for_bus_sender (GdmManager *self, GDBusConnection *connection, const char *sender, GPid *out_pid, - uid_t *out_uid) + uid_t *out_uid, + gboolean *out_is_login_screen) { GdmDisplay *display = NULL; char *session_id = NULL; @@ -522,6 +612,17 @@ get_display_and_details_for_bus_sender (GdmManager *self, goto out; } + if (out_is_login_screen != NULL) { + *out_is_login_screen = is_login_session (self, connection, session_id, &error); + + if (error != NULL) { + g_debug ("GdmManager: Error while checking if sender is login screen: %s", + error->message); + g_error_free (error); + goto out; + } + } + if (!get_uid_for_session_id (connection, session_id, &session_uid, &error)) { g_debug ("GdmManager: Error while retrieving uid for session: %s", error->message); @@ -631,7 +732,7 @@ gdm_manager_handle_open_session (GdmDBusManager *manager, sender = g_dbus_method_invocation_get_sender (invocation); connection = g_dbus_method_invocation_get_connection (invocation); - display = get_display_and_details_for_bus_sender (self, connection, sender, &pid, &uid); + display = get_display_and_details_for_bus_sender (self, connection, sender, &pid, &uid, NULL); if (display == NULL) { g_dbus_method_invocation_return_error_literal (invocation, @@ -686,12 +787,21 @@ gdm_manager_handle_open_reauthentication_channel (GdmDBusManager *manager GDBusConnection *connection; GPid pid; uid_t uid; + gboolean is_login_screen = FALSE; g_debug ("GdmManager: trying to open reauthentication channel for user %s", username); sender = g_dbus_method_invocation_get_sender (invocation); connection = g_dbus_method_invocation_get_connection (invocation); - display = get_display_and_details_for_bus_sender (self, connection, sender, &pid, &uid); + display = get_display_and_details_for_bus_sender (self, connection, sender, &pid, &uid, &is_login_screen); + + if (is_login_screen) { + g_dbus_method_invocation_return_error_literal (invocation, + G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Login screen not allow to open reauthentication channel"); + return TRUE; + } if (display == NULL) { g_dbus_method_invocation_return_error_literal (invocation, |