Implement missing guest-wrapper functionality and enable it for Ubuntu. Update AppArmor scripts to work.

18 files changed, 173 insertions, 85 deletions

diff --git a/data/apparmor/abstractions/lightdm b/data/apparmor/abstractions/lightdm
index bd60f90f..d94edc3e 100644
--- a/data/apparmor/abstractions/lightdm
+++ b/data/apparmor/abstractions/lightdm
@@ -8,6 +8,10 @@
 # etc). Note that this profile intentionally omits chromium-browser.
 
   #include <abstractions/authentication>
+  #include <abstractions/cups-client>
+  #include <abstractions/dbus>
+  #include <abstractions/dbus-session>
+  #include <abstractions/dbus-accessibility>
   #include <abstractions/nameservice>
   #include <abstractions/wutmp>
   /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
@@ -47,6 +51,8 @@
   /sbin/** rmixk,
   /sys/ r,
   /sys/** rm,
+  # needed for confined trusted helpers, such as dbus-daemon
+  /sys/kernel/security/apparmor/.access rw,
   /tmp/ rw,
   owner /tmp/** rwlkmix,
   /usr/ r,
diff --git a/data/lightdm.conf b/data/lightdm.conf
index 188bae8a..693f551e 100644
--- a/data/lightdm.conf
+++ b/data/lightdm.conf
@@ -14,7 +14,6 @@
 # sessions-directory = Directory to find sessions
 # remote-sessions-directory = Directory to find remote sessions
 # greeters-directory = Directory to find greeters
-# disable-guest-wrapper = Disable using guest session wrapper (temporary? required to make tests work without installing)
 #
 [LightDM]
 #start-default-seat=true
@@ -30,7 +29,6 @@
 #sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions
 #remote-sessions-directory=/usr/share/lightdm/remote-sessions
 #greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters
-#disable-guest-wrapper=false
 
 #
 # Seat defaults
@@ -59,6 +57,7 @@
 # guest-session = Session to load for guests (overrides user-session)
 # session-wrapper = Wrapper script to run session with
 # greeter-wrapper = Wrapper script to run greeter with
+# guest-wrapper = Wrapper script to run guest sessions with
 # display-setup-script = Script to run when starting a greeter session (runs as root)
 # greeter-setup-script = Script to run when starting a greeter (runs as root)
 # session-setup-script = Script to run when starting a user session (runs as root)
@@ -95,6 +94,7 @@
 #guest-session=UNIMPLEMENTED
 #session-wrapper=lightdm-session
 #greeter-wrapper=
+#guest-wrapper=
 #display-setup-script=
 #greeter-setup-script=
 #session-setup-script=
diff --git a/debian/50-guest-wrapper.conf b/debian/50-guest-wrapper.conf
new file mode 100644
index 00000000..a566e7d8
--- /dev/null
+++ b/debian/50-guest-wrapper.conf
@@ -0,0 +1,2 @@
+[SeatDefaults]
+guest-wrapper=/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper
diff --git a/debian/changelog b/debian/changelog
index d0a60925..747627e2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+lightdm (1.8.4-0ubuntu1) UNRELEASED; urgency=low
+
+  * debian/50-guest-wrapper.conf:
+    - Configure guest session wrapper to use
+
+ -- Robert Ancell <robert.ancell@canonical.com>  Sun, 27 Oct 2013 17:34:20 +1300
+
 lightdm (1.8.3-0ubuntu1) saucy; urgency=low
 
   * New upstream release:
diff --git a/debian/lightdm.install b/debian/lightdm.install
index 4924bd48..03a6e453 100644
--- a/debian/lightdm.install
+++ b/debian/lightdm.install
@@ -14,3 +14,4 @@ debian/lightdm-greeter-session usr/lib/lightdm
 debian/source_lightdm.py usr/share/apport/package-hooks
 debian/50-xserver-command.conf etc/lightdm/lightdm.conf.d
 debian/50-greeter-wrapper.conf etc/lightdm/lightdm.conf.d
+debian/50-guest-wrapper.conf etc/lightdm/lightdm.conf.d
diff --git a/src/seat.c b/src/seat.c
index ff7af0b5..27086f14 100644
--- a/src/seat.c
+++ b/src/seat.c
@@ -874,10 +874,27 @@ create_user_session (Seat *seat, const gchar *username, gboolean autostart)
     return session;
 }
 
+static void
+prepend_argv (gchar ***argv, const gchar *value)
+{
+    gchar **old_argv, **new_argv;
+    gint i;
+
+    old_argv = *argv;
+    new_argv = g_malloc (sizeof (gchar *) * (g_strv_length (*argv) + 2));
+    new_argv[0] = g_strdup (value);
+    for (i = 0; old_argv[i]; i++)
+        new_argv[i + 1] = old_argv[i];
+    new_argv[i + 1] = NULL;
+
+    g_free (*argv);
+    *argv = new_argv;
+}
+
 static Session *
 create_guest_session (Seat *seat)
 {
-    const gchar *session_name;
+    const gchar *session_name, *guest_wrapper;
     gchar *sessions_dir, **argv;
     SessionConfig *session_config;
     Session *session;
@@ -897,6 +914,15 @@ create_guest_session (Seat *seat)
     session_set_do_authenticate (session, TRUE);
     session_set_is_guest (session, TRUE);
     argv = get_session_argv (seat, session_config, seat_get_string_property (seat, "session-wrapper"));
+    guest_wrapper = seat_get_string_property (seat, "guest-wrapper");
+    if (guest_wrapper)
+    {
+        gchar *path;
+        path = g_find_program_in_path (guest_wrapper);
+        prepend_argv (&argv, path ? path : guest_wrapper);
+        g_free (path);
+    }
+
     session_set_argv (session, argv);
     g_strfreev (argv);
     g_object_unref (session_config);
@@ -916,32 +942,11 @@ greeter_create_session_cb (Greeter *greeter, Seat *seat)
     return g_object_ref (session);
 }
 
-static void
-prepend_argv (gchar ***argv, const gchar *value)
-{
-    gchar **old_argv, **new_argv;
-    gint i;
-
-    old_argv = *argv;
-    new_argv = g_malloc (sizeof (gchar *) * (g_strv_length (*argv) + 2));
-    new_argv[0] = g_strdup (value);
-    for (i = 0; old_argv[i]; i++)
-        new_argv[i + 1] = old_argv[i];
-    new_argv[i + 1] = NULL;
-
-    g_free (*argv);
-    *argv = new_argv;
-}
-
 static gboolean
 greeter_start_session_cb (Greeter *greeter, SessionType type, const gchar *session_name, Seat *seat)
 {
     Session *session, *existing_session;
-    const gchar *username, *language = NULL;
-    SessionConfig *session_config;
-    User *user;
-    gchar *sessions_dir = NULL;
-    gchar **argv;
+    const gchar *username;
     DisplayServer *display_server;
 
     /* Get the session to use */
@@ -953,7 +958,54 @@ greeter_start_session_cb (Greeter *greeter, SessionType type, const gchar *sessi
         session_set_pam_service (session, AUTOLOGIN_SERVICE);
     }
     else
+    {
+        const gchar *language = NULL;
+        SessionConfig *session_config;
+        User *user;
+        gchar *sessions_dir = NULL;
+        gchar **argv;
+
         session = greeter_get_authentication_session (greeter);
+  
+        /* Get session command to run */
+        switch (type)
+        {
+        case SESSION_TYPE_LOCAL:
+            sessions_dir = config_get_string (config_get_instance (), "LightDM", "sessions-directory");
+            break;
+        case SESSION_TYPE_REMOTE:
+            sessions_dir = config_get_string (config_get_instance (), "LightDM", "remote-sessions-directory");
+            break;
+        }
+
+        /* Load user preferences */
+        user = session_get_user (session);
+        if (user)
+        {
+            if (!session_name)
+                session_name = user_get_xsession (user);
+            language = user_get_language (user);
+        }
+
+        if (!session_name)
+            session_name = seat_get_string_property (seat, "user-session");
+        if (user)
+            user_set_xsession (session_get_user (session), session_name);
+
+        session_config = find_session_config (seat, sessions_dir, session_name);
+        g_free (sessions_dir);
+        if (!session_config)
+        {
+            l_debug (seat, "Can't find session '%s'", seat_get_string_property (seat, "user-session"));
+            return FALSE;
+        }
+
+        configure_session (session, session_config, session_name, language);
+        argv = get_session_argv (seat, session_config, seat_get_string_property (seat, "session-wrapper"));
+        session_set_argv (session, argv);
+        g_strfreev (argv);
+        g_object_unref (session_config);
+    }
 
     /* Switch to this session when it is ready */
     if (seat->priv->session_to_activate)
@@ -972,45 +1024,6 @@ greeter_start_session_cb (Greeter *greeter, SessionType type, const gchar *sessi
         return TRUE;
     }
 
-    /* Get session command to run */
-    switch (type)
-    {
-    case SESSION_TYPE_LOCAL:
-        sessions_dir = config_get_string (config_get_instance (), "LightDM", "sessions-directory");
-        break;
-    case SESSION_TYPE_REMOTE:
-        sessions_dir = config_get_string (config_get_instance (), "LightDM", "remote-sessions-directory");
-        break;
-    }
-
-    /* Load user preferences */
-    user = session_get_user (session);
-    if (user)
-    {
-        if (!session_name)
-            session_name = user_get_xsession (user);
-        language = user_get_language (user);
-    }
-
-    if (!session_name)
-        session_name = seat_get_string_property (seat, "user-session");
-    if (user)
-        user_set_xsession (session_get_user (session), session_name);
-
-    session_config = find_session_config (seat, sessions_dir, session_name);
-    g_free (sessions_dir);
-    if (!session_config)
-    {
-        l_debug (seat, "Can't find session '%s'", seat_get_string_property (seat, "user-session"));
-        return FALSE;
-    }
-
-    configure_session (session, session_config, session_name, language);
-    argv = get_session_argv (seat, session_config, seat_get_string_property (seat, "session-wrapper"));
-    session_set_argv (session, argv);
-    g_strfreev (argv);
-    g_object_unref (session_config);
-
     /* If can re-use the display server, stop the greeter first */
     display_server = session_get_display_server (SESSION (greeter));
     if (can_share_display_server (seat, display_server) &&
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 03c0a54f..887851ab 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -46,6 +46,7 @@ TESTS = \
 	test-autologin-guest \
 	test-autologin-guest-fail-setup-script \
 	test-autologin-guest-logout \
+	test-guest-wrapper \
 	test-group-membership \
 	test-xdg-current-desktop \
 	test-xdg-seat \
@@ -330,6 +331,7 @@ EXTRA_DIST = \
 	scripts/greeter-wrapper.conf \
 	scripts/greeter-xserver-crash.conf \
 	scripts/group-membership.conf \
+	scripts/guest-wrapper.conf \
 	scripts/headless.conf \
 	scripts/home-dir-on-authenticate.conf \
 	scripts/home-dir-on-session.conf \
diff --git a/tests/scripts/autologin-guest-in-background.conf b/tests/scripts/autologin-guest-in-background.conf
index 2f8ed888..2cf304a6 100644
--- a/tests/scripts/autologin-guest-in-background.conf
+++ b/tests/scripts/autologin-guest-in-background.conf
@@ -2,9 +2,6 @@
 # Check automatically logs in guest while keeping a greeter up
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 autologin-guest=true
 autologin-in-background=true
diff --git a/tests/scripts/autologin-guest-logout.conf b/tests/scripts/autologin-guest-logout.conf
index 4cb045c4..97db0a99 100644
--- a/tests/scripts/autologin-guest-logout.conf
+++ b/tests/scripts/autologin-guest-logout.conf
@@ -2,9 +2,6 @@
 # Check automatically logs in default user
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 autologin-guest=true
 user-session=default
diff --git a/tests/scripts/autologin-guest-timeout.conf b/tests/scripts/autologin-guest-timeout.conf
index 63c359e1..debb176e 100644
--- a/tests/scripts/autologin-guest-timeout.conf
+++ b/tests/scripts/autologin-guest-timeout.conf
@@ -2,9 +2,6 @@
 # Check automatically logs in default user
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 autologin-guest=true
 autologin-user-timeout=1
diff --git a/tests/scripts/autologin-guest.conf b/tests/scripts/autologin-guest.conf
index b57325e2..77e3bce5 100644
--- a/tests/scripts/autologin-guest.conf
+++ b/tests/scripts/autologin-guest.conf
@@ -2,9 +2,6 @@
 # Check automatically logs in default user
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 autologin-guest=true
 user-session=default
diff --git a/tests/scripts/guest-wrapper.conf b/tests/scripts/guest-wrapper.conf
new file mode 100644
index 00000000..193f6b44
--- /dev/null
+++ b/tests/scripts/guest-wrapper.conf
@@ -0,0 +1,37 @@
+#
+# Check guest wrapper works
+#
+
+[SeatDefaults]
+autologin-guest=true
+user-session=default
+guest-wrapper=test-guest-wrapper
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER-0 START VT=7
+
+# Daemon connects when X server is ready
+#?*XSERVER-0 INDICATE-READY
+#?XSERVER-0 INDICATE-READY
+#?XSERVER-0 ACCEPT-CONNECT
+
+# Guest account created
+#?GUEST-ACCOUNT ADD USERNAME=guest-.*
+
+# Greeter wrapper starts
+#?GUEST-WRAPPER-X-0 START
+
+# Guest session starts
+#?SESSION-X-0 START XDG_SEAT=seat0 XDG_VTNR=7 DESKTOP_SESSION=default USER=guest-.*
+#?XSERVER-0 ACCEPT-CONNECT
+#?SESSION-X-0 CONNECT-XSERVER
+
+# Cleanup
+#?*STOP-DAEMON
+#?SESSION-X-0 TERMINATE SIGNAL=15
+#?XSERVER-0 TERMINATE SIGNAL=15
+#?GUEST-ACCOUNT REMOVE USERNAME=guest.*
+#?RUNNER DAEMON-EXIT STATUS=0
+
diff --git a/tests/scripts/login-guest-logout.conf b/tests/scripts/login-guest-logout.conf
index 949d6c9c..7ac3c99a 100644
--- a/tests/scripts/login-guest-logout.conf
+++ b/tests/scripts/login-guest-logout.conf
@@ -2,9 +2,6 @@
 # Check automatically logs in default user
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 user-session=default
 
diff --git a/tests/scripts/login-guest.conf b/tests/scripts/login-guest.conf
index 1b1c09a0..d7a0929d 100644
--- a/tests/scripts/login-guest.conf
+++ b/tests/scripts/login-guest.conf
@@ -2,9 +2,6 @@
 # Check can login as guest (not prompted for password)
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 user-session=default
 
diff --git a/tests/scripts/switch-to-guest.conf b/tests/scripts/switch-to-guest.conf
index 79902b88..20856c48 100644
--- a/tests/scripts/switch-to-guest.conf
+++ b/tests/scripts/switch-to-guest.conf
@@ -2,9 +2,6 @@
 # Check D-Bus interface can trigger/switch to guest session
 #
 
-[LightDM]
-disable-guest-wrapper=true
-
 [SeatDefaults]
 autologin-user=have-password1
 user-session=default
diff --git a/tests/src/Makefile.am b/tests/src/Makefile.am
index ccfb0e4a..0f507399 100644
--- a/tests/src/Makefile.am
+++ b/tests/src/Makefile.am
@@ -3,6 +3,7 @@ noinst_PROGRAMS = dbus-env \
                   plymouth \
                   test-gobject-greeter \
                   test-greeter-wrapper \
+                  test-guest-wrapper \
                   test-mir-greeter \
                   test-runner \
                   test-script-hook \
@@ -96,6 +97,15 @@ test_greeter_wrapper_LDADD = \
 	$(GLIB_LIBS) \
 	$(GIO_UNIX_LIBS)
 
+test_guest_wrapper_SOURCES = test-guest-wrapper.c status.c status.h
+test_guest_wrapper_CFLAGS = \
+	$(WARN_CFLAGS) \
+	$(GLIB_CFLAGS) \
+	$(GIO_UNIX_CFLAGS)
+test_guest_wrapper_LDADD = \
+	$(GLIB_LIBS) \
+	$(GIO_UNIX_LIBS)
+
 test_gobject_greeter_SOURCES = test-gobject-greeter.c status.c status.h
 test_gobject_greeter_CFLAGS = \
 	-I$(top_srcdir)/liblightdm-gobject \
diff --git a/tests/src/test-guest-wrapper.c b/tests/src/test-guest-wrapper.c
new file mode 100644
index 00000000..0c883cf9
--- /dev/null
+++ b/tests/src/test-guest-wrapper.c
@@ -0,0 +1,29 @@
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "status.h"
+
+static void
+request_cb (const gchar *request)
+{
+}
+
+int
+main (int argc, char **argv)
+{
+    gchar *display;
+
+    status_connect (request_cb);
+
+    display = getenv ("DISPLAY");
+    if (display == NULL)
+        status_notify ("GUEST-WRAPPER-? START");
+    else if (display[0] == ':')
+        status_notify ("GUEST-WRAPPER-X-%s START", display + 1);
+    else
+        status_notify ("GUEST-WRAPPER-X-%s START", display);
+
+    execv (argv[1], argv + 1);
+
+    return EXIT_FAILURE;
+}
diff --git a/tests/test-guest-wrapper b/tests/test-guest-wrapper
new file mode 100755
index 00000000..7593c8fb
--- /dev/null
+++ b/tests/test-guest-wrapper
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner guest-wrapper test-gobject-greeter