Attachment #1474 for bug #1450

View | Details | Raw Unified | Return to bug 1450
Collapse All | Expand All




/*
 * Copyright (c) 2008 Colin Watson.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
/*
 * Loosely based on pam-ck-connector, which is:
 *
 * Copyright (c) 2007 David Zeuthen <davidz@redhat.com>
 *
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of this software and associated documentation
 * files (the "Software"), to deal in the Software without
 * restriction, including without limitation the rights to use,
 * copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following
 * conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 * OTHER DEALINGS IN THE SOFTWARE.
 */

#include "includes.h"

#ifdef USE_CONSOLEKIT

#include <ck-connector.h>

#include "xmalloc.h"
#include "channels.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "session.h"
#include "consolekit.h"

extern ServerOptions options;
extern u_int utmp_len;

void
set_active(const char *cookie)
{
	DBusError err;
	DBusConnection *connection;
	DBusMessage *message = NULL, *reply = NULL;
	char *sid;
	DBusMessageIter iter, subiter;
	const char *interface, *property;
	dbus_bool_t active;

	dbus_error_init(&err);
	connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
	if (!connection) {
		if (dbus_error_is_set(&err)) {
			error("unable to open DBus connection: %s",
			    err.message);
			dbus_error_free(&err);
		}
		goto out;
	}
	dbus_connection_set_exit_on_disconnect(connection, FALSE);

	message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
	    "/org/freedesktop/ConsoleKit/Manager",
	    "org.freedesktop.ConsoleKit.Manager",
	    "GetSessionForCookie");
	if (!message)
		goto out;
	if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie,
	    DBUS_TYPE_INVALID)) {
		if (dbus_error_is_set(&err)) {
			error("unable to get current session: %s",
			    err.message);
			dbus_error_free(&err);
		}
		goto out;
	}

	dbus_error_init(&err);
	reply = dbus_connection_send_with_reply_and_block(connection, message,
	    -1, &err);
	if (!reply) {
		if (dbus_error_is_set(&err)) {
			error("unable to get current session: %s",
			    err.message);
			dbus_error_free(&err);
		}
		goto out;
	}

	dbus_error_init(&err);
	if (!dbus_message_get_args(reply, &err,
	    DBUS_TYPE_OBJECT_PATH, &sid,
	    DBUS_TYPE_INVALID)) {
		if (dbus_error_is_set(&err)) {
			error("unable to get current session: %s",
			    err.message);
			dbus_error_free(&err);
		}
		goto out;
	}
	dbus_message_unref(reply);
	dbus_message_unref(message);
	message = reply = NULL;

	message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
	    sid, "org.freedesktop.DBus.Properties", "Set");
	if (!message)
		goto out;
	interface = "org.freedesktop.ConsoleKit.Session";
	property = "active";
	if (!dbus_message_append_args(message,
	    DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property,
	    DBUS_TYPE_INVALID))
		goto out;
	dbus_message_iter_init_append(message, &iter);
	if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
	    DBUS_TYPE_BOOLEAN_AS_STRING, &subiter))
		goto out;
	active = TRUE;
	if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN,
	    &active))
		goto out;
	if (!dbus_message_iter_close_container(&iter, &subiter))
		goto out;

	dbus_error_init(&err);
	reply = dbus_connection_send_with_reply_and_block(connection, message,
	    -1, &err);
	if (!reply) {
		if (dbus_error_is_set(&err)) {
			error("unable to make current session active: %s",
			    err.message);
			dbus_error_free(&err);
		}
		goto out;
	}

out:
	if (reply)
		dbus_message_unref(reply);
	if (message)
		dbus_message_unref(message);
}

/*
 * We pass display separately rather than using s->display because the
 * latter is not available in the monitor when using privsep.
 */

char *
consolekit_register(Session *s, const char *display)
{
	DBusError err;
	const char *tty = s->tty;
	const char *remote_host_name;
	dbus_bool_t is_local = FALSE;
	const char *cookie = NULL;

	if (s->ckc) {
		debug("already registered with ConsoleKit");
		return xstrdup(ck_connector_get_cookie(s->ckc));
	}

	s->ckc = ck_connector_new();
	if (!s->ckc) {
		error("ck_connector_new failed");
		return NULL;
	}

	if (!tty)
		tty = "";
	if (!display)
		display = "";
	remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns);
	if (!remote_host_name)
		remote_host_name = "";

	dbus_error_init(&err);
	if (!ck_connector_open_session_with_parameters(s->ckc, &err,
	    "unix-user", &s->pw->pw_uid,
	    "display-device", &tty,
	    "x11-display", &display,
	    "remote-host-name", &remote_host_name,
	    "is-local", &is_local,
	    NULL)) {
		if (dbus_error_is_set(&err)) {
			debug("%s", err.message);
			dbus_error_free(&err);
		} else {
			debug("insufficient privileges or D-Bus / ConsoleKit "
			    "not available");
		}
		return NULL;
	}

	debug("registered uid=%d on tty='%s' with ConsoleKit",
	    s->pw->pw_uid, s->tty);

	cookie = ck_connector_get_cookie(s->ckc);
	set_active(cookie);
	return xstrdup(cookie);
}

void
consolekit_unregister(Session *s)
{
	if (s->ckc) {
		debug("unregistering ConsoleKit session %s",
		    ck_connector_get_cookie(s->ckc));
		ck_connector_unref(s->ckc);
		s->ckc = NULL;
	}
}

#endif /* USE_CONSOLEKIT */




/*
 * Copyright (c) 2008 Colin Watson.  All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifdef USE_CONSOLEKIT

struct Session;

char *	 consolekit_register(struct Session *, const char *);
void	 consolekit_unregister(struct Session *);

#endif /* USE_CONSOLEKIT */

Lines 86-92 Link Here

(-)Makefile.in (-1 / +1 lines)
86	auth-krb5.o \	86	auth-krb5.o \
87	auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\	87	auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
88	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \	88	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
89	audit.o audit-bsm.o platform.o	89	audit.o audit-bsm.o platform.o consolekit.o
90		90
91	MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out	91	MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
92	MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5	92	MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5




	]
)

# Check whether user wants ConsoleKit support
CONSOLEKIT_MSG="no"
LIBCK_CONNECTOR=""
AC_ARG_WITH(consolekit,
	[  --with-consolekit       Enable ConsoleKit support],
	[ if test "x$withval" != "xno" ; then
		AC_PATH_TOOL([PKG_CONFIG], [pkg-config], [no])
		if test "$PKG_CONFIG" != "no"; then
			AC_MSG_CHECKING([for ck-connector])
			if $PKG_CONFIG --exists ck-connector; then
				CKCON_CFLAGS=`$PKG_CONFIG --cflags ck-connector`
				CKCON_LIBS=`$PKG_CONFIG --libs ck-connector`
				CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
				SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
				AC_MSG_RESULT([yes])
				AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.])
				CONSOLEKIT_MSG="yes"
			else
				AC_MSG_RESULT([no])
			fi
		fi
	fi ]
)

# Looking for programs, paths and files

PRIVSEP_PATH=/var/empty

echo "              MD5 password support: $MD5_MSG"
echo "                   libedit support: $LIBEDIT_MSG"
echo "  Solaris process contract support: $SPC_MSG"
echo "                ConsoleKit support: $CONSOLEKIT_MSG"
echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo "                  BSD Auth support: $BSD_AUTH_MSG"

Lines 86-91 Link Here

(-)monitor.c (+44 lines)
86	#include "misc.h"	86	#include "misc.h"
87	#include "compat.h"	87	#include "compat.h"
88	#include "ssh2.h"	88	#include "ssh2.h"
		89	#ifdef USE_CONSOLEKIT
		90	#include "consolekit.h"
		91	#endif
89		92
90	#ifdef GSSAPI	93	#ifdef GSSAPI
91	static Gssctxt *gsscontext = NULL;	94	static Gssctxt *gsscontext = NULL;
Lines 172-177 Link Here
172	int mm_answer_audit_command(int, Buffer *);	175	int mm_answer_audit_command(int, Buffer *);
173	#endif	176	#endif
174		177
		178	#ifdef USE_CONSOLEKIT
		179	int mm_answer_consolekit_register(int, Buffer *);
		180	#endif
		181
175	static Authctxt *authctxt;	182	static Authctxt *authctxt;
176	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */	183	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */
177		184
Lines 255-260 Link Here
255	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	262	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
256	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},	263	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
257	#endif	264	#endif
		265	#ifdef USE_CONSOLEKIT
		266	{MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
		267	#endif
258	{0, 0, NULL}	268	{0, 0, NULL}
259	};	269	};
260		270
Lines 297-302 Link Here
297	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	307	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
298	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT\|MON_ONCE, mm_answer_audit_command},	308	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT\|MON_ONCE, mm_answer_audit_command},
299	#endif	309	#endif
		310	#ifdef USE_CONSOLEKIT
		311	{MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
		312	#endif
300	{0, 0, NULL}	313	{0, 0, NULL}
301	};	314	};
302		315
Lines 443-448 Link Here
443	monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);	456	monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
444	monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);	457	monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
445	}	458	}
		459	#ifdef USE_CONSOLEKIT
		460	monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
		461	#endif
446		462
447	for (;;)	463	for (;;)
448	monitor_read(pmonitor, mon_dispatch, NULL);	464	monitor_read(pmonitor, mon_dispatch, NULL);
Lines 2041-2043 Link Here
2041	}	2057	}
2042		2058
2043	#endif /* GSSAPI */	2059	#endif /* GSSAPI */
		2060
		2061	#ifdef USE_CONSOLEKIT
		2062	int
		2063	mm_answer_consolekit_register(int sock, Buffer *m)
		2064	{
		2065	Session *s;
		2066	char tty, display;
		2067	char *cookie = NULL;
		2068
		2069	debug3("%s entering", __func__);
		2070
		2071	tty = buffer_get_string(m, NULL);
		2072	display = buffer_get_string(m, NULL);
		2073	s = session_by_tty(tty);
		2074	if (s != NULL)
		2075	cookie = consolekit_register(s, display);
		2076	buffer_clear(m);
		2077	buffer_put_cstring(m, cookie != NULL ? cookie : "");
		2078	mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
		2079
		2080	if (cookie != NULL)
		2081	xfree(cookie);
		2082	xfree(display);
		2083	xfree(tty);
		2084
		2085	return (0);
		2086	}
		2087	#endif /* USE_CONSOLEKIT */

Lines 61-66 Link Here

(-)monitor.h (+1 lines)
61	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,	61	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
62	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,	62	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
63	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,	63	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
		64	MONITOR_REQ_CONSOLEKIT_REGISTER, MONITOR_ANS_CONSOLEKIT_REGISTER,
64	MONITOR_REQ_TERM	65	MONITOR_REQ_TERM
65	};	66	};
66		67




}

#endif /* GSSAPI */

#ifdef USE_CONSOLEKIT
char *
mm_consolekit_register(Session *s, const char *display)
{
	Buffer m;
	char *cookie;

	debug3("%s entering", __func__);

	if (s->ttyfd == -1)
		return NULL;
	buffer_init(&m);
	buffer_put_cstring(&m, s->tty);
	buffer_put_cstring(&m, display != NULL ? display : "");
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m);
	buffer_clear(&m);

	mm_request_receive_expect(pmonitor->m_recvfd,
	    MONITOR_ANS_CONSOLEKIT_REGISTER, &m);
	cookie = buffer_get_string(&m, NULL);
	buffer_free(&m);

	/* treat empty cookie as missing cookie */
	if (strlen(cookie) == 0) {
		xfree(cookie);
		cookie = NULL;
	}
	return (cookie);
}
#endif /* USE_CONSOLEKIT */

Lines 109-112 Link Here

(-)monitor_wrap.h (+4 lines)
109	void mm_zfree(struct mm_master , void );	109	void mm_zfree(struct mm_master , void );
110	void mm_init_compression(struct mm_master *);	110	void mm_init_compression(struct mm_master *);
111		111
		112	#ifdef USE_CONSOLEKIT
		113	char mm_consolekit_register(struct Session , const char *);
		114	#endif /* USE_CONSOLEKIT */
		115
112	#endif /* _MM_WRAP_H_ */	116	#endif /* _MM_WRAP_H_ */

Lines 87-92 Link Here

(-)session.c (+13 lines)
87	#include "session.h"	87	#include "session.h"
88	#include "kex.h"	88	#include "kex.h"
89	#include "monitor_wrap.h"	89	#include "monitor_wrap.h"
		90	#include "consolekit.h"
90		91
91	#if defined(KRB5) && defined(USE_AFS)	92	#if defined(KRB5) && defined(USE_AFS)
92	#include <kafs.h>	93	#include <kafs.h>
Lines 1005-1010 Link Here
1005	#ifndef HAVE_LOGIN_CAP	1006	#ifndef HAVE_LOGIN_CAP
1006	char *path = NULL;	1007	char *path = NULL;
1007	#endif	1008	#endif
		1009	#ifdef USE_CONSOLEKIT
		1010	const char *ckcookie = NULL;
		1011	#endif /* USE_CONSOLEKIT */
1008		1012
1009	/* Initialize the environment. */	1013	/* Initialize the environment. */
1010	envsize = 100;	1014	envsize = 100;
Lines 1149-1154 Link Here
1149	child_set_env(&env, &envsize, "KRB5CCNAME",	1153	child_set_env(&env, &envsize, "KRB5CCNAME",
1150	s->authctxt->krb5_ccname);	1154	s->authctxt->krb5_ccname);
1151	#endif	1155	#endif
		1156	#ifdef USE_CONSOLEKIT
		1157	ckcookie = PRIVSEP(consolekit_register(s, s->display));
		1158	if (ckcookie)
		1159	child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie);
		1160	#endif /* USE_CONSOLEKIT */
1152	#ifdef USE_PAM	1161	#ifdef USE_PAM
1153	/*	1162	/*
1154	* Pull in any environment variables that may have	1163	* Pull in any environment variables that may have
Lines 2081-2086 Link Here
2081		2090
2082	debug("session_pty_cleanup: session %d release %s", s->self, s->tty);	2091	debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
2083		2092
		2093	#ifdef USE_CONSOLEKIT
		2094	consolekit_unregister(s);
		2095	#endif /* USE_CONSOLEKIT */
		2096
2084	/* Record that the user has logged out. */	2097	/* Record that the user has logged out. */
2085	if (s->pid != 0)	2098	if (s->pid != 0)
2086	record_logout(s->pid, s->tty, s->pw->pw_name);	2099	record_logout(s->pid, s->tty, s->pw->pw_name);

Lines 26-31 Link Here

(-)session.h (+6 lines)
26	#ifndef SESSION_H	26	#ifndef SESSION_H
27	#define SESSION_H	27	#define SESSION_H
28		28
		29	struct _CkConnector;
		30
29	#define TTYSZ 64	31	#define TTYSZ 64
30	typedef struct Session Session;	32	typedef struct Session Session;
31	struct Session {	33	struct Session {
Lines 59-64 Link Here
59	char *name;	61	char *name;
60	char *val;	62	char *val;
61	} *env;	63	} *env;
		64
		65	#ifdef USE_CONSOLEKIT
		66	struct _CkConnector *ckc;
		67	#endif /* USE_CONSOLEKIT */
62	};	68	};
63		69
64	void do_authenticated(Authctxt *);	70	void do_authenticated(Authctxt *);

Return to bug 1450

Lines 3354-3359 Link Here

(-)configure.ac (+25 lines)
3354	]	3354	]
3355	)	3355	)
3356		3356
		3357	# Check whether user wants ConsoleKit support
		3358	CONSOLEKIT_MSG="no"
		3359	LIBCK_CONNECTOR=""
		3360	AC_ARG_WITH(consolekit,
		3361	[ --with-consolekit Enable ConsoleKit support],
		3362	[ if test "x$withval" != "xno" ; then
		3363	AC_PATH_TOOL([PKG_CONFIG], [pkg-config], [no])
		3364	if test "$PKG_CONFIG" != "no"; then
		3365	AC_MSG_CHECKING([for ck-connector])
		3366	if $PKG_CONFIG --exists ck-connector; then
		3367	CKCON_CFLAGS=`$PKG_CONFIG --cflags ck-connector`
		3368	CKCON_LIBS=`$PKG_CONFIG --libs ck-connector`
		3369	CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
		3370	SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
		3371	AC_MSG_RESULT([yes])
		3372	AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.])
		3373	CONSOLEKIT_MSG="yes"
		3374	else
		3375	AC_MSG_RESULT([no])
		3376	fi
		3377	fi
		3378	fi ]
		3379	)
		3380
3357	# Looking for programs, paths and files	3381	# Looking for programs, paths and files
3358		3382
3359	PRIVSEP_PATH=/var/empty	3383	PRIVSEP_PATH=/var/empty
Lines 4067-4072 Link Here
4067	echo " MD5 password support: $MD5_MSG"	4091	echo " MD5 password support: $MD5_MSG"
4068	echo " libedit support: $LIBEDIT_MSG"	4092	echo " libedit support: $LIBEDIT_MSG"
4069	echo " Solaris process contract support: $SPC_MSG"	4093	echo " Solaris process contract support: $SPC_MSG"
		4094	echo " ConsoleKit support: $CONSOLEKIT_MSG"
4070	echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"	4095	echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4071	echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"	4096	echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4072	echo " BSD Auth support: $BSD_AUTH_MSG"	4097	echo " BSD Auth support: $BSD_AUTH_MSG"

Lines 1278-1280 Link Here

(-)monitor_wrap.c (+31 lines)
1278	}	1278	}
1279		1279
1280	#endif /* GSSAPI */	1280	#endif /* GSSAPI */
		1281
		1282	#ifdef USE_CONSOLEKIT
		1283	char *
		1284	mm_consolekit_register(Session s, const char display)
		1285	{
		1286	Buffer m;
		1287	char *cookie;
		1288
		1289	debug3("%s entering", __func__);
		1290
		1291	if (s->ttyfd == -1)
		1292	return NULL;
		1293	buffer_init(&m);
		1294	buffer_put_cstring(&m, s->tty);
		1295	buffer_put_cstring(&m, display != NULL ? display : "");
		1296	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m);
		1297	buffer_clear(&m);
		1298
		1299	mm_request_receive_expect(pmonitor->m_recvfd,
		1300	MONITOR_ANS_CONSOLEKIT_REGISTER, &m);
		1301	cookie = buffer_get_string(&m, NULL);
		1302	buffer_free(&m);
		1303
		1304	/* treat empty cookie as missing cookie */
		1305	if (strlen(cookie) == 0) {
		1306	xfree(cookie);
		1307	cookie = NULL;
		1308	}
		1309	return (cookie);
		1310	}
		1311	#endif /* USE_CONSOLEKIT */

Line 0 Link Here

(-)consolekit.c (+239 lines)
		1	/*
		2	* Copyright (c) 2008 Colin Watson. All rights reserved.
		3	*
		4	* Permission to use, copy, modify, and distribute this software for any
		5	* purpose with or without fee is hereby granted, provided that the above
		6	* copyright notice and this permission notice appear in all copies.
		7	*
		8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		15	*/
		16	/*
		17	* Loosely based on pam-ck-connector, which is:
		18	*
		19	* Copyright (c) 2007 David Zeuthen <davidz@redhat.com>
		20	*
		21	* Permission is hereby granted, free of charge, to any person
		22	* obtaining a copy of this software and associated documentation
		23	* files (the "Software"), to deal in the Software without
		24	* restriction, including without limitation the rights to use,
		25	* copy, modify, merge, publish, distribute, sublicense, and/or sell
		26	* copies of the Software, and to permit persons to whom the
		27	* Software is furnished to do so, subject to the following
		28	* conditions:
		29	*
		30	* The above copyright notice and this permission notice shall be
		31	* included in all copies or substantial portions of the Software.
		32	*
		33	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
		34	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
		35	* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
		36	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
		37	* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
		38	* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
		39	* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
		40	* OTHER DEALINGS IN THE SOFTWARE.
		41	*/
		42
		43	#include "includes.h"
		44
		45	#ifdef USE_CONSOLEKIT
		46
		47	#include <ck-connector.h>
		48
		49	#include "xmalloc.h"
		50	#include "channels.h"
		51	#include "key.h"
		52	#include "hostfile.h"
		53	#include "auth.h"
		54	#include "log.h"
		55	#include "servconf.h"
		56	#include "canohost.h"
		57	#include "session.h"
		58	#include "consolekit.h"
		59
		60	extern ServerOptions options;
		61	extern u_int utmp_len;
		62
		63	void
		64	set_active(const char *cookie)
65	{
66	DBusError err;
67	DBusConnection *connection;
68	DBusMessage message = NULL, reply = NULL;
69	char *sid;
70	DBusMessageIter iter, subiter;
71	const char interface, property;
72	dbus_bool_t active;
73
74	dbus_error_init(&err);
75	connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
76	if (!connection) {
77	if (dbus_error_is_set(&err)) {
78	error("unable to open DBus connection: %s",
79	err.message);
80	dbus_error_free(&err);
81	}
82	goto out;
83	}
84	dbus_connection_set_exit_on_disconnect(connection, FALSE);
85
86	message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
87	"/org/freedesktop/ConsoleKit/Manager",
88	"org.freedesktop.ConsoleKit.Manager",
89	"GetSessionForCookie");
90	if (!message)
91	goto out;
92	if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie,
93	DBUS_TYPE_INVALID)) {
94	if (dbus_error_is_set(&err)) {
95	error("unable to get current session: %s",
96	err.message);
97	dbus_error_free(&err);
98	}
99	goto out;
100	}
101
102	dbus_error_init(&err);
103	reply = dbus_connection_send_with_reply_and_block(connection, message,
104	-1, &err);
105	if (!reply) {
106	if (dbus_error_is_set(&err)) {
107	error("unable to get current session: %s",
108	err.message);
109	dbus_error_free(&err);
110	}
111	goto out;
112	}
113
114	dbus_error_init(&err);
115	if (!dbus_message_get_args(reply, &err,
116	DBUS_TYPE_OBJECT_PATH, &sid,
117	DBUS_TYPE_INVALID)) {
118	if (dbus_error_is_set(&err)) {
119	error("unable to get current session: %s",
120	err.message);
121	dbus_error_free(&err);
122	}
123	goto out;
124	}
125	dbus_message_unref(reply);
126	dbus_message_unref(message);
127	message = reply = NULL;
128
129	message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
130	sid, "org.freedesktop.DBus.Properties", "Set");
131	if (!message)
132	goto out;
133	interface = "org.freedesktop.ConsoleKit.Session";
134	property = "active";
135	if (!dbus_message_append_args(message,
136	DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property,
137	DBUS_TYPE_INVALID))
138	goto out;
139	dbus_message_iter_init_append(message, &iter);
140	if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
141	DBUS_TYPE_BOOLEAN_AS_STRING, &subiter))
142	goto out;
143	active = TRUE;
144	if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN,
145	&active))
146	goto out;
147	if (!dbus_message_iter_close_container(&iter, &subiter))
148	goto out;
149
150	dbus_error_init(&err);
151	reply = dbus_connection_send_with_reply_and_block(connection, message,
152	-1, &err);
153	if (!reply) {
154	if (dbus_error_is_set(&err)) {
155	error("unable to make current session active: %s",
156	err.message);
157	dbus_error_free(&err);
158	}
159	goto out;
160	}
161
162	out:
163	if (reply)
164	dbus_message_unref(reply);
165	if (message)
166	dbus_message_unref(message);
167	}
168
169	/*
170	* We pass display separately rather than using s->display because the
171	* latter is not available in the monitor when using privsep.
172	*/
173
174	char *
175	consolekit_register(Session s, const char display)
176	{
177	DBusError err;
178	const char *tty = s->tty;
179	const char *remote_host_name;
180	dbus_bool_t is_local = FALSE;
181	const char *cookie = NULL;
182
183	if (s->ckc) {
184	debug("already registered with ConsoleKit");
185	return xstrdup(ck_connector_get_cookie(s->ckc));
186	}
187
188	s->ckc = ck_connector_new();
189	if (!s->ckc) {
190	error("ck_connector_new failed");
191	return NULL;
192	}
193
194	if (!tty)
195	tty = "";
196	if (!display)
197	display = "";
198	remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns);
199	if (!remote_host_name)
200	remote_host_name = "";
201
202	dbus_error_init(&err);
203	if (!ck_connector_open_session_with_parameters(s->ckc, &err,
204	"unix-user", &s->pw->pw_uid,
205	"display-device", &tty,
206	"x11-display", &display,
207	"remote-host-name", &remote_host_name,
208	"is-local", &is_local,
209	NULL)) {
210	if (dbus_error_is_set(&err)) {
211	debug("%s", err.message);
212	dbus_error_free(&err);
213	} else {
214	debug("insufficient privileges or D-Bus / ConsoleKit "
215	"not available");
216	}
217	return NULL;
218	}
219
220	debug("registered uid=%d on tty='%s' with ConsoleKit",
221	s->pw->pw_uid, s->tty);
222
223	cookie = ck_connector_get_cookie(s->ckc);
224	set_active(cookie);
225	return xstrdup(cookie);
226	}
227
228	void
229	consolekit_unregister(Session *s)
230	{
231	if (s->ckc) {
232	debug("unregistering ConsoleKit session %s",
233	ck_connector_get_cookie(s->ckc));
234	ck_connector_unref(s->ckc);
235	s->ckc = NULL;
236	}
237	}
238
239	#endif /* USE_CONSOLEKIT */

Line 0 Link Here

(-)consolekit.h (+24 lines)
	1	/*
	2	* Copyright (c) 2008 Colin Watson. All rights reserved.
	3	*
	4	* Permission to use, copy, modify, and distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice appear in all copies.
	7	*
	8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	15	*/
	16
	17	#ifdef USE_CONSOLEKIT
	18
	19	struct Session;
	20
	21	char * consolekit_register(struct Session , const char );
	22	void consolekit_unregister(struct Session *);
	23
	24	#endif /* USE_CONSOLEKIT */