X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flogin%2Flogind-session.c;h=58514ea0d2ccae3f1a8e2d8b6dafb13acfdab082;hb=8c8c43515cee56dfc2298998a9e5958308c46f99;hp=c0d95329685d768498ea99a322ed99006d3889a0;hpb=9b221b63e5cc62439b32bb487775856a78c6015a;p=elogind.git
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index c0d953296..58514ea0d 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -6,16 +6,16 @@
Copyright 2011 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
***/
@@ -25,10 +25,12 @@
#include
#include
-#include "logind-session.h"
#include "strv.h"
#include "util.h"
+#include "mkdir.h"
+#include "path-util.h"
#include "cgroup-util.h"
+#include "logind-session.h"
#define IDLE_THRESHOLD_USEC (5*USEC_PER_MINUTE)
@@ -48,10 +50,10 @@ Session* session_new(Manager *m, User *u, const char *id) {
return NULL;
}
- s->id = file_name_from_path(s->state_file);
+ s->id = path_get_file_name(s->state_file);
if (hashmap_put(m->sessions, s->id, s) < 0) {
- free(s->id);
+ free(s->state_file);
free(s);
return NULL;
}
@@ -86,7 +88,7 @@ void session_free(Session *s) {
}
if (s->cgroup_path)
- hashmap_remove(s->manager->cgroups, s->cgroup_path);
+ hashmap_remove(s->manager->session_cgroups, s->cgroup_path);
free(s->cgroup_path);
strv_free(s->controllers);
@@ -98,7 +100,6 @@ void session_free(Session *s) {
free(s->service);
hashmap_remove(s->manager->sessions, s->id);
-
session_remove_fifo(s);
free(s->state_file);
@@ -115,7 +116,7 @@ int session_save(Session *s) {
if (!s->started)
return 0;
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
goto finish;
@@ -145,6 +146,11 @@ int session_save(Session *s) {
"TYPE=%s\n",
session_type_to_string(s->type));
+ if (s->class >= 0)
+ fprintf(f,
+ "CLASS=%s\n",
+ session_class_to_string(s->class));
+
if (s->cgroup_path)
fprintf(f,
"CGROUP=%s\n",
@@ -225,7 +231,8 @@ int session_load(Session *s) {
*vtnr = NULL,
*leader = NULL,
*audit_id = NULL,
- *type = NULL;
+ *type = NULL,
+ *class = NULL;
int k, r;
@@ -245,6 +252,7 @@ int session_load(Session *s) {
"VTNR", &vtnr,
"LEADER", &leader,
"TYPE", &type,
+ "CLASS", &class,
NULL);
if (r < 0)
@@ -279,14 +287,9 @@ int session_load(Session *s) {
}
if (leader) {
- pid_t pid;
-
- k = parse_pid(leader, &pid);
- if (k >= 0 && pid >= 1) {
- s->leader = pid;
-
- audit_session_from_pid(pid, &s->audit_id);
- }
+ k = parse_pid(leader, &s->leader);
+ if (k >= 0)
+ audit_session_from_pid(s->leader, &s->audit_id);
}
if (type) {
@@ -297,6 +300,14 @@ int session_load(Session *s) {
s->type = t;
}
+ if (class) {
+ SessionClass c;
+
+ c = session_class_from_string(class);
+ if (c >= 0)
+ s->class = c;
+ }
+
if (s->fifo_path) {
int fd;
@@ -310,7 +321,6 @@ int session_load(Session *s) {
close_nointr_nofail(fd);
}
-
finish:
free(remote);
free(kill_processes);
@@ -318,6 +328,7 @@ finish:
free(vtnr);
free(leader);
free(audit_id);
+ free(class);
return r;
}
@@ -371,11 +382,15 @@ static int session_link_x11_socket(Session *s) {
c[k] = 0;
if (access(f, F_OK) < 0) {
- log_warning("Session %s has display %s with nonexisting socket %s.", s->id, s->display, f);
+ log_warning("Session %s has display %s with non-existing socket %s.", s->id, s->display, f);
free(f);
return -ENOENT;
}
+ /* Note that this cannot be in a subdir to avoid
+ * vulnerabilities since we are privileged but the runtime
+ * path is owned by the user */
+
t = strappend(s->user->runtime_path, "/X11-display");
if (!t) {
log_error("Out of memory");
@@ -512,7 +527,7 @@ static int session_create_cgroup(Session *s) {
}
}
- hashmap_put(s->manager->cgroups, s->cgroup_path, s);
+ hashmap_put(s->manager->session_cgroups, s->cgroup_path, s);
return 0;
}
@@ -631,7 +646,7 @@ static int session_terminate_cgroup(Session *s) {
STRV_FOREACH(k, s->user->manager->controllers)
cg_trim(*k, s->cgroup_path, true);
- hashmap_remove(s->manager->cgroups, s->cgroup_path);
+ hashmap_remove(s->manager->session_cgroups, s->cgroup_path);
free(s->cgroup_path);
s->cgroup_path = NULL;
@@ -801,7 +816,7 @@ int session_create_fifo(Session *s) {
/* Create FIFO */
if (!s->fifo_path) {
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
return r;
@@ -820,13 +835,13 @@ int session_create_fifo(Session *s) {
if (s->fifo_fd < 0)
return -errno;
- r = hashmap_put(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1), s);
+ r = hashmap_put(s->manager->session_fds, INT_TO_PTR(s->fifo_fd + 1), s);
if (r < 0)
return r;
zero(ev);
ev.events = 0;
- ev.data.u32 = FD_FIFO_BASE + s->fifo_fd;
+ ev.data.u32 = FD_OTHER_BASE + s->fifo_fd;
if (epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_ADD, s->fifo_fd, &ev) < 0)
return -errno;
@@ -844,7 +859,7 @@ void session_remove_fifo(Session *s) {
assert(s);
if (s->fifo_fd >= 0) {
- assert_se(hashmap_remove(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
+ assert_se(hashmap_remove(s->manager->session_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
assert_se(epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_DEL, s->fifo_fd, NULL) == 0);
close_nointr_nofail(s->fifo_fd);
s->fifo_fd = -1;
@@ -947,6 +962,14 @@ static const char* const session_type_table[_SESSION_TYPE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
+static const char* const session_class_table[_SESSION_CLASS_MAX] = {
+ [SESSION_USER] = "user",
+ [SESSION_GREETER] = "greeter",
+ [SESSION_LOCK_SCREEN] = "lock-screen"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
+
static const char* const kill_who_table[_KILL_WHO_MAX] = {
[KILL_LEADER] = "leader",
[KILL_ALL] = "all"