X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flogin%2Flogind-session.c;h=58514ea0d2ccae3f1a8e2d8b6dafb13acfdab082;hp=63ee75808b546f9ef668b380ebde57907c89d797;hb=8c8c43515cee56dfc2298998a9e5958308c46f99;hpb=4bba9156da3e1df2cee24d10d7cd88c776ef4179
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 63ee75808..58514ea0d 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -6,16 +6,16 @@
Copyright 2011 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
***/
@@ -25,10 +25,12 @@
#include
#include
-#include "logind-session.h"
#include "strv.h"
#include "util.h"
+#include "mkdir.h"
+#include "path-util.h"
#include "cgroup-util.h"
+#include "logind-session.h"
#define IDLE_THRESHOLD_USEC (5*USEC_PER_MINUTE)
@@ -48,10 +50,10 @@ Session* session_new(Manager *m, User *u, const char *id) {
return NULL;
}
- s->id = file_name_from_path(s->state_file);
+ s->id = path_get_file_name(s->state_file);
if (hashmap_put(m->sessions, s->id, s) < 0) {
- free(s->id);
+ free(s->state_file);
free(s);
return NULL;
}
@@ -86,7 +88,7 @@ void session_free(Session *s) {
}
if (s->cgroup_path)
- hashmap_remove(s->manager->cgroups, s->cgroup_path);
+ hashmap_remove(s->manager->session_cgroups, s->cgroup_path);
free(s->cgroup_path);
strv_free(s->controllers);
@@ -98,7 +100,6 @@ void session_free(Session *s) {
free(s->service);
hashmap_remove(s->manager->sessions, s->id);
-
session_remove_fifo(s);
free(s->state_file);
@@ -115,7 +116,7 @@ int session_save(Session *s) {
if (!s->started)
return 0;
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
goto finish;
@@ -145,6 +146,11 @@ int session_save(Session *s) {
"TYPE=%s\n",
session_type_to_string(s->type));
+ if (s->class >= 0)
+ fprintf(f,
+ "CLASS=%s\n",
+ session_class_to_string(s->class));
+
if (s->cgroup_path)
fprintf(f,
"CGROUP=%s\n",
@@ -185,7 +191,7 @@ int session_save(Session *s) {
"SERVICE=%s\n",
s->service);
- if (s->seat && seat_is_vtconsole(s->seat))
+ if (s->seat && seat_can_multi_session(s->seat))
fprintf(f,
"VTNR=%i\n",
s->vtnr);
@@ -225,7 +231,8 @@ int session_load(Session *s) {
*vtnr = NULL,
*leader = NULL,
*audit_id = NULL,
- *type = NULL;
+ *type = NULL,
+ *class = NULL;
int k, r;
@@ -245,6 +252,7 @@ int session_load(Session *s) {
"VTNR", &vtnr,
"LEADER", &leader,
"TYPE", &type,
+ "CLASS", &class,
NULL);
if (r < 0)
@@ -270,7 +278,7 @@ int session_load(Session *s) {
seat_attach_session(o, s);
}
- if (vtnr && s->seat && seat_is_vtconsole(s->seat)) {
+ if (vtnr && s->seat && seat_can_multi_session(s->seat)) {
int v;
k = safe_atoi(vtnr, &v);
@@ -279,14 +287,9 @@ int session_load(Session *s) {
}
if (leader) {
- pid_t pid;
-
- k = parse_pid(leader, &pid);
- if (k >= 0 && pid >= 1) {
- s->leader = pid;
-
- audit_session_from_pid(pid, &s->audit_id);
- }
+ k = parse_pid(leader, &s->leader);
+ if (k >= 0)
+ audit_session_from_pid(s->leader, &s->audit_id);
}
if (type) {
@@ -297,6 +300,14 @@ int session_load(Session *s) {
s->type = t;
}
+ if (class) {
+ SessionClass c;
+
+ c = session_class_from_string(class);
+ if (c >= 0)
+ s->class = c;
+ }
+
if (s->fifo_path) {
int fd;
@@ -310,7 +321,6 @@ int session_load(Session *s) {
close_nointr_nofail(fd);
}
-
finish:
free(remote);
free(kill_processes);
@@ -318,13 +328,13 @@ finish:
free(vtnr);
free(leader);
free(audit_id);
+ free(class);
return r;
}
int session_activate(Session *s) {
int r;
- Session *old_active;
assert(s);
@@ -343,10 +353,7 @@ int session_activate(Session *s) {
if (r < 0)
return r;
- old_active = s->seat->active;
- s->seat->active = s;
-
- return seat_apply_acls(s->seat, old_active);
+ return seat_set_active(s->seat, s);
}
static int session_link_x11_socket(Session *s) {
@@ -375,20 +382,22 @@ static int session_link_x11_socket(Session *s) {
c[k] = 0;
if (access(f, F_OK) < 0) {
- log_warning("Session %s has display %s with nonexisting socket %s.", s->id, s->display, f);
+ log_warning("Session %s has display %s with non-existing socket %s.", s->id, s->display, f);
free(f);
return -ENOENT;
}
- t = strappend(s->user->runtime_path, "/X11/display");
+ /* Note that this cannot be in a subdir to avoid
+ * vulnerabilities since we are privileged but the runtime
+ * path is owned by the user */
+
+ t = strappend(s->user->runtime_path, "/X11-display");
if (!t) {
log_error("Out of memory");
free(f);
return -ENOMEM;
}
- mkdir_parents(t, 0755);
-
if (link(f, t) < 0) {
if (errno == EEXIST) {
unlink(t);
@@ -440,7 +449,7 @@ static int session_create_one_group(Session *s, const char *controller, const ch
if (r < 0)
return r;
- r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid);
+ r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid, -1);
if (r >= 0)
r = cg_set_group_access(controller, path, 0755, s->user->uid, s->user->gid);
@@ -518,7 +527,7 @@ static int session_create_cgroup(Session *s) {
}
}
- hashmap_put(s->manager->cgroups, s->cgroup_path, s);
+ hashmap_put(s->manager->session_cgroups, s->cgroup_path, s);
return 0;
}
@@ -607,6 +616,23 @@ static int session_terminate_cgroup(Session *s) {
log_error("Failed to kill session cgroup: %s", strerror(-r));
} else {
+ if (s->leader > 0) {
+ Session *t;
+
+ /* We still send a HUP to the leader process,
+ * even if we are not supposed to kill the
+ * whole cgroup. But let's first check the
+ * leader still exists and belongs to our
+ * session... */
+
+ r = manager_get_session_by_pid(s->manager, s->leader, &t);
+ if (r > 0 && t == s) {
+ kill(s->leader, SIGTERM); /* for normal processes */
+ kill(s->leader, SIGHUP); /* for shells */
+ kill(s->leader, SIGCONT); /* in case they are stopped */
+ }
+ }
+
r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true);
if (r < 0)
log_error("Failed to check session cgroup: %s", strerror(-r));
@@ -614,19 +640,18 @@ static int session_terminate_cgroup(Session *s) {
r = cg_delete(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path);
if (r < 0)
log_error("Failed to delete session cgroup: %s", strerror(-r));
- } else
- r = -EBUSY;
+ }
}
STRV_FOREACH(k, s->user->manager->controllers)
cg_trim(*k, s->cgroup_path, true);
- hashmap_remove(s->manager->cgroups, s->cgroup_path);
+ hashmap_remove(s->manager->session_cgroups, s->cgroup_path);
free(s->cgroup_path);
s->cgroup_path = NULL;
- return r;
+ return 0;
}
static int session_unlink_x11_socket(Session *s) {
@@ -641,7 +666,7 @@ static int session_unlink_x11_socket(Session *s) {
s->user->display = NULL;
- t = strappend(s->user->runtime_path, "/X11/display");
+ t = strappend(s->user->runtime_path, "/X11-display");
if (!t) {
log_error("Out of memory");
return -ENOMEM;
@@ -791,7 +816,7 @@ int session_create_fifo(Session *s) {
/* Create FIFO */
if (!s->fifo_path) {
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
return r;
@@ -810,13 +835,13 @@ int session_create_fifo(Session *s) {
if (s->fifo_fd < 0)
return -errno;
- r = hashmap_put(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1), s);
+ r = hashmap_put(s->manager->session_fds, INT_TO_PTR(s->fifo_fd + 1), s);
if (r < 0)
return r;
zero(ev);
ev.events = 0;
- ev.data.u32 = FD_FIFO_BASE + s->fifo_fd;
+ ev.data.u32 = FD_OTHER_BASE + s->fifo_fd;
if (epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_ADD, s->fifo_fd, &ev) < 0)
return -errno;
@@ -834,7 +859,7 @@ void session_remove_fifo(Session *s) {
assert(s);
if (s->fifo_fd >= 0) {
- assert_se(hashmap_remove(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
+ assert_se(hashmap_remove(s->manager->session_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
assert_se(epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_DEL, s->fifo_fd, NULL) == 0);
close_nointr_nofail(s->fifo_fd);
s->fifo_fd = -1;
@@ -937,6 +962,14 @@ static const char* const session_type_table[_SESSION_TYPE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
+static const char* const session_class_table[_SESSION_CLASS_MAX] = {
+ [SESSION_USER] = "user",
+ [SESSION_GREETER] = "greeter",
+ [SESSION_LOCK_SCREEN] = "lock-screen"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
+
static const char* const kill_who_table[_KILL_WHO_MAX] = {
[KILL_LEADER] = "leader",
[KILL_ALL] = "all"