summaryrefslogtreecommitdiff
path: root/src/login
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-07-07 19:38:41 +0200
committerDavid Herrmann <dh.herrmann@gmail.com>2015-07-07 19:38:41 +0200
commitb80120c4cba7d134b5437a58437a23fdf7ab2084 (patch)
treefab868c26a100e7ae41f235f458ef3d4490812a9 /src/login
parent586cd08e1bbf8d6b1a960dc94f46235fde0d68c1 (diff)
logind: fail on CreateSession if already in session
Right now, if you're already in a session and call CreateSession, we return information about the current session of yours. This is highy confusing and a nasty hack. Avoid that, and instead return a commonly known error, so the caller can detect that. This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT in pam_systemd, if you're already in a session. But this sounds like the right thing to do, anyway.
Diffstat (limited to 'src/login')
-rw-r--r--src/login/logind-core.c4
-rw-r--r--src/login/logind-dbus.c69
-rw-r--r--src/login/pam_systemd.c10
3 files changed, 27 insertions, 56 deletions
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index a6c01f7d85..96a20e27b9 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -317,7 +317,6 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session) {
int r;
assert(m);
- assert(session);
if (pid < 1)
return -EINVAL;
@@ -330,7 +329,8 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session) {
if (!s)
return 0;
- *session = s;
+ if (session)
+ *session = s;
return 1;
}
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c92761f435..82654ee8c7 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -689,58 +689,23 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
return r;
}
- manager_get_session_by_pid(m, leader, &session);
- if (!session && vtnr > 0 && vtnr < m->seat0->position_count) {
- session = m->seat0->positions[vtnr];
- /*
- * Old gdm and lightdm start the user-session on the same VT as
- * the greeter session. But they destroy the greeter session
- * after the user-session and want the user-session to take
- * over the VT. We need to support this for
- * backwards-compatibility, so make sure we allow new sessions
- * on a VT that a greeter is running on.
- */
- if (session && session->class == SESSION_GREETER)
- session = NULL;
- }
- if (session) {
- _cleanup_free_ char *path = NULL;
- _cleanup_close_ int fifo_fd = -1;
-
- /* Session already exists, client is probably
- * something like "su" which changes uid but is still
- * the same session */
-
- fifo_fd = session_create_fifo(session);
- if (fifo_fd < 0)
- return fifo_fd;
-
- path = session_bus_path(session);
- if (!path)
- return -ENOMEM;
-
- log_debug("Sending reply about an existing session: "
- "id=%s object_path=%s uid=%u runtime_path=%s "
- "session_fd=%d seat=%s vtnr=%u",
- session->id,
- path,
- (uint32_t) session->user->uid,
- session->user->runtime_path,
- fifo_fd,
- session->seat ? session->seat->id : "",
- (uint32_t) session->vtnr);
-
- return sd_bus_reply_method_return(
- message, "soshusub",
- session->id,
- path,
- session->user->runtime_path,
- fifo_fd,
- (uint32_t) session->user->uid,
- session->seat ? session->seat->id : "",
- (uint32_t) session->vtnr,
- true);
- }
+ r = manager_get_session_by_pid(m, leader, NULL);
+ if (r > 0)
+ return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already running in a session");
+
+ /*
+ * Old gdm and lightdm start the user-session on the same VT as
+ * the greeter session. But they destroy the greeter session
+ * after the user-session and want the user-session to take
+ * over the VT. We need to support this for
+ * backwards-compatibility, so make sure we allow new sessions
+ * on a VT that a greeter is running on.
+ */
+ if (vtnr > 0 &&
+ vtnr < m->seat0->position_count &&
+ m->seat0->positions[vtnr] &&
+ m->seat0->positions[vtnr]->class != SESSION_GREETER)
+ return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already occupied by a session");
audit_session_from_pid(leader, &audit_id);
if (audit_id > 0) {
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 2f390237dc..f83d18b035 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -31,6 +31,7 @@
#include <security/pam_ext.h>
#include <security/pam_misc.h>
+#include "bus-common-errors.h"
#include "util.h"
#include "audit.h"
#include "macro.h"
@@ -399,8 +400,13 @@ _public_ PAM_EXTERN int pam_sm_open_session(
remote_host,
0);
if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
- return PAM_SYSTEM_ERR;
+ if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
+ pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
+ return PAM_SUCCESS;
+ } else {
+ pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
+ return PAM_SYSTEM_ERR;
+ }
}
r = sd_bus_message_read(reply,