summaryrefslogtreecommitdiff
path: root/src/login/logind-dbus.c
AgeCommit message (Collapse)Author
2015-07-29tree-wide: port everything over to fflush_and_check()Lennart Poettering
Some places invoked fflush() directly with their own manual error checking, let's unify all that by using fflush_and_check(). This also unifies the general error paths of fflush()+rename() file writers.
2015-07-21logind: fix write_string_file() falloutDaniel Mack
WRITE_STRING_FILE_ATOMIC is only valid if WRITE_STRING_FILE_CREATE is also given. IOW, an atomic file write operation is only possible when creating a file is also being asked for. This is a regression from the recent write_string_file() rework.
2015-07-11logind: bring bus policy up-to-dateLennart Poettering
A while back we opened up all of logind's bus calls to unprivileged users, via PK. However, the dbus1 policy wasn't updated accordingly. With this change, the dbus1 policy is opened up for all bus calls that should be available to unprivileged clients. (also rearranges some calls in the vtable, to make more sense, and be in line with the order in the bus policy file) Fixes #471.
2015-07-10logind: allow greeters to take over VTsDavid Herrmann
Make sure a greeter can forcefully spawn a session on a VT that is in-use. A recent patch prevented this (this used to be possible for all session types) as it is highly fragile. However, as it turns out, greeters seem to rely on that feature. Therefore, make sure we allow it explicitly for greeters.
2015-07-08Merge pull request #500 from zonque/fileioLennart Poettering
fileio: consolidate write_string_file*()
2015-07-07logind: fail on CreateSession if already in sessionDavid Herrmann
Right now, if you're already in a session and call CreateSession, we return information about the current session of yours. This is highy confusing and a nasty hack. Avoid that, and instead return a commonly known error, so the caller can detect that. This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT in pam_systemd, if you're already in a session. But this sounds like the right thing to do, anyway.
2015-07-07logind: allow sessions to share a VT if it's a greeterDavid Herrmann
Old gdm and lightdm start the user-session during login before they destroy the greeter-session. Therefore, the user-session will take over the VT from the greeter. We recently prevented this by never allowing multiple sessions on the same VT. Fix this now, by explicitly allowing this if the owning session is a GREETER. Note that gdm no longer behaves like this. Instead, due to wayland, they always use a different VT for each session. All other login-managers are highly encouraged to destroy the greeter-session _before_ starting the user-session. We now work around this, but this will probably not last forever (and will already have nasty side-effects on the greeter-session).
2015-07-06fileio: consolidate write_string_file*()Daniel Mack
Merge write_string_file(), write_string_file_no_create() and write_string_file_atomic() into write_string_file() and provide a flags mask that allows combinations of atomic writing, newline appending and automatic file creation. Change all users accordingly.
2015-07-05login: simplify assignmentZbigniew Jędrzejewski-Szmek
2015-07-01login: re-use VT-sessions if they already existDavid Herrmann
Right now, if you start a session via 'su' or 'sudo' from within a session, we make sure to re-use the existing session instead of creating a new one. We detect this by reading the session of the requesting PID. However, with gnome-terminal running as a busname-unit, and as such running outside the session of the user, this will no longer work. Therefore, this patch makes sure to return the existing session of a VT if you start a new one. This has the side-effect, that you will re-use a session which your PID is not part of. This works fine, but will break assumptions if the parent session dies (and as such close your session even though you think you're part of it). However, this should be perfectly fine. If you run multiple logins on the same session, you should really know what you're doing. The current way of silently accepting it but choosing the last registered session is just weird.
2015-06-25logind: fix delayed execution regressionDaniel Mack
Commit c0f32805 ("logind: use sd_event timer source for inhibitor logic") reworked the main loop logic of logind so that it uses a real timeout callback handler to execute delayed functions. What the old code did, however, was to call those functions on every iteration in the main loop, not only when the timeout expired. Restore that behavior by bringing back manager_dispatch_delayed(), and call it from manager_run(). The internal event source callback manager_inhibit_timeout_handler() was turned into a wrapper of manager_dispatch_delayed() now.
2015-06-17logind: rework display counting when detecting whether the system is dockedLennart Poettering
Previously, we'd just count connected displays, and if there was 2 or more we assumed a "docked" state. With this change we now: - Only count external displays, ignore internal ones (which we detect by checking the connector name against a whitelist of known external plug types) - We ignore connectors which are explicitly disabled - We then compare the count with >= 1 rather than >= 2 as before This new logic has the benefit that systems that disconnect the internal display when the lid is closed are better supported. Also, explicitly disabled ports do not confuse the algorithm anymore. This new algorithm has been suggested here: http://lists.freedesktop.org/archives/intel-gfx/2015-June/068821.html This also makes two functions static, that are not used outside of their .c files.
2015-06-16Merge pull request #218 from poettering/dual-timestamp-nullDaniel Mack
everywhere: actually make use of DUAL_TIMESTAMP_NULL macro
2015-06-16logind: expose "Docked" bool as property on the busLennart Poettering
We know the state anyway, let's expose it in the bus. It's useful for debugging at least, but it might be useful for DEs too.
2015-06-16everywhere: actually make use of DUAL_TIMESTAMP_NULL macroLennart Poettering
Let's use it as initializer where appropriate.
2015-06-02logind: Save the user’s state when a session enters SESSION_ACTIVEPhilip Withnall
When (for example) switching from X11 to a new VT and logging in there, creating a new session, the user state file (/run/systemd/users/$uid) is not updated after the session becomes active. The latest time it is saved is when the session is in SESSION_OPENING. This results in a /run/systemd/users/$uid file which contains STATE=online for the current user on the current active VT, which is obviously wrong. As functions like sd_uid_get_state() use this file to get the user’s state, this could result in things like PolicyKit making incorrect decisions about the user’s state. (See https://bugs.freedesktop.org/show_bug.cgi?id=76358.) Fix this by re-saving the state for a session’s user after completing the state_job for that session. https://bugs.freedesktop.org/show_bug.cgi?id=90818
2015-05-27logind: prefix some calls to unlink with (void)Daniel Mack
Make Coverity happy and tell it we're not interested in the return value of these two calls.
2015-05-27logind: unlink /run/nologin when shutdown is cancelledDaniel Mack
When a scheduled is cancelled, make sure to remove /run/nologin. This is a regression from the recent shutdownd removal and logind rework.
2015-04-29sd-bus: allow passing NULL as bus parameter to sd_bus_send()Lennart Poettering
If NULL is specified for the bus it is now automatically derived from the passed in message. This commit also changes a number of invocations of sd_bus_send() to make use of this.
2015-04-29sd-bus: drop bus parameter from message callback prototypeLennart Poettering
This should simplify the prototype a bit. The bus parameter is redundant in most cases, and in the few where it matters it can be derived from the message via sd_bus_message_get_bus().
2015-04-24logind: kill newline characters from log_error_errno() callsDaniel Mack
log_error_errno() already adds a newline, so drop them.
2015-04-24logind: add support for /run/nologin and /run/systemd/shutdown/scheduledDaniel Mack
Port over more code from shutdownd and teach logind to write /run/nologin at least 5 minutes before the system is going down, and /run/systemd/shutdown/scheduled when a shutdown is scheduled.
2015-04-24logind: add code for UTMP wall messagesDaniel Mack
Add a timer to print UTMP wall messages so that it repeatedly informs users about a scheduled shutdown: * every 1 minute with less than 10 minutes to go * every 15 minutes with less than 60 minutes to go * every 30 minutes with less than 180 minutes (3 hours) to go * every 60 minutes if more than that to go This functionality only active if the .EnableWallMessages DBus property is set to true. Also, a custom string can be added to the wall message, set through the WallMessagePrefix property.
2015-04-24logind: add .ScheduleShutdown and .CancelScheduledShutdown methodsDaniel Mack
Add a method called ScheduleShutdown in org.freedesktop.login1.Manager which adds a timer to shut down the system at a later point in time. The first argument holds the type of the schedule that is about to happen, and must be one of 'reboot', 'halt' or 'poweroff'. The second argument specifies the absolute time, based on CLOCK_REALTIME in nanoseconds, at which the the operation should be executed. To cancel a previously scheduled shutdown, the CancelScheduledShutdown() can be called, which returns a bool, indicating whether a scheduled timeout was cancelled. Also add a new property called ScheduledShutdown which returns the equivalent to what was passed in via ScheduleShutdown, as '(st)' type.
2015-04-24logind: factor out polkit checksDaniel Mack
Factor out the code to ask polkit for authorization from method_do_shutdown_or_sleep() into an own function called verify_shutdown_creds(). This is needed in order to also use the same checks when shutdown operations are scheduled. For that, it's also necessary to allow NULL values for that action{,_multiple_sessions,_ignore_inhibit) arguments, which will suppress the call if no action string is passed.
2015-04-24logind: use sd_event timer source for inhibitor logicDaniel Mack
Instead of open-coding the delayed action and inhibit timeout logic, switch over to a real sd_event_source based implementation. This is not only easier to read but also allows us to add more timers in the future.
2015-04-24logind: drop unused argument from method_do_shutdown_or_sleep()Daniel Mack
2015-04-11shared: add terminal-util.[ch]Ronny Chevalier
2015-04-10shared: add process-util.[ch]Ronny Chevalier
2015-04-10shared: add formats-util.hRonny Chevalier
2015-04-07logind: drop "interactive" parameter from SetRebootToFirmwareSetup() bus callLennart Poettering
Newer dbus versions have an "allow interactive authentication" bit in the message header, hence it is not necessary to take a boolean for this explicitly.
2015-04-07logind,systemctl: add reboot to EFI firmware supportJan Janssen
2015-04-07polkit: rename bus_verify_polkit() to bus_test_polkit() and make it strictly ↵Lennart Poettering
non-interactive Interactive authorization should only happen asynchronously, hence disallow it in synchronous bus_verify_polkit(), and rename it to bus_test_polkit(). This way even if the bus message header asks for interactive authorization, we'll ask for non-interactive authorization which is actually the desired behaviour if CanSuspend, CanHibernate and friends, which call this function.
2015-03-15logind: check return value of session_releaseZbigniew Jędrzejewski-Szmek
It allocates memory, so it can fail. CID #1237527.
2015-03-06login: make hold-off timeout configurableDavid Herrmann
This introduces 'HoldoffTimeoutSec' to logind.conf to make IGNORE_LID_SWITCH_{SUSPEND,STARTUP}_USEC configurable. Background: If an external monitor is connected, or if the system is docked, we want to ignore LID events. This is required to support setups where a laptop is used with external peripherals while the LID is closed. However, this requires us to probe all hot-plugged devices before reacting to LID events. But with modern buses like USB, the standards do not impose any timeout on the slots, so we have no chance to know whether a given slot is used or not. Hence, after resume and startup, we have to wait a fixed timeout to give the kernel a chance to probe devices. Our timeout has always been generous enough to support even the slowest devices. However, a lot of people didn't use these features and wanted to disable the hold-off timer. Now we provide a knob to do that.
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-18logind: open up most bus calls for unpriviliged processes, using PolicyKitLennart Poettering
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK.
2015-02-03util: rework strappenda(), and rename it strjoina()Lennart Poettering
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-02remove unused variablesThomas Hindoe Paaboel Andersen
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-09logind: unify how we cast between uid_t and pointers for hashmap keysLennart Poettering
2015-01-09logind: when a bus call is done on a session, user or seat, optionally ↵Lennart Poettering
determine them from the caller credentials More specifically, if an operation is requested on a session with an empty name, the caller's session is used. If an operation is requested on a seat with an empty name, the seat of the caller's session is used. Finally, if an operation on the user with UID -1 is requested, the user of the client's session is used (and not the UID of the client!).
2014-12-29machined: ignore spurious errorLennart Poettering
2014-12-28tmpfiles: add new line type 'v' for creating btrfs subvolumesLennart Poettering
2014-12-25logind: remove spurious include of <sys/capability.h>Filipe Brandenburger
They do not use any functions from libcap directly. The CAP_* constants in use through these files come from "missing.h" which will import <linux/capability.h> and complement it with CAP_* constants not defined by the current kernel headers. The "missing.h" header is imported through "util.h" which gets imported in "logind.h". Tested that "systemd-logind" builds cleanly and works after this change.
2014-12-11treewide: correct spacing near eol in code commentsTorstein Husebø
2014-12-10sd-bus: move common errors src/shared/bus-errors.h → ↵Lennart Poettering
src/libsystemd/sd-bus/bus-common-errors.h Stuff in src/shared/ should not use stuff from src/libsystemd/ really.
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28log: fix order of log_unit_struct() to match other logging callsLennart Poettering
Also, while we are at it, introduce some syntactic sugar for creating ERRNO= and MESSAGE= structured logging fields.
2014-10-23mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho