summaryrefslogtreecommitdiff
path: root/src/login
AgeCommit message (Collapse)Author
2015-02-18logind: open up most bus calls for unpriviliged processes, using PolicyKitLennart Poettering
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK.
2015-02-10logind: tell Coverity that we knowingly ignore mkdir()'s return valueLennart Poettering
2015-02-03util: rework strappenda(), and rename it strjoina()Lennart Poettering
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-02remove unused variablesThomas Hindoe Paaboel Andersen
2015-01-28logind: handle closing sessions over daemon restartsMartin Pitt
It may happen that you have several sessions with the same VT: - Open a session c1 which leaves some processes around, and log out. The session will stay in State=closing and become Active=no. - Log back in on the same VT, get a new session "c2" which is State=active and Active=yes. When restarting logind after that, the first session that matches the current VT becomes Active=yes, which will be c1; c2 thus is Active=no and does not get the usual polkit/device ACL privileges. Restore the "closing" state in session_load(), to avoid treating all restored sessions as State=active. In seat_active_vt_changed(), prefer active sessions over closing ones if more than one session matches the current VT. Finally, fix the confusing comment in session_load() and explain it a bit better. https://launchpad.net/bugs/1415104
2015-01-27logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERMChristian Seiler
In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs (or any filesystem for that matter) on top of /run/user/$UID. Previously, logind just failed in such a situation. Now, logind will resort to chown+chmod of the directory instead. This allows logind still to work in those environments, although without the guarantees it provides (i.e. users not being able to DOS /run or other users' /run/user/$UID space) when CAP_SYS_ADMIN is available.
2015-01-27logind: remove per-user runtime dir again if setup failsChristian Seiler
If setup of per-user runtime dir fails, clean up afterwards by removing the directory before returning from the function, so we don't leave the directory behind. If this is not done, the second time the user logs in logind would assume that the directory is already set up, even though it isn't.
2015-01-22logind: fix sd_eviocrevoke ioctl callPeter Hutterer
If the third argument is non-null, the kernel will always error out with EINVAL and devices won't get revoked. Reported-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2015-01-22tmpfiles: add 'a' type to set ACLsZbigniew Jędrzejewski-Szmek
2015-01-22Assorted format fixesZbigniew Jędrzejewski-Szmek
Types used for pids and uids in various interfaces are unpredictable. Too bad.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-18logind: hide 'self' links if not availableDavid Herrmann
If the caller does not run in a session/seat or has no tracked user, hide the /org/freedesktop/login1/.../self links in introspection data. Otherwise, "busctl tree org.freedesktop.login1" tries to query those nodes even though it cant.
2015-01-14loginctl: fix misuse compound literalsLennart Poettering
The lifetime of compound literals is bound to the local scope, we hence cannot refernce them outside of it.
2015-01-09loginctl: make session/user arguments optional for a number commands, and ↵Lennart Poettering
imply calling session/user instead This turns "lock-session", "activate", "unlock-session", "enable-linger", "disable-linger" into commands that take no argument, optionally in which case the callers session/user is implied.
2015-01-09logind: unify how we cast between uid_t and pointers for hashmap keysLennart Poettering
2015-01-09logind: when a bus call is done on a session, user or seat, optionally ↵Lennart Poettering
determine them from the caller credentials More specifically, if an operation is requested on a session with an empty name, the caller's session is used. If an operation is requested on a seat with an empty name, the seat of the caller's session is used. Finally, if an operation on the user with UID -1 is requested, the user of the client's session is used (and not the UID of the client!).
2015-01-09logind: include "self" object links in dbus introspectionLennart Poettering
Makes "busctl introspect" a lot more fun.
2015-01-09loginctl: make "loginctl session-status" without session ID show the ↵Lennart Poettering
caller's session status Similar for user-status and seat-status.
2015-01-08loginctl: port to generic verbs.h APILennart Poettering
2015-01-08systemctl,loginctl: start polkit agent for all polkit enabled operationsLennart Poettering
2015-01-08loginctl: show the 10 most recent log user/session log lines in "loginctl ↵Lennart Poettering
user-status" and "loginctl session-status"
2015-01-01Remove "to allow" from policy messagesZbigniew Jędrzejewski-Szmek
It carries no additional information and forces a passive sentence structure which is longer and harder to parse.
2014-12-29machined: ignore spurious errorLennart Poettering
2014-12-28tmpfiles: add new line type 'v' for creating btrfs subvolumesLennart Poettering
2014-12-26loginctl: reindent --help textLennart Poettering
2014-12-26loginctl: add more --help sectionsLennart Poettering
2014-12-25pam_systemd: remove spurious include of <sys/capability.h>Filipe Brandenburger
It does not use any functions or constants from libcap directly. Tested that "pam_systemd.la" builds cleanly and works after this change.
2014-12-25logind: remove spurious include of <sys/capability.h>Filipe Brandenburger
They do not use any functions from libcap directly. The CAP_* constants in use through these files come from "missing.h" which will import <linux/capability.h> and complement it with CAP_* constants not defined by the current kernel headers. The "missing.h" header is imported through "util.h" which gets imported in "logind.h". Tested that "systemd-logind" builds cleanly and works after this change.
2014-12-24sd-bus: rename sd_bus_open_system_container() to sd_bus_open_system_machine()Lennart Poettering
Pretty much everywhere else we use the generic term "machine" when referring to containers in API, so let's do though in sd-bus too. In particular, since the concept of a "container" exists in sd-bus too, but as part of the marshalling system.
2014-12-23build-sys: move core/build.h → shared/build.hLennart Poettering
After all, pretty much all our tools include it, and it should hence be shared. Also move sysfs-show.h from core/ to login/, since it has no point to exist in core.
2014-12-11use correct format typesThomas Hindoe Paaboel Andersen
2014-12-11treewide: correct spacing near eol in code commentsTorstein Husebø
2014-12-10sd-bus: move common errors src/shared/bus-errors.h → ↵Lennart Poettering
src/libsystemd/sd-bus/bus-common-errors.h Stuff in src/shared/ should not use stuff from src/libsystemd/ really.
2014-11-30tests: use assert_se instead of assertRonny Chevalier
Otherwise they can be optimized away with -DNDEBUG
2014-11-29delta: diff returns 1 when files differ, ignore thisZbigniew Jędrzejewski-Szmek
https://bugs.debian/org/771397
2014-11-28treewide: another round of simplificationsMichal Schmidt
Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28treewide: yet more log_*_errno + return simplificationsMichal Schmidt
Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28sd-bus: rename default bus address constants, they aren't "paths" but ↵Lennart Poettering
"addresses"
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-28log: fix order of log_unit_struct() to match other logging callsLennart Poettering
Also, while we are at it, introduce some syntactic sugar for creating ERRNO= and MESSAGE= structured logging fields.
2014-11-26logind: Support logind.conf.d directories in the usual search pathsJosh Triplett
This makes it possible to drop in logind configuration snippets from a package or other configuration management mechanism. Add documentation to the header of /etc/logind.conf pointing the user at /etc/logind.conf.d/*.conf. Introduce a new helper, conf_parse_many, to parse configuration files in a search path.
2014-11-15pam_systemd: remove unused null checkThomas Hindoe Paaboel Andersen
username was already checked with isempty() and cannot be null at this point. CID#1237766
2014-11-13sd-bus: sync with kdbus upstream (ABI break)Daniel Mack
kdbus has seen a larger update than expected lately, most notably with kdbusfs, a file system to expose the kdbus control files: * Each time a file system of this type is mounted, a new kdbus domain is created. * The layout inside each mount point is the same as before, except that domains are not hierarchically nested anymore. * Domains are therefore also unnamed now. * Unmounting a kdbusfs will automatically also detroy the associated domain. * Hence, the action of creating a kdbus domain is now as privileged as mounting a filesystem. * This way, we can get around creating dev nodes for everything, which is last but not least something that is not limited by 20-bit minor numbers. The kdbus specific bits in nspawn have all been dropped now, as nspawn can rely on the container OS to set up its own kdbus domain, simply by mounting a new instance. A new set of mounts has been added to mount things *after* the kernel modules have been loaded. For now, only kdbus is in this set, which is invoked with mount_setup_late().
2014-11-10busctl: add "tree" command to explore object treesLennart Poettering
2014-11-10inhibit: allow filtering --list by modeMantas Mikulėnas
Usually there are a few delay inhibitors all the time (NetworkManager, Telepathy, etc.), but I'm only interested in the block ones.
2014-10-28login: remove multi-seat-xTimofey Titovets
2014-10-23mac: also rename use_{smack,selinux,apparmor}() calls so that they share the ↵Lennart Poettering
new mac_{smack,selinux,apparmor}_xyz() convention
2014-10-23mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho