summaryrefslogtreecommitdiff
path: root/src/login
AgeCommit message (Collapse)Author
2014-11-28log: fix order of log_unit_struct() to match other logging callsLennart Poettering
Also, while we are at it, introduce some syntactic sugar for creating ERRNO= and MESSAGE= structured logging fields.
2014-11-26logind: Support logind.conf.d directories in the usual search pathsJosh Triplett
This makes it possible to drop in logind configuration snippets from a package or other configuration management mechanism. Add documentation to the header of /etc/logind.conf pointing the user at /etc/logind.conf.d/*.conf. Introduce a new helper, conf_parse_many, to parse configuration files in a search path.
2014-11-15pam_systemd: remove unused null checkThomas Hindoe Paaboel Andersen
username was already checked with isempty() and cannot be null at this point. CID#1237766
2014-11-13sd-bus: sync with kdbus upstream (ABI break)Daniel Mack
kdbus has seen a larger update than expected lately, most notably with kdbusfs, a file system to expose the kdbus control files: * Each time a file system of this type is mounted, a new kdbus domain is created. * The layout inside each mount point is the same as before, except that domains are not hierarchically nested anymore. * Domains are therefore also unnamed now. * Unmounting a kdbusfs will automatically also detroy the associated domain. * Hence, the action of creating a kdbus domain is now as privileged as mounting a filesystem. * This way, we can get around creating dev nodes for everything, which is last but not least something that is not limited by 20-bit minor numbers. The kdbus specific bits in nspawn have all been dropped now, as nspawn can rely on the container OS to set up its own kdbus domain, simply by mounting a new instance. A new set of mounts has been added to mount things *after* the kernel modules have been loaded. For now, only kdbus is in this set, which is invoked with mount_setup_late().
2014-11-10busctl: add "tree" command to explore object treesLennart Poettering
2014-11-10inhibit: allow filtering --list by modeMantas Mikulėnas
Usually there are a few delay inhibitors all the time (NetworkManager, Telepathy, etc.), but I'm only interested in the block ones.
2014-10-28login: remove multi-seat-xTimofey Titovets
2014-10-23mac: also rename use_{smack,selinux,apparmor}() calls so that they share the ↵Lennart Poettering
new mac_{smack,selinux,apparmor}_xyz() convention
2014-10-23mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho
2014-10-09logind: mount per-user tmpfs with 'smackfsroot=*' for smack enabled systemsLukasz Skalski
2014-09-27logind: add support for TPS65217 Power ButtonKoen Kooi
This PMIC is found on TI AM335x based boards like the beaglebone and beaglebone black. root@beaglebone-white:~# udevadm info -a /dev/input/event0 Udevadm info starts with the device specified by the devpath and then walks up the chain of parent devices. It prints for every device found, all possible attributes in the udev rules key format. A rule to match, can be composed by the attributes of the device and the attributes from one single parent device. looking at device '/devices/ocp.3/44e0b000.i2c/i2c-0/0-0024/input/input0/event0': KERNEL=="event0" SUBSYSTEM=="input" DRIVER=="" looking at parent device '/devices/ocp.3/44e0b000.i2c/i2c-0/0-0024/input/input0': KERNELS=="input0" SUBSYSTEMS=="input" DRIVERS=="" ATTRS{name}=="tps65217_pwr_but" ATTRS{phys}=="" ATTRS{uniq}=="" ATTRS{properties}=="0" looking at parent device '/devices/ocp.3/44e0b000.i2c/i2c-0/0-0024': KERNELS=="0-0024" SUBSYSTEMS=="i2c" DRIVERS=="tps65217" ATTRS{name}=="tps65217" looking at parent device '/devices/ocp.3/44e0b000.i2c/i2c-0': KERNELS=="i2c-0" SUBSYSTEMS=="i2c" DRIVERS=="" ATTRS{name}=="OMAP I2C adapter" looking at parent device '/devices/ocp.3/44e0b000.i2c': KERNELS=="44e0b000.i2c" SUBSYSTEMS=="platform" DRIVERS=="omap_i2c" looking at parent device '/devices/ocp.3': KERNELS=="ocp.3" SUBSYSTEMS=="platform" DRIVERS==""
2014-09-23Silence some "unchecked return-value" warningsDavid Herrmann
This adds some log-messages to ioctl() calls where we don't really care for the return value. It isn't strictly necessary to look for those, but lets be sure and print warnings. This silences gcc and coverity, and also makes sure we get reports in case something goes wrong and we didn't expect it to fail that way.
2014-09-22logind: add support for Triton2 Power ButtonZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=84201
2014-09-19login: pause devices before acknowledging VT switchesDavid Herrmann
If a session controller does not need synchronous VT switches, we allow them to pass VT control to logind, which acknowledges all VT switches unconditionally. This works fine with all sessions using the dbus API, but causes out-of-sync device use if we switch to legacy sessions that are notified via VT signals. Those are processed before logind notices the session-switch via sysfs. Therefore, leaving the old session still active for a short amount of time. This, in fact, may cause the legacy session to prepare graphics devices before the old session was deactivated, and thus, maybe causing the old session to interfer with graphics device usage. Fix this by releasing devices immediately before acknowledging VT switches. This way, sessions without VT handlers are required to support async session switching (which they do in that case, anyway).
2014-09-17logind: fix typoRonny Chevalier
2014-09-15hashmap: introduce hash_ops to make struct Hashmap smallerMichal Schmidt
It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-09-01login: simplify controller handlingDavid Herrmann
Simplify the way we handler session-controllers and fix several shortcomings: * send ReleaseDevice() signals on forced session takeover * fix mem-leaks for busnames in case VT preparation fails (non-critical) * avoid passing pre-allocated names to helpers
2014-08-31login: fix mem leakThomas Hindoe Paaboel Andersen
2014-08-27login: fix memory-leak on DropController()David Herrmann
Our bus-name watch helpers only remove a bus-name if it's not a controller, anymore. If we call manager_drop_busname() before unregistering the controller, the busname will not be dropped. Therefore, first drop the controller, then drop the bus-name.
2014-08-26logind: add HandleLidSwitchDocked= option to logind.conf + documentationBen Wolsieffer
https://bugs.freedesktop.org/show_bug.cgi?id=82485
2014-08-21notify: send STOPPING=1 from our daemonsLennart Poettering
2014-08-19hashmap: try to use the existing 64bit hash functions for dev_t if it is 64bitLennart Poettering
2014-08-18bus-util: simplify bus_verify_polkit_async() a bitLennart Poettering
First, let's drop the "bus" argument, we can determine it from the message anyway. Secondly, determine the right callback/userdata pair automatically from what is currently is being dispatched. This should simplify things a lot for us, since it makes it unnecessary to pass pointers through the original handlers through all functions when we process messages, which might require authentication.
2014-08-15Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507'Lennart Poettering
2014-08-15sd-bus: add API to check if a client has privilegesLennart Poettering
This is a generalization of the vtable privilege check we already have, but exported, and hence useful when preparing for a polkit change. This will deal with the complexity that on dbus1 one cannot trust the capability field we retrieve via the bus, since it is read via /proc/$$/stat (and thus might be out-of-date) rather than directly from the message (like on kdbus) or bus connection (as for uid creds on dbus1). Also, port over all code to this new API.
2014-08-15sd-bus: Remove bus arg from bus_verify_polkit_async_registry_free()Stef Walter
It's unneccessary, not used, and complicates callers of the function.
2014-08-14logind: add new session type "web" for PAM web clients, such as cockpitLennart Poettering
On request of Stef Walter.
2014-08-13login: share VT-signal handler between sessionsDavid Herrmann
sd-event does not allow multiple handlers for a single signal. However, logind sets up signal handlers for each session with VT_PROCESS set (that is, it has an active controller). Therefore, registering multiple such controllers will fail. Lets make the VT-handler global, as it's mostly trivial, anyway. This way, the sessions don't have to take care of that and we can simply acknowledge all VT-switch requests as we always did.
2014-08-11login: set_controller should fail if prepare_vt failsOlivier Brunel
If controllers can expect logind to have "prepared" the VT (e.g. set it to graphics mode, etc) then TakeControl() should fail if said preparation failed (and session_restore_vt() was called). (David: fixed up !CONFIG_VT case and errno-numbers)
2014-08-04bus: always explicitly close bus from main programsLennart Poettering
Since b5eca3a2059f9399d1dc52cbcf9698674c4b1cf0 we don't attempt to GC busses anymore when unsent messages remain that keep their reference, when they otherwise are not referenced anymore. This means that if we explicitly want connections to go away, we need to close them. With this change we will no do so explicitly wherver we connect to the bus from a main program (and thus know when the bus connection should go away), or when we create a private bus connection, that really should go away after our use. This fixes connection leaks in the NSS and PAM modules.
2014-08-03Unify parse_argv styleZbigniew Jędrzejewski-Szmek
getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-07-31Reject invalid quoted stringsZbigniew Jędrzejewski-Szmek
String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-29login: update systemd-user PAM configuration fileKay Sievers
2014-07-18Small modernizationsZbigniew Jędrzejewski-Szmek
2014-07-18Be more verbose when bind or listen failsZbigniew Jędrzejewski-Szmek
Also be more verbose in devnode_acl_all().
2014-07-16Let config_parse open file where applicableZbigniew Jędrzejewski-Szmek
Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.
2014-07-15Constify ConfigTableItem tablesZbigniew Jędrzejewski-Szmek
2014-07-15rules: uaccess - add ID_SOFTWARE_RADIOKay Sievers
On Tue, Jul 15, 2014 at 1:52 PM, Alick Zhao <alick9188@gmail.com> wrote: >>> >>> So maybe ID_SOFTWARE_RADIO ? >> >> Hmm, SDR is more a term for a generic technology than for a device >> class. To me it does not really sound like an administrator would know >> what this is. >> >> What exactly is the device or subsystem you want to make accessible to >> locally logged-in users only? > > Initially it is bladeRF, but many more are of interest: USRP, rtl-sdr, > HackRF, ... [1] > > I agree an administrator might not know what SDR is, since it is > currently still not widely known, and makes sense only for amateurs > and researchers. But as a SDR fan, I see many new SDR peripherals > are created recently, and expect to see more. So a generic ID seems > reasonable to me. > > [1] http://en.wikipedia.org/wiki/List_of_software-defined_radios
2014-07-15rules: consistently use "?*" instead of "*?"Kay Sievers
2014-07-08logind: allow switching to unused VTs via SwitchTo()David Herrmann
If compositors use the new SwitchTo() logic to map F1-F12, we should allow them to switch to unregistered VTs, too. Otherwise, the auto-spawn logic of gettys won't trigger. Reported-by: Jasper St. Pierre <jstpierre@mecheye.net> Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
2014-07-02util: generalize is_localhost() and use it everywhere where applicableLennart Poettering
2014-06-21pam_systemd: replace regex with sym fileKay Sievers
2014-06-21pam_systemd: rename source file to match the moduleKay Sievers
2014-05-22logind: also escape external data when saving to /runLennart Poettering
Better be safe than sorry...
2014-05-19logind: fix Display property of user objectsLennart Poettering
When we dropped support for creating a per-user to the "main" X11 display we stopped returning useful data in the "Display" user property. With this change this is fixed and we again expose an appropriate (graphical session) in the property that is useful as the "main" one, if one is needed.
2014-05-16logind: allow suspending if there are no displaysMantas Mikulėnas
With proprietary graphics drivers, there won't be any 'drm' devices in sysfs, so logind will never suspend the system upon closing the lid, even if only one (internal) display is connected. This has been reported by multiple users so far. IMHO, it's better to suspend the system in this case for safety reasons, to avoid having nvidia blob users' laptops overheat, for the same reason that sleep inhibitors are overridden (LidSwitchIgnoreInhibited=yes).
2014-05-15logind: bring polkit policy for hibernate in line with suspend/poweroff/rebootLennart Poettering
THere's no reason why hibernate should be better protected then suspendor poweroff, so sync the policies.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-05-15sd-bus: introduce sd_bus_slot objects encapsulating callbacks or vtables ↵Lennart Poettering
attached to a bus connection This makes callback behaviour more like sd-event or sd-resolve, and creates proper object for unregistering callbacks. Taking the refernce to the slot is optional. If not taken life time of the slot will be bound to the underlying bus object (or in the case of an async call until the reply has been recieved).
2014-05-13replace more dup() by F_DUPFD_CLOEXECLennart Poettering