summaryrefslogtreecommitdiff
path: root/src/login
AgeCommit message (Collapse)Author
2015-06-04Merge pull request #58 from pwithnall/wip/pwithnall/user-active-on-vt-switchDavid Herrmann
logind: Save the user’s state when a session enters SESSION_ACTIVE
2015-06-04Merge pull request #57 from pwithnall/wip/pwithnall/udev-virtualbox-rulesDavid Herrmann
logind: Add a udev rule to tag all DRM cards with master-of-seat
2015-06-02logind: Add a udev rule to tag all DRM cards with master-of-seatPhilip Withnall
This is needed for generic DRM devices like the VirtualBox vboxvideo driver, which exposes itself as a generic, ID-less DRM device at /dev/dri/card0 (after applying this commit): $ udevadm info --query=all --path \ /sys/devices/pci0000:00/0000:00:02.0/drm/card0 P: /devices/pci0000:00/0000:00:02.0/drm/card0 N: dri/card0 E: DEVNAME=/dev/dri/card0 E: DEVPATH=/devices/pci0000:00/0000:00:02.0/drm/card0 E: DEVTYPE=drm_minor E: ID_FOR_SEAT=drm-pci-0000_00_02_0 E: ID_PATH=pci-0000:00:02.0 E: ID_PATH_TAG=pci-0000_00_02_0 E: MAJOR=226 E: MINOR=0 E: SUBSYSTEM=drm E: TAGS=:master-of-seat:seat:uaccess: E: USEC_INITIALIZED=59893 Without this patch, the capabilities for a seat on a VirtualBox installation of systemd v219 incorrectly show it as non-graphical, even though I can type these commands from an xterm: $ loginctl show-seat seat0 Id=seat0 CanMultiSession=yes CanTTY=yes CanGraphical=no … https://bugs.freedesktop.org/show_bug.cgi?id=90822
2015-06-02logind: Save the user’s state when a session enters SESSION_ACTIVEPhilip Withnall
When (for example) switching from X11 to a new VT and logging in there, creating a new session, the user state file (/run/systemd/users/$uid) is not updated after the session becomes active. The latest time it is saved is when the session is in SESSION_OPENING. This results in a /run/systemd/users/$uid file which contains STATE=online for the current user on the current active VT, which is obviously wrong. As functions like sd_uid_get_state() use this file to get the user’s state, this could result in things like PolicyKit making incorrect decisions about the user’s state. (See https://bugs.freedesktop.org/show_bug.cgi?id=76358.) Fix this by re-saving the state for a session’s user after completing the state_job for that session. https://bugs.freedesktop.org/show_bug.cgi?id=90818
2015-05-29util: split out signal-util.[ch] from util.[ch]Lennart Poettering
No functional changes.
2015-05-29path-util: Change path_is_mount_point() symlink arg from bool to flagsMartin Pitt
This makes path_is_mount_point() consistent with fd_is_mount_point() wrt. flags.
2015-05-27logind: prefix some calls to unlink with (void)Daniel Mack
Make Coverity happy and tell it we're not interested in the return value of these two calls.
2015-05-27logind: unlink /run/nologin when shutdown is cancelledDaniel Mack
When a scheduled is cancelled, make sure to remove /run/nologin. This is a regression from the recent shutdownd removal and logind rework.
2015-05-18util: split all hostname related calls into hostname-util.cLennart Poettering
2015-05-05core: rework unit name validation and manipulation logicLennart Poettering
A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-29sd-bus: allow passing NULL as bus parameter to sd_bus_send()Lennart Poettering
If NULL is specified for the bus it is now automatically derived from the passed in message. This commit also changes a number of invocations of sd_bus_send() to make use of this.
2015-04-29sd-bus: drop bus parameter from message callback prototypeLennart Poettering
This should simplify the prototype a bit. The bus parameter is redundant in most cases, and in the few where it matters it can be derived from the message via sd_bus_message_get_bus().
2015-04-24logind: kill newline characters from log_error_errno() callsDaniel Mack
log_error_errno() already adds a newline, so drop them.
2015-04-24logind: add support for /run/nologin and /run/systemd/shutdown/scheduledDaniel Mack
Port over more code from shutdownd and teach logind to write /run/nologin at least 5 minutes before the system is going down, and /run/systemd/shutdown/scheduled when a shutdown is scheduled.
2015-04-24logind: add code for UTMP wall messagesDaniel Mack
Add a timer to print UTMP wall messages so that it repeatedly informs users about a scheduled shutdown: * every 1 minute with less than 10 minutes to go * every 15 minutes with less than 60 minutes to go * every 30 minutes with less than 180 minutes (3 hours) to go * every 60 minutes if more than that to go This functionality only active if the .EnableWallMessages DBus property is set to true. Also, a custom string can be added to the wall message, set through the WallMessagePrefix property.
2015-04-24logind: add .ScheduleShutdown and .CancelScheduledShutdown methodsDaniel Mack
Add a method called ScheduleShutdown in org.freedesktop.login1.Manager which adds a timer to shut down the system at a later point in time. The first argument holds the type of the schedule that is about to happen, and must be one of 'reboot', 'halt' or 'poweroff'. The second argument specifies the absolute time, based on CLOCK_REALTIME in nanoseconds, at which the the operation should be executed. To cancel a previously scheduled shutdown, the CancelScheduledShutdown() can be called, which returns a bool, indicating whether a scheduled timeout was cancelled. Also add a new property called ScheduledShutdown which returns the equivalent to what was passed in via ScheduleShutdown, as '(st)' type.
2015-04-24logind: factor out polkit checksDaniel Mack
Factor out the code to ask polkit for authorization from method_do_shutdown_or_sleep() into an own function called verify_shutdown_creds(). This is needed in order to also use the same checks when shutdown operations are scheduled. For that, it's also necessary to allow NULL values for that action{,_multiple_sessions,_ignore_inhibit) arguments, which will suppress the call if no action string is passed.
2015-04-24logind: make local functions staticDaniel Mack
make manager_gc(), manager_startup(), manager_new(), manager_free() and manager_run() static, and kill their forward declarations.
2015-04-24logind: use sd_event timer source for inhibitor logicDaniel Mack
Instead of open-coding the delayed action and inhibit timeout logic, switch over to a real sd_event_source based implementation. This is not only easier to read but also allows us to add more timers in the future.
2015-04-24logind: drop unused argument from method_do_shutdown_or_sleep()Daniel Mack
2015-04-12pam_system: use (void) to silence coverityZbigniew Jędrzejewski-Szmek
CID #996284.
2015-04-11shared: add terminal-util.[ch]Ronny Chevalier
2015-04-10shared: add process-util.[ch]Ronny Chevalier
2015-04-10shared: add formats-util.hRonny Chevalier
2015-04-07logind: drop "interactive" parameter from SetRebootToFirmwareSetup() bus callLennart Poettering
Newer dbus versions have an "allow interactive authentication" bit in the message header, hence it is not necessary to take a boolean for this explicitly.
2015-04-07logind,systemctl: add reboot to EFI firmware supportJan Janssen
2015-04-07polkit: rename bus_verify_polkit() to bus_test_polkit() and make it strictly ↵Lennart Poettering
non-interactive Interactive authorization should only happen asynchronously, hence disallow it in synchronous bus_verify_polkit(), and rename it to bus_test_polkit(). This way even if the bus message header asks for interactive authorization, we'll ask for non-interactive authorization which is actually the desired behaviour if CanSuspend, CanHibernate and friends, which call this function.
2015-04-07util: rework cunescape(), improve error handlingLennart Poettering
Change cunescape() to return a normal error code, so that we can distuingish OOM errors from parse errors. This also adds a flags parameter to control whether "relaxed" or normal parsing shall be done. If set no parse failures are generated, and the only reason why cunescape() can fail is OOM.
2015-04-06util: rework rm_rf() logicLennart Poettering
- Move to its own file rm-rf.c - Change parameters into a single flags parameter - Remove "honour sticky" logic, it's unused these days
2015-03-15logind: check return value of session_releaseZbigniew Jędrzejewski-Szmek
It allocates memory, so it can fail. CID #1237527.
2015-03-13logind: explicitly ignore errors we can do nothing aboutZbigniew Jędrzejewski-Szmek
CID #1237545.
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2015-03-07login: fix copy-pasto in error pathZbigniew Jędrzejewski-Szmek
CID #1256583.
2015-03-06login: make hold-off timeout configurableDavid Herrmann
This introduces 'HoldoffTimeoutSec' to logind.conf to make IGNORE_LID_SWITCH_{SUSPEND,STARTUP}_USEC configurable. Background: If an external monitor is connected, or if the system is docked, we want to ignore LID events. This is required to support setups where a laptop is used with external peripherals while the LID is closed. However, this requires us to probe all hot-plugged devices before reacting to LID events. But with modern buses like USB, the standards do not impose any timeout on the slots, so we have no chance to know whether a given slot is used or not. Hence, after resume and startup, we have to wait a fixed timeout to give the kernel a chance to probe devices. Our timeout has always been generous enough to support even the slowest devices. However, a lot of people didn't use these features and wanted to disable the hold-off timer. Now we provide a knob to do that.
2015-03-03Do not advertise .d snippets over main config fileZbigniew Jędrzejewski-Szmek
For daemons which have a main configuration file, there's little reason for the administrator to use configuration snippets. They are useful for packagers which need to override settings, but we shouldn't advertise that as the main way of configuring those services. https://bugs.freedesktop.org/show_bug.cgi?id=89397
2015-02-27user-sessions: move into own subdir and build independently of logindIvan Shapovalov
Suggested by Zbyszek on IRC. [zj: /run/nologin is used with PAM. systemd-user-session is independent of logind.]
2015-02-24po: simplify one sentenceZbigniew Jędrzejewski-Szmek
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-21logind: fix a typo in a polkit descriptionPiotr Drąg
2015-02-18logind: open up most bus calls for unpriviliged processes, using PolicyKitLennart Poettering
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK.
2015-02-10logind: tell Coverity that we knowingly ignore mkdir()'s return valueLennart Poettering
2015-02-03util: rework strappenda(), and rename it strjoina()Lennart Poettering
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-02remove unused variablesThomas Hindoe Paaboel Andersen
2015-01-28logind: handle closing sessions over daemon restartsMartin Pitt
It may happen that you have several sessions with the same VT: - Open a session c1 which leaves some processes around, and log out. The session will stay in State=closing and become Active=no. - Log back in on the same VT, get a new session "c2" which is State=active and Active=yes. When restarting logind after that, the first session that matches the current VT becomes Active=yes, which will be c1; c2 thus is Active=no and does not get the usual polkit/device ACL privileges. Restore the "closing" state in session_load(), to avoid treating all restored sessions as State=active. In seat_active_vt_changed(), prefer active sessions over closing ones if more than one session matches the current VT. Finally, fix the confusing comment in session_load() and explain it a bit better. https://launchpad.net/bugs/1415104
2015-01-27logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERMChristian Seiler
In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs (or any filesystem for that matter) on top of /run/user/$UID. Previously, logind just failed in such a situation. Now, logind will resort to chown+chmod of the directory instead. This allows logind still to work in those environments, although without the guarantees it provides (i.e. users not being able to DOS /run or other users' /run/user/$UID space) when CAP_SYS_ADMIN is available.
2015-01-27logind: remove per-user runtime dir again if setup failsChristian Seiler
If setup of per-user runtime dir fails, clean up afterwards by removing the directory before returning from the function, so we don't leave the directory behind. If this is not done, the second time the user logs in logind would assume that the directory is already set up, even though it isn't.
2015-01-22logind: fix sd_eviocrevoke ioctl callPeter Hutterer
If the third argument is non-null, the kernel will always error out with EINVAL and devices won't get revoked. Reported-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2015-01-22tmpfiles: add 'a' type to set ACLsZbigniew Jędrzejewski-Szmek
2015-01-22Assorted format fixesZbigniew Jędrzejewski-Szmek
Types used for pids and uids in various interfaces are unpredictable. Too bad.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.