From 586cd08e1bbf8d6b1a960dc94f46235fde0d68c1 Mon Sep 17 00:00:00 2001 From: David Herrmann Date: Tue, 7 Jul 2015 19:13:52 +0200 Subject: logind: allow sessions to share a VT if it's a greeter Old gdm and lightdm start the user-session during login before they destroy the greeter-session. Therefore, the user-session will take over the VT from the greeter. We recently prevented this by never allowing multiple sessions on the same VT. Fix this now, by explicitly allowing this if the owning session is a GREETER. Note that gdm no longer behaves like this. Instead, due to wayland, they always use a different VT for each session. All other login-managers are highly encouraged to destroy the greeter-session _before_ starting the user-session. We now work around this, but this will probably not last forever (and will already have nasty side-effects on the greeter-session). --- src/login/logind-dbus.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 0cc2cdf997..c92761f435 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -690,8 +690,19 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus } manager_get_session_by_pid(m, leader, &session); - if (!session && vtnr > 0 && vtnr < m->seat0->position_count) + if (!session && vtnr > 0 && vtnr < m->seat0->position_count) { session = m->seat0->positions[vtnr]; + /* + * Old gdm and lightdm start the user-session on the same VT as + * the greeter session. But they destroy the greeter session + * after the user-session and want the user-session to take + * over the VT. We need to support this for + * backwards-compatibility, so make sure we allow new sessions + * on a VT that a greeter is running on. + */ + if (session && session->class == SESSION_GREETER) + session = NULL; + } if (session) { _cleanup_free_ char *path = NULL; _cleanup_close_ int fifo_fd = -1; -- cgit v1.2.3-54-g00ecf From b80120c4cba7d134b5437a58437a23fdf7ab2084 Mon Sep 17 00:00:00 2001 From: David Herrmann Date: Tue, 7 Jul 2015 19:38:41 +0200 Subject: logind: fail on CreateSession if already in session Right now, if you're already in a session and call CreateSession, we return information about the current session of yours. This is highy confusing and a nasty hack. Avoid that, and instead return a commonly known error, so the caller can detect that. This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT in pam_systemd, if you're already in a session. But this sounds like the right thing to do, anyway. --- src/libsystemd/sd-bus/bus-common-errors.h | 1 + src/login/logind-core.c | 4 +- src/login/logind-dbus.c | 69 ++++++++----------------------- src/login/pam_systemd.c | 10 ++++- 4 files changed, 28 insertions(+), 56 deletions(-) diff --git a/src/libsystemd/sd-bus/bus-common-errors.h b/src/libsystemd/sd-bus/bus-common-errors.h index b17b62ac93..0dbfbddcf6 100644 --- a/src/libsystemd/sd-bus/bus-common-errors.h +++ b/src/libsystemd/sd-bus/bus-common-errors.h @@ -58,6 +58,7 @@ #define BUS_ERROR_DEVICE_NOT_TAKEN "org.freedesktop.login1.DeviceNotTaken" #define BUS_ERROR_OPERATION_IN_PROGRESS "org.freedesktop.login1.OperationInProgress" #define BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED "org.freedesktop.login1.SleepVerbNotSupported" +#define BUS_ERROR_SESSION_BUSY "org.freedesktop.login1.SessionBusy" #define BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED "org.freedesktop.timedate1.AutomaticTimeSyncEnabled" diff --git a/src/login/logind-core.c b/src/login/logind-core.c index a6c01f7d85..96a20e27b9 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -317,7 +317,6 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session) { int r; assert(m); - assert(session); if (pid < 1) return -EINVAL; @@ -330,7 +329,8 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session) { if (!s) return 0; - *session = s; + if (session) + *session = s; return 1; } diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index c92761f435..82654ee8c7 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -689,58 +689,23 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus return r; } - manager_get_session_by_pid(m, leader, &session); - if (!session && vtnr > 0 && vtnr < m->seat0->position_count) { - session = m->seat0->positions[vtnr]; - /* - * Old gdm and lightdm start the user-session on the same VT as - * the greeter session. But they destroy the greeter session - * after the user-session and want the user-session to take - * over the VT. We need to support this for - * backwards-compatibility, so make sure we allow new sessions - * on a VT that a greeter is running on. - */ - if (session && session->class == SESSION_GREETER) - session = NULL; - } - if (session) { - _cleanup_free_ char *path = NULL; - _cleanup_close_ int fifo_fd = -1; - - /* Session already exists, client is probably - * something like "su" which changes uid but is still - * the same session */ - - fifo_fd = session_create_fifo(session); - if (fifo_fd < 0) - return fifo_fd; - - path = session_bus_path(session); - if (!path) - return -ENOMEM; - - log_debug("Sending reply about an existing session: " - "id=%s object_path=%s uid=%u runtime_path=%s " - "session_fd=%d seat=%s vtnr=%u", - session->id, - path, - (uint32_t) session->user->uid, - session->user->runtime_path, - fifo_fd, - session->seat ? session->seat->id : "", - (uint32_t) session->vtnr); - - return sd_bus_reply_method_return( - message, "soshusub", - session->id, - path, - session->user->runtime_path, - fifo_fd, - (uint32_t) session->user->uid, - session->seat ? session->seat->id : "", - (uint32_t) session->vtnr, - true); - } + r = manager_get_session_by_pid(m, leader, NULL); + if (r > 0) + return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already running in a session"); + + /* + * Old gdm and lightdm start the user-session on the same VT as + * the greeter session. But they destroy the greeter session + * after the user-session and want the user-session to take + * over the VT. We need to support this for + * backwards-compatibility, so make sure we allow new sessions + * on a VT that a greeter is running on. + */ + if (vtnr > 0 && + vtnr < m->seat0->position_count && + m->seat0->positions[vtnr] && + m->seat0->positions[vtnr]->class != SESSION_GREETER) + return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already occupied by a session"); audit_session_from_pid(leader, &audit_id); if (audit_id > 0) { diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 2f390237dc..f83d18b035 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -31,6 +31,7 @@ #include #include +#include "bus-common-errors.h" #include "util.h" #include "audit.h" #include "macro.h" @@ -399,8 +400,13 @@ _public_ PAM_EXTERN int pam_sm_open_session( remote_host, 0); if (r < 0) { - pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r)); - return PAM_SYSTEM_ERR; + if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) { + pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r)); + return PAM_SUCCESS; + } else { + pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r)); + return PAM_SYSTEM_ERR; + } } r = sd_bus_message_read(reply, -- cgit v1.2.3-54-g00ecf