[gdm/gnome-2-32] Reorganize logindevperm code so that logindevperm logout is called from the slave rather than the wo
- From: Ray Strode <halfline src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdm/gnome-2-32] Reorganize logindevperm code so that logindevperm logout is called from the slave rather than the wo
- Date: Fri, 17 Dec 2010 23:35:48 +0000 (UTC)
commit 1972f86a4931d6351d409448a202dfbdda890a2f
Author: Brian Cameron <Brian Cameron sun com>
Date: Fri Dec 17 16:33:25 2010 -0600
Reorganize logindevperm code so that logindevperm logout is called from the slave
rather than the worker.
(cherry picked from commit 951d0d57e9c6f5c9d2b7ad8b48f2c66258492786)
daemon/gdm-session-direct.c | 8 ++++
daemon/gdm-session-direct.h | 1 +
daemon/gdm-session-worker.c | 39 -------------------
daemon/gdm-simple-slave.c | 88 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 97 insertions(+), 39 deletions(-)
---
diff --git a/daemon/gdm-session-direct.c b/daemon/gdm-session-direct.c
index 0282ab7..223f6f4 100644
--- a/daemon/gdm-session-direct.c
+++ b/daemon/gdm-session-direct.c
@@ -2223,6 +2223,14 @@ gdm_session_direct_get_username (GdmSessionDirect *session)
return g_strdup (session->priv->selected_user);
}
+char *
+gdm_session_direct_get_display_device (GdmSessionDirect *session)
+{
+ g_return_val_if_fail (session != NULL, NULL);
+
+ return g_strdup (session->priv->display_device);
+}
+
gboolean
gdm_session_direct_bypasses_xsession (GdmSessionDirect *session_direct)
{
diff --git a/daemon/gdm-session-direct.h b/daemon/gdm-session-direct.h
index 4982230..8023bf9 100644
--- a/daemon/gdm-session-direct.h
+++ b/daemon/gdm-session-direct.h
@@ -56,6 +56,7 @@ GdmSessionDirect * gdm_session_direct_new (const char *disp
gboolean display_is_local) G_GNUC_MALLOC;
char * gdm_session_direct_get_username (GdmSessionDirect *session_direct);
+char * gdm_session_direct_get_display_device (GdmSessionDirect *session_direct);
gboolean gdm_session_direct_bypasses_xsession (GdmSessionDirect *session_direct);
/* Exported methods */
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index 11dc800..281c554 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -32,10 +32,6 @@
#include <grp.h>
#include <pwd.h>
-#ifdef HAVE_LOGINDEVPERM
-#include <libdevinfo.h>
-#endif /* HAVE_LOGINDEVPERM */
-
#include <security/pam_appl.h>
#include <glib.h>
@@ -1186,22 +1182,6 @@ gdm_session_worker_uninitialize_pam (GdmSessionWorker *worker,
gdm_session_worker_cache_userfiles (worker);
pam_close_session (worker->priv->pam_handle, 0);
gdm_session_auditor_report_logout (worker->priv->auditor);
-
-#ifdef HAVE_LOGINDEVPERM
- /*
- * Only do logindevperm processing if /dev/console or
- * a device associated with a VT
- */
- if (worker->priv->display_device != NULL &&
- (strncmp (worker->priv->display_device, "/dev/vt/", strlen ("/dev/vt/")) == 0 ||
- strcmp (worker->priv->display_device, "/dev/console") == 0)) {
- g_debug ("Logindevperm logout for user %s, device %s",
- worker->priv->username,
- worker->priv->display_device);
- (void) di_devperm_logout (worker->priv->display_device);
- }
-#endif /* HAVE_LOGINDEVPERM */
-
} else {
const void *p;
@@ -1989,25 +1969,6 @@ gdm_session_worker_start_user_session (GdmSessionWorker *worker,
register_ck_session (worker);
gdm_get_pwent_for_name (worker->priv->username, &passwd_entry);
-
-#ifdef HAVE_LOGINDEVPERM
- /*
- * Only do logindevperm processing if /dev/console or
- * a device associated with a VT
- */
- if (worker->priv->display_device != NULL &&
- (strncmp (worker->priv->display_device, "/dev/vt/", strlen ("/dev/vt/")) == 0 ||
- strcmp (worker->priv->display_device, "/dev/console") == 0)) {
- g_debug ("Logindevperm login for user %s, device %s",
- worker->priv->username,
- worker->priv->display_device);
- (void) di_devperm_login (worker->priv->display_device,
- passwd_entry->pw_uid,
- passwd_entry->pw_gid,
- NULL);
- }
-#endif /* HAVE_LOGINDEVPERM */
-
g_debug ("GdmSessionWorker: opening user session with program '%s'",
worker->priv->arguments[0]);
diff --git a/daemon/gdm-simple-slave.c b/daemon/gdm-simple-slave.c
index 2994014..51573d9 100644
--- a/daemon/gdm-simple-slave.c
+++ b/daemon/gdm-simple-slave.c
@@ -29,6 +29,10 @@
#include <sys/wait.h>
#include <errno.h>
+#ifdef HAVE_LOGINDEVPERM
+#include <libdevinfo.h>
+#endif /* HAVE_LOGINDEVPERM */
+
#include <glib.h>
#include <glib/gi18n.h>
#include <glib/gstdio.h>
@@ -84,6 +88,9 @@ struct GdmSimpleSlavePrivate
guint start_session_when_ready : 1;
guint waiting_to_start_session : 1;
+#ifdef HAVE_LOGINDEVPERM
+ gboolean use_logindevperm;
+#endif
};
enum {
@@ -123,6 +130,76 @@ on_session_started (GdmSession *session,
*/
}
+#ifdef HAVE_LOGINDEVPERM
+static void
+gdm_simple_slave_grant_console_permissions (GdmSimpleSlave *slave)
+{
+ char *username;
+ char *display_device;
+ struct passwd *passwd_entry;
+
+ username = gdm_session_direct_get_username (slave->priv->session);
+ display_device = gdm_session_direct_get_display_device (slave->priv->session);
+
+ if (username != NULL) {
+ gdm_get_pwent_for_name (username, &passwd_entry);
+
+ /*
+ * Only do logindevperm processing if /dev/console or
+ * a device associated with a VT
+ */
+ if (display_device != NULL &&
+ (strncmp (display_device, "/dev/vt/", strlen ("/dev/vt/")) == 0 ||
+ strcmp (display_device, "/dev/console") == 0)) {
+ g_debug ("Logindevperm login for user %s, device %s",
+ username, display_device);
+ (void) di_devperm_login (display_device,
+ passwd_entry->pw_uid,
+ passwd_entry->pw_gid,
+ NULL);
+ slave->priv->use_logindevperm = TRUE;
+ }
+ }
+
+ if (!slave->priv->use_logindevperm) {
+ g_debug ("Not calling di_devperm_login login for user %s, device %s",
+ username, display_device);
+ }
+}
+
+static void
+gdm_simple_slave_revoke_console_permissions (GdmSimpleSlave *slave)
+{
+ char *username;
+ char *display_device;
+
+ username = gdm_session_direct_get_username (slave->priv->session);
+ display_device = gdm_session_direct_get_display_device (slave->priv->session);
+
+ /*
+ * Only do logindevperm processing if /dev/console or a device
+ * associated with a VT. Do this after processing the PostSession
+ * script so that permissions for devices are not returned to root
+ * before running the script.
+ */
+ if (slave->priv->use_logindevperm == TRUE &&
+ display_device != NULL &&
+ (strncmp (display_device, "/dev/vt/", strlen ("/dev/vt/")) == 0 ||
+ strcmp (display_device, "/dev/console") == 0)) {
+ g_debug ("di_devperm_logout for user %s, device %s",
+ username, display_device);
+ (void) di_devperm_logout (display_device);
+ slave->priv->use_logindevperm = FALSE;
+ } else {
+ g_debug ("Not calling di_devperm_logout logout for user %s, device %s",
+ username, display_device);
+ }
+
+ g_free (username);
+ g_free (display_device);
+}
+#endif /* HAVE_LOGINDEVPERM */
+
static void
on_session_exited (GdmSession *session,
int exit_code,
@@ -497,6 +574,10 @@ static void
on_session_opened (GdmSession *session,
GdmSimpleSlave *slave)
{
+#ifdef HAVE_LOGINDEVPERM
+ gdm_simple_slave_grant_console_permissions (slave);
+#endif /* HAVE_LOGINDEVPERM */
+
queue_start_session (slave);
}
@@ -1237,6 +1318,10 @@ gdm_simple_slave_stop (GdmSlave *slave)
}
if (GDM_SIMPLE_SLAVE (slave)->priv->session != NULL) {
+#ifdef HAVE_LOGINDEVPERM
+ gdm_simple_slave_revoke_console_permissions (GDM_SIMPLE_SLAVE (slave));
+#endif
+
gdm_session_close (GDM_SESSION (GDM_SIMPLE_SLAVE (slave)->priv->session));
g_object_unref (GDM_SIMPLE_SLAVE (slave)->priv->session);
GDM_SIMPLE_SLAVE (slave)->priv->session = NULL;
@@ -1314,6 +1399,9 @@ static void
gdm_simple_slave_init (GdmSimpleSlave *slave)
{
slave->priv = GDM_SIMPLE_SLAVE_GET_PRIVATE (slave);
+#ifdef HAVE_LOGINDEVPERM
+ slave->priv->use_logindevperm = FALSE;
+#endif
}
static void
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
