2 * Copyright (C) 2010-2011 Robert Ancell.
3 * Author: Robert Ancell <robert.ancell@canonical.com>
5 * This program is free software: you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option) any later
8 * version. See http://www.gnu.org/copyleft/gpl.html the full text of the
20 #include <glib/gstdio.h>
25 #include "configuration.h"
26 #include "console-kit.h"
28 #include "guest-account.h"
29 #include "shared-data-manager.h"
33 AUTHENTICATION_COMPLETE,
37 static guint signals[LAST_SIGNAL] = { 0 };
41 /* Configuration for this session */
42 SessionConfig *config;
44 /* Display server running on */
45 DisplayServer *display_server;
47 /* PID of child process */
50 /* Pipes to talk to child */
52 int from_child_output;
53 GIOChannel *from_child_channel;
54 guint from_child_watch;
57 /* User to authenticate as */
60 /* TRUE if is a guest account */
63 /* User object that matches the current username */
66 /* PAM service to use */
69 /* TRUE if should run PAM authentication phase */
70 gboolean do_authenticate;
72 /* TRUE if can handle PAM prompts */
73 gboolean is_interactive;
75 /* Messages being requested by PAM */
77 struct pam_message *messages;
79 /* Authentication result from PAM */
80 gboolean authentication_started;
81 gboolean authentication_complete;
82 int authentication_result;
83 gchar *authentication_result_string;
88 /* tty this session is running on */
91 /* X display connected to */
93 XAuthority *x_authority;
94 gboolean x_authority_use_system_location;
96 /* Remote host this session is being controlled from */
97 gchar *remote_host_name;
99 /* Console kit cookie */
100 gchar *console_kit_cookie;
102 /* login1 session ID */
103 gchar *login1_session_id;
105 /* Environment to set in child */
108 /* Command to run in child */
111 /* True if have run command */
112 gboolean command_run;
114 /* TRUE if stopping this session */
118 /* Maximum length of a string to pass between daemon and session */
119 #define MAX_STRING_LENGTH 65535
121 static void session_logger_iface_init (LoggerInterface *iface);
123 G_DEFINE_TYPE_WITH_CODE (Session, session, G_TYPE_OBJECT,
124 G_IMPLEMENT_INTERFACE (
125 LOGGER_TYPE, session_logger_iface_init));
130 return g_object_new (SESSION_TYPE, NULL);
134 session_set_config (Session *session, SessionConfig *config)
136 g_return_if_fail (session != NULL);
138 if (session->priv->config)
139 g_object_unref (session->priv->config);
140 session->priv->config = g_object_ref (config);
144 session_get_config (Session *session)
146 g_return_val_if_fail (session != NULL, NULL);
147 return session->priv->config;
151 session_get_session_type (Session *session)
153 g_return_val_if_fail (session != NULL, NULL);
154 return session_config_get_session_type (session_get_config (session));
158 session_set_pam_service (Session *session, const gchar *pam_service)
160 g_return_if_fail (session != NULL);
161 g_free (session->priv->pam_service);
162 session->priv->pam_service = g_strdup (pam_service);
166 session_set_username (Session *session, const gchar *username)
168 g_return_if_fail (session != NULL);
169 g_free (session->priv->username);
170 session->priv->username = g_strdup (username);
174 session_set_do_authenticate (Session *session, gboolean do_authenticate)
176 g_return_if_fail (session != NULL);
177 session->priv->do_authenticate = do_authenticate;
181 session_set_is_interactive (Session *session, gboolean is_interactive)
183 g_return_if_fail (session != NULL);
184 session->priv->is_interactive = is_interactive;
188 session_set_is_guest (Session *session, gboolean is_guest)
190 g_return_if_fail (session != NULL);
191 session->priv->is_guest = is_guest;
195 session_get_is_guest (Session *session)
197 g_return_val_if_fail (session != NULL, FALSE);
198 return session->priv->is_guest;
202 session_set_log_file (Session *session, const gchar *filename)
204 g_return_if_fail (session != NULL);
205 g_free (session->priv->log_filename);
206 session->priv->log_filename = g_strdup (filename);
210 session_set_display_server (Session *session, DisplayServer *display_server)
212 g_return_if_fail (session != NULL);
213 g_return_if_fail (display_server != NULL);
214 if (session->priv->display_server)
216 display_server_disconnect_session (session->priv->display_server, session);
217 g_object_unref (session->priv->display_server);
219 session->priv->display_server = g_object_ref (display_server);
223 session_get_display_server (Session *session)
225 g_return_val_if_fail (session != NULL, NULL);
226 return session->priv->display_server;
230 session_set_tty (Session *session, const gchar *tty)
232 g_return_if_fail (session != NULL);
233 g_free (session->priv->tty);
234 session->priv->tty = g_strdup (tty);
238 session_set_xdisplay (Session *session, const gchar *xdisplay)
240 g_return_if_fail (session != NULL);
241 g_free (session->priv->xdisplay);
242 session->priv->xdisplay = g_strdup (xdisplay);
246 session_set_x_authority (Session *session, XAuthority *authority, gboolean use_system_location)
248 g_return_if_fail (session != NULL);
249 if (session->priv->x_authority)
251 g_object_unref (session->priv->x_authority);
252 session->priv->x_authority = NULL;
255 session->priv->x_authority = g_object_ref (authority);
256 session->priv->x_authority_use_system_location = use_system_location;
260 session_set_remote_host_name (Session *session, const gchar *remote_host_name)
262 g_return_if_fail (session != NULL);
263 g_free (session->priv->remote_host_name);
264 session->priv->remote_host_name = g_strdup (remote_host_name);
268 find_env_entry (Session *session, const gchar *name)
272 for (link = session->priv->env; link; link = link->next)
274 const gchar *entry = link->data;
276 if (g_str_has_prefix (entry, name) && entry[strlen (name)] == '=')
284 session_set_env (Session *session, const gchar *name, const gchar *value)
289 g_return_if_fail (session != NULL);
290 g_return_if_fail (value != NULL);
292 entry = g_strdup_printf ("%s=%s", name, value);
294 link = find_env_entry (session, name);
301 session->priv->env = g_list_append (session->priv->env, entry);
305 session_get_env (Session *session, const gchar *name)
310 link = find_env_entry (session, name);
316 return entry + strlen (name) + 1;
320 session_unset_env (Session *session, const gchar *name)
324 g_return_if_fail (session != NULL);
326 link = find_env_entry (session, name);
331 session->priv->env = g_list_delete_link (session->priv->env, link);
335 session_set_argv (Session *session, gchar **argv)
337 g_return_if_fail (session != NULL);
338 session->priv->argv = g_strdupv (argv);
342 session_get_user (Session *session)
344 g_return_val_if_fail (session != NULL, NULL);
346 if (session->priv->username == NULL)
349 if (!session->priv->user)
350 session->priv->user = accounts_get_user_by_name (session->priv->username);
352 return session->priv->user;
356 write_data (Session *session, const void *buf, size_t count)
358 if (write (session->priv->to_child_input, buf, count) != count)
359 l_warning (session, "Error writing to session: %s", strerror (errno));
363 write_string (Session *session, const char *value)
367 length = value ? strlen (value) : -1;
368 write_data (session, &length, sizeof (length));
370 write_data (session, value, sizeof (char) * length);
374 write_xauth (Session *session, XAuthority *x_authority)
381 write_string (session, NULL);
385 write_string (session, x_authority_get_authorization_name (session->priv->x_authority));
386 family = x_authority_get_family (session->priv->x_authority);
387 write_data (session, &family, sizeof (family));
388 length = x_authority_get_address_length (session->priv->x_authority);
389 write_data (session, &length, sizeof (length));
390 write_data (session, x_authority_get_address (session->priv->x_authority), length);
391 write_string (session, x_authority_get_number (session->priv->x_authority));
392 length = x_authority_get_authorization_data_length (session->priv->x_authority);
393 write_data (session, &length, sizeof (length));
394 write_data (session, x_authority_get_authorization_data (session->priv->x_authority), length);
398 read_from_child (Session *session, void *buf, size_t count)
401 n_read = read (session->priv->from_child_output, buf, count);
403 l_warning (session, "Error reading from session: %s", strerror (errno));
408 read_string_from_child (Session *session)
413 if (read_from_child (session, &length, sizeof (length)) <= 0)
417 if (length > MAX_STRING_LENGTH)
419 l_warning (session, "Invalid string length %d from child", length);
423 value = g_malloc (sizeof (char) * (length + 1));
424 read_from_child (session, value, length);
425 value[length] = '\0';
431 session_watch_cb (GPid pid, gint status, gpointer data)
433 Session *session = data;
435 session->priv->child_watch = 0;
437 if (WIFEXITED (status))
438 l_debug (session, "Exited with return value %d", WEXITSTATUS (status));
439 else if (WIFSIGNALED (status))
440 l_debug (session, "Terminated with signal %d", WTERMSIG (status));
442 /* do this as late as possible for log messages prefix */
443 session->priv->pid = 0;
445 /* If failed during authentication then report this as an authentication failure */
446 if (session->priv->authentication_started && !session->priv->authentication_complete)
448 l_debug (session, "Failed during authentication");
449 session->priv->authentication_complete = TRUE;
450 session->priv->authentication_result = PAM_CONV_ERR;
451 g_free (session->priv->authentication_result_string);
452 session->priv->authentication_result_string = g_strdup ("Authentication stopped before completion");
453 g_signal_emit (G_OBJECT (session), signals[AUTHENTICATION_COMPLETE], 0);
456 g_signal_emit (G_OBJECT (session), signals[STOPPED], 0);
458 /* Delete account if it is a guest one */
459 if (session->priv->is_guest)
460 guest_account_cleanup (session->priv->username);
462 /* Drop our reference on the child process, it has terminated */
463 g_object_unref (session);
467 from_child_cb (GIOChannel *source, GIOCondition condition, gpointer data)
469 Session *session = data;
472 gboolean auth_complete;
474 /* Remote end gone */
475 if (condition == G_IO_HUP)
477 session->priv->from_child_watch = 0;
481 /* Get the username currently being authenticated (may change during authentication) */
482 username = read_string_from_child (session);
483 if (g_strcmp0 (username, session->priv->username) != 0)
485 g_free (session->priv->username);
486 session->priv->username = username;
487 if (session->priv->user)
488 g_object_unref (session->priv->user);
489 session->priv->user = NULL;
494 /* Check if authentication completed */
495 n_read = read_from_child (session, &auth_complete, sizeof (auth_complete));
497 l_debug (session, "Error reading from child: %s", strerror (errno));
500 session->priv->from_child_watch = 0;
506 session->priv->authentication_complete = TRUE;
507 read_from_child (session, &session->priv->authentication_result, sizeof (session->priv->authentication_result));
508 g_free (session->priv->authentication_result_string);
509 session->priv->authentication_result_string = read_string_from_child (session);
511 l_debug (session, "Authentication complete with return value %d: %s", session->priv->authentication_result, session->priv->authentication_result_string);
513 /* No longer expect any more messages */
514 session->priv->from_child_watch = 0;
516 g_signal_emit (G_OBJECT (session), signals[AUTHENTICATION_COMPLETE], 0);
524 session->priv->messages_length = 0;
525 read_from_child (session, &session->priv->messages_length, sizeof (session->priv->messages_length));
526 session->priv->messages = calloc (session->priv->messages_length, sizeof (struct pam_message));
527 for (i = 0; i < session->priv->messages_length; i++)
529 struct pam_message *m = &session->priv->messages[i];
530 read_from_child (session, &m->msg_style, sizeof (m->msg_style));
531 m->msg = read_string_from_child (session);
534 l_debug (session, "Got %d message(s) from PAM", session->priv->messages_length);
536 g_signal_emit (G_OBJECT (session), signals[GOT_MESSAGES], 0);
543 session_start (Session *session)
545 g_return_val_if_fail (session != NULL, FALSE);
546 return SESSION_GET_CLASS (session)->start (session);
550 session_get_is_started (Session *session)
552 return session->priv->pid != 0;
556 session_real_start (Session *session)
559 int to_child_pipe[2], from_child_pipe[2];
560 int to_child_output, from_child_input;
563 g_return_val_if_fail (session->priv->pid == 0, FALSE);
565 if (session->priv->display_server)
566 display_server_connect_session (session->priv->display_server, session);
568 /* Create pipes to talk to the child */
569 if (pipe (to_child_pipe) < 0 || pipe (from_child_pipe) < 0)
571 g_warning ("Failed to create pipe to communicate with session process: %s", strerror (errno));
574 to_child_output = to_child_pipe[0];
575 session->priv->to_child_input = to_child_pipe[1];
576 session->priv->from_child_output = from_child_pipe[0];
577 from_child_input = from_child_pipe[1];
578 session->priv->from_child_channel = g_io_channel_unix_new (session->priv->from_child_output);
579 session->priv->from_child_watch = g_io_add_watch (session->priv->from_child_channel, G_IO_IN | G_IO_HUP, from_child_cb, session);
581 /* Don't allow the daemon end of the pipes to be accessed in child processes */
582 fcntl (session->priv->to_child_input, F_SETFD, FD_CLOEXEC);
583 fcntl (session->priv->from_child_output, F_SETFD, FD_CLOEXEC);
585 /* Create the guest account if it is one */
586 if (session->priv->is_guest && session->priv->username == NULL)
588 session->priv->username = guest_account_setup ();
589 if (!session->priv->username)
594 arg0 = g_strdup_printf ("%d", to_child_output);
595 arg1 = g_strdup_printf ("%d", from_child_input);
596 session->priv->pid = fork ();
597 if (session->priv->pid == 0)
599 /* Run us again in session child mode */
604 _exit (EXIT_FAILURE);
609 if (session->priv->pid < 0)
611 g_debug ("Failed to fork session child process: %s", strerror (errno));
615 /* Hold a reference on this object until the child process terminates so we
616 * can handle the watch callback even if it is no longer used. Otherwise a
617 * zombie process will remain */
618 g_object_ref (session);
620 /* Listen for session termination */
621 session->priv->authentication_started = TRUE;
622 session->priv->child_watch = g_child_watch_add (session->priv->pid, session_watch_cb, session);
624 /* Close the ends of the pipes we don't need */
625 close (to_child_output);
626 close (from_child_input);
628 /* Indicate what version of the protocol we are using */
630 write_data (session, &version, sizeof (version));
632 /* Send configuration */
633 write_string (session, session->priv->pam_service);
634 write_string (session, session->priv->username);
635 write_data (session, &session->priv->do_authenticate, sizeof (session->priv->do_authenticate));
636 write_data (session, &session->priv->is_interactive, sizeof (session->priv->is_interactive));
637 write_string (session, NULL); /* Used to be class, now we just use the environment variable */
638 write_string (session, session->priv->tty);
639 write_string (session, session->priv->remote_host_name);
640 write_string (session, session->priv->xdisplay);
641 write_xauth (session, session->priv->x_authority);
643 l_debug (session, "Started with service '%s', username '%s'", session->priv->pam_service, session->priv->username);
649 session_get_username (Session *session)
651 g_return_val_if_fail (session != NULL, NULL);
652 return session->priv->username;
656 session_get_console_kit_cookie (Session *session)
658 g_return_val_if_fail (session != NULL, NULL);
659 return session->priv->console_kit_cookie;
663 session_respond (Session *session, struct pam_response *response)
665 int error = PAM_SUCCESS;
668 g_return_if_fail (session != NULL);
670 write_data (session, &error, sizeof (error));
671 for (i = 0; i < session->priv->messages_length; i++)
673 write_string (session, response[i].resp);
674 write_data (session, &response[i].resp_retcode, sizeof (response[i].resp_retcode));
677 /* Delete the old messages */
678 for (i = 0; i < session->priv->messages_length; i++)
679 g_free ((char *) session->priv->messages[i].msg);
680 g_free (session->priv->messages);
681 session->priv->messages = NULL;
682 session->priv->messages_length = 0;
686 session_respond_error (Session *session, int error)
688 g_return_if_fail (session != NULL);
689 g_return_if_fail (error != PAM_SUCCESS);
691 write_data (session, &error, sizeof (error));
695 session_get_messages_length (Session *session)
697 g_return_val_if_fail (session != NULL, 0);
698 return session->priv->messages_length;
701 const struct pam_message *
702 session_get_messages (Session *session)
704 g_return_val_if_fail (session != NULL, NULL);
705 return session->priv->messages;
709 session_get_is_authenticated (Session *session)
711 g_return_val_if_fail (session != NULL, FALSE);
712 return session->priv->authentication_complete && session->priv->authentication_result == PAM_SUCCESS;
716 session_get_authentication_result (Session *session)
718 g_return_val_if_fail (session != NULL, 0);
719 return session->priv->authentication_result;
723 session_get_authentication_result_string (Session *session)
725 g_return_val_if_fail (session != NULL, NULL);
726 return session->priv->authentication_result_string;
730 session_run (Session *session)
732 g_return_if_fail (session->priv->display_server != NULL);
733 return SESSION_GET_CLASS (session)->run (session);
737 session_real_run (Session *session)
740 gchar *command, *x_authority_filename;
743 g_return_if_fail (session != NULL);
744 g_return_if_fail (!session->priv->command_run);
745 g_return_if_fail (session_get_is_authenticated (session));
746 g_return_if_fail (session->priv->argv != NULL);
747 g_return_if_fail (session->priv->pid != 0);
749 display_server_connect_session (session->priv->display_server, session);
751 session->priv->command_run = TRUE;
753 command = g_strjoinv (" ", session->priv->argv);
754 l_debug (session, "Running command %s", command);
757 /* Create authority location */
758 if (session->priv->x_authority_use_system_location)
760 gchar *run_dir, *dir;
762 run_dir = config_get_string (config_get_instance (), "LightDM", "run-directory");
763 dir = g_build_filename (run_dir, session->priv->username, NULL);
766 if (g_mkdir_with_parents (dir, S_IRWXU) < 0)
767 l_warning (session, "Failed to set create system authority dir %s: %s", dir, strerror (errno));
770 if (chown (dir, user_get_uid (session_get_user (session)), user_get_gid (session_get_user (session))) < 0)
771 l_warning (session, "Failed to set ownership of user authority dir: %s", strerror (errno));
774 x_authority_filename = g_build_filename (dir, "xauthority", NULL);
778 x_authority_filename = g_build_filename (user_get_home_directory (session_get_user (session)), ".Xauthority", NULL);
780 /* Make sure shared user directory for this user exists */
781 if (!session->priv->remote_host_name)
783 gchar *data_dir = shared_data_manager_ensure_user_dir (shared_data_manager_get_instance (), session->priv->username);
786 session_set_env (session, "XDG_GREETER_DATA_DIR", data_dir);
791 if (session->priv->log_filename)
792 l_debug (session, "Logging to %s", session->priv->log_filename);
793 write_string (session, session->priv->log_filename);
794 write_string (session, session->priv->tty);
795 write_string (session, x_authority_filename);
796 g_free (x_authority_filename);
797 write_string (session, session->priv->xdisplay);
798 write_xauth (session, session->priv->x_authority);
799 argc = g_list_length (session->priv->env);
800 write_data (session, &argc, sizeof (argc));
801 for (link = session->priv->env; link; link = link->next)
802 write_string (session, (gchar *) link->data);
803 argc = g_strv_length (session->priv->argv);
804 write_data (session, &argc, sizeof (argc));
805 for (i = 0; i < argc; i++)
806 write_string (session, session->priv->argv[i]);
808 session->priv->login1_session_id = read_string_from_child (session);
809 session->priv->console_kit_cookie = read_string_from_child (session);
813 session_lock (Session *session)
815 g_return_if_fail (session != NULL);
818 if (session->priv->login1_session_id)
819 login1_service_lock_session (login1_service_get_instance (), session->priv->login1_session_id);
820 else if (session->priv->console_kit_cookie)
821 ck_lock_session (session->priv->console_kit_cookie);
826 session_unlock (Session *session)
828 g_return_if_fail (session != NULL);
831 if (session->priv->login1_session_id)
832 login1_service_unlock_session (login1_service_get_instance (), session->priv->login1_session_id);
833 else if (session->priv->console_kit_cookie)
834 ck_unlock_session (session->priv->console_kit_cookie);
839 session_activate (Session *session)
841 g_return_if_fail (session != NULL);
844 if (session->priv->login1_session_id)
845 login1_service_activate_session (login1_service_get_instance (), session->priv->login1_session_id);
846 else if (session->priv->console_kit_cookie)
847 ck_activate_session (session->priv->console_kit_cookie);
852 session_stop (Session *session)
854 g_return_if_fail (session != NULL);
856 /* If can cleanly stop then do that */
857 if (session_get_is_authenticated (session) && !session->priv->command_run)
861 session->priv->command_run = TRUE;
862 write_string (session, NULL); // log filename
863 write_string (session, NULL); // tty
864 write_string (session, NULL); // xauth filename
865 write_string (session, NULL); // xdisplay
866 write_xauth (session, NULL); // xauth
867 write_data (session, &n, sizeof (n)); // environment
868 write_data (session, &n, sizeof (n)); // command
872 if (session->priv->stopping)
874 session->priv->stopping = TRUE;
876 return SESSION_GET_CLASS (session)->stop (session);
880 session_real_stop (Session *session)
882 g_return_if_fail (session != NULL);
884 if (session->priv->pid > 0)
886 l_debug (session, "Sending SIGTERM");
887 kill (session->priv->pid, SIGTERM);
888 // FIXME: Handle timeout
891 g_signal_emit (G_OBJECT (session), signals[STOPPED], 0);
895 session_get_is_stopping (Session *session)
897 g_return_val_if_fail (session != NULL, FALSE);
898 return session->priv->stopping;
902 session_init (Session *session)
904 session->priv = G_TYPE_INSTANCE_GET_PRIVATE (session, SESSION_TYPE, SessionPrivate);
905 session->priv->log_filename = g_strdup (".xsession-errors");
909 session_finalize (GObject *object)
911 Session *self = SESSION (object);
914 if (self->priv->config)
915 g_object_unref (self->priv->config);
916 if (self->priv->display_server)
917 g_object_unref (self->priv->display_server);
919 kill (self->priv->pid, SIGKILL);
920 if (self->priv->from_child_channel)
921 g_io_channel_unref (self->priv->from_child_channel);
922 if (self->priv->from_child_watch)
923 g_source_remove (self->priv->from_child_watch);
924 if (self->priv->child_watch)
925 g_source_remove (self->priv->child_watch);
926 g_free (self->priv->username);
927 if (self->priv->user)
928 g_object_unref (self->priv->user);
929 g_free (self->priv->pam_service);
930 for (i = 0; i < self->priv->messages_length; i++)
931 g_free ((char *) self->priv->messages[i].msg);
932 g_free (self->priv->messages);
933 g_free (self->priv->authentication_result_string);
934 g_free (self->priv->log_filename);
935 g_free (self->priv->tty);
936 g_free (self->priv->xdisplay);
937 if (self->priv->x_authority)
938 g_object_unref (self->priv->x_authority);
939 g_free (self->priv->remote_host_name);
940 g_free (self->priv->login1_session_id);
941 g_free (self->priv->console_kit_cookie);
942 g_list_free_full (self->priv->env, g_free);
943 g_strfreev (self->priv->argv);
945 G_OBJECT_CLASS (session_parent_class)->finalize (object);
949 session_class_init (SessionClass *klass)
951 GObjectClass *object_class = G_OBJECT_CLASS (klass);
953 klass->start = session_real_start;
954 klass->run = session_real_run;
955 klass->stop = session_real_stop;
956 object_class->finalize = session_finalize;
958 g_type_class_add_private (klass, sizeof (SessionPrivate));
960 signals[GOT_MESSAGES] =
961 g_signal_new (SESSION_SIGNAL_GOT_MESSAGES,
962 G_TYPE_FROM_CLASS (klass),
964 G_STRUCT_OFFSET (SessionClass, got_messages),
969 signals[AUTHENTICATION_COMPLETE] =
970 g_signal_new (SESSION_SIGNAL_AUTHENTICATION_COMPLETE,
971 G_TYPE_FROM_CLASS (klass),
973 G_STRUCT_OFFSET (SessionClass, authentication_complete),
979 g_signal_new (SESSION_SIGNAL_STOPPED,
980 G_TYPE_FROM_CLASS (klass),
982 G_STRUCT_OFFSET (SessionClass, stopped),
989 session_real_logprefix (Logger *self, gchar *buf, gulong buflen)
991 Session *session = SESSION (self);
992 if (session->priv->pid != 0)
993 return g_snprintf (buf, buflen, "Session pid=%d: ", session->priv->pid);
995 return g_snprintf (buf, buflen, "Session: ");
999 session_logger_iface_init (LoggerInterface *iface)
1001 iface->logprefix = &session_real_logprefix;
projects / sojka / lightdm.git / blob