From 70eb29d5eedc2b66e617745be1dd145aac3e177e Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Wed, 15 Aug 2018 10:48:16 -0400
Subject: [PATCH 1/4] worker: don't load user settings for program sessions
We don't need or want the login greeter to access accountsservice
for its session name
---
daemon/gdm-session-worker.c | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index 774298b9..88fe36c1 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -400,103 +400,108 @@ gdm_session_execute (const char *file,
*/
static gboolean
gdm_session_worker_get_username (GdmSessionWorker *worker,
char **username)
{
gconstpointer item;
g_assert (worker->priv->pam_handle != NULL);
if (pam_get_item (worker->priv->pam_handle, PAM_USER, &item) == PAM_SUCCESS) {
if (username != NULL) {
*username = g_strdup ((char *) item);
g_debug ("GdmSessionWorker: username is '%s'",
*username != NULL ? *username : "<unset>");
}
if (worker->priv->auditor != NULL) {
gdm_session_auditor_set_username (worker->priv->auditor, (char *)item);
}
return TRUE;
}
return FALSE;
}
static void
attempt_to_load_user_settings (GdmSessionWorker *worker,
const char *username)
{
+ if (worker->priv->user_settings == NULL)
+ return;
+
+ if (gdm_session_settings_is_loaded (worker->priv->user_settings))
+ return;
+
g_debug ("GdmSessionWorker: attempting to load user settings");
gdm_session_settings_load (worker->priv->user_settings,
username);
}
static void
gdm_session_worker_update_username (GdmSessionWorker *worker)
{
char *username;
gboolean res;
username = NULL;
res = gdm_session_worker_get_username (worker, &username);
if (res) {
g_debug ("GdmSessionWorker: old-username='%s' new-username='%s'",
worker->priv->username != NULL ? worker->priv->username : "<unset>",
username != NULL ? username : "<unset>");
gdm_session_auditor_set_username (worker->priv->auditor, worker->priv->username);
if ((worker->priv->username == username) ||
((worker->priv->username != NULL) && (username != NULL) &&
(strcmp (worker->priv->username, username) == 0)))
goto out;
g_debug ("GdmSessionWorker: setting username to '%s'", username);
g_free (worker->priv->username);
worker->priv->username = username;
username = NULL;
gdm_dbus_worker_emit_username_changed (GDM_DBUS_WORKER (worker),
worker->priv->username);
/* We have a new username to try. If we haven't been able to
* read user settings up until now, then give it a go now
* (see the comment in do_setup for rationale on why it's useful
* to keep trying to read settings)
*/
if (worker->priv->username != NULL &&
- worker->priv->username[0] != '\0' &&
- !gdm_session_settings_is_loaded (worker->priv->user_settings)) {
+ worker->priv->username[0] != '\0') {
attempt_to_load_user_settings (worker, worker->priv->username);
}
}
out:
g_free (username);
}
static gboolean
gdm_session_worker_ask_question (GdmSessionWorker *worker,
const char *question,
char **answerp)
{
return gdm_dbus_worker_manager_call_info_query_sync (worker->priv->manager,
worker->priv->service,
question,
answerp,
NULL,
NULL);
}
static gboolean
gdm_session_worker_ask_for_secret (GdmSessionWorker *worker,
const char *question,
char **answerp)
{
return gdm_dbus_worker_manager_call_secret_info_query_sync (worker->priv->manager,
worker->priv->service,
question,
answerp,
@@ -2600,87 +2605,89 @@ gdm_session_worker_get_property (GObject *object,
g_value_set_boolean (value, self->priv->is_reauth_session);
break;
case PROP_STATE:
g_value_set_enum (value, self->priv->state);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static gboolean
gdm_session_worker_handle_set_environment_variable (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *key,
const char *value)
{
GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
gdm_session_worker_set_environment_variable (worker, key, value);
gdm_dbus_worker_complete_set_environment_variable (object, invocation);
return TRUE;
}
static gboolean
gdm_session_worker_handle_set_session_name (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *session_name)
{
GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
g_debug ("GdmSessionWorker: session name set to %s", session_name);
- gdm_session_settings_set_session_name (worker->priv->user_settings,
- session_name);
+ if (worker->priv->user_settings != NULL)
+ gdm_session_settings_set_session_name (worker->priv->user_settings,
+ session_name);
gdm_dbus_worker_complete_set_session_name (object, invocation);
return TRUE;
}
static gboolean
gdm_session_worker_handle_set_session_display_mode (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *str)
{
GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
g_debug ("GdmSessionWorker: session display mode set to %s", str);
worker->priv->display_mode = gdm_session_display_mode_from_string (str);
gdm_dbus_worker_complete_set_session_display_mode (object, invocation);
return TRUE;
}
static gboolean
gdm_session_worker_handle_set_language_name (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *language_name)
{
GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
g_debug ("GdmSessionWorker: language name set to %s", language_name);
- gdm_session_settings_set_language_name (worker->priv->user_settings,
- language_name);
+ if (worker->priv->user_settings != NULL)
+ gdm_session_settings_set_language_name (worker->priv->user_settings,
+ language_name);
gdm_dbus_worker_complete_set_language_name (object, invocation);
return TRUE;
}
static void
on_saved_language_name_read (GdmSessionWorker *worker)
{
char *language_name;
language_name = gdm_session_settings_get_language_name (worker->priv->user_settings);
g_debug ("GdmSessionWorker: Saved language is %s", language_name);
gdm_dbus_worker_emit_saved_language_name_read (GDM_DBUS_WORKER (worker),
language_name);
g_free (language_name);
}
static void
on_saved_session_name_read (GdmSessionWorker *worker)
{
char *session_name;
session_name = gdm_session_settings_get_session_name (worker->priv->user_settings);
g_debug ("GdmSessionWorker: Saved session is %s", session_name);
gdm_dbus_worker_emit_saved_session_name_read (GDM_DBUS_WORKER (worker),
session_name);
g_free (session_name);
}
@@ -2758,110 +2765,113 @@ do_authorize (GdmSessionWorker *worker)
g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error);
}
worker->priv->pending_invocation = NULL;
}
static void
do_accredit (GdmSessionWorker *worker)
{
GError *error;
gboolean res;
/* get kerberos tickets, setup group lists, etc
*/
error = NULL;
res = gdm_session_worker_accredit_user (worker, &error);
if (res) {
gdm_dbus_worker_complete_establish_credentials (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation);
} else {
g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error);
}
worker->priv->pending_invocation = NULL;
}
static void
save_account_details_now (GdmSessionWorker *worker)
{
g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED);
g_debug ("GdmSessionWorker: saving account details for user %s", worker->priv->username);
+
gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED);
- if (!gdm_session_settings_save (worker->priv->user_settings,
- worker->priv->username)) {
- g_warning ("could not save session and language settings");
+ if (worker->priv->user_settings != NULL) {
+ if (!gdm_session_settings_save (worker->priv->user_settings,
+ worker->priv->username)) {
+ g_warning ("could not save session and language settings");
+ }
}
queue_state_change (worker);
}
static void
on_settings_is_loaded_changed (GdmSessionSettings *user_settings,
GParamSpec *pspec,
GdmSessionWorker *worker)
{
if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) {
return;
}
/* These signal handlers should be disconnected after the loading,
* so that gdm_session_settings_set_* APIs don't cause the emitting
* of Saved*NameRead D-Bus signals any more.
*/
g_signal_handlers_disconnect_by_func (worker->priv->user_settings,
G_CALLBACK (on_saved_session_name_read),
worker);
g_signal_handlers_disconnect_by_func (worker->priv->user_settings,
G_CALLBACK (on_saved_language_name_read),
worker);
if (worker->priv->state == GDM_SESSION_WORKER_STATE_NONE) {
g_debug ("GdmSessionWorker: queuing setup for user: %s %s",
worker->priv->username, worker->priv->display_device);
queue_state_change (worker);
} else if (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED) {
save_account_details_now (worker);
} else {
return;
}
g_signal_handlers_disconnect_by_func (G_OBJECT (worker->priv->user_settings),
G_CALLBACK (on_settings_is_loaded_changed),
worker);
}
static void
do_save_account_details_when_ready (GdmSessionWorker *worker)
{
g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED);
- if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) {
+ if (worker->priv->user_settings != NULL && !gdm_session_settings_is_loaded (worker->priv->user_settings)) {
g_signal_connect (G_OBJECT (worker->priv->user_settings),
"notify::is-loaded",
G_CALLBACK (on_settings_is_loaded_changed),
worker);
g_debug ("GdmSessionWorker: user %s, not fully loaded yet, will save account details later",
worker->priv->username);
gdm_session_settings_load (worker->priv->user_settings,
worker->priv->username);
return;
}
save_account_details_now (worker);
}
static void
do_open_session (GdmSessionWorker *worker)
{
GError *error;
gboolean res;
error = NULL;
res = gdm_session_worker_open_session (worker, &error);
if (res) {
char *session_id = worker->priv->session_id;
if (session_id == NULL) {
session_id = "";
}
gdm_dbus_worker_complete_open (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation, session_id);
@@ -3105,155 +3115,161 @@ gdm_session_worker_handle_initialize (GdmDBusWorker *object,
if (g_strcmp0 (key, "service") == 0) {
worker->priv->service = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "extensions") == 0) {
worker->priv->extensions = filter_extensions (g_variant_get_strv (value, NULL));
} else if (g_strcmp0 (key, "username") == 0) {
worker->priv->username = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "is-program-session") == 0) {
worker->priv->is_program_session = g_variant_get_boolean (value);
} else if (g_strcmp0 (key, "log-file") == 0) {
worker->priv->log_file = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "x11-display-name") == 0) {
worker->priv->x11_display_name = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "x11-authority-file") == 0) {
worker->priv->x11_authority_file = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "console") == 0) {
worker->priv->display_device = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "seat-id") == 0) {
worker->priv->display_seat_id = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "hostname") == 0) {
worker->priv->hostname = g_variant_dup_string (value, NULL);
} else if (g_strcmp0 (key, "display-is-local") == 0) {
worker->priv->display_is_local = g_variant_get_boolean (value);
} else if (g_strcmp0 (key, "display-is-initial") == 0) {
worker->priv->display_is_initial = g_variant_get_boolean (value);
}
}
worker->priv->pending_invocation = invocation;
if (!worker->priv->is_program_session) {
+ worker->priv->user_settings = gdm_session_settings_new ();
+
g_signal_connect_swapped (worker->priv->user_settings,
"notify::language-name",
G_CALLBACK (on_saved_language_name_read),
worker);
g_signal_connect_swapped (worker->priv->user_settings,
"notify::session-name",
G_CALLBACK (on_saved_session_name_read),
worker);
if (worker->priv->username) {
wait_for_settings = !gdm_session_settings_load (worker->priv->user_settings,
worker->priv->username);
}
}
if (wait_for_settings) {
/* Load settings from accounts daemon before continuing
*/
g_signal_connect (G_OBJECT (worker->priv->user_settings),
"notify::is-loaded",
G_CALLBACK (on_settings_is_loaded_changed),
worker);
} else {
queue_state_change (worker);
}
return TRUE;
}
static gboolean
gdm_session_worker_handle_setup (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *service,
const char *x11_display_name,
const char *x11_authority_file,
const char *console,
const char *seat_id,
const char *hostname,
gboolean display_is_local,
gboolean display_is_initial)
{
GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
validate_and_queue_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE);
worker->priv->service = g_strdup (service);
worker->priv->x11_display_name = g_strdup (x11_display_name);
worker->priv->x11_authority_file = g_strdup (x11_authority_file);
worker->priv->display_device = g_strdup (console);
worker->priv->display_seat_id = g_strdup (seat_id);
worker->priv->hostname = g_strdup (hostname);
worker->priv->display_is_local = display_is_local;
worker->priv->display_is_initial = display_is_initial;
worker->priv->username = NULL;
+ worker->priv->user_settings = gdm_session_settings_new ();
+
g_signal_connect_swapped (worker->priv->user_settings,
"notify::language-name",
G_CALLBACK (on_saved_language_name_read),
worker);
g_signal_connect_swapped (worker->priv->user_settings,
"notify::session-name",
G_CALLBACK (on_saved_session_name_read),
worker);
return TRUE;
}
static gboolean
gdm_session_worker_handle_setup_for_user (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *service,
const char *username,
const char *x11_display_name,
const char *x11_authority_file,
const char *console,
const char *seat_id,
const char *hostname,
gboolean display_is_local,
gboolean display_is_initial)
{
GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
if (!validate_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE))
return TRUE;
worker->priv->service = g_strdup (service);
worker->priv->x11_display_name = g_strdup (x11_display_name);
worker->priv->x11_authority_file = g_strdup (x11_authority_file);
worker->priv->display_device = g_strdup (console);
worker->priv->display_seat_id = g_strdup (seat_id);
worker->priv->hostname = g_strdup (hostname);
worker->priv->display_is_local = display_is_local;
worker->priv->display_is_initial = display_is_initial;
worker->priv->username = g_strdup (username);
+ worker->priv->user_settings = gdm_session_settings_new ();
+
g_signal_connect_swapped (worker->priv->user_settings,
"notify::language-name",
G_CALLBACK (on_saved_language_name_read),
worker);
g_signal_connect_swapped (worker->priv->user_settings,
"notify::session-name",
G_CALLBACK (on_saved_session_name_read),
worker);
/* Load settings from accounts daemon before continuing
*/
worker->priv->pending_invocation = invocation;
if (gdm_session_settings_load (worker->priv->user_settings, username)) {
queue_state_change (worker);
} else {
g_signal_connect (G_OBJECT (worker->priv->user_settings),
"notify::is-loaded",
G_CALLBACK (on_settings_is_loaded_changed),
worker);
}
return TRUE;
}
static gboolean
gdm_session_worker_handle_setup_for_program (GdmDBusWorker *object,
GDBusMethodInvocation *invocation,
const char *service,
const char *username,
@@ -3591,61 +3607,60 @@ static void
reauthentication_request_free (ReauthenticationRequest *request)
{
g_signal_handlers_disconnect_by_func (request->session,
G_CALLBACK (on_reauthentication_client_connected),
request);
g_signal_handlers_disconnect_by_func (request->session,
G_CALLBACK (on_reauthentication_client_disconnected),
request);
g_signal_handlers_disconnect_by_func (request->session,
G_CALLBACK (on_reauthentication_cancelled),
request);
g_signal_handlers_disconnect_by_func (request->session,
G_CALLBACK (on_reauthentication_conversation_started),
request);
g_signal_handlers_disconnect_by_func (request->session,
G_CALLBACK (on_reauthentication_conversation_stopped),
request);
g_signal_handlers_disconnect_by_func (request->session,
G_CALLBACK (on_reauthentication_verification_complete),
request);
g_clear_object (&request->session);
g_slice_free (ReauthenticationRequest, request);
}
static void
gdm_session_worker_init (GdmSessionWorker *worker)
{
worker->priv = GDM_SESSION_WORKER_GET_PRIVATE (worker);
- worker->priv->user_settings = gdm_session_settings_new ();
worker->priv->reauthentication_requests = g_hash_table_new_full (NULL,
NULL,
NULL,
(GDestroyNotify)
reauthentication_request_free);
}
static void
gdm_session_worker_unwatch_child (GdmSessionWorker *worker)
{
if (worker->priv->child_watch_id == 0)
return;
g_source_remove (worker->priv->child_watch_id);
worker->priv->child_watch_id = 0;
}
static void
gdm_session_worker_finalize (GObject *object)
{
GdmSessionWorker *worker;
g_return_if_fail (object != NULL);
g_return_if_fail (GDM_IS_SESSION_WORKER (object));
worker = GDM_SESSION_WORKER (object);
g_return_if_fail (worker->priv != NULL);
--
2.27.0