Blob Blame History Raw
From 4fde9e7882e5d2e42a4ed5a0d71943d5ea966131 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Wed, 15 Aug 2018 10:48:16 -0400
Subject: [PATCH 1/5] worker: don't load user settings for program sessions

We don't need or want the login greeter to access accountsservice
for its session name
---
 daemon/gdm-session-worker.c | 37 ++++++++++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 11 deletions(-)

diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index 774298b95..88fe36c16 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -400,103 +400,108 @@ gdm_session_execute (const char *file,
  */
 static gboolean
 gdm_session_worker_get_username (GdmSessionWorker  *worker,
                                  char             **username)
 {
         gconstpointer item;
 
         g_assert (worker->priv->pam_handle != NULL);
 
         if (pam_get_item (worker->priv->pam_handle, PAM_USER, &item) == PAM_SUCCESS) {
                 if (username != NULL) {
                         *username = g_strdup ((char *) item);
                         g_debug ("GdmSessionWorker: username is '%s'",
                                  *username != NULL ? *username : "<unset>");
                 }
 
                 if (worker->priv->auditor != NULL) {
                         gdm_session_auditor_set_username (worker->priv->auditor, (char *)item);
                 }
 
                 return TRUE;
         }
 
         return FALSE;
 }
 
 static void
 attempt_to_load_user_settings (GdmSessionWorker *worker,
                                const char       *username)
 {
+        if (worker->priv->user_settings == NULL)
+                return;
+
+        if (gdm_session_settings_is_loaded (worker->priv->user_settings))
+                return;
+
         g_debug ("GdmSessionWorker: attempting to load user settings");
         gdm_session_settings_load (worker->priv->user_settings,
                                    username);
 }
 
 static void
 gdm_session_worker_update_username (GdmSessionWorker *worker)
 {
         char    *username;
         gboolean res;
 
         username = NULL;
         res = gdm_session_worker_get_username (worker, &username);
         if (res) {
                 g_debug ("GdmSessionWorker: old-username='%s' new-username='%s'",
                          worker->priv->username != NULL ? worker->priv->username : "<unset>",
                          username != NULL ? username : "<unset>");
 
 
                 gdm_session_auditor_set_username (worker->priv->auditor, worker->priv->username);
 
                 if ((worker->priv->username == username) ||
                     ((worker->priv->username != NULL) && (username != NULL) &&
                      (strcmp (worker->priv->username, username) == 0)))
                         goto out;
 
                 g_debug ("GdmSessionWorker: setting username to '%s'", username);
 
                 g_free (worker->priv->username);
                 worker->priv->username = username;
                 username = NULL;
 
                 gdm_dbus_worker_emit_username_changed (GDM_DBUS_WORKER (worker),
                                                        worker->priv->username);
 
                 /* We have a new username to try. If we haven't been able to
                  * read user settings up until now, then give it a go now
                  * (see the comment in do_setup for rationale on why it's useful
                  * to keep trying to read settings)
                  */
                 if (worker->priv->username != NULL &&
-                    worker->priv->username[0] != '\0' &&
-                    !gdm_session_settings_is_loaded (worker->priv->user_settings)) {
+                    worker->priv->username[0] != '\0') {
                         attempt_to_load_user_settings (worker, worker->priv->username);
                 }
         }
 
  out:
         g_free (username);
 }
 
 static gboolean
 gdm_session_worker_ask_question (GdmSessionWorker *worker,
                                  const char       *question,
                                  char            **answerp)
 {
         return gdm_dbus_worker_manager_call_info_query_sync (worker->priv->manager,
                                                              worker->priv->service,
                                                              question,
                                                              answerp,
                                                              NULL,
                                                              NULL);
 }
 
 static gboolean
 gdm_session_worker_ask_for_secret (GdmSessionWorker *worker,
                                    const char       *question,
                                    char            **answerp)
 {
         return gdm_dbus_worker_manager_call_secret_info_query_sync (worker->priv->manager,
                                                                     worker->priv->service,
                                                                     question,
                                                                     answerp,
@@ -2600,87 +2605,89 @@ gdm_session_worker_get_property (GObject    *object,
                 g_value_set_boolean (value, self->priv->is_reauth_session);
                 break;
         case PROP_STATE:
                 g_value_set_enum (value, self->priv->state);
                 break;
         default:
                 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
                 break;
         }
 }
 
 static gboolean
 gdm_session_worker_handle_set_environment_variable (GdmDBusWorker         *object,
                                                     GDBusMethodInvocation *invocation,
                                                     const char            *key,
                                                     const char            *value)
 {
         GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
         gdm_session_worker_set_environment_variable (worker, key, value);
         gdm_dbus_worker_complete_set_environment_variable (object, invocation);
         return TRUE;
 }
 
 static gboolean
 gdm_session_worker_handle_set_session_name (GdmDBusWorker         *object,
                                             GDBusMethodInvocation *invocation,
                                             const char            *session_name)
 {
         GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
         g_debug ("GdmSessionWorker: session name set to %s", session_name);
-        gdm_session_settings_set_session_name (worker->priv->user_settings,
-                                               session_name);
+        if (worker->priv->user_settings != NULL)
+                gdm_session_settings_set_session_name (worker->priv->user_settings,
+                                                       session_name);
         gdm_dbus_worker_complete_set_session_name (object, invocation);
         return TRUE;
 }
 
 static gboolean
 gdm_session_worker_handle_set_session_display_mode (GdmDBusWorker         *object,
                                                     GDBusMethodInvocation *invocation,
                                                     const char            *str)
 {
         GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
         g_debug ("GdmSessionWorker: session display mode set to %s", str);
         worker->priv->display_mode = gdm_session_display_mode_from_string (str);
         gdm_dbus_worker_complete_set_session_display_mode (object, invocation);
         return TRUE;
 }
 
 static gboolean
 gdm_session_worker_handle_set_language_name (GdmDBusWorker         *object,
                                              GDBusMethodInvocation *invocation,
                                              const char            *language_name)
 {
         GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
         g_debug ("GdmSessionWorker: language name set to %s", language_name);
-        gdm_session_settings_set_language_name (worker->priv->user_settings,
-                                                language_name);
+        if (worker->priv->user_settings != NULL)
+                gdm_session_settings_set_language_name (worker->priv->user_settings,
+                                                        language_name);
         gdm_dbus_worker_complete_set_language_name (object, invocation);
         return TRUE;
 }
 
 static void
 on_saved_language_name_read (GdmSessionWorker *worker)
 {
         char *language_name;
 
         language_name = gdm_session_settings_get_language_name (worker->priv->user_settings);
 
         g_debug ("GdmSessionWorker: Saved language is %s", language_name);
         gdm_dbus_worker_emit_saved_language_name_read (GDM_DBUS_WORKER (worker),
                                                        language_name);
         g_free (language_name);
 }
 
 static void
 on_saved_session_name_read (GdmSessionWorker *worker)
 {
         char *session_name;
 
         session_name = gdm_session_settings_get_session_name (worker->priv->user_settings);
 
         g_debug ("GdmSessionWorker: Saved session is %s", session_name);
         gdm_dbus_worker_emit_saved_session_name_read (GDM_DBUS_WORKER (worker),
                                                       session_name);
         g_free (session_name);
 }
 
@@ -2758,110 +2765,113 @@ do_authorize (GdmSessionWorker *worker)
                 g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error);
         }
         worker->priv->pending_invocation = NULL;
 }
 
 static void
 do_accredit (GdmSessionWorker *worker)
 {
         GError  *error;
         gboolean res;
 
         /* get kerberos tickets, setup group lists, etc
          */
         error = NULL;
         res = gdm_session_worker_accredit_user (worker, &error);
 
         if (res) {
                 gdm_dbus_worker_complete_establish_credentials (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation);
         } else {
                 g_dbus_method_invocation_take_error (worker->priv->pending_invocation, error);
         }
         worker->priv->pending_invocation = NULL;
 }
 
 static void
 save_account_details_now (GdmSessionWorker *worker)
 {
         g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED);
 
         g_debug ("GdmSessionWorker: saving account details for user %s", worker->priv->username);
+
         gdm_session_worker_set_state (worker, GDM_SESSION_WORKER_STATE_ACCOUNT_DETAILS_SAVED);
-        if (!gdm_session_settings_save (worker->priv->user_settings,
-                                        worker->priv->username)) {
-                g_warning ("could not save session and language settings");
+        if (worker->priv->user_settings != NULL) {
+                if (!gdm_session_settings_save (worker->priv->user_settings,
+                                                worker->priv->username)) {
+                        g_warning ("could not save session and language settings");
+                }
         }
         queue_state_change (worker);
 }
 
 static void
 on_settings_is_loaded_changed (GdmSessionSettings *user_settings,
                                GParamSpec         *pspec,
                                GdmSessionWorker   *worker)
 {
         if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) {
                 return;
         }
 
         /* These signal handlers should be disconnected after the loading,
          * so that gdm_session_settings_set_* APIs don't cause the emitting
          * of Saved*NameRead D-Bus signals any more.
          */
         g_signal_handlers_disconnect_by_func (worker->priv->user_settings,
                                               G_CALLBACK (on_saved_session_name_read),
                                               worker);
 
         g_signal_handlers_disconnect_by_func (worker->priv->user_settings,
                                               G_CALLBACK (on_saved_language_name_read),
                                               worker);
 
         if (worker->priv->state == GDM_SESSION_WORKER_STATE_NONE) {
                 g_debug ("GdmSessionWorker: queuing setup for user: %s %s",
                          worker->priv->username, worker->priv->display_device);
                 queue_state_change (worker);
         } else if (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED) {
                 save_account_details_now (worker);
         } else {
                 return;
         }
 
         g_signal_handlers_disconnect_by_func (G_OBJECT (worker->priv->user_settings),
                                               G_CALLBACK (on_settings_is_loaded_changed),
                                               worker);
 }
 
 static void
 do_save_account_details_when_ready (GdmSessionWorker *worker)
 {
         g_assert (worker->priv->state == GDM_SESSION_WORKER_STATE_ACCREDITED);
 
-        if (!gdm_session_settings_is_loaded (worker->priv->user_settings)) {
+        if (worker->priv->user_settings != NULL && !gdm_session_settings_is_loaded (worker->priv->user_settings)) {
                 g_signal_connect (G_OBJECT (worker->priv->user_settings),
                                   "notify::is-loaded",
                                   G_CALLBACK (on_settings_is_loaded_changed),
                                   worker);
                 g_debug ("GdmSessionWorker: user %s, not fully loaded yet, will save account details later",
                          worker->priv->username);
                 gdm_session_settings_load (worker->priv->user_settings,
                                            worker->priv->username);
                 return;
         }
 
         save_account_details_now (worker);
 }
 
 static void
 do_open_session (GdmSessionWorker *worker)
 {
         GError  *error;
         gboolean res;
 
         error = NULL;
         res = gdm_session_worker_open_session (worker, &error);
 
         if (res) {
                 char *session_id = worker->priv->session_id;
                 if (session_id == NULL) {
                         session_id = "";
                 }
 
                 gdm_dbus_worker_complete_open (GDM_DBUS_WORKER (worker), worker->priv->pending_invocation, session_id);
@@ -3105,155 +3115,161 @@ gdm_session_worker_handle_initialize (GdmDBusWorker         *object,
                 if (g_strcmp0 (key, "service") == 0) {
                         worker->priv->service = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "extensions") == 0) {
                         worker->priv->extensions = filter_extensions (g_variant_get_strv (value, NULL));
                 } else if (g_strcmp0 (key, "username") == 0) {
                         worker->priv->username = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "is-program-session") == 0) {
                         worker->priv->is_program_session = g_variant_get_boolean (value);
                 } else if (g_strcmp0 (key, "log-file") == 0) {
                         worker->priv->log_file = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "x11-display-name") == 0) {
                         worker->priv->x11_display_name = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "x11-authority-file") == 0) {
                         worker->priv->x11_authority_file = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "console") == 0) {
                         worker->priv->display_device = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "seat-id") == 0) {
                         worker->priv->display_seat_id = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "hostname") == 0) {
                         worker->priv->hostname = g_variant_dup_string (value, NULL);
                 } else if (g_strcmp0 (key, "display-is-local") == 0) {
                         worker->priv->display_is_local = g_variant_get_boolean (value);
                 } else if (g_strcmp0 (key, "display-is-initial") == 0) {
                         worker->priv->display_is_initial = g_variant_get_boolean (value);
                 }
         }
 
         worker->priv->pending_invocation = invocation;
 
         if (!worker->priv->is_program_session) {
+                worker->priv->user_settings = gdm_session_settings_new ();
+
                 g_signal_connect_swapped (worker->priv->user_settings,
                                           "notify::language-name",
                                           G_CALLBACK (on_saved_language_name_read),
                                           worker);
 
                 g_signal_connect_swapped (worker->priv->user_settings,
                                           "notify::session-name",
                                           G_CALLBACK (on_saved_session_name_read),
                                           worker);
 
                 if (worker->priv->username) {
                         wait_for_settings = !gdm_session_settings_load (worker->priv->user_settings,
                                                                         worker->priv->username);
                 }
         }
 
         if (wait_for_settings) {
                 /* Load settings from accounts daemon before continuing
                  */
                 g_signal_connect (G_OBJECT (worker->priv->user_settings),
                                   "notify::is-loaded",
                                   G_CALLBACK (on_settings_is_loaded_changed),
                                   worker);
         } else {
                 queue_state_change (worker);
         }
 
         return TRUE;
 }
 
 static gboolean
 gdm_session_worker_handle_setup (GdmDBusWorker         *object,
                                  GDBusMethodInvocation *invocation,
                                  const char            *service,
                                  const char            *x11_display_name,
                                  const char            *x11_authority_file,
                                  const char            *console,
                                  const char            *seat_id,
                                  const char            *hostname,
                                  gboolean               display_is_local,
                                  gboolean               display_is_initial)
 {
         GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
         validate_and_queue_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE);
 
         worker->priv->service = g_strdup (service);
         worker->priv->x11_display_name = g_strdup (x11_display_name);
         worker->priv->x11_authority_file = g_strdup (x11_authority_file);
         worker->priv->display_device = g_strdup (console);
         worker->priv->display_seat_id = g_strdup (seat_id);
         worker->priv->hostname = g_strdup (hostname);
         worker->priv->display_is_local = display_is_local;
         worker->priv->display_is_initial = display_is_initial;
         worker->priv->username = NULL;
 
+        worker->priv->user_settings = gdm_session_settings_new ();
+
         g_signal_connect_swapped (worker->priv->user_settings,
                                   "notify::language-name",
                                   G_CALLBACK (on_saved_language_name_read),
                                   worker);
 
         g_signal_connect_swapped (worker->priv->user_settings,
                                   "notify::session-name",
                                   G_CALLBACK (on_saved_session_name_read),
                                   worker);
         return TRUE;
 }
 
 static gboolean
 gdm_session_worker_handle_setup_for_user (GdmDBusWorker         *object,
                                           GDBusMethodInvocation *invocation,
                                           const char            *service,
                                           const char            *username,
                                           const char            *x11_display_name,
                                           const char            *x11_authority_file,
                                           const char            *console,
                                           const char            *seat_id,
                                           const char            *hostname,
                                           gboolean               display_is_local,
                                           gboolean               display_is_initial)
 {
         GdmSessionWorker *worker = GDM_SESSION_WORKER (object);
 
         if (!validate_state_change (worker, invocation, GDM_SESSION_WORKER_STATE_SETUP_COMPLETE))
                 return TRUE;
 
         worker->priv->service = g_strdup (service);
         worker->priv->x11_display_name = g_strdup (x11_display_name);
         worker->priv->x11_authority_file = g_strdup (x11_authority_file);
         worker->priv->display_device = g_strdup (console);
         worker->priv->display_seat_id = g_strdup (seat_id);
         worker->priv->hostname = g_strdup (hostname);
         worker->priv->display_is_local = display_is_local;
         worker->priv->display_is_initial = display_is_initial;
         worker->priv->username = g_strdup (username);
 
+        worker->priv->user_settings = gdm_session_settings_new ();
+
         g_signal_connect_swapped (worker->priv->user_settings,
                                   "notify::language-name",
                                   G_CALLBACK (on_saved_language_name_read),
                                   worker);
 
         g_signal_connect_swapped (worker->priv->user_settings,
                                   "notify::session-name",
                                   G_CALLBACK (on_saved_session_name_read),
                                   worker);
 
         /* Load settings from accounts daemon before continuing
          */
         worker->priv->pending_invocation = invocation;
         if (gdm_session_settings_load (worker->priv->user_settings, username)) {
                 queue_state_change (worker);
         } else {
                 g_signal_connect (G_OBJECT (worker->priv->user_settings),
                                   "notify::is-loaded",
                                   G_CALLBACK (on_settings_is_loaded_changed),
                                   worker);
         }
 
         return TRUE;
 }
 
 static gboolean
 gdm_session_worker_handle_setup_for_program (GdmDBusWorker         *object,
                                              GDBusMethodInvocation *invocation,
                                              const char            *service,
                                              const char            *username,
@@ -3591,61 +3607,60 @@ static void
 reauthentication_request_free (ReauthenticationRequest *request)
 {
 
         g_signal_handlers_disconnect_by_func (request->session,
                                               G_CALLBACK (on_reauthentication_client_connected),
                                               request);
         g_signal_handlers_disconnect_by_func (request->session,
                                               G_CALLBACK (on_reauthentication_client_disconnected),
                                               request);
         g_signal_handlers_disconnect_by_func (request->session,
                                               G_CALLBACK (on_reauthentication_cancelled),
                                               request);
         g_signal_handlers_disconnect_by_func (request->session,
                                               G_CALLBACK (on_reauthentication_conversation_started),
                                               request);
         g_signal_handlers_disconnect_by_func (request->session,
                                               G_CALLBACK (on_reauthentication_conversation_stopped),
                                               request);
         g_signal_handlers_disconnect_by_func (request->session,
                                               G_CALLBACK (on_reauthentication_verification_complete),
                                               request);
         g_clear_object (&request->session);
         g_slice_free (ReauthenticationRequest, request);
 }
 
 static void
 gdm_session_worker_init (GdmSessionWorker *worker)
 {
         worker->priv = GDM_SESSION_WORKER_GET_PRIVATE (worker);
 
-        worker->priv->user_settings = gdm_session_settings_new ();
         worker->priv->reauthentication_requests = g_hash_table_new_full (NULL,
                                                                          NULL,
                                                                          NULL,
                                                                          (GDestroyNotify)
                                                                          reauthentication_request_free);
 }
 
 static void
 gdm_session_worker_unwatch_child (GdmSessionWorker *worker)
 {
         if (worker->priv->child_watch_id == 0)
                 return;
 
         g_source_remove (worker->priv->child_watch_id);
         worker->priv->child_watch_id = 0;
 }
 
 
 static void
 gdm_session_worker_finalize (GObject *object)
 {
         GdmSessionWorker *worker;
 
         g_return_if_fail (object != NULL);
         g_return_if_fail (GDM_IS_SESSION_WORKER (object));
 
         worker = GDM_SESSION_WORKER (object);
 
         g_return_if_fail (worker->priv != NULL);
 
-- 
2.31.1