From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Victor Toso <victortoso@redhat.com>

Date: Sat, 9 Apr 2016 12:00:08 +0200

Subject: [PATCH] session-info: check for a locked session

Each session back-end can return this information to vdagentd when

requested.

The agent should use this on situations that should not work when

session is locked such as file-transfer-start which is fixed by this

patch.

systemd-login is the only back-end implementing this function at the

moment and I'll address console-kit back-end in a later patch.

Also, this patch makes spice-vdagent depend on dbus for getting the

lock information.

Resolve: https://bugzilla.redhat.com/show_bug.cgi?id=1323623

Acked-by: Jonathon Jongsma <jjongsma@redhat.com>

(cherry picked from commit 364b6bba068bd694d7c4355b6275f88482d9f3f8)

---

 configure.ac             |  17 ++-----

 src/console-kit.c        |   7 +++

 src/dummy-session-info.c |   5 ++

 src/session-info.h       |   3 ++

 src/systemd-login.c      | 127 +++++++++++++++++++++++++++++++++++++++++++++++

 src/vdagentd.c           |   7 +++

 6 files changed, 153 insertions(+), 13 deletions(-)

diff --git a/configure.ac b/configure.ac

index 9f9d34c..9903ea9 100644

--- a/configure.ac

+++ b/configure.ac

@@ -81,6 +81,7 @@ PKG_CHECK_MODULES([GLIB2], [glib-2.0 >= 2.12])

 PKG_CHECK_MODULES(X, [xfixes xrandr >= 1.3 xinerama x11])

 PKG_CHECK_MODULES(SPICE, [spice-protocol >= 0.12.5])

 PKG_CHECK_MODULES(ALSA, [alsa >= 1.0.22])

+PKG_CHECK_MODULES([DBUS], [dbus-1])

 if test "$with_session_info" = "auto" || test "$with_session_info" = "systemd"; then

     PKG_CHECK_MODULES([LIBSYSTEMD_LOGIN],

@@ -100,19 +101,9 @@ fi

 AM_CONDITIONAL(HAVE_LIBSYSTEMD_LOGIN, test x"$have_libsystemd_login" = "xyes")

 if test "$with_session_info" = "auto" || test "$with_session_info" = "console-kit"; then

-    PKG_CHECK_MODULES([DBUS],

-                      [dbus-1],

-                      [have_console_kit="yes"],

-                      [have_console_kit="no"])

-    if test x"$have_console_kit" = "xno" && test "$with_session_info" = "console-kit"; then

-        AC_MSG_ERROR([console-kit support explicitly requested, but some required packages are not available])

-    fi

-    if test x"$have_console_kit" = "xyes"; then

-        AC_DEFINE([HAVE_CONSOLE_KIT], [1], [If defined, vdagentd will be compiled with ConsoleKit support])

-        with_session_info="console-kit"

-    else

-        with_session_info="none"

-    fi

+    AC_DEFINE([HAVE_CONSOLE_KIT], [1], [If defined, vdagentd will be compiled with ConsoleKit support])

+    have_console_kit="yes"

+    with_session_info="console-kit"

 else

     have_console_kit="no"

 fi

diff --git a/src/console-kit.c b/src/console-kit.c

index 759a81e..260fcc7 100644

--- a/src/console-kit.c

+++ b/src/console-kit.c

@@ -352,3 +352,10 @@ static char *console_kit_check_active_session_change(struct session_info *ck)

     return ck->active_session;

 }

+

+gboolean session_info_session_is_locked(struct session_info *info)

+{

+    /* TODO: It could be implemented based on Lock/Unlock signals from Session

+     * interface. */

+    return FALSE;

+}

diff --git a/src/dummy-session-info.c b/src/dummy-session-info.c

index e188ddc..c09643b 100644

--- a/src/dummy-session-info.c

+++ b/src/dummy-session-info.c

@@ -44,3 +44,8 @@ char *session_info_session_for_pid(struct session_info *si, uint32_t pid)

 {

     return NULL;

 }

+

+gboolean session_is_locked(struct session_info *ck)

+{

+    return FALSE;

+}

diff --git a/src/session-info.h b/src/session-info.h

index 67099de..d660fcf 100644

--- a/src/session-info.h

+++ b/src/session-info.h

@@ -24,6 +24,7 @@

 #include <stdio.h>

 #include <stdint.h>

+#include <glib.h>

 struct session_info;

@@ -36,4 +37,6 @@ const char *session_info_get_active_session(struct session_info *ck);

 /* Note result must be free()-ed by caller */

 char *session_info_session_for_pid(struct session_info *ck, uint32_t pid);

+gboolean session_info_session_is_locked(struct session_info *si);

+

 #endif

diff --git a/src/systemd-login.c b/src/systemd-login.c

index 73db37f..4a365c0 100644

--- a/src/systemd-login.c

+++ b/src/systemd-login.c

@@ -25,13 +25,121 @@

 #include <string.h>

 #include <syslog.h>

 #include <systemd/sd-login.h>

+#include <dbus/dbus.h>

 struct session_info {

     int verbose;

     sd_login_monitor *mon;

     char *session;

+    struct {

+        DBusConnection *system_connection;

+        char *match_session_signals;

+    } dbus;

+    gboolean session_is_locked;

 };

+#define LOGIND_SESSION_INTERFACE    "org.freedesktop.login1.Session"

+#define LOGIND_SESSION_OBJ_TEMPLATE "'/org/freedesktop/login1/session/_3%s'"

+

+#define SESSION_SIGNAL_LOCK         "Lock"

+#define SESSION_SIGNAL_UNLOCK       "Unlock"

+

+/* dbus related */

+static DBusConnection *si_dbus_get_system_bus(void)

+{

+    DBusConnection *connection;

+    DBusError error;

+

+    dbus_error_init(&error);

+    connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);

+    if (connection == NULL || dbus_error_is_set(&error)) {

+        if (dbus_error_is_set(&error)) {

+            syslog(LOG_WARNING, "Unable to connect to system bus: %s",

+                   error.message);

+            dbus_error_free(&error);

+        } else {

+            syslog(LOG_WARNING, "Unable to connect to system bus");

+        }

+        return NULL;

+    }

+    return connection;

+}

+

+static void si_dbus_match_remove(struct session_info *si)

+{

+    DBusError error;

+    if (si->dbus.match_session_signals == NULL)

+        return;

+

+    dbus_error_init(&error);

+    dbus_bus_remove_match(si->dbus.system_connection,

+                          si->dbus.match_session_signals,

+                          &error);

+

+    g_free(si->dbus.match_session_signals);

+    si->dbus.match_session_signals = NULL;

+}

+

+static void si_dbus_match_rule_update(struct session_info *si)

+{

+    DBusError error;

+

+    if (si->dbus.system_connection == NULL ||

+            si->session == NULL)

+        return;

+

+    si_dbus_match_remove(si);

+

+    si->dbus.match_session_signals =

+        g_strdup_printf ("type='signal',interface='%s',path="

+                         LOGIND_SESSION_OBJ_TEMPLATE,

+                         LOGIND_SESSION_INTERFACE,

+                         si->session);

+    if (si->verbose)

+        syslog(LOG_DEBUG, "logind match: %s", si->dbus.match_session_signals);

+

+    dbus_error_init(&error);

+    dbus_bus_add_match(si->dbus.system_connection,

+                       si->dbus.match_session_signals,

+                       &error);

+    if (dbus_error_is_set(&error)) {

+        syslog(LOG_WARNING, "Unable to add dbus rule match: %s",

+               error.message);

+        dbus_error_free(&error);

+        g_free(si->dbus.match_session_signals);

+        si->dbus.match_session_signals = NULL;

+    }

+}

+

+static void

+si_dbus_read_signals(struct session_info *si)

+{

+    DBusMessage *message = NULL;

+

+    dbus_connection_read_write(si->dbus.system_connection, 0);

+    message = dbus_connection_pop_message(si->dbus.system_connection);

+    while (message != NULL) {

+        const char *member;

+

+        member = dbus_message_get_member (message);

+        if (g_strcmp0(member, SESSION_SIGNAL_LOCK) == 0) {

+            si->session_is_locked = TRUE;

+        } else if (g_strcmp0(member, SESSION_SIGNAL_UNLOCK) == 0) {

+            si->session_is_locked = FALSE;

+        } else {

+            if (dbus_message_get_type(message) != DBUS_MESSAGE_TYPE_SIGNAL) {

+                syslog(LOG_WARNING, "(systemd-login) received non signal message");

+            } else if (si->verbose) {

+                syslog(LOG_DEBUG, "(systemd-login) Signal not handled: %s", member);

+            }

+        }

+

+        dbus_message_unref(message);

+        dbus_connection_read_write(si->dbus.system_connection, 0);

+        message = dbus_connection_pop_message(si->dbus.system_connection);

+    }

+}

+

 struct session_info *session_info_create(int verbose)

 {

     struct session_info *si;

@@ -42,6 +150,7 @@ struct session_info *session_info_create(int verbose)

         return NULL;

     si->verbose = verbose;

+    si->session_is_locked = FALSE;

     r = sd_login_monitor_new("session", &si->mon);

     if (r < 0) {

@@ -50,6 +159,7 @@ struct session_info *session_info_create(int verbose)

         return NULL;

     }

+    si->dbus.system_connection = si_dbus_get_system_bus();

     return si;

 }

@@ -58,6 +168,8 @@ void session_info_destroy(struct session_info *si)

     if (!si)

         return;

+    si_dbus_match_remove(si);

+    dbus_connection_close(si->dbus.system_connection);

     sd_login_monitor_unref(si->mon);

     free(si->session);

     free(si);

@@ -87,6 +199,7 @@ const char *session_info_get_active_session(struct session_info *si)

     sd_login_monitor_flush(si->mon);

     free(old_session);

+    si_dbus_match_rule_update(si);

     return si->session;

 }

@@ -104,3 +217,17 @@ char *session_info_session_for_pid(struct session_info *si, uint32_t pid)

     return session;

 }

+

+gboolean session_info_session_is_locked(struct session_info *si)

+{

+    g_return_val_if_fail (si != NULL, FALSE);

+

+    /* We could also rely on IdleHint property from Session which seems to work

+     * well in rhel7 but it wasn't working well in my own system (F23). I'm

+     * convinced for now that Lock/Unlock signals should be enough but that

+     * means Lock/Unlock being done by logind. That might take a while.

+     * Check: https://bugzilla.gnome.org/show_bug.cgi?id=764773 */

+

+    si_dbus_read_signals(si);

+    return si->session_is_locked;

+}

diff --git a/src/vdagentd.c b/src/vdagentd.c

index 2c8e973..2f77773 100644

--- a/src/vdagentd.c

+++ b/src/vdagentd.c

@@ -276,6 +276,13 @@ static void do_client_file_xfer(struct vdagent_virtio_port *vport,

                "active session, cancelling client file-xfer request %u",

                s->id, VD_AGENT_FILE_XFER_STATUS_CANCELLED);

             return;

+        } else if (session_info_session_is_locked(session_info)) {

+            syslog(LOG_DEBUG, "Session is locked, skipping file-xfer-start");

+            send_file_xfer_status(vport,

+               "User's session is locked and cannot start file transfer. "

+               "Cancelling client file-xfer request %u",

+               s->id, VD_AGENT_FILE_XFER_STATUS_ERROR);

+            return;

         }

         udscs_write(active_session_conn, VDAGENTD_FILE_XFER_START, 0, 0,

                     data, message_header->size);