|
|
ad7ee3 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
ad7ee3 |
From: Victor Toso <victortoso@redhat.com>
|
|
|
ad7ee3 |
Date: Thu, 21 Apr 2016 10:32:50 +0200
|
|
|
ad7ee3 |
Subject: [PATCH] session-info: check if session belongs to user
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
session-info back-ends such as console-kit and systemd-login have the
|
|
|
ad7ee3 |
concept of session's class which informs if session belongs to user or
|
|
|
ad7ee3 |
not [0]. We can disable features based on the session class.
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
[0] Display-Managers are 'Greeter' and Display lock screens are
|
|
|
ad7ee3 |
'lock-screen'
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
This patch introduces session_info_is_user() and disable file-xfer in
|
|
|
ad7ee3 |
case agent's session does not belong to the 'user' class. As the
|
|
|
ad7ee3 |
session-info data is hold by vdagentd, this patch also introduces
|
|
|
ad7ee3 |
VDAGENTD_FILE_XFER_DISABLE message to disable file-xfer that is done
|
|
|
ad7ee3 |
in vdagent.
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1328761
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
|
|
|
ad7ee3 |
(cherry picked from commit 4c0e9c965e059ba2b884e66f0402e061a9d886a6)
|
|
|
ad7ee3 |
---
|
|
|
ad7ee3 |
src/console-kit.c | 6 ++++++
|
|
|
ad7ee3 |
src/dummy-session-info.c | 5 +++++
|
|
|
ad7ee3 |
src/session-info.h | 1 +
|
|
|
ad7ee3 |
src/systemd-login.c | 26 ++++++++++++++++++++++++++
|
|
|
ad7ee3 |
src/vdagent.c | 9 +++++++++
|
|
|
ad7ee3 |
src/vdagentd-proto-strings.h | 1 +
|
|
|
ad7ee3 |
src/vdagentd-proto.h | 1 +
|
|
|
ad7ee3 |
src/vdagentd.c | 9 +++++++++
|
|
|
ad7ee3 |
8 files changed, 58 insertions(+)
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
diff --git a/src/console-kit.c b/src/console-kit.c
|
|
|
ad7ee3 |
index 260fcc7..573ee49 100644
|
|
|
ad7ee3 |
--- a/src/console-kit.c
|
|
|
ad7ee3 |
+++ b/src/console-kit.c
|
|
|
ad7ee3 |
@@ -359,3 +359,9 @@ gboolean session_info_session_is_locked(struct session_info *info)
|
|
|
ad7ee3 |
* interface. */
|
|
|
ad7ee3 |
return FALSE;
|
|
|
ad7ee3 |
}
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+gboolean session_info_is_user(struct session_info *info)
|
|
|
ad7ee3 |
+{
|
|
|
ad7ee3 |
+ /* TODO */
|
|
|
ad7ee3 |
+ return TRUE;
|
|
|
ad7ee3 |
+}
|
|
|
ad7ee3 |
diff --git a/src/dummy-session-info.c b/src/dummy-session-info.c
|
|
|
ad7ee3 |
index c09643b..0aa154e 100644
|
|
|
ad7ee3 |
--- a/src/dummy-session-info.c
|
|
|
ad7ee3 |
+++ b/src/dummy-session-info.c
|
|
|
ad7ee3 |
@@ -49,3 +49,8 @@ gboolean session_is_locked(struct session_info *ck)
|
|
|
ad7ee3 |
{
|
|
|
ad7ee3 |
return FALSE;
|
|
|
ad7ee3 |
}
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+gboolean session_info_is_user(struct session_info *si)
|
|
|
ad7ee3 |
+{
|
|
|
ad7ee3 |
+ return TRUE;
|
|
|
ad7ee3 |
+}
|
|
|
ad7ee3 |
diff --git a/src/session-info.h b/src/session-info.h
|
|
|
ad7ee3 |
index d660fcf..823749b 100644
|
|
|
ad7ee3 |
--- a/src/session-info.h
|
|
|
ad7ee3 |
+++ b/src/session-info.h
|
|
|
ad7ee3 |
@@ -38,5 +38,6 @@ const char *session_info_get_active_session(struct session_info *ck);
|
|
|
ad7ee3 |
char *session_info_session_for_pid(struct session_info *ck, uint32_t pid);
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
gboolean session_info_session_is_locked(struct session_info *si);
|
|
|
ad7ee3 |
+gboolean session_info_is_user(struct session_info *si);
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
#endif
|
|
|
ad7ee3 |
diff --git a/src/systemd-login.c b/src/systemd-login.c
|
|
|
ad7ee3 |
index 4a365c0..ff9a3be 100644
|
|
|
ad7ee3 |
--- a/src/systemd-login.c
|
|
|
ad7ee3 |
+++ b/src/systemd-login.c
|
|
|
ad7ee3 |
@@ -231,3 +231,29 @@ gboolean session_info_session_is_locked(struct session_info *si)
|
|
|
ad7ee3 |
si_dbus_read_signals(si);
|
|
|
ad7ee3 |
return si->session_is_locked;
|
|
|
ad7ee3 |
}
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+/* This function should only be called after session_info_get_active_session
|
|
|
ad7ee3 |
+ * in order to verify if active session belongs to user (non greeter) */
|
|
|
ad7ee3 |
+gboolean session_info_is_user(struct session_info *si)
|
|
|
ad7ee3 |
+{
|
|
|
ad7ee3 |
+ gchar *class = NULL;
|
|
|
ad7ee3 |
+ gboolean ret;
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ g_return_val_if_fail (si != NULL, TRUE);
|
|
|
ad7ee3 |
+ g_return_val_if_fail (si->session != NULL, TRUE);
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ if (sd_session_get_class(si->session, &class) != 0) {
|
|
|
ad7ee3 |
+ syslog(LOG_WARNING, "Unable to get class from session: %s",
|
|
|
ad7ee3 |
+ si->session);
|
|
|
ad7ee3 |
+ return TRUE;
|
|
|
ad7ee3 |
+ }
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ if (si->verbose)
|
|
|
ad7ee3 |
+ syslog(LOG_DEBUG, "(systemd-login) class for %s is %s",
|
|
|
ad7ee3 |
+ si->session, class);
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ ret = (g_strcmp0(class, "user") == 0);
|
|
|
ad7ee3 |
+ g_free(class);
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ return ret;
|
|
|
ad7ee3 |
+}
|
|
|
ad7ee3 |
diff --git a/src/vdagent.c b/src/vdagent.c
|
|
|
ad7ee3 |
index a0ba79e..f952ba1 100644
|
|
|
ad7ee3 |
--- a/src/vdagent.c
|
|
|
ad7ee3 |
+++ b/src/vdagent.c
|
|
|
ad7ee3 |
@@ -108,6 +108,15 @@ void daemon_read_complete(struct udscs_connection **connp,
|
|
|
ad7ee3 |
}
|
|
|
ad7ee3 |
free(data);
|
|
|
ad7ee3 |
break;
|
|
|
ad7ee3 |
+ case VDAGENTD_FILE_XFER_DISABLE:
|
|
|
ad7ee3 |
+ if (debug)
|
|
|
ad7ee3 |
+ syslog(LOG_DEBUG, "Disabling file-xfers");
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ if (vdagent_file_xfers != NULL) {
|
|
|
ad7ee3 |
+ vdagent_file_xfers_destroy(vdagent_file_xfers);
|
|
|
ad7ee3 |
+ vdagent_file_xfers = NULL;
|
|
|
ad7ee3 |
+ }
|
|
|
ad7ee3 |
+ break;
|
|
|
ad7ee3 |
case VDAGENTD_AUDIO_VOLUME_SYNC: {
|
|
|
ad7ee3 |
VDAgentAudioVolumeSync *avs = (VDAgentAudioVolumeSync *)data;
|
|
|
ad7ee3 |
if (avs->is_playback) {
|
|
|
ad7ee3 |
diff --git a/src/vdagentd-proto-strings.h b/src/vdagentd-proto-strings.h
|
|
|
ad7ee3 |
index a3fbd32..a56f380 100644
|
|
|
ad7ee3 |
--- a/src/vdagentd-proto-strings.h
|
|
|
ad7ee3 |
+++ b/src/vdagentd-proto-strings.h
|
|
|
ad7ee3 |
@@ -34,6 +34,7 @@ static const char * const vdagentd_messages[] = {
|
|
|
ad7ee3 |
"file xfer start",
|
|
|
ad7ee3 |
"file xfer status",
|
|
|
ad7ee3 |
"file xfer data",
|
|
|
ad7ee3 |
+ "file xfer disable",
|
|
|
ad7ee3 |
"client disconnected",
|
|
|
ad7ee3 |
};
|
|
|
ad7ee3 |
|
|
|
ad7ee3 |
diff --git a/src/vdagentd-proto.h b/src/vdagentd-proto.h
|
|
|
ad7ee3 |
index 0dbaaea..c1c39ad 100644
|
|
|
ad7ee3 |
--- a/src/vdagentd-proto.h
|
|
|
ad7ee3 |
+++ b/src/vdagentd-proto.h
|
|
|
ad7ee3 |
@@ -40,6 +40,7 @@ enum {
|
|
|
ad7ee3 |
VDAGENTD_FILE_XFER_START,
|
|
|
ad7ee3 |
VDAGENTD_FILE_XFER_STATUS,
|
|
|
ad7ee3 |
VDAGENTD_FILE_XFER_DATA,
|
|
|
ad7ee3 |
+ VDAGENTD_FILE_XFER_DISABLE,
|
|
|
ad7ee3 |
VDAGENTD_CLIENT_DISCONNECTED, /* daemon -> client */
|
|
|
ad7ee3 |
VDAGENTD_NO_MESSAGES /* Must always be last */
|
|
|
ad7ee3 |
};
|
|
|
ad7ee3 |
diff --git a/src/vdagentd.c b/src/vdagentd.c
|
|
|
ad7ee3 |
index 2f77773..59ea8da 100644
|
|
|
ad7ee3 |
--- a/src/vdagentd.c
|
|
|
ad7ee3 |
+++ b/src/vdagentd.c
|
|
|
ad7ee3 |
@@ -613,6 +613,15 @@ void update_active_session_connection(struct udscs_connection *new_conn)
|
|
|
ad7ee3 |
active_session_conn = new_conn;
|
|
|
ad7ee3 |
if (debug)
|
|
|
ad7ee3 |
syslog(LOG_DEBUG, "%p is now the active session", new_conn);
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
+ if (active_session_conn && !session_info_is_user(session_info)) {
|
|
|
ad7ee3 |
+ if (debug)
|
|
|
ad7ee3 |
+ syslog(LOG_DEBUG, "New session agent does not belong to user: "
|
|
|
ad7ee3 |
+ "disabling file-xfer");
|
|
|
ad7ee3 |
+ udscs_write(active_session_conn, VDAGENTD_FILE_XFER_DISABLE, 0, 0,
|
|
|
ad7ee3 |
+ NULL, 0);
|
|
|
ad7ee3 |
+ }
|
|
|
ad7ee3 |
+
|
|
|
ad7ee3 |
if (active_session_conn && mon_config)
|
|
|
ad7ee3 |
udscs_write(active_session_conn, VDAGENTD_MONITORS_CONFIG, 0, 0,
|
|
|
ad7ee3 |
(uint8_t *)mon_config, sizeof(VDAgentMonitorsConfig) +
|