summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2012-10-31 10:35:38 +0000
committerColin Watson <cjwatson@debian.org>2012-10-31 10:35:38 +0000
commit301aad188299b268452af6b67261336c88f44ab1 (patch)
tree5ec34d429196f17ea6eb2205ca8f96da32b09dd1 /debian/patches
parent5cb249b209c170d817471b575b6d105094f137bc (diff)
* Merge from Ubuntu:
- Add support for registering ConsoleKit sessions on login. (This is currently enabled only when building for Ubuntu.)
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/authorized-keys-man-symlink.patch2
-rw-r--r--debian/patches/consolekit.patch725
-rw-r--r--debian/patches/lintian-symlink-pickiness.patch2
-rw-r--r--debian/patches/series3
4 files changed, 730 insertions, 2 deletions
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 08ba01e37..6ffc716ee 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -8,7 +8,7 @@ Index: b/Makefile.in
8=================================================================== 8===================================================================
9--- a/Makefile.in 9--- a/Makefile.in
10+++ b/Makefile.in 10+++ b/Makefile.in
11@@ -276,6 +276,7 @@ 11@@ -277,6 +277,7 @@
12 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 12 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
13 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 13 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
14 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 14 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch
new file mode 100644
index 000000000..a952e4405
--- /dev/null
+++ b/debian/patches/consolekit.patch
@@ -0,0 +1,725 @@
1Description: Add support for registering ConsoleKit sessions on login
2Author: Colin Watson <cjwatson@ubuntu.com>
3Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450
4Last-Updated: 2012-10-31
5
6Index: b/Makefile.in
7===================================================================
8--- a/Makefile.in
9+++ b/Makefile.in
10@@ -94,7 +94,8 @@
11 sftp-server.o sftp-common.o \
12 roaming_common.o roaming_serv.o \
13 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
14- sandbox-seccomp-filter.o
15+ sandbox-seccomp-filter.o \
16+ consolekit.o
17
18 MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
19 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
20Index: b/configure.ac
21===================================================================
22--- a/configure.ac
23+++ b/configure.ac
24@@ -3672,6 +3672,30 @@
25 ]
26 )
27
28+# Check whether user wants ConsoleKit support
29+CONSOLEKIT_MSG="no"
30+LIBCK_CONNECTOR=""
31+AC_ARG_WITH(consolekit,
32+ [ --with-consolekit Enable ConsoleKit support],
33+ [ if test "x$withval" != "xno" ; then
34+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
35+ if test "$PKGCONFIG" != "no"; then
36+ AC_MSG_CHECKING([for ck-connector])
37+ if $PKGCONFIG --exists ck-connector; then
38+ CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
39+ CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
40+ CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
41+ SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
42+ AC_MSG_RESULT([yes])
43+ AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.])
44+ CONSOLEKIT_MSG="yes"
45+ else
46+ AC_MSG_RESULT([no])
47+ fi
48+ fi
49+ fi ]
50+)
51+
52 # Looking for programs, paths and files
53
54 PRIVSEP_PATH=/var/empty
55@@ -4435,6 +4459,7 @@
56 echo " libedit support: $LIBEDIT_MSG"
57 echo " Solaris process contract support: $SPC_MSG"
58 echo " Solaris project support: $SP_MSG"
59+echo " ConsoleKit support: $CONSOLEKIT_MSG"
60 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
61 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
62 echo " BSD Auth support: $BSD_AUTH_MSG"
63Index: b/configure
64===================================================================
65--- a/configure
66+++ b/configure
67@@ -735,6 +735,7 @@
68 with_sandbox
69 with_selinux
70 with_kerberos5
71+with_consolekit
72 with_privsep_path
73 with_xauth
74 enable_strip
75@@ -1425,6 +1426,7 @@
76 --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)
77 --with-selinux Enable SELinux support
78 --with-kerberos5=PATH Enable Kerberos 5 support
79+ --with-consolekit Enable ConsoleKit support
80 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
81 --with-xauth=PATH Specify path to xauth program
82 --with-maildir=/path/to/mail Specify your system mail directory
83@@ -15683,6 +15685,135 @@
84 fi
85
86
87+# Check whether user wants ConsoleKit support
88+CONSOLEKIT_MSG="no"
89+LIBCK_CONNECTOR=""
90+
91+# Check whether --with-consolekit was given.
92+if test "${with_consolekit+set}" = set; then :
93+ withval=$with_consolekit; if test "x$withval" != "xno" ; then
94+ if test -n "$ac_tool_prefix"; then
95+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
96+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
97+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
98+$as_echo_n "checking for $ac_word... " >&6; }
99+if ${ac_cv_path_PKGCONFIG+:} false; then :
100+ $as_echo_n "(cached) " >&6
101+else
102+ case $PKGCONFIG in
103+ [\\/]* | ?:[\\/]*)
104+ ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
105+ ;;
106+ *)
107+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
108+for as_dir in $PATH
109+do
110+ IFS=$as_save_IFS
111+ test -z "$as_dir" && as_dir=.
112+ for ac_exec_ext in '' $ac_executable_extensions; do
113+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
114+ ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
115+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
116+ break 2
117+ fi
118+done
119+ done
120+IFS=$as_save_IFS
121+
122+ ;;
123+esac
124+fi
125+PKGCONFIG=$ac_cv_path_PKGCONFIG
126+if test -n "$PKGCONFIG"; then
127+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
128+$as_echo "$PKGCONFIG" >&6; }
129+else
130+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
131+$as_echo "no" >&6; }
132+fi
133+
134+
135+fi
136+if test -z "$ac_cv_path_PKGCONFIG"; then
137+ ac_pt_PKGCONFIG=$PKGCONFIG
138+ # Extract the first word of "pkg-config", so it can be a program name with args.
139+set dummy pkg-config; ac_word=$2
140+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
141+$as_echo_n "checking for $ac_word... " >&6; }
142+if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
143+ $as_echo_n "(cached) " >&6
144+else
145+ case $ac_pt_PKGCONFIG in
146+ [\\/]* | ?:[\\/]*)
147+ ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
148+ ;;
149+ *)
150+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
151+for as_dir in $PATH
152+do
153+ IFS=$as_save_IFS
154+ test -z "$as_dir" && as_dir=.
155+ for ac_exec_ext in '' $ac_executable_extensions; do
156+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
157+ ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
158+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
159+ break 2
160+ fi
161+done
162+ done
163+IFS=$as_save_IFS
164+
165+ ;;
166+esac
167+fi
168+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
169+if test -n "$ac_pt_PKGCONFIG"; then
170+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
171+$as_echo "$ac_pt_PKGCONFIG" >&6; }
172+else
173+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
174+$as_echo "no" >&6; }
175+fi
176+
177+ if test "x$ac_pt_PKGCONFIG" = x; then
178+ PKGCONFIG="no"
179+ else
180+ case $cross_compiling:$ac_tool_warned in
181+yes:)
182+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
183+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
184+ac_tool_warned=yes ;;
185+esac
186+ PKGCONFIG=$ac_pt_PKGCONFIG
187+ fi
188+else
189+ PKGCONFIG="$ac_cv_path_PKGCONFIG"
190+fi
191+
192+ if test "$PKGCONFIG" != "no"; then
193+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5
194+$as_echo_n "checking for ck-connector... " >&6; }
195+ if $PKGCONFIG --exists ck-connector; then
196+ CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
197+ CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
198+ CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
199+ SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
200+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
201+$as_echo "yes" >&6; }
202+
203+$as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h
204+
205+ CONSOLEKIT_MSG="yes"
206+ else
207+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
208+$as_echo "no" >&6; }
209+ fi
210+ fi
211+ fi
212+
213+fi
214+
215+
216 # Looking for programs, paths and files
217
218 PRIVSEP_PATH=/var/empty
219@@ -18155,6 +18286,7 @@
220 echo " libedit support: $LIBEDIT_MSG"
221 echo " Solaris process contract support: $SPC_MSG"
222 echo " Solaris project support: $SP_MSG"
223+echo " ConsoleKit support: $CONSOLEKIT_MSG"
224 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
225 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
226 echo " BSD Auth support: $BSD_AUTH_MSG"
227Index: b/consolekit.c
228===================================================================
229--- /dev/null
230+++ b/consolekit.c
231@@ -0,0 +1,239 @@
232+/*
233+ * Copyright (c) 2008 Colin Watson. All rights reserved.
234+ *
235+ * Permission to use, copy, modify, and distribute this software for any
236+ * purpose with or without fee is hereby granted, provided that the above
237+ * copyright notice and this permission notice appear in all copies.
238+ *
239+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
240+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
241+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
242+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
243+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
244+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
245+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
246+ */
247+/*
248+ * Loosely based on pam-ck-connector, which is:
249+ *
250+ * Copyright (c) 2007 David Zeuthen <davidz@redhat.com>
251+ *
252+ * Permission is hereby granted, free of charge, to any person
253+ * obtaining a copy of this software and associated documentation
254+ * files (the "Software"), to deal in the Software without
255+ * restriction, including without limitation the rights to use,
256+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
257+ * copies of the Software, and to permit persons to whom the
258+ * Software is furnished to do so, subject to the following
259+ * conditions:
260+ *
261+ * The above copyright notice and this permission notice shall be
262+ * included in all copies or substantial portions of the Software.
263+ *
264+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
265+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
266+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
267+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
268+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
269+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
270+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
271+ * OTHER DEALINGS IN THE SOFTWARE.
272+ */
273+
274+#include "includes.h"
275+
276+#ifdef USE_CONSOLEKIT
277+
278+#include <ck-connector.h>
279+
280+#include "xmalloc.h"
281+#include "channels.h"
282+#include "key.h"
283+#include "hostfile.h"
284+#include "auth.h"
285+#include "log.h"
286+#include "servconf.h"
287+#include "canohost.h"
288+#include "session.h"
289+#include "consolekit.h"
290+
291+extern ServerOptions options;
292+extern u_int utmp_len;
293+
294+void
295+set_active(const char *cookie)
296+{
297+ DBusError err;
298+ DBusConnection *connection;
299+ DBusMessage *message = NULL, *reply = NULL;
300+ char *sid;
301+ DBusMessageIter iter, subiter;
302+ const char *interface, *property;
303+ dbus_bool_t active;
304+
305+ dbus_error_init(&err);
306+ connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
307+ if (!connection) {
308+ if (dbus_error_is_set(&err)) {
309+ error("unable to open DBus connection: %s",
310+ err.message);
311+ dbus_error_free(&err);
312+ }
313+ goto out;
314+ }
315+ dbus_connection_set_exit_on_disconnect(connection, FALSE);
316+
317+ message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
318+ "/org/freedesktop/ConsoleKit/Manager",
319+ "org.freedesktop.ConsoleKit.Manager",
320+ "GetSessionForCookie");
321+ if (!message)
322+ goto out;
323+ if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie,
324+ DBUS_TYPE_INVALID)) {
325+ if (dbus_error_is_set(&err)) {
326+ error("unable to get current session: %s",
327+ err.message);
328+ dbus_error_free(&err);
329+ }
330+ goto out;
331+ }
332+
333+ dbus_error_init(&err);
334+ reply = dbus_connection_send_with_reply_and_block(connection, message,
335+ -1, &err);
336+ if (!reply) {
337+ if (dbus_error_is_set(&err)) {
338+ error("unable to get current session: %s",
339+ err.message);
340+ dbus_error_free(&err);
341+ }
342+ goto out;
343+ }
344+
345+ dbus_error_init(&err);
346+ if (!dbus_message_get_args(reply, &err,
347+ DBUS_TYPE_OBJECT_PATH, &sid,
348+ DBUS_TYPE_INVALID)) {
349+ if (dbus_error_is_set(&err)) {
350+ error("unable to get current session: %s",
351+ err.message);
352+ dbus_error_free(&err);
353+ }
354+ goto out;
355+ }
356+ dbus_message_unref(reply);
357+ dbus_message_unref(message);
358+ message = reply = NULL;
359+
360+ message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
361+ sid, "org.freedesktop.DBus.Properties", "Set");
362+ if (!message)
363+ goto out;
364+ interface = "org.freedesktop.ConsoleKit.Session";
365+ property = "active";
366+ if (!dbus_message_append_args(message,
367+ DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property,
368+ DBUS_TYPE_INVALID))
369+ goto out;
370+ dbus_message_iter_init_append(message, &iter);
371+ if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
372+ DBUS_TYPE_BOOLEAN_AS_STRING, &subiter))
373+ goto out;
374+ active = TRUE;
375+ if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN,
376+ &active))
377+ goto out;
378+ if (!dbus_message_iter_close_container(&iter, &subiter))
379+ goto out;
380+
381+ dbus_error_init(&err);
382+ reply = dbus_connection_send_with_reply_and_block(connection, message,
383+ -1, &err);
384+ if (!reply) {
385+ if (dbus_error_is_set(&err)) {
386+ error("unable to make current session active: %s",
387+ err.message);
388+ dbus_error_free(&err);
389+ }
390+ goto out;
391+ }
392+
393+out:
394+ if (reply)
395+ dbus_message_unref(reply);
396+ if (message)
397+ dbus_message_unref(message);
398+}
399+
400+/*
401+ * We pass display separately rather than using s->display because the
402+ * latter is not available in the monitor when using privsep.
403+ */
404+
405+char *
406+consolekit_register(Session *s, const char *display)
407+{
408+ DBusError err;
409+ const char *tty = s->tty;
410+ const char *remote_host_name;
411+ dbus_bool_t is_local = FALSE;
412+ const char *cookie = NULL;
413+
414+ if (s->ckc) {
415+ debug("already registered with ConsoleKit");
416+ return xstrdup(ck_connector_get_cookie(s->ckc));
417+ }
418+
419+ s->ckc = ck_connector_new();
420+ if (!s->ckc) {
421+ error("ck_connector_new failed");
422+ return NULL;
423+ }
424+
425+ if (!tty)
426+ tty = "";
427+ if (!display)
428+ display = "";
429+ remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns);
430+ if (!remote_host_name)
431+ remote_host_name = "";
432+
433+ dbus_error_init(&err);
434+ if (!ck_connector_open_session_with_parameters(s->ckc, &err,
435+ "unix-user", &s->pw->pw_uid,
436+ "display-device", &tty,
437+ "x11-display", &display,
438+ "remote-host-name", &remote_host_name,
439+ "is-local", &is_local,
440+ NULL)) {
441+ if (dbus_error_is_set(&err)) {
442+ debug("%s", err.message);
443+ dbus_error_free(&err);
444+ } else {
445+ debug("insufficient privileges or D-Bus / ConsoleKit "
446+ "not available");
447+ }
448+ return NULL;
449+ }
450+
451+ debug("registered uid=%d on tty='%s' with ConsoleKit",
452+ s->pw->pw_uid, s->tty);
453+
454+ cookie = ck_connector_get_cookie(s->ckc);
455+ set_active(cookie);
456+ return xstrdup(cookie);
457+}
458+
459+void
460+consolekit_unregister(Session *s)
461+{
462+ if (s->ckc) {
463+ debug("unregistering ConsoleKit session %s",
464+ ck_connector_get_cookie(s->ckc));
465+ ck_connector_unref(s->ckc);
466+ s->ckc = NULL;
467+ }
468+}
469+
470+#endif /* USE_CONSOLEKIT */
471Index: b/consolekit.h
472===================================================================
473--- /dev/null
474+++ b/consolekit.h
475@@ -0,0 +1,24 @@
476+/*
477+ * Copyright (c) 2008 Colin Watson. All rights reserved.
478+ *
479+ * Permission to use, copy, modify, and distribute this software for any
480+ * purpose with or without fee is hereby granted, provided that the above
481+ * copyright notice and this permission notice appear in all copies.
482+ *
483+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
484+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
485+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
486+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
487+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
488+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
489+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
490+ */
491+
492+#ifdef USE_CONSOLEKIT
493+
494+struct Session;
495+
496+char * consolekit_register(struct Session *, const char *);
497+void consolekit_unregister(struct Session *);
498+
499+#endif /* USE_CONSOLEKIT */
500Index: b/monitor.c
501===================================================================
502--- a/monitor.c
503+++ b/monitor.c
504@@ -97,6 +97,9 @@
505 #include "ssh2.h"
506 #include "jpake.h"
507 #include "roaming.h"
508+#ifdef USE_CONSOLEKIT
509+#include "consolekit.h"
510+#endif
511
512 #ifdef GSSAPI
513 static Gssctxt *gsscontext = NULL;
514@@ -192,6 +195,10 @@
515
516 static int monitor_read_log(struct monitor *);
517
518+#ifdef USE_CONSOLEKIT
519+int mm_answer_consolekit_register(int, Buffer *);
520+#endif
521+
522 static Authctxt *authctxt;
523 static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
524
525@@ -283,6 +290,9 @@
526 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
527 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
528 #endif
529+#ifdef USE_CONSOLEKIT
530+ {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
531+#endif
532 {0, 0, NULL}
533 };
534
535@@ -325,6 +335,9 @@
536 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
537 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
538 #endif
539+#ifdef USE_CONSOLEKIT
540+ {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
541+#endif
542 {0, 0, NULL}
543 };
544
545@@ -495,6 +508,9 @@
546 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
547 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
548 }
549+#ifdef USE_CONSOLEKIT
550+ monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
551+#endif
552
553 for (;;)
554 monitor_read(pmonitor, mon_dispatch, NULL);
555@@ -2196,6 +2212,34 @@
556 buffer_put_int(m, major);
557 buffer_put_string(m, hash.value, hash.length);
558
559+#ifdef USE_CONSOLEKIT
560+int
561+mm_answer_consolekit_register(int sock, Buffer *m)
562+{
563+ Session *s;
564+ char *tty, *display;
565+ char *cookie = NULL;
566+
567+ debug3("%s entering", __func__);
568+
569+ tty = buffer_get_string(m, NULL);
570+ display = buffer_get_string(m, NULL);
571+ s = session_by_tty(tty);
572+ if (s != NULL)
573+ cookie = consolekit_register(s, display);
574+ buffer_clear(m);
575+ buffer_put_cstring(m, cookie != NULL ? cookie : "");
576+ mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
577+
578+ if (cookie != NULL)
579+ xfree(cookie);
580+ xfree(display);
581+ xfree(tty);
582+
583+ return (0);
584+}
585+#endif /* USE_CONSOLEKIT */
586+
587 mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
588
589 gss_release_buffer(&minor, &hash);
590Index: b/monitor.h
591===================================================================
592--- a/monitor.h
593+++ b/monitor.h
594@@ -62,6 +62,7 @@
595 MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
596 MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
597 MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
598+ MONITOR_REQ_CONSOLEKIT_REGISTER, MONITOR_ANS_CONSOLEKIT_REGISTER,
599 MONITOR_REQ_TERM,
600 MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
601 MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
602Index: b/monitor_wrap.c
603===================================================================
604--- a/monitor_wrap.c
605+++ b/monitor_wrap.c
606@@ -1310,6 +1310,37 @@
607 mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
608 {
609 Buffer m;
610+
611+#ifdef USE_CONSOLEKIT
612+char *
613+mm_consolekit_register(Session *s, const char *display)
614+{
615+ Buffer m;
616+ char *cookie;
617+
618+ debug3("%s entering", __func__);
619+
620+ if (s->ttyfd == -1)
621+ return NULL;
622+ buffer_init(&m);
623+ buffer_put_cstring(&m, s->tty);
624+ buffer_put_cstring(&m, display != NULL ? display : "");
625+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m);
626+ buffer_clear(&m);
627+
628+ mm_request_receive_expect(pmonitor->m_recvfd,
629+ MONITOR_ANS_CONSOLEKIT_REGISTER, &m);
630+ cookie = buffer_get_string(&m, NULL);
631+ buffer_free(&m);
632+
633+ /* treat empty cookie as missing cookie */
634+ if (strlen(cookie) == 0) {
635+ xfree(cookie);
636+ cookie = NULL;
637+ }
638+ return (cookie);
639+}
640+#endif /* USE_CONSOLEKIT */
641 OM_uint32 major;
642 u_int len;
643
644Index: b/monitor_wrap.h
645===================================================================
646--- a/monitor_wrap.h
647+++ b/monitor_wrap.h
648@@ -131,4 +131,8 @@
649 void mm_zfree(struct mm_master *, void *);
650 void mm_init_compression(struct mm_master *);
651
652+#ifdef USE_CONSOLEKIT
653+char *mm_consolekit_register(struct Session *, const char *);
654+#endif /* USE_CONSOLEKIT */
655+
656 #endif /* _MM_WRAP_H_ */
657Index: b/session.c
658===================================================================
659--- a/session.c
660+++ b/session.c
661@@ -91,6 +91,7 @@
662 #include "kex.h"
663 #include "monitor_wrap.h"
664 #include "sftp.h"
665+#include "consolekit.h"
666
667 #if defined(KRB5) && defined(USE_AFS)
668 #include <kafs.h>
669@@ -1129,6 +1130,9 @@
670 #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
671 char *path = NULL;
672 #endif
673+#ifdef USE_CONSOLEKIT
674+ const char *ckcookie = NULL;
675+#endif /* USE_CONSOLEKIT */
676
677 /* Initialize the environment. */
678 envsize = 100;
679@@ -1273,6 +1277,11 @@
680 child_set_env(&env, &envsize, "KRB5CCNAME",
681 s->authctxt->krb5_ccname);
682 #endif
683+#ifdef USE_CONSOLEKIT
684+ ckcookie = PRIVSEP(consolekit_register(s, s->display));
685+ if (ckcookie)
686+ child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie);
687+#endif /* USE_CONSOLEKIT */
688 #ifdef USE_PAM
689 /*
690 * Pull in any environment variables that may have
691@@ -2300,6 +2309,10 @@
692
693 debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
694
695+#ifdef USE_CONSOLEKIT
696+ consolekit_unregister(s);
697+#endif /* USE_CONSOLEKIT */
698+
699 /* Record that the user has logged out. */
700 if (s->pid != 0)
701 record_logout(s->pid, s->tty, s->pw->pw_name);
702Index: b/session.h
703===================================================================
704--- a/session.h
705+++ b/session.h
706@@ -26,6 +26,8 @@
707 #ifndef SESSION_H
708 #define SESSION_H
709
710+struct _CkConnector;
711+
712 #define TTYSZ 64
713 typedef struct Session Session;
714 struct Session {
715@@ -60,6 +62,10 @@
716 char *name;
717 char *val;
718 } *env;
719+
720+#ifdef USE_CONSOLEKIT
721+ struct _CkConnector *ckc;
722+#endif /* USE_CONSOLEKIT */
723 };
724
725 void do_authenticated(Authctxt *);
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
index 12877d32f..ae32969ea 100644
--- a/debian/patches/lintian-symlink-pickiness.patch
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -9,7 +9,7 @@ Index: b/Makefile.in
9=================================================================== 9===================================================================
10--- a/Makefile.in 10--- a/Makefile.in
11+++ b/Makefile.in 11+++ b/Makefile.in
12@@ -283,9 +283,9 @@ 12@@ -284,9 +284,9 @@
13 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 13 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
14 $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 14 $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
15 -rm -f $(DESTDIR)$(bindir)/slogin 15 -rm -f $(DESTDIR)$(bindir)/slogin
diff --git a/debian/patches/series b/debian/patches/series
index dd34d62e0..c5cf8de4b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,6 +17,9 @@ syslog-level-silent.patch
17quieter-signals.patch 17quieter-signals.patch
18helpful-wait-terminate.patch 18helpful-wait-terminate.patch
19 19
20# ConsoleKit
21consolekit.patch
22
20# Miscellaneous bug fixes 23# Miscellaneous bug fixes
21user-group-modes.patch 24user-group-modes.patch
22scp-quoting.patch 25scp-quoting.patch