diff options
-rw-r--r-- | Makefile.in | 3 | ||||
-rwxr-xr-x | configure | 132 | ||||
-rw-r--r-- | configure.ac | 25 | ||||
-rw-r--r-- | consolekit.c | 239 | ||||
-rw-r--r-- | consolekit.h | 24 | ||||
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | debian/patches/authorized-keys-man-symlink.patch | 2 | ||||
-rw-r--r-- | debian/patches/consolekit.patch | 725 | ||||
-rw-r--r-- | debian/patches/lintian-symlink-pickiness.patch | 2 | ||||
-rw-r--r-- | debian/patches/series | 3 | ||||
-rwxr-xr-x | debian/rules | 3 | ||||
-rw-r--r-- | monitor.c | 44 | ||||
-rw-r--r-- | monitor.h | 1 | ||||
-rw-r--r-- | monitor_wrap.c | 31 | ||||
-rw-r--r-- | monitor_wrap.h | 4 | ||||
-rw-r--r-- | session.c | 13 | ||||
-rw-r--r-- | session.h | 6 |
18 files changed, 1258 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in index 80155cc77..9a286a390 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -94,7 +94,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | |||
94 | sftp-server.o sftp-common.o \ | 94 | sftp-server.o sftp-common.o \ |
95 | roaming_common.o roaming_serv.o \ | 95 | roaming_common.o roaming_serv.o \ |
96 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ | 96 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
97 | sandbox-seccomp-filter.o | 97 | sandbox-seccomp-filter.o \ |
98 | consolekit.o | ||
98 | 99 | ||
99 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out | 100 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out |
100 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5 | 101 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5 |
@@ -735,6 +735,7 @@ with_privsep_user | |||
735 | with_sandbox | 735 | with_sandbox |
736 | with_selinux | 736 | with_selinux |
737 | with_kerberos5 | 737 | with_kerberos5 |
738 | with_consolekit | ||
738 | with_privsep_path | 739 | with_privsep_path |
739 | with_xauth | 740 | with_xauth |
740 | enable_strip | 741 | enable_strip |
@@ -1425,6 +1426,7 @@ Optional Packages: | |||
1425 | --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter) | 1426 | --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter) |
1426 | --with-selinux Enable SELinux support | 1427 | --with-selinux Enable SELinux support |
1427 | --with-kerberos5=PATH Enable Kerberos 5 support | 1428 | --with-kerberos5=PATH Enable Kerberos 5 support |
1429 | --with-consolekit Enable ConsoleKit support | ||
1428 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | 1430 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
1429 | --with-xauth=PATH Specify path to xauth program | 1431 | --with-xauth=PATH Specify path to xauth program |
1430 | --with-maildir=/path/to/mail Specify your system mail directory | 1432 | --with-maildir=/path/to/mail Specify your system mail directory |
@@ -15683,6 +15685,135 @@ fi | |||
15683 | fi | 15685 | fi |
15684 | 15686 | ||
15685 | 15687 | ||
15688 | # Check whether user wants ConsoleKit support | ||
15689 | CONSOLEKIT_MSG="no" | ||
15690 | LIBCK_CONNECTOR="" | ||
15691 | |||
15692 | # Check whether --with-consolekit was given. | ||
15693 | if test "${with_consolekit+set}" = set; then : | ||
15694 | withval=$with_consolekit; if test "x$withval" != "xno" ; then | ||
15695 | if test -n "$ac_tool_prefix"; then | ||
15696 | # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. | ||
15697 | set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 | ||
15698 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
15699 | $as_echo_n "checking for $ac_word... " >&6; } | ||
15700 | if ${ac_cv_path_PKGCONFIG+:} false; then : | ||
15701 | $as_echo_n "(cached) " >&6 | ||
15702 | else | ||
15703 | case $PKGCONFIG in | ||
15704 | [\\/]* | ?:[\\/]*) | ||
15705 | ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. | ||
15706 | ;; | ||
15707 | *) | ||
15708 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
15709 | for as_dir in $PATH | ||
15710 | do | ||
15711 | IFS=$as_save_IFS | ||
15712 | test -z "$as_dir" && as_dir=. | ||
15713 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
15714 | if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
15715 | ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
15716 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
15717 | break 2 | ||
15718 | fi | ||
15719 | done | ||
15720 | done | ||
15721 | IFS=$as_save_IFS | ||
15722 | |||
15723 | ;; | ||
15724 | esac | ||
15725 | fi | ||
15726 | PKGCONFIG=$ac_cv_path_PKGCONFIG | ||
15727 | if test -n "$PKGCONFIG"; then | ||
15728 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 | ||
15729 | $as_echo "$PKGCONFIG" >&6; } | ||
15730 | else | ||
15731 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15732 | $as_echo "no" >&6; } | ||
15733 | fi | ||
15734 | |||
15735 | |||
15736 | fi | ||
15737 | if test -z "$ac_cv_path_PKGCONFIG"; then | ||
15738 | ac_pt_PKGCONFIG=$PKGCONFIG | ||
15739 | # Extract the first word of "pkg-config", so it can be a program name with args. | ||
15740 | set dummy pkg-config; ac_word=$2 | ||
15741 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
15742 | $as_echo_n "checking for $ac_word... " >&6; } | ||
15743 | if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : | ||
15744 | $as_echo_n "(cached) " >&6 | ||
15745 | else | ||
15746 | case $ac_pt_PKGCONFIG in | ||
15747 | [\\/]* | ?:[\\/]*) | ||
15748 | ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. | ||
15749 | ;; | ||
15750 | *) | ||
15751 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
15752 | for as_dir in $PATH | ||
15753 | do | ||
15754 | IFS=$as_save_IFS | ||
15755 | test -z "$as_dir" && as_dir=. | ||
15756 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
15757 | if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
15758 | ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
15759 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
15760 | break 2 | ||
15761 | fi | ||
15762 | done | ||
15763 | done | ||
15764 | IFS=$as_save_IFS | ||
15765 | |||
15766 | ;; | ||
15767 | esac | ||
15768 | fi | ||
15769 | ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG | ||
15770 | if test -n "$ac_pt_PKGCONFIG"; then | ||
15771 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 | ||
15772 | $as_echo "$ac_pt_PKGCONFIG" >&6; } | ||
15773 | else | ||
15774 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15775 | $as_echo "no" >&6; } | ||
15776 | fi | ||
15777 | |||
15778 | if test "x$ac_pt_PKGCONFIG" = x; then | ||
15779 | PKGCONFIG="no" | ||
15780 | else | ||
15781 | case $cross_compiling:$ac_tool_warned in | ||
15782 | yes:) | ||
15783 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
15784 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
15785 | ac_tool_warned=yes ;; | ||
15786 | esac | ||
15787 | PKGCONFIG=$ac_pt_PKGCONFIG | ||
15788 | fi | ||
15789 | else | ||
15790 | PKGCONFIG="$ac_cv_path_PKGCONFIG" | ||
15791 | fi | ||
15792 | |||
15793 | if test "$PKGCONFIG" != "no"; then | ||
15794 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5 | ||
15795 | $as_echo_n "checking for ck-connector... " >&6; } | ||
15796 | if $PKGCONFIG --exists ck-connector; then | ||
15797 | CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector` | ||
15798 | CKCON_LIBS=`$PKGCONFIG --libs ck-connector` | ||
15799 | CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS" | ||
15800 | SSHDLIBS="$SSHDLIBS $CKCON_LIBS" | ||
15801 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
15802 | $as_echo "yes" >&6; } | ||
15803 | |||
15804 | $as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h | ||
15805 | |||
15806 | CONSOLEKIT_MSG="yes" | ||
15807 | else | ||
15808 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15809 | $as_echo "no" >&6; } | ||
15810 | fi | ||
15811 | fi | ||
15812 | fi | ||
15813 | |||
15814 | fi | ||
15815 | |||
15816 | |||
15686 | # Looking for programs, paths and files | 15817 | # Looking for programs, paths and files |
15687 | 15818 | ||
15688 | PRIVSEP_PATH=/var/empty | 15819 | PRIVSEP_PATH=/var/empty |
@@ -18155,6 +18286,7 @@ echo " MD5 password support: $MD5_MSG" | |||
18155 | echo " libedit support: $LIBEDIT_MSG" | 18286 | echo " libedit support: $LIBEDIT_MSG" |
18156 | echo " Solaris process contract support: $SPC_MSG" | 18287 | echo " Solaris process contract support: $SPC_MSG" |
18157 | echo " Solaris project support: $SP_MSG" | 18288 | echo " Solaris project support: $SP_MSG" |
18289 | echo " ConsoleKit support: $CONSOLEKIT_MSG" | ||
18158 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 18290 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
18159 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 18291 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
18160 | echo " BSD Auth support: $BSD_AUTH_MSG" | 18292 | echo " BSD Auth support: $BSD_AUTH_MSG" |
diff --git a/configure.ac b/configure.ac index f3718537f..fabd3e0f1 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -3672,6 +3672,30 @@ AC_ARG_WITH([kerberos5], | |||
3672 | ] | 3672 | ] |
3673 | ) | 3673 | ) |
3674 | 3674 | ||
3675 | # Check whether user wants ConsoleKit support | ||
3676 | CONSOLEKIT_MSG="no" | ||
3677 | LIBCK_CONNECTOR="" | ||
3678 | AC_ARG_WITH(consolekit, | ||
3679 | [ --with-consolekit Enable ConsoleKit support], | ||
3680 | [ if test "x$withval" != "xno" ; then | ||
3681 | AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
3682 | if test "$PKGCONFIG" != "no"; then | ||
3683 | AC_MSG_CHECKING([for ck-connector]) | ||
3684 | if $PKGCONFIG --exists ck-connector; then | ||
3685 | CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector` | ||
3686 | CKCON_LIBS=`$PKGCONFIG --libs ck-connector` | ||
3687 | CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS" | ||
3688 | SSHDLIBS="$SSHDLIBS $CKCON_LIBS" | ||
3689 | AC_MSG_RESULT([yes]) | ||
3690 | AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.]) | ||
3691 | CONSOLEKIT_MSG="yes" | ||
3692 | else | ||
3693 | AC_MSG_RESULT([no]) | ||
3694 | fi | ||
3695 | fi | ||
3696 | fi ] | ||
3697 | ) | ||
3698 | |||
3675 | # Looking for programs, paths and files | 3699 | # Looking for programs, paths and files |
3676 | 3700 | ||
3677 | PRIVSEP_PATH=/var/empty | 3701 | PRIVSEP_PATH=/var/empty |
@@ -4435,6 +4459,7 @@ echo " MD5 password support: $MD5_MSG" | |||
4435 | echo " libedit support: $LIBEDIT_MSG" | 4459 | echo " libedit support: $LIBEDIT_MSG" |
4436 | echo " Solaris process contract support: $SPC_MSG" | 4460 | echo " Solaris process contract support: $SPC_MSG" |
4437 | echo " Solaris project support: $SP_MSG" | 4461 | echo " Solaris project support: $SP_MSG" |
4462 | echo " ConsoleKit support: $CONSOLEKIT_MSG" | ||
4438 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 4463 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
4439 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 4464 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
4440 | echo " BSD Auth support: $BSD_AUTH_MSG" | 4465 | echo " BSD Auth support: $BSD_AUTH_MSG" |
diff --git a/consolekit.c b/consolekit.c new file mode 100644 index 000000000..2da3b10f6 --- /dev/null +++ b/consolekit.c | |||
@@ -0,0 +1,239 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2008 Colin Watson. All rights reserved. | ||
3 | * | ||
4 | * Permission to use, copy, modify, and distribute this software for any | ||
5 | * purpose with or without fee is hereby granted, provided that the above | ||
6 | * copyright notice and this permission notice appear in all copies. | ||
7 | * | ||
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
15 | */ | ||
16 | /* | ||
17 | * Loosely based on pam-ck-connector, which is: | ||
18 | * | ||
19 | * Copyright (c) 2007 David Zeuthen <davidz@redhat.com> | ||
20 | * | ||
21 | * Permission is hereby granted, free of charge, to any person | ||
22 | * obtaining a copy of this software and associated documentation | ||
23 | * files (the "Software"), to deal in the Software without | ||
24 | * restriction, including without limitation the rights to use, | ||
25 | * copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
26 | * copies of the Software, and to permit persons to whom the | ||
27 | * Software is furnished to do so, subject to the following | ||
28 | * conditions: | ||
29 | * | ||
30 | * The above copyright notice and this permission notice shall be | ||
31 | * included in all copies or substantial portions of the Software. | ||
32 | * | ||
33 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
34 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | ||
35 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
36 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | ||
37 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | ||
38 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||
39 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
40 | * OTHER DEALINGS IN THE SOFTWARE. | ||
41 | */ | ||
42 | |||
43 | #include "includes.h" | ||
44 | |||
45 | #ifdef USE_CONSOLEKIT | ||
46 | |||
47 | #include <ck-connector.h> | ||
48 | |||
49 | #include "xmalloc.h" | ||
50 | #include "channels.h" | ||
51 | #include "key.h" | ||
52 | #include "hostfile.h" | ||
53 | #include "auth.h" | ||
54 | #include "log.h" | ||
55 | #include "servconf.h" | ||
56 | #include "canohost.h" | ||
57 | #include "session.h" | ||
58 | #include "consolekit.h" | ||
59 | |||
60 | extern ServerOptions options; | ||
61 | extern u_int utmp_len; | ||
62 | |||
63 | void | ||
64 | set_active(const char *cookie) | ||
65 | { | ||
66 | DBusError err; | ||
67 | DBusConnection *connection; | ||
68 | DBusMessage *message = NULL, *reply = NULL; | ||
69 | char *sid; | ||
70 | DBusMessageIter iter, subiter; | ||
71 | const char *interface, *property; | ||
72 | dbus_bool_t active; | ||
73 | |||
74 | dbus_error_init(&err); | ||
75 | connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err); | ||
76 | if (!connection) { | ||
77 | if (dbus_error_is_set(&err)) { | ||
78 | error("unable to open DBus connection: %s", | ||
79 | err.message); | ||
80 | dbus_error_free(&err); | ||
81 | } | ||
82 | goto out; | ||
83 | } | ||
84 | dbus_connection_set_exit_on_disconnect(connection, FALSE); | ||
85 | |||
86 | message = dbus_message_new_method_call("org.freedesktop.ConsoleKit", | ||
87 | "/org/freedesktop/ConsoleKit/Manager", | ||
88 | "org.freedesktop.ConsoleKit.Manager", | ||
89 | "GetSessionForCookie"); | ||
90 | if (!message) | ||
91 | goto out; | ||
92 | if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie, | ||
93 | DBUS_TYPE_INVALID)) { | ||
94 | if (dbus_error_is_set(&err)) { | ||
95 | error("unable to get current session: %s", | ||
96 | err.message); | ||
97 | dbus_error_free(&err); | ||
98 | } | ||
99 | goto out; | ||
100 | } | ||
101 | |||
102 | dbus_error_init(&err); | ||
103 | reply = dbus_connection_send_with_reply_and_block(connection, message, | ||
104 | -1, &err); | ||
105 | if (!reply) { | ||
106 | if (dbus_error_is_set(&err)) { | ||
107 | error("unable to get current session: %s", | ||
108 | err.message); | ||
109 | dbus_error_free(&err); | ||
110 | } | ||
111 | goto out; | ||
112 | } | ||
113 | |||
114 | dbus_error_init(&err); | ||
115 | if (!dbus_message_get_args(reply, &err, | ||
116 | DBUS_TYPE_OBJECT_PATH, &sid, | ||
117 | DBUS_TYPE_INVALID)) { | ||
118 | if (dbus_error_is_set(&err)) { | ||
119 | error("unable to get current session: %s", | ||
120 | err.message); | ||
121 | dbus_error_free(&err); | ||
122 | } | ||
123 | goto out; | ||
124 | } | ||
125 | dbus_message_unref(reply); | ||
126 | dbus_message_unref(message); | ||
127 | message = reply = NULL; | ||
128 | |||
129 | message = dbus_message_new_method_call("org.freedesktop.ConsoleKit", | ||
130 | sid, "org.freedesktop.DBus.Properties", "Set"); | ||
131 | if (!message) | ||
132 | goto out; | ||
133 | interface = "org.freedesktop.ConsoleKit.Session"; | ||
134 | property = "active"; | ||
135 | if (!dbus_message_append_args(message, | ||
136 | DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property, | ||
137 | DBUS_TYPE_INVALID)) | ||
138 | goto out; | ||
139 | dbus_message_iter_init_append(message, &iter); | ||
140 | if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT, | ||
141 | DBUS_TYPE_BOOLEAN_AS_STRING, &subiter)) | ||
142 | goto out; | ||
143 | active = TRUE; | ||
144 | if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN, | ||
145 | &active)) | ||
146 | goto out; | ||
147 | if (!dbus_message_iter_close_container(&iter, &subiter)) | ||
148 | goto out; | ||
149 | |||
150 | dbus_error_init(&err); | ||
151 | reply = dbus_connection_send_with_reply_and_block(connection, message, | ||
152 | -1, &err); | ||
153 | if (!reply) { | ||
154 | if (dbus_error_is_set(&err)) { | ||
155 | error("unable to make current session active: %s", | ||
156 | err.message); | ||
157 | dbus_error_free(&err); | ||
158 | } | ||
159 | goto out; | ||
160 | } | ||
161 | |||
162 | out: | ||
163 | if (reply) | ||
164 | dbus_message_unref(reply); | ||
165 | if (message) | ||
166 | dbus_message_unref(message); | ||
167 | } | ||
168 | |||
169 | /* | ||
170 | * We pass display separately rather than using s->display because the | ||
171 | * latter is not available in the monitor when using privsep. | ||
172 | */ | ||
173 | |||
174 | char * | ||
175 | consolekit_register(Session *s, const char *display) | ||
176 | { | ||
177 | DBusError err; | ||
178 | const char *tty = s->tty; | ||
179 | const char *remote_host_name; | ||
180 | dbus_bool_t is_local = FALSE; | ||
181 | const char *cookie = NULL; | ||
182 | |||
183 | if (s->ckc) { | ||
184 | debug("already registered with ConsoleKit"); | ||
185 | return xstrdup(ck_connector_get_cookie(s->ckc)); | ||
186 | } | ||
187 | |||
188 | s->ckc = ck_connector_new(); | ||
189 | if (!s->ckc) { | ||
190 | error("ck_connector_new failed"); | ||
191 | return NULL; | ||
192 | } | ||
193 | |||
194 | if (!tty) | ||
195 | tty = ""; | ||
196 | if (!display) | ||
197 | display = ""; | ||
198 | remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns); | ||
199 | if (!remote_host_name) | ||
200 | remote_host_name = ""; | ||
201 | |||
202 | dbus_error_init(&err); | ||
203 | if (!ck_connector_open_session_with_parameters(s->ckc, &err, | ||
204 | "unix-user", &s->pw->pw_uid, | ||
205 | "display-device", &tty, | ||
206 | "x11-display", &display, | ||
207 | "remote-host-name", &remote_host_name, | ||
208 | "is-local", &is_local, | ||
209 | NULL)) { | ||
210 | if (dbus_error_is_set(&err)) { | ||
211 | debug("%s", err.message); | ||
212 | dbus_error_free(&err); | ||
213 | } else { | ||
214 | debug("insufficient privileges or D-Bus / ConsoleKit " | ||
215 | "not available"); | ||
216 | } | ||
217 | return NULL; | ||
218 | } | ||
219 | |||
220 | debug("registered uid=%d on tty='%s' with ConsoleKit", | ||
221 | s->pw->pw_uid, s->tty); | ||
222 | |||
223 | cookie = ck_connector_get_cookie(s->ckc); | ||
224 | set_active(cookie); | ||
225 | return xstrdup(cookie); | ||
226 | } | ||
227 | |||
228 | void | ||
229 | consolekit_unregister(Session *s) | ||
230 | { | ||
231 | if (s->ckc) { | ||
232 | debug("unregistering ConsoleKit session %s", | ||
233 | ck_connector_get_cookie(s->ckc)); | ||
234 | ck_connector_unref(s->ckc); | ||
235 | s->ckc = NULL; | ||
236 | } | ||
237 | } | ||
238 | |||
239 | #endif /* USE_CONSOLEKIT */ | ||
diff --git a/consolekit.h b/consolekit.h new file mode 100644 index 000000000..8ce371690 --- /dev/null +++ b/consolekit.h | |||
@@ -0,0 +1,24 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2008 Colin Watson. All rights reserved. | ||
3 | * | ||
4 | * Permission to use, copy, modify, and distribute this software for any | ||
5 | * purpose with or without fee is hereby granted, provided that the above | ||
6 | * copyright notice and this permission notice appear in all copies. | ||
7 | * | ||
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
15 | */ | ||
16 | |||
17 | #ifdef USE_CONSOLEKIT | ||
18 | |||
19 | struct Session; | ||
20 | |||
21 | char * consolekit_register(struct Session *, const char *); | ||
22 | void consolekit_unregister(struct Session *); | ||
23 | |||
24 | #endif /* USE_CONSOLEKIT */ | ||
diff --git a/debian/changelog b/debian/changelog index eb94dd09f..2c137c99b 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,6 +1,9 @@ | |||
1 | openssh (1:6.1p1-2) UNRELEASED; urgency=low | 1 | openssh (1:6.1p1-2) UNRELEASED; urgency=low |
2 | 2 | ||
3 | * Use xz compression for binary packages. | 3 | * Use xz compression for binary packages. |
4 | * Merge from Ubuntu: | ||
5 | - Add support for registering ConsoleKit sessions on login. (This is | ||
6 | currently enabled only when building for Ubuntu.) | ||
4 | 7 | ||
5 | -- Colin Watson <cjwatson@debian.org> Fri, 28 Sep 2012 17:54:42 +0100 | 8 | -- Colin Watson <cjwatson@debian.org> Fri, 28 Sep 2012 17:54:42 +0100 |
6 | 9 | ||
diff --git a/debian/control b/debian/control index ff8f63c18..1105b0699 100644 --- a/debian/control +++ b/debian/control | |||
@@ -2,7 +2,7 @@ Source: openssh | |||
2 | Section: net | 2 | Section: net |
3 | Priority: standard | 3 | Priority: standard |
4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | 4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
5 | Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 7.4.2~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~) | 5 | Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 7.4.2~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev |
6 | Standards-Version: 3.8.4 | 6 | Standards-Version: 3.8.4 |
7 | Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> | 7 | Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> |
8 | Homepage: http://www.openssh.org/ | 8 | Homepage: http://www.openssh.org/ |
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 08ba01e37..6ffc716ee 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -8,7 +8,7 @@ Index: b/Makefile.in | |||
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/Makefile.in | 9 | --- a/Makefile.in |
10 | +++ b/Makefile.in | 10 | +++ b/Makefile.in |
11 | @@ -276,6 +276,7 @@ | 11 | @@ -277,6 +277,7 @@ |
12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 | 12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 |
13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 | 13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 |
14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch new file mode 100644 index 000000000..a952e4405 --- /dev/null +++ b/debian/patches/consolekit.patch | |||
@@ -0,0 +1,725 @@ | |||
1 | Description: Add support for registering ConsoleKit sessions on login | ||
2 | Author: Colin Watson <cjwatson@ubuntu.com> | ||
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450 | ||
4 | Last-Updated: 2012-10-31 | ||
5 | |||
6 | Index: b/Makefile.in | ||
7 | =================================================================== | ||
8 | --- a/Makefile.in | ||
9 | +++ b/Makefile.in | ||
10 | @@ -94,7 +94,8 @@ | ||
11 | sftp-server.o sftp-common.o \ | ||
12 | roaming_common.o roaming_serv.o \ | ||
13 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ | ||
14 | - sandbox-seccomp-filter.o | ||
15 | + sandbox-seccomp-filter.o \ | ||
16 | + consolekit.o | ||
17 | |||
18 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out | ||
19 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5 | ||
20 | Index: b/configure.ac | ||
21 | =================================================================== | ||
22 | --- a/configure.ac | ||
23 | +++ b/configure.ac | ||
24 | @@ -3672,6 +3672,30 @@ | ||
25 | ] | ||
26 | ) | ||
27 | |||
28 | +# Check whether user wants ConsoleKit support | ||
29 | +CONSOLEKIT_MSG="no" | ||
30 | +LIBCK_CONNECTOR="" | ||
31 | +AC_ARG_WITH(consolekit, | ||
32 | + [ --with-consolekit Enable ConsoleKit support], | ||
33 | + [ if test "x$withval" != "xno" ; then | ||
34 | + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
35 | + if test "$PKGCONFIG" != "no"; then | ||
36 | + AC_MSG_CHECKING([for ck-connector]) | ||
37 | + if $PKGCONFIG --exists ck-connector; then | ||
38 | + CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector` | ||
39 | + CKCON_LIBS=`$PKGCONFIG --libs ck-connector` | ||
40 | + CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS" | ||
41 | + SSHDLIBS="$SSHDLIBS $CKCON_LIBS" | ||
42 | + AC_MSG_RESULT([yes]) | ||
43 | + AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.]) | ||
44 | + CONSOLEKIT_MSG="yes" | ||
45 | + else | ||
46 | + AC_MSG_RESULT([no]) | ||
47 | + fi | ||
48 | + fi | ||
49 | + fi ] | ||
50 | +) | ||
51 | + | ||
52 | # Looking for programs, paths and files | ||
53 | |||
54 | PRIVSEP_PATH=/var/empty | ||
55 | @@ -4435,6 +4459,7 @@ | ||
56 | echo " libedit support: $LIBEDIT_MSG" | ||
57 | echo " Solaris process contract support: $SPC_MSG" | ||
58 | echo " Solaris project support: $SP_MSG" | ||
59 | +echo " ConsoleKit support: $CONSOLEKIT_MSG" | ||
60 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
61 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
62 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
63 | Index: b/configure | ||
64 | =================================================================== | ||
65 | --- a/configure | ||
66 | +++ b/configure | ||
67 | @@ -735,6 +735,7 @@ | ||
68 | with_sandbox | ||
69 | with_selinux | ||
70 | with_kerberos5 | ||
71 | +with_consolekit | ||
72 | with_privsep_path | ||
73 | with_xauth | ||
74 | enable_strip | ||
75 | @@ -1425,6 +1426,7 @@ | ||
76 | --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter) | ||
77 | --with-selinux Enable SELinux support | ||
78 | --with-kerberos5=PATH Enable Kerberos 5 support | ||
79 | + --with-consolekit Enable ConsoleKit support | ||
80 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | ||
81 | --with-xauth=PATH Specify path to xauth program | ||
82 | --with-maildir=/path/to/mail Specify your system mail directory | ||
83 | @@ -15683,6 +15685,135 @@ | ||
84 | fi | ||
85 | |||
86 | |||
87 | +# Check whether user wants ConsoleKit support | ||
88 | +CONSOLEKIT_MSG="no" | ||
89 | +LIBCK_CONNECTOR="" | ||
90 | + | ||
91 | +# Check whether --with-consolekit was given. | ||
92 | +if test "${with_consolekit+set}" = set; then : | ||
93 | + withval=$with_consolekit; if test "x$withval" != "xno" ; then | ||
94 | + if test -n "$ac_tool_prefix"; then | ||
95 | + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. | ||
96 | +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 | ||
97 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
98 | +$as_echo_n "checking for $ac_word... " >&6; } | ||
99 | +if ${ac_cv_path_PKGCONFIG+:} false; then : | ||
100 | + $as_echo_n "(cached) " >&6 | ||
101 | +else | ||
102 | + case $PKGCONFIG in | ||
103 | + [\\/]* | ?:[\\/]*) | ||
104 | + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. | ||
105 | + ;; | ||
106 | + *) | ||
107 | + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
108 | +for as_dir in $PATH | ||
109 | +do | ||
110 | + IFS=$as_save_IFS | ||
111 | + test -z "$as_dir" && as_dir=. | ||
112 | + for ac_exec_ext in '' $ac_executable_extensions; do | ||
113 | + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
114 | + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
115 | + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
116 | + break 2 | ||
117 | + fi | ||
118 | +done | ||
119 | + done | ||
120 | +IFS=$as_save_IFS | ||
121 | + | ||
122 | + ;; | ||
123 | +esac | ||
124 | +fi | ||
125 | +PKGCONFIG=$ac_cv_path_PKGCONFIG | ||
126 | +if test -n "$PKGCONFIG"; then | ||
127 | + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 | ||
128 | +$as_echo "$PKGCONFIG" >&6; } | ||
129 | +else | ||
130 | + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
131 | +$as_echo "no" >&6; } | ||
132 | +fi | ||
133 | + | ||
134 | + | ||
135 | +fi | ||
136 | +if test -z "$ac_cv_path_PKGCONFIG"; then | ||
137 | + ac_pt_PKGCONFIG=$PKGCONFIG | ||
138 | + # Extract the first word of "pkg-config", so it can be a program name with args. | ||
139 | +set dummy pkg-config; ac_word=$2 | ||
140 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
141 | +$as_echo_n "checking for $ac_word... " >&6; } | ||
142 | +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : | ||
143 | + $as_echo_n "(cached) " >&6 | ||
144 | +else | ||
145 | + case $ac_pt_PKGCONFIG in | ||
146 | + [\\/]* | ?:[\\/]*) | ||
147 | + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. | ||
148 | + ;; | ||
149 | + *) | ||
150 | + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
151 | +for as_dir in $PATH | ||
152 | +do | ||
153 | + IFS=$as_save_IFS | ||
154 | + test -z "$as_dir" && as_dir=. | ||
155 | + for ac_exec_ext in '' $ac_executable_extensions; do | ||
156 | + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
157 | + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
158 | + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
159 | + break 2 | ||
160 | + fi | ||
161 | +done | ||
162 | + done | ||
163 | +IFS=$as_save_IFS | ||
164 | + | ||
165 | + ;; | ||
166 | +esac | ||
167 | +fi | ||
168 | +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG | ||
169 | +if test -n "$ac_pt_PKGCONFIG"; then | ||
170 | + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 | ||
171 | +$as_echo "$ac_pt_PKGCONFIG" >&6; } | ||
172 | +else | ||
173 | + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
174 | +$as_echo "no" >&6; } | ||
175 | +fi | ||
176 | + | ||
177 | + if test "x$ac_pt_PKGCONFIG" = x; then | ||
178 | + PKGCONFIG="no" | ||
179 | + else | ||
180 | + case $cross_compiling:$ac_tool_warned in | ||
181 | +yes:) | ||
182 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
183 | +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
184 | +ac_tool_warned=yes ;; | ||
185 | +esac | ||
186 | + PKGCONFIG=$ac_pt_PKGCONFIG | ||
187 | + fi | ||
188 | +else | ||
189 | + PKGCONFIG="$ac_cv_path_PKGCONFIG" | ||
190 | +fi | ||
191 | + | ||
192 | + if test "$PKGCONFIG" != "no"; then | ||
193 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5 | ||
194 | +$as_echo_n "checking for ck-connector... " >&6; } | ||
195 | + if $PKGCONFIG --exists ck-connector; then | ||
196 | + CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector` | ||
197 | + CKCON_LIBS=`$PKGCONFIG --libs ck-connector` | ||
198 | + CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS" | ||
199 | + SSHDLIBS="$SSHDLIBS $CKCON_LIBS" | ||
200 | + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
201 | +$as_echo "yes" >&6; } | ||
202 | + | ||
203 | +$as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h | ||
204 | + | ||
205 | + CONSOLEKIT_MSG="yes" | ||
206 | + else | ||
207 | + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
208 | +$as_echo "no" >&6; } | ||
209 | + fi | ||
210 | + fi | ||
211 | + fi | ||
212 | + | ||
213 | +fi | ||
214 | + | ||
215 | + | ||
216 | # Looking for programs, paths and files | ||
217 | |||
218 | PRIVSEP_PATH=/var/empty | ||
219 | @@ -18155,6 +18286,7 @@ | ||
220 | echo " libedit support: $LIBEDIT_MSG" | ||
221 | echo " Solaris process contract support: $SPC_MSG" | ||
222 | echo " Solaris project support: $SP_MSG" | ||
223 | +echo " ConsoleKit support: $CONSOLEKIT_MSG" | ||
224 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
225 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
226 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
227 | Index: b/consolekit.c | ||
228 | =================================================================== | ||
229 | --- /dev/null | ||
230 | +++ b/consolekit.c | ||
231 | @@ -0,0 +1,239 @@ | ||
232 | +/* | ||
233 | + * Copyright (c) 2008 Colin Watson. All rights reserved. | ||
234 | + * | ||
235 | + * Permission to use, copy, modify, and distribute this software for any | ||
236 | + * purpose with or without fee is hereby granted, provided that the above | ||
237 | + * copyright notice and this permission notice appear in all copies. | ||
238 | + * | ||
239 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
240 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
241 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
242 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
243 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
244 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
245 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
246 | + */ | ||
247 | +/* | ||
248 | + * Loosely based on pam-ck-connector, which is: | ||
249 | + * | ||
250 | + * Copyright (c) 2007 David Zeuthen <davidz@redhat.com> | ||
251 | + * | ||
252 | + * Permission is hereby granted, free of charge, to any person | ||
253 | + * obtaining a copy of this software and associated documentation | ||
254 | + * files (the "Software"), to deal in the Software without | ||
255 | + * restriction, including without limitation the rights to use, | ||
256 | + * copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
257 | + * copies of the Software, and to permit persons to whom the | ||
258 | + * Software is furnished to do so, subject to the following | ||
259 | + * conditions: | ||
260 | + * | ||
261 | + * The above copyright notice and this permission notice shall be | ||
262 | + * included in all copies or substantial portions of the Software. | ||
263 | + * | ||
264 | + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
265 | + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | ||
266 | + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
267 | + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | ||
268 | + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | ||
269 | + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||
270 | + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
271 | + * OTHER DEALINGS IN THE SOFTWARE. | ||
272 | + */ | ||
273 | + | ||
274 | +#include "includes.h" | ||
275 | + | ||
276 | +#ifdef USE_CONSOLEKIT | ||
277 | + | ||
278 | +#include <ck-connector.h> | ||
279 | + | ||
280 | +#include "xmalloc.h" | ||
281 | +#include "channels.h" | ||
282 | +#include "key.h" | ||
283 | +#include "hostfile.h" | ||
284 | +#include "auth.h" | ||
285 | +#include "log.h" | ||
286 | +#include "servconf.h" | ||
287 | +#include "canohost.h" | ||
288 | +#include "session.h" | ||
289 | +#include "consolekit.h" | ||
290 | + | ||
291 | +extern ServerOptions options; | ||
292 | +extern u_int utmp_len; | ||
293 | + | ||
294 | +void | ||
295 | +set_active(const char *cookie) | ||
296 | +{ | ||
297 | + DBusError err; | ||
298 | + DBusConnection *connection; | ||
299 | + DBusMessage *message = NULL, *reply = NULL; | ||
300 | + char *sid; | ||
301 | + DBusMessageIter iter, subiter; | ||
302 | + const char *interface, *property; | ||
303 | + dbus_bool_t active; | ||
304 | + | ||
305 | + dbus_error_init(&err); | ||
306 | + connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err); | ||
307 | + if (!connection) { | ||
308 | + if (dbus_error_is_set(&err)) { | ||
309 | + error("unable to open DBus connection: %s", | ||
310 | + err.message); | ||
311 | + dbus_error_free(&err); | ||
312 | + } | ||
313 | + goto out; | ||
314 | + } | ||
315 | + dbus_connection_set_exit_on_disconnect(connection, FALSE); | ||
316 | + | ||
317 | + message = dbus_message_new_method_call("org.freedesktop.ConsoleKit", | ||
318 | + "/org/freedesktop/ConsoleKit/Manager", | ||
319 | + "org.freedesktop.ConsoleKit.Manager", | ||
320 | + "GetSessionForCookie"); | ||
321 | + if (!message) | ||
322 | + goto out; | ||
323 | + if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie, | ||
324 | + DBUS_TYPE_INVALID)) { | ||
325 | + if (dbus_error_is_set(&err)) { | ||
326 | + error("unable to get current session: %s", | ||
327 | + err.message); | ||
328 | + dbus_error_free(&err); | ||
329 | + } | ||
330 | + goto out; | ||
331 | + } | ||
332 | + | ||
333 | + dbus_error_init(&err); | ||
334 | + reply = dbus_connection_send_with_reply_and_block(connection, message, | ||
335 | + -1, &err); | ||
336 | + if (!reply) { | ||
337 | + if (dbus_error_is_set(&err)) { | ||
338 | + error("unable to get current session: %s", | ||
339 | + err.message); | ||
340 | + dbus_error_free(&err); | ||
341 | + } | ||
342 | + goto out; | ||
343 | + } | ||
344 | + | ||
345 | + dbus_error_init(&err); | ||
346 | + if (!dbus_message_get_args(reply, &err, | ||
347 | + DBUS_TYPE_OBJECT_PATH, &sid, | ||
348 | + DBUS_TYPE_INVALID)) { | ||
349 | + if (dbus_error_is_set(&err)) { | ||
350 | + error("unable to get current session: %s", | ||
351 | + err.message); | ||
352 | + dbus_error_free(&err); | ||
353 | + } | ||
354 | + goto out; | ||
355 | + } | ||
356 | + dbus_message_unref(reply); | ||
357 | + dbus_message_unref(message); | ||
358 | + message = reply = NULL; | ||
359 | + | ||
360 | + message = dbus_message_new_method_call("org.freedesktop.ConsoleKit", | ||
361 | + sid, "org.freedesktop.DBus.Properties", "Set"); | ||
362 | + if (!message) | ||
363 | + goto out; | ||
364 | + interface = "org.freedesktop.ConsoleKit.Session"; | ||
365 | + property = "active"; | ||
366 | + if (!dbus_message_append_args(message, | ||
367 | + DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property, | ||
368 | + DBUS_TYPE_INVALID)) | ||
369 | + goto out; | ||
370 | + dbus_message_iter_init_append(message, &iter); | ||
371 | + if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT, | ||
372 | + DBUS_TYPE_BOOLEAN_AS_STRING, &subiter)) | ||
373 | + goto out; | ||
374 | + active = TRUE; | ||
375 | + if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN, | ||
376 | + &active)) | ||
377 | + goto out; | ||
378 | + if (!dbus_message_iter_close_container(&iter, &subiter)) | ||
379 | + goto out; | ||
380 | + | ||
381 | + dbus_error_init(&err); | ||
382 | + reply = dbus_connection_send_with_reply_and_block(connection, message, | ||
383 | + -1, &err); | ||
384 | + if (!reply) { | ||
385 | + if (dbus_error_is_set(&err)) { | ||
386 | + error("unable to make current session active: %s", | ||
387 | + err.message); | ||
388 | + dbus_error_free(&err); | ||
389 | + } | ||
390 | + goto out; | ||
391 | + } | ||
392 | + | ||
393 | +out: | ||
394 | + if (reply) | ||
395 | + dbus_message_unref(reply); | ||
396 | + if (message) | ||
397 | + dbus_message_unref(message); | ||
398 | +} | ||
399 | + | ||
400 | +/* | ||
401 | + * We pass display separately rather than using s->display because the | ||
402 | + * latter is not available in the monitor when using privsep. | ||
403 | + */ | ||
404 | + | ||
405 | +char * | ||
406 | +consolekit_register(Session *s, const char *display) | ||
407 | +{ | ||
408 | + DBusError err; | ||
409 | + const char *tty = s->tty; | ||
410 | + const char *remote_host_name; | ||
411 | + dbus_bool_t is_local = FALSE; | ||
412 | + const char *cookie = NULL; | ||
413 | + | ||
414 | + if (s->ckc) { | ||
415 | + debug("already registered with ConsoleKit"); | ||
416 | + return xstrdup(ck_connector_get_cookie(s->ckc)); | ||
417 | + } | ||
418 | + | ||
419 | + s->ckc = ck_connector_new(); | ||
420 | + if (!s->ckc) { | ||
421 | + error("ck_connector_new failed"); | ||
422 | + return NULL; | ||
423 | + } | ||
424 | + | ||
425 | + if (!tty) | ||
426 | + tty = ""; | ||
427 | + if (!display) | ||
428 | + display = ""; | ||
429 | + remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns); | ||
430 | + if (!remote_host_name) | ||
431 | + remote_host_name = ""; | ||
432 | + | ||
433 | + dbus_error_init(&err); | ||
434 | + if (!ck_connector_open_session_with_parameters(s->ckc, &err, | ||
435 | + "unix-user", &s->pw->pw_uid, | ||
436 | + "display-device", &tty, | ||
437 | + "x11-display", &display, | ||
438 | + "remote-host-name", &remote_host_name, | ||
439 | + "is-local", &is_local, | ||
440 | + NULL)) { | ||
441 | + if (dbus_error_is_set(&err)) { | ||
442 | + debug("%s", err.message); | ||
443 | + dbus_error_free(&err); | ||
444 | + } else { | ||
445 | + debug("insufficient privileges or D-Bus / ConsoleKit " | ||
446 | + "not available"); | ||
447 | + } | ||
448 | + return NULL; | ||
449 | + } | ||
450 | + | ||
451 | + debug("registered uid=%d on tty='%s' with ConsoleKit", | ||
452 | + s->pw->pw_uid, s->tty); | ||
453 | + | ||
454 | + cookie = ck_connector_get_cookie(s->ckc); | ||
455 | + set_active(cookie); | ||
456 | + return xstrdup(cookie); | ||
457 | +} | ||
458 | + | ||
459 | +void | ||
460 | +consolekit_unregister(Session *s) | ||
461 | +{ | ||
462 | + if (s->ckc) { | ||
463 | + debug("unregistering ConsoleKit session %s", | ||
464 | + ck_connector_get_cookie(s->ckc)); | ||
465 | + ck_connector_unref(s->ckc); | ||
466 | + s->ckc = NULL; | ||
467 | + } | ||
468 | +} | ||
469 | + | ||
470 | +#endif /* USE_CONSOLEKIT */ | ||
471 | Index: b/consolekit.h | ||
472 | =================================================================== | ||
473 | --- /dev/null | ||
474 | +++ b/consolekit.h | ||
475 | @@ -0,0 +1,24 @@ | ||
476 | +/* | ||
477 | + * Copyright (c) 2008 Colin Watson. All rights reserved. | ||
478 | + * | ||
479 | + * Permission to use, copy, modify, and distribute this software for any | ||
480 | + * purpose with or without fee is hereby granted, provided that the above | ||
481 | + * copyright notice and this permission notice appear in all copies. | ||
482 | + * | ||
483 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
484 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
485 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
486 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
487 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
488 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
489 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
490 | + */ | ||
491 | + | ||
492 | +#ifdef USE_CONSOLEKIT | ||
493 | + | ||
494 | +struct Session; | ||
495 | + | ||
496 | +char * consolekit_register(struct Session *, const char *); | ||
497 | +void consolekit_unregister(struct Session *); | ||
498 | + | ||
499 | +#endif /* USE_CONSOLEKIT */ | ||
500 | Index: b/monitor.c | ||
501 | =================================================================== | ||
502 | --- a/monitor.c | ||
503 | +++ b/monitor.c | ||
504 | @@ -97,6 +97,9 @@ | ||
505 | #include "ssh2.h" | ||
506 | #include "jpake.h" | ||
507 | #include "roaming.h" | ||
508 | +#ifdef USE_CONSOLEKIT | ||
509 | +#include "consolekit.h" | ||
510 | +#endif | ||
511 | |||
512 | #ifdef GSSAPI | ||
513 | static Gssctxt *gsscontext = NULL; | ||
514 | @@ -192,6 +195,10 @@ | ||
515 | |||
516 | static int monitor_read_log(struct monitor *); | ||
517 | |||
518 | +#ifdef USE_CONSOLEKIT | ||
519 | +int mm_answer_consolekit_register(int, Buffer *); | ||
520 | +#endif | ||
521 | + | ||
522 | static Authctxt *authctxt; | ||
523 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | ||
524 | |||
525 | @@ -283,6 +290,9 @@ | ||
526 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
527 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | ||
528 | #endif | ||
529 | +#ifdef USE_CONSOLEKIT | ||
530 | + {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, | ||
531 | +#endif | ||
532 | {0, 0, NULL} | ||
533 | }; | ||
534 | |||
535 | @@ -325,6 +335,9 @@ | ||
536 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
537 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | ||
538 | #endif | ||
539 | +#ifdef USE_CONSOLEKIT | ||
540 | + {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, | ||
541 | +#endif | ||
542 | {0, 0, NULL} | ||
543 | }; | ||
544 | |||
545 | @@ -495,6 +508,9 @@ | ||
546 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | ||
547 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); | ||
548 | } | ||
549 | +#ifdef USE_CONSOLEKIT | ||
550 | + monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1); | ||
551 | +#endif | ||
552 | |||
553 | for (;;) | ||
554 | monitor_read(pmonitor, mon_dispatch, NULL); | ||
555 | @@ -2196,6 +2212,34 @@ | ||
556 | buffer_put_int(m, major); | ||
557 | buffer_put_string(m, hash.value, hash.length); | ||
558 | |||
559 | +#ifdef USE_CONSOLEKIT | ||
560 | +int | ||
561 | +mm_answer_consolekit_register(int sock, Buffer *m) | ||
562 | +{ | ||
563 | + Session *s; | ||
564 | + char *tty, *display; | ||
565 | + char *cookie = NULL; | ||
566 | + | ||
567 | + debug3("%s entering", __func__); | ||
568 | + | ||
569 | + tty = buffer_get_string(m, NULL); | ||
570 | + display = buffer_get_string(m, NULL); | ||
571 | + s = session_by_tty(tty); | ||
572 | + if (s != NULL) | ||
573 | + cookie = consolekit_register(s, display); | ||
574 | + buffer_clear(m); | ||
575 | + buffer_put_cstring(m, cookie != NULL ? cookie : ""); | ||
576 | + mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); | ||
577 | + | ||
578 | + if (cookie != NULL) | ||
579 | + xfree(cookie); | ||
580 | + xfree(display); | ||
581 | + xfree(tty); | ||
582 | + | ||
583 | + return (0); | ||
584 | +} | ||
585 | +#endif /* USE_CONSOLEKIT */ | ||
586 | + | ||
587 | mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); | ||
588 | |||
589 | gss_release_buffer(&minor, &hash); | ||
590 | Index: b/monitor.h | ||
591 | =================================================================== | ||
592 | --- a/monitor.h | ||
593 | +++ b/monitor.h | ||
594 | @@ -62,6 +62,7 @@ | ||
595 | MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, | ||
596 | MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, | ||
597 | MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, | ||
598 | + MONITOR_REQ_CONSOLEKIT_REGISTER, MONITOR_ANS_CONSOLEKIT_REGISTER, | ||
599 | MONITOR_REQ_TERM, | ||
600 | MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, | ||
601 | MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, | ||
602 | Index: b/monitor_wrap.c | ||
603 | =================================================================== | ||
604 | --- a/monitor_wrap.c | ||
605 | +++ b/monitor_wrap.c | ||
606 | @@ -1310,6 +1310,37 @@ | ||
607 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | ||
608 | { | ||
609 | Buffer m; | ||
610 | + | ||
611 | +#ifdef USE_CONSOLEKIT | ||
612 | +char * | ||
613 | +mm_consolekit_register(Session *s, const char *display) | ||
614 | +{ | ||
615 | + Buffer m; | ||
616 | + char *cookie; | ||
617 | + | ||
618 | + debug3("%s entering", __func__); | ||
619 | + | ||
620 | + if (s->ttyfd == -1) | ||
621 | + return NULL; | ||
622 | + buffer_init(&m); | ||
623 | + buffer_put_cstring(&m, s->tty); | ||
624 | + buffer_put_cstring(&m, display != NULL ? display : ""); | ||
625 | + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m); | ||
626 | + buffer_clear(&m); | ||
627 | + | ||
628 | + mm_request_receive_expect(pmonitor->m_recvfd, | ||
629 | + MONITOR_ANS_CONSOLEKIT_REGISTER, &m); | ||
630 | + cookie = buffer_get_string(&m, NULL); | ||
631 | + buffer_free(&m); | ||
632 | + | ||
633 | + /* treat empty cookie as missing cookie */ | ||
634 | + if (strlen(cookie) == 0) { | ||
635 | + xfree(cookie); | ||
636 | + cookie = NULL; | ||
637 | + } | ||
638 | + return (cookie); | ||
639 | +} | ||
640 | +#endif /* USE_CONSOLEKIT */ | ||
641 | OM_uint32 major; | ||
642 | u_int len; | ||
643 | |||
644 | Index: b/monitor_wrap.h | ||
645 | =================================================================== | ||
646 | --- a/monitor_wrap.h | ||
647 | +++ b/monitor_wrap.h | ||
648 | @@ -131,4 +131,8 @@ | ||
649 | void mm_zfree(struct mm_master *, void *); | ||
650 | void mm_init_compression(struct mm_master *); | ||
651 | |||
652 | +#ifdef USE_CONSOLEKIT | ||
653 | +char *mm_consolekit_register(struct Session *, const char *); | ||
654 | +#endif /* USE_CONSOLEKIT */ | ||
655 | + | ||
656 | #endif /* _MM_WRAP_H_ */ | ||
657 | Index: b/session.c | ||
658 | =================================================================== | ||
659 | --- a/session.c | ||
660 | +++ b/session.c | ||
661 | @@ -91,6 +91,7 @@ | ||
662 | #include "kex.h" | ||
663 | #include "monitor_wrap.h" | ||
664 | #include "sftp.h" | ||
665 | +#include "consolekit.h" | ||
666 | |||
667 | #if defined(KRB5) && defined(USE_AFS) | ||
668 | #include <kafs.h> | ||
669 | @@ -1129,6 +1130,9 @@ | ||
670 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) | ||
671 | char *path = NULL; | ||
672 | #endif | ||
673 | +#ifdef USE_CONSOLEKIT | ||
674 | + const char *ckcookie = NULL; | ||
675 | +#endif /* USE_CONSOLEKIT */ | ||
676 | |||
677 | /* Initialize the environment. */ | ||
678 | envsize = 100; | ||
679 | @@ -1273,6 +1277,11 @@ | ||
680 | child_set_env(&env, &envsize, "KRB5CCNAME", | ||
681 | s->authctxt->krb5_ccname); | ||
682 | #endif | ||
683 | +#ifdef USE_CONSOLEKIT | ||
684 | + ckcookie = PRIVSEP(consolekit_register(s, s->display)); | ||
685 | + if (ckcookie) | ||
686 | + child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie); | ||
687 | +#endif /* USE_CONSOLEKIT */ | ||
688 | #ifdef USE_PAM | ||
689 | /* | ||
690 | * Pull in any environment variables that may have | ||
691 | @@ -2300,6 +2309,10 @@ | ||
692 | |||
693 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); | ||
694 | |||
695 | +#ifdef USE_CONSOLEKIT | ||
696 | + consolekit_unregister(s); | ||
697 | +#endif /* USE_CONSOLEKIT */ | ||
698 | + | ||
699 | /* Record that the user has logged out. */ | ||
700 | if (s->pid != 0) | ||
701 | record_logout(s->pid, s->tty, s->pw->pw_name); | ||
702 | Index: b/session.h | ||
703 | =================================================================== | ||
704 | --- a/session.h | ||
705 | +++ b/session.h | ||
706 | @@ -26,6 +26,8 @@ | ||
707 | #ifndef SESSION_H | ||
708 | #define SESSION_H | ||
709 | |||
710 | +struct _CkConnector; | ||
711 | + | ||
712 | #define TTYSZ 64 | ||
713 | typedef struct Session Session; | ||
714 | struct Session { | ||
715 | @@ -60,6 +62,10 @@ | ||
716 | char *name; | ||
717 | char *val; | ||
718 | } *env; | ||
719 | + | ||
720 | +#ifdef USE_CONSOLEKIT | ||
721 | + struct _CkConnector *ckc; | ||
722 | +#endif /* USE_CONSOLEKIT */ | ||
723 | }; | ||
724 | |||
725 | void do_authenticated(Authctxt *); | ||
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 12877d32f..ae32969ea 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch | |||
@@ -9,7 +9,7 @@ Index: b/Makefile.in | |||
9 | =================================================================== | 9 | =================================================================== |
10 | --- a/Makefile.in | 10 | --- a/Makefile.in |
11 | +++ b/Makefile.in | 11 | +++ b/Makefile.in |
12 | @@ -283,9 +283,9 @@ | 12 | @@ -284,9 +284,9 @@ |
13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 | 14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 |
15 | -rm -f $(DESTDIR)$(bindir)/slogin | 15 | -rm -f $(DESTDIR)$(bindir)/slogin |
diff --git a/debian/patches/series b/debian/patches/series index dd34d62e0..c5cf8de4b 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -17,6 +17,9 @@ syslog-level-silent.patch | |||
17 | quieter-signals.patch | 17 | quieter-signals.patch |
18 | helpful-wait-terminate.patch | 18 | helpful-wait-terminate.patch |
19 | 19 | ||
20 | # ConsoleKit | ||
21 | consolekit.patch | ||
22 | |||
20 | # Miscellaneous bug fixes | 23 | # Miscellaneous bug fixes |
21 | user-group-modes.patch | 24 | user-group-modes.patch |
22 | scp-quoting.patch | 25 | scp-quoting.patch |
diff --git a/debian/rules b/debian/rules index af2172198..3dfbe6a66 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -77,6 +77,9 @@ confflags += --with-ssl-engine | |||
77 | ifeq ($(DEB_HOST_ARCH_OS),linux) | 77 | ifeq ($(DEB_HOST_ARCH_OS),linux) |
78 | confflags += --with-selinux | 78 | confflags += --with-selinux |
79 | endif | 79 | endif |
80 | ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) | ||
81 | confflags += --with-consolekit | ||
82 | endif | ||
80 | 83 | ||
81 | # The deb build wants xauth; the udeb build doesn't. | 84 | # The deb build wants xauth; the udeb build doesn't. |
82 | confflags += --with-xauth=/usr/bin/xauth | 85 | confflags += --with-xauth=/usr/bin/xauth |
@@ -97,6 +97,9 @@ | |||
97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
98 | #include "jpake.h" | 98 | #include "jpake.h" |
99 | #include "roaming.h" | 99 | #include "roaming.h" |
100 | #ifdef USE_CONSOLEKIT | ||
101 | #include "consolekit.h" | ||
102 | #endif | ||
100 | 103 | ||
101 | #ifdef GSSAPI | 104 | #ifdef GSSAPI |
102 | static Gssctxt *gsscontext = NULL; | 105 | static Gssctxt *gsscontext = NULL; |
@@ -192,6 +195,10 @@ int mm_answer_audit_command(int, Buffer *); | |||
192 | 195 | ||
193 | static int monitor_read_log(struct monitor *); | 196 | static int monitor_read_log(struct monitor *); |
194 | 197 | ||
198 | #ifdef USE_CONSOLEKIT | ||
199 | int mm_answer_consolekit_register(int, Buffer *); | ||
200 | #endif | ||
201 | |||
195 | static Authctxt *authctxt; | 202 | static Authctxt *authctxt; |
196 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 203 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
197 | 204 | ||
@@ -283,6 +290,9 @@ struct mon_table mon_dispatch_postauth20[] = { | |||
283 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 290 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
284 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | 291 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, |
285 | #endif | 292 | #endif |
293 | #ifdef USE_CONSOLEKIT | ||
294 | {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, | ||
295 | #endif | ||
286 | {0, 0, NULL} | 296 | {0, 0, NULL} |
287 | }; | 297 | }; |
288 | 298 | ||
@@ -325,6 +335,9 @@ struct mon_table mon_dispatch_postauth15[] = { | |||
325 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 335 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
326 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | 336 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, |
327 | #endif | 337 | #endif |
338 | #ifdef USE_CONSOLEKIT | ||
339 | {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, | ||
340 | #endif | ||
328 | {0, 0, NULL} | 341 | {0, 0, NULL} |
329 | }; | 342 | }; |
330 | 343 | ||
@@ -495,6 +508,9 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
495 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 508 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
496 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); | 509 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); |
497 | } | 510 | } |
511 | #ifdef USE_CONSOLEKIT | ||
512 | monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1); | ||
513 | #endif | ||
498 | 514 | ||
499 | for (;;) | 515 | for (;;) |
500 | monitor_read(pmonitor, mon_dispatch, NULL); | 516 | monitor_read(pmonitor, mon_dispatch, NULL); |
@@ -2196,6 +2212,34 @@ mm_answer_gss_sign(int socket, Buffer *m) | |||
2196 | buffer_put_int(m, major); | 2212 | buffer_put_int(m, major); |
2197 | buffer_put_string(m, hash.value, hash.length); | 2213 | buffer_put_string(m, hash.value, hash.length); |
2198 | 2214 | ||
2215 | #ifdef USE_CONSOLEKIT | ||
2216 | int | ||
2217 | mm_answer_consolekit_register(int sock, Buffer *m) | ||
2218 | { | ||
2219 | Session *s; | ||
2220 | char *tty, *display; | ||
2221 | char *cookie = NULL; | ||
2222 | |||
2223 | debug3("%s entering", __func__); | ||
2224 | |||
2225 | tty = buffer_get_string(m, NULL); | ||
2226 | display = buffer_get_string(m, NULL); | ||
2227 | s = session_by_tty(tty); | ||
2228 | if (s != NULL) | ||
2229 | cookie = consolekit_register(s, display); | ||
2230 | buffer_clear(m); | ||
2231 | buffer_put_cstring(m, cookie != NULL ? cookie : ""); | ||
2232 | mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); | ||
2233 | |||
2234 | if (cookie != NULL) | ||
2235 | xfree(cookie); | ||
2236 | xfree(display); | ||
2237 | xfree(tty); | ||
2238 | |||
2239 | return (0); | ||
2240 | } | ||
2241 | #endif /* USE_CONSOLEKIT */ | ||
2242 | |||
2199 | mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); | 2243 | mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); |
2200 | 2244 | ||
2201 | gss_release_buffer(&minor, &hash); | 2245 | gss_release_buffer(&minor, &hash); |
@@ -62,6 +62,7 @@ enum monitor_reqtype { | |||
62 | MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, | 62 | MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, |
63 | MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, | 63 | MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, |
64 | MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, | 64 | MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, |
65 | MONITOR_REQ_CONSOLEKIT_REGISTER, MONITOR_ANS_CONSOLEKIT_REGISTER, | ||
65 | MONITOR_REQ_TERM, | 66 | MONITOR_REQ_TERM, |
66 | MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, | 67 | MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, |
67 | MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, | 68 | MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, |
diff --git a/monitor_wrap.c b/monitor_wrap.c index f46be660d..b758c9f72 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1310,6 +1310,37 @@ OM_uint32 | |||
1310 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | 1310 | mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) |
1311 | { | 1311 | { |
1312 | Buffer m; | 1312 | Buffer m; |
1313 | |||
1314 | #ifdef USE_CONSOLEKIT | ||
1315 | char * | ||
1316 | mm_consolekit_register(Session *s, const char *display) | ||
1317 | { | ||
1318 | Buffer m; | ||
1319 | char *cookie; | ||
1320 | |||
1321 | debug3("%s entering", __func__); | ||
1322 | |||
1323 | if (s->ttyfd == -1) | ||
1324 | return NULL; | ||
1325 | buffer_init(&m); | ||
1326 | buffer_put_cstring(&m, s->tty); | ||
1327 | buffer_put_cstring(&m, display != NULL ? display : ""); | ||
1328 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m); | ||
1329 | buffer_clear(&m); | ||
1330 | |||
1331 | mm_request_receive_expect(pmonitor->m_recvfd, | ||
1332 | MONITOR_ANS_CONSOLEKIT_REGISTER, &m); | ||
1333 | cookie = buffer_get_string(&m, NULL); | ||
1334 | buffer_free(&m); | ||
1335 | |||
1336 | /* treat empty cookie as missing cookie */ | ||
1337 | if (strlen(cookie) == 0) { | ||
1338 | xfree(cookie); | ||
1339 | cookie = NULL; | ||
1340 | } | ||
1341 | return (cookie); | ||
1342 | } | ||
1343 | #endif /* USE_CONSOLEKIT */ | ||
1313 | OM_uint32 major; | 1344 | OM_uint32 major; |
1314 | u_int len; | 1345 | u_int len; |
1315 | 1346 | ||
diff --git a/monitor_wrap.h b/monitor_wrap.h index 4d12e2956..360fb9f57 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -131,4 +131,8 @@ void *mm_zalloc(struct mm_master *, u_int, u_int); | |||
131 | void mm_zfree(struct mm_master *, void *); | 131 | void mm_zfree(struct mm_master *, void *); |
132 | void mm_init_compression(struct mm_master *); | 132 | void mm_init_compression(struct mm_master *); |
133 | 133 | ||
134 | #ifdef USE_CONSOLEKIT | ||
135 | char *mm_consolekit_register(struct Session *, const char *); | ||
136 | #endif /* USE_CONSOLEKIT */ | ||
137 | |||
134 | #endif /* _MM_WRAP_H_ */ | 138 | #endif /* _MM_WRAP_H_ */ |
@@ -91,6 +91,7 @@ | |||
91 | #include "kex.h" | 91 | #include "kex.h" |
92 | #include "monitor_wrap.h" | 92 | #include "monitor_wrap.h" |
93 | #include "sftp.h" | 93 | #include "sftp.h" |
94 | #include "consolekit.h" | ||
94 | 95 | ||
95 | #if defined(KRB5) && defined(USE_AFS) | 96 | #if defined(KRB5) && defined(USE_AFS) |
96 | #include <kafs.h> | 97 | #include <kafs.h> |
@@ -1129,6 +1130,9 @@ do_setup_env(Session *s, const char *shell) | |||
1129 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) | 1130 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) |
1130 | char *path = NULL; | 1131 | char *path = NULL; |
1131 | #endif | 1132 | #endif |
1133 | #ifdef USE_CONSOLEKIT | ||
1134 | const char *ckcookie = NULL; | ||
1135 | #endif /* USE_CONSOLEKIT */ | ||
1132 | 1136 | ||
1133 | /* Initialize the environment. */ | 1137 | /* Initialize the environment. */ |
1134 | envsize = 100; | 1138 | envsize = 100; |
@@ -1273,6 +1277,11 @@ do_setup_env(Session *s, const char *shell) | |||
1273 | child_set_env(&env, &envsize, "KRB5CCNAME", | 1277 | child_set_env(&env, &envsize, "KRB5CCNAME", |
1274 | s->authctxt->krb5_ccname); | 1278 | s->authctxt->krb5_ccname); |
1275 | #endif | 1279 | #endif |
1280 | #ifdef USE_CONSOLEKIT | ||
1281 | ckcookie = PRIVSEP(consolekit_register(s, s->display)); | ||
1282 | if (ckcookie) | ||
1283 | child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie); | ||
1284 | #endif /* USE_CONSOLEKIT */ | ||
1276 | #ifdef USE_PAM | 1285 | #ifdef USE_PAM |
1277 | /* | 1286 | /* |
1278 | * Pull in any environment variables that may have | 1287 | * Pull in any environment variables that may have |
@@ -2300,6 +2309,10 @@ session_pty_cleanup2(Session *s) | |||
2300 | 2309 | ||
2301 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); | 2310 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); |
2302 | 2311 | ||
2312 | #ifdef USE_CONSOLEKIT | ||
2313 | consolekit_unregister(s); | ||
2314 | #endif /* USE_CONSOLEKIT */ | ||
2315 | |||
2303 | /* Record that the user has logged out. */ | 2316 | /* Record that the user has logged out. */ |
2304 | if (s->pid != 0) | 2317 | if (s->pid != 0) |
2305 | record_logout(s->pid, s->tty, s->pw->pw_name); | 2318 | record_logout(s->pid, s->tty, s->pw->pw_name); |
@@ -26,6 +26,8 @@ | |||
26 | #ifndef SESSION_H | 26 | #ifndef SESSION_H |
27 | #define SESSION_H | 27 | #define SESSION_H |
28 | 28 | ||
29 | struct _CkConnector; | ||
30 | |||
29 | #define TTYSZ 64 | 31 | #define TTYSZ 64 |
30 | typedef struct Session Session; | 32 | typedef struct Session Session; |
31 | struct Session { | 33 | struct Session { |
@@ -60,6 +62,10 @@ struct Session { | |||
60 | char *name; | 62 | char *name; |
61 | char *val; | 63 | char *val; |
62 | } *env; | 64 | } *env; |
65 | |||
66 | #ifdef USE_CONSOLEKIT | ||
67 | struct _CkConnector *ckc; | ||
68 | #endif /* USE_CONSOLEKIT */ | ||
63 | }; | 69 | }; |
64 | 70 | ||
65 | void do_authenticated(Authctxt *); | 71 | void do_authenticated(Authctxt *); |