summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.in3
-rwxr-xr-xconfigure132
-rw-r--r--configure.ac25
-rw-r--r--consolekit.c241
-rw-r--r--consolekit.h24
-rw-r--r--monitor.c42
-rw-r--r--monitor.h2
-rw-r--r--monitor_wrap.c30
-rw-r--r--monitor_wrap.h4
-rw-r--r--session.c13
-rw-r--r--session.h6
11 files changed, 521 insertions, 1 deletions
diff --git a/Makefile.in b/Makefile.in
index 086d8ddcf..c4cb8eaf3 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -107,7 +107,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
107 sftp-server.o sftp-common.o \ 107 sftp-server.o sftp-common.o \
108 roaming_common.o roaming_serv.o \ 108 roaming_common.o roaming_serv.o \
109 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ 109 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
110 sandbox-seccomp-filter.o sandbox-capsicum.o 110 sandbox-seccomp-filter.o sandbox-capsicum.o \
111 consolekit.o
111 112
112MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out 113MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
113MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 114MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
diff --git a/configure b/configure
index ea5f200e8..7be478a82 100755
--- a/configure
+++ b/configure
@@ -739,6 +739,7 @@ with_privsep_user
739with_sandbox 739with_sandbox
740with_selinux 740with_selinux
741with_kerberos5 741with_kerberos5
742with_consolekit
742with_privsep_path 743with_privsep_path
743with_xauth 744with_xauth
744enable_strip 745enable_strip
@@ -1430,6 +1431,7 @@ Optional Packages:
1430 --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum) 1431 --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)
1431 --with-selinux Enable SELinux support 1432 --with-selinux Enable SELinux support
1432 --with-kerberos5=PATH Enable Kerberos 5 support 1433 --with-kerberos5=PATH Enable Kerberos 5 support
1434 --with-consolekit Enable ConsoleKit support
1433 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) 1435 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
1434 --with-xauth=PATH Specify path to xauth program 1436 --with-xauth=PATH Specify path to xauth program
1435 --with-maildir=/path/to/mail Specify your system mail directory 1437 --with-maildir=/path/to/mail Specify your system mail directory
@@ -17211,6 +17213,135 @@ fi
17211 17213
17212 17214
17213 17215
17216# Check whether user wants ConsoleKit support
17217CONSOLEKIT_MSG="no"
17218LIBCK_CONNECTOR=""
17219
17220# Check whether --with-consolekit was given.
17221if test "${with_consolekit+set}" = set; then :
17222 withval=$with_consolekit; if test "x$withval" != "xno" ; then
17223 if test -n "$ac_tool_prefix"; then
17224 # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
17225set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
17226{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17227$as_echo_n "checking for $ac_word... " >&6; }
17228if ${ac_cv_path_PKGCONFIG+:} false; then :
17229 $as_echo_n "(cached) " >&6
17230else
17231 case $PKGCONFIG in
17232 [\\/]* | ?:[\\/]*)
17233 ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
17234 ;;
17235 *)
17236 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17237for as_dir in $PATH
17238do
17239 IFS=$as_save_IFS
17240 test -z "$as_dir" && as_dir=.
17241 for ac_exec_ext in '' $ac_executable_extensions; do
17242 if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
17243 ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
17244 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17245 break 2
17246 fi
17247done
17248 done
17249IFS=$as_save_IFS
17250
17251 ;;
17252esac
17253fi
17254PKGCONFIG=$ac_cv_path_PKGCONFIG
17255if test -n "$PKGCONFIG"; then
17256 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
17257$as_echo "$PKGCONFIG" >&6; }
17258else
17259 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17260$as_echo "no" >&6; }
17261fi
17262
17263
17264fi
17265if test -z "$ac_cv_path_PKGCONFIG"; then
17266 ac_pt_PKGCONFIG=$PKGCONFIG
17267 # Extract the first word of "pkg-config", so it can be a program name with args.
17268set dummy pkg-config; ac_word=$2
17269{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17270$as_echo_n "checking for $ac_word... " >&6; }
17271if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
17272 $as_echo_n "(cached) " >&6
17273else
17274 case $ac_pt_PKGCONFIG in
17275 [\\/]* | ?:[\\/]*)
17276 ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
17277 ;;
17278 *)
17279 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17280for as_dir in $PATH
17281do
17282 IFS=$as_save_IFS
17283 test -z "$as_dir" && as_dir=.
17284 for ac_exec_ext in '' $ac_executable_extensions; do
17285 if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
17286 ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
17287 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17288 break 2
17289 fi
17290done
17291 done
17292IFS=$as_save_IFS
17293
17294 ;;
17295esac
17296fi
17297ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
17298if test -n "$ac_pt_PKGCONFIG"; then
17299 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
17300$as_echo "$ac_pt_PKGCONFIG" >&6; }
17301else
17302 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17303$as_echo "no" >&6; }
17304fi
17305
17306 if test "x$ac_pt_PKGCONFIG" = x; then
17307 PKGCONFIG="no"
17308 else
17309 case $cross_compiling:$ac_tool_warned in
17310yes:)
17311{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
17312$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
17313ac_tool_warned=yes ;;
17314esac
17315 PKGCONFIG=$ac_pt_PKGCONFIG
17316 fi
17317else
17318 PKGCONFIG="$ac_cv_path_PKGCONFIG"
17319fi
17320
17321 if test "$PKGCONFIG" != "no"; then
17322 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5
17323$as_echo_n "checking for ck-connector... " >&6; }
17324 if $PKGCONFIG --exists ck-connector; then
17325 CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
17326 CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
17327 CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
17328 SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
17329 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17330$as_echo "yes" >&6; }
17331
17332$as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h
17333
17334 CONSOLEKIT_MSG="yes"
17335 else
17336 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17337$as_echo "no" >&6; }
17338 fi
17339 fi
17340 fi
17341
17342fi
17343
17344
17214# Looking for programs, paths and files 17345# Looking for programs, paths and files
17215 17346
17216PRIVSEP_PATH=/var/empty 17347PRIVSEP_PATH=/var/empty
@@ -19739,6 +19870,7 @@ echo " MD5 password support: $MD5_MSG"
19739echo " libedit support: $LIBEDIT_MSG" 19870echo " libedit support: $LIBEDIT_MSG"
19740echo " Solaris process contract support: $SPC_MSG" 19871echo " Solaris process contract support: $SPC_MSG"
19741echo " Solaris project support: $SP_MSG" 19872echo " Solaris project support: $SP_MSG"
19873echo " ConsoleKit support: $CONSOLEKIT_MSG"
19742echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 19874echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
19743echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 19875echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
19744echo " BSD Auth support: $BSD_AUTH_MSG" 19876echo " BSD Auth support: $BSD_AUTH_MSG"
diff --git a/configure.ac b/configure.ac
index 7f160f131..f5c65c5a4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4113,6 +4113,30 @@ AC_ARG_WITH([kerberos5],
4113AC_SUBST([GSSLIBS]) 4113AC_SUBST([GSSLIBS])
4114AC_SUBST([K5LIBS]) 4114AC_SUBST([K5LIBS])
4115 4115
4116# Check whether user wants ConsoleKit support
4117CONSOLEKIT_MSG="no"
4118LIBCK_CONNECTOR=""
4119AC_ARG_WITH(consolekit,
4120 [ --with-consolekit Enable ConsoleKit support],
4121 [ if test "x$withval" != "xno" ; then
4122 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
4123 if test "$PKGCONFIG" != "no"; then
4124 AC_MSG_CHECKING([for ck-connector])
4125 if $PKGCONFIG --exists ck-connector; then
4126 CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector`
4127 CKCON_LIBS=`$PKGCONFIG --libs ck-connector`
4128 CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS"
4129 SSHDLIBS="$SSHDLIBS $CKCON_LIBS"
4130 AC_MSG_RESULT([yes])
4131 AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.])
4132 CONSOLEKIT_MSG="yes"
4133 else
4134 AC_MSG_RESULT([no])
4135 fi
4136 fi
4137 fi ]
4138)
4139
4116# Looking for programs, paths and files 4140# Looking for programs, paths and files
4117 4141
4118PRIVSEP_PATH=/var/empty 4142PRIVSEP_PATH=/var/empty
@@ -4914,6 +4938,7 @@ echo " MD5 password support: $MD5_MSG"
4914echo " libedit support: $LIBEDIT_MSG" 4938echo " libedit support: $LIBEDIT_MSG"
4915echo " Solaris process contract support: $SPC_MSG" 4939echo " Solaris process contract support: $SPC_MSG"
4916echo " Solaris project support: $SP_MSG" 4940echo " Solaris project support: $SP_MSG"
4941echo " ConsoleKit support: $CONSOLEKIT_MSG"
4917echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4942echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4918echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4943echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4919echo " BSD Auth support: $BSD_AUTH_MSG" 4944echo " BSD Auth support: $BSD_AUTH_MSG"
diff --git a/consolekit.c b/consolekit.c
new file mode 100644
index 000000000..0266f06a2
--- /dev/null
+++ b/consolekit.c
@@ -0,0 +1,241 @@
1/*
2 * Copyright (c) 2008 Colin Watson. All rights reserved.
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16/*
17 * Loosely based on pam-ck-connector, which is:
18 *
19 * Copyright (c) 2007 David Zeuthen <davidz@redhat.com>
20 *
21 * Permission is hereby granted, free of charge, to any person
22 * obtaining a copy of this software and associated documentation
23 * files (the "Software"), to deal in the Software without
24 * restriction, including without limitation the rights to use,
25 * copy, modify, merge, publish, distribute, sublicense, and/or sell
26 * copies of the Software, and to permit persons to whom the
27 * Software is furnished to do so, subject to the following
28 * conditions:
29 *
30 * The above copyright notice and this permission notice shall be
31 * included in all copies or substantial portions of the Software.
32 *
33 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
34 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
35 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
36 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
37 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
38 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
39 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
40 * OTHER DEALINGS IN THE SOFTWARE.
41 */
42
43#include "includes.h"
44
45#ifdef USE_CONSOLEKIT
46
47#include <ck-connector.h>
48
49#include "openbsd-compat/sys-queue.h"
50#include "xmalloc.h"
51#include "channels.h"
52#include "key.h"
53#include "hostfile.h"
54#include "auth.h"
55#include "log.h"
56#include "misc.h"
57#include "servconf.h"
58#include "canohost.h"
59#include "session.h"
60#include "consolekit.h"
61
62extern ServerOptions options;
63extern u_int utmp_len;
64
65void
66set_active(const char *cookie)
67{
68 DBusError err;
69 DBusConnection *connection;
70 DBusMessage *message = NULL, *reply = NULL;
71 char *sid;
72 DBusMessageIter iter, subiter;
73 const char *interface, *property;
74 dbus_bool_t active;
75
76 dbus_error_init(&err);
77 connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
78 if (!connection) {
79 if (dbus_error_is_set(&err)) {
80 error("unable to open DBus connection: %s",
81 err.message);
82 dbus_error_free(&err);
83 }
84 goto out;
85 }
86 dbus_connection_set_exit_on_disconnect(connection, FALSE);
87
88 message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
89 "/org/freedesktop/ConsoleKit/Manager",
90 "org.freedesktop.ConsoleKit.Manager",
91 "GetSessionForCookie");
92 if (!message)
93 goto out;
94 if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie,
95 DBUS_TYPE_INVALID)) {
96 if (dbus_error_is_set(&err)) {
97 error("unable to get current session: %s",
98 err.message);
99 dbus_error_free(&err);
100 }
101 goto out;
102 }
103
104 dbus_error_init(&err);
105 reply = dbus_connection_send_with_reply_and_block(connection, message,
106 -1, &err);
107 if (!reply) {
108 if (dbus_error_is_set(&err)) {
109 error("unable to get current session: %s",
110 err.message);
111 dbus_error_free(&err);
112 }
113 goto out;
114 }
115
116 dbus_error_init(&err);
117 if (!dbus_message_get_args(reply, &err,
118 DBUS_TYPE_OBJECT_PATH, &sid,
119 DBUS_TYPE_INVALID)) {
120 if (dbus_error_is_set(&err)) {
121 error("unable to get current session: %s",
122 err.message);
123 dbus_error_free(&err);
124 }
125 goto out;
126 }
127 dbus_message_unref(reply);
128 dbus_message_unref(message);
129 message = reply = NULL;
130
131 message = dbus_message_new_method_call("org.freedesktop.ConsoleKit",
132 sid, "org.freedesktop.DBus.Properties", "Set");
133 if (!message)
134 goto out;
135 interface = "org.freedesktop.ConsoleKit.Session";
136 property = "active";
137 if (!dbus_message_append_args(message,
138 DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property,
139 DBUS_TYPE_INVALID))
140 goto out;
141 dbus_message_iter_init_append(message, &iter);
142 if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT,
143 DBUS_TYPE_BOOLEAN_AS_STRING, &subiter))
144 goto out;
145 active = TRUE;
146 if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN,
147 &active))
148 goto out;
149 if (!dbus_message_iter_close_container(&iter, &subiter))
150 goto out;
151
152 dbus_error_init(&err);
153 reply = dbus_connection_send_with_reply_and_block(connection, message,
154 -1, &err);
155 if (!reply) {
156 if (dbus_error_is_set(&err)) {
157 error("unable to make current session active: %s",
158 err.message);
159 dbus_error_free(&err);
160 }
161 goto out;
162 }
163
164out:
165 if (reply)
166 dbus_message_unref(reply);
167 if (message)
168 dbus_message_unref(message);
169}
170
171/*
172 * We pass display separately rather than using s->display because the
173 * latter is not available in the monitor when using privsep.
174 */
175
176char *
177consolekit_register(Session *s, const char *display)
178{
179 DBusError err;
180 const char *tty = s->tty;
181 const char *remote_host_name;
182 dbus_bool_t is_local = FALSE;
183 const char *cookie = NULL;
184
185 if (s->ckc) {
186 debug("already registered with ConsoleKit");
187 return xstrdup(ck_connector_get_cookie(s->ckc));
188 }
189
190 s->ckc = ck_connector_new();
191 if (!s->ckc) {
192 error("ck_connector_new failed");
193 return NULL;
194 }
195
196 if (!tty)
197 tty = "";
198 if (!display)
199 display = "";
200 remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns);
201 if (!remote_host_name)
202 remote_host_name = "";
203
204 dbus_error_init(&err);
205 if (!ck_connector_open_session_with_parameters(s->ckc, &err,
206 "unix-user", &s->pw->pw_uid,
207 "display-device", &tty,
208 "x11-display", &display,
209 "remote-host-name", &remote_host_name,
210 "is-local", &is_local,
211 NULL)) {
212 if (dbus_error_is_set(&err)) {
213 debug("%s", err.message);
214 dbus_error_free(&err);
215 } else {
216 debug("insufficient privileges or D-Bus / ConsoleKit "
217 "not available");
218 }
219 return NULL;
220 }
221
222 debug("registered uid=%d on tty='%s' with ConsoleKit",
223 s->pw->pw_uid, s->tty);
224
225 cookie = ck_connector_get_cookie(s->ckc);
226 set_active(cookie);
227 return xstrdup(cookie);
228}
229
230void
231consolekit_unregister(Session *s)
232{
233 if (s->ckc) {
234 debug("unregistering ConsoleKit session %s",
235 ck_connector_get_cookie(s->ckc));
236 ck_connector_unref(s->ckc);
237 s->ckc = NULL;
238 }
239}
240
241#endif /* USE_CONSOLEKIT */
diff --git a/consolekit.h b/consolekit.h
new file mode 100644
index 000000000..8ce371690
--- /dev/null
+++ b/consolekit.h
@@ -0,0 +1,24 @@
1/*
2 * Copyright (c) 2008 Colin Watson. All rights reserved.
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#ifdef USE_CONSOLEKIT
18
19struct Session;
20
21char * consolekit_register(struct Session *, const char *);
22void consolekit_unregister(struct Session *);
23
24#endif /* USE_CONSOLEKIT */
diff --git a/monitor.c b/monitor.c
index 94b194d56..cc15ce486 100644
--- a/monitor.c
+++ b/monitor.c
@@ -100,6 +100,9 @@
100#include "ssh2.h" 100#include "ssh2.h"
101#include "roaming.h" 101#include "roaming.h"
102#include "authfd.h" 102#include "authfd.h"
103#ifdef USE_CONSOLEKIT
104#include "consolekit.h"
105#endif
103 106
104#ifdef GSSAPI 107#ifdef GSSAPI
105static Gssctxt *gsscontext = NULL; 108static Gssctxt *gsscontext = NULL;
@@ -190,6 +193,10 @@ int mm_answer_audit_command(int, Buffer *);
190 193
191static int monitor_read_log(struct monitor *); 194static int monitor_read_log(struct monitor *);
192 195
196#ifdef USE_CONSOLEKIT
197int mm_answer_consolekit_register(int, Buffer *);
198#endif
199
193static Authctxt *authctxt; 200static Authctxt *authctxt;
194 201
195#ifdef WITH_SSH1 202#ifdef WITH_SSH1
@@ -282,6 +289,9 @@ struct mon_table mon_dispatch_postauth20[] = {
282 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 289 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
283 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, 290 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
284#endif 291#endif
292#ifdef USE_CONSOLEKIT
293 {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
294#endif
285 {0, 0, NULL} 295 {0, 0, NULL}
286}; 296};
287 297
@@ -327,6 +337,9 @@ struct mon_table mon_dispatch_postauth15[] = {
327 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 337 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
328 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, 338 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
329#endif 339#endif
340#ifdef USE_CONSOLEKIT
341 {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register},
342#endif
330#endif /* WITH_SSH1 */ 343#endif /* WITH_SSH1 */
331 {0, 0, NULL} 344 {0, 0, NULL}
332}; 345};
@@ -509,6 +522,9 @@ monitor_child_postauth(struct monitor *pmonitor)
509 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 522 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
510 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 523 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
511 } 524 }
525#ifdef USE_CONSOLEKIT
526 monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1);
527#endif
512 528
513 for (;;) 529 for (;;)
514 monitor_read(pmonitor, mon_dispatch, NULL); 530 monitor_read(pmonitor, mon_dispatch, NULL);
@@ -2296,3 +2312,29 @@ mm_answer_gss_updatecreds(int socket, Buffer *m) {
2296 2312
2297#endif /* GSSAPI */ 2313#endif /* GSSAPI */
2298 2314
2315#ifdef USE_CONSOLEKIT
2316int
2317mm_answer_consolekit_register(int sock, Buffer *m)
2318{
2319 Session *s;
2320 char *tty, *display;
2321 char *cookie = NULL;
2322
2323 debug3("%s entering", __func__);
2324
2325 tty = buffer_get_string(m, NULL);
2326 display = buffer_get_string(m, NULL);
2327 s = session_by_tty(tty);
2328 if (s != NULL)
2329 cookie = consolekit_register(s, display);
2330 buffer_clear(m);
2331 buffer_put_cstring(m, cookie != NULL ? cookie : "");
2332 mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m);
2333
2334 free(cookie);
2335 free(display);
2336 free(tty);
2337
2338 return (0);
2339}
2340#endif /* USE_CONSOLEKIT */
diff --git a/monitor.h b/monitor.h
index 4d5e8fabe..10ba59ea9 100644
--- a/monitor.h
+++ b/monitor.h
@@ -70,6 +70,8 @@ enum monitor_reqtype {
70 70
71 MONITOR_REQ_AUTHROLE = 154, 71 MONITOR_REQ_AUTHROLE = 154,
72 72
73 MONITOR_REQ_CONSOLEKIT_REGISTER = 156, MONITOR_ANS_CONSOLEKIT_REGISTER = 157,
74
73}; 75};
74 76
75struct mm_master; 77struct mm_master;
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 6dc890a77..4c57d4df3 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1363,3 +1363,33 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
1363 1363
1364#endif /* GSSAPI */ 1364#endif /* GSSAPI */
1365 1365
1366#ifdef USE_CONSOLEKIT
1367char *
1368mm_consolekit_register(Session *s, const char *display)
1369{
1370 Buffer m;
1371 char *cookie;
1372
1373 debug3("%s entering", __func__);
1374
1375 if (s->ttyfd == -1)
1376 return NULL;
1377 buffer_init(&m);
1378 buffer_put_cstring(&m, s->tty);
1379 buffer_put_cstring(&m, display != NULL ? display : "");
1380 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m);
1381 buffer_clear(&m);
1382
1383 mm_request_receive_expect(pmonitor->m_recvfd,
1384 MONITOR_ANS_CONSOLEKIT_REGISTER, &m);
1385 cookie = buffer_get_string(&m, NULL);
1386 buffer_free(&m);
1387
1388 /* treat empty cookie as missing cookie */
1389 if (strlen(cookie) == 0) {
1390 free(cookie);
1391 cookie = NULL;
1392 }
1393 return (cookie);
1394}
1395#endif /* USE_CONSOLEKIT */
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 9c2ee49ba..00e93fe9c 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -111,4 +111,8 @@ void *mm_zalloc(struct mm_master *, u_int, u_int);
111void mm_zfree(struct mm_master *, void *); 111void mm_zfree(struct mm_master *, void *);
112void mm_init_compression(struct mm_master *); 112void mm_init_compression(struct mm_master *);
113 113
114#ifdef USE_CONSOLEKIT
115char *mm_consolekit_register(struct Session *, const char *);
116#endif /* USE_CONSOLEKIT */
117
114#endif /* _MM_WRAP_H_ */ 118#endif /* _MM_WRAP_H_ */
diff --git a/session.c b/session.c
index 6f389ac66..6250c2031 100644
--- a/session.c
+++ b/session.c
@@ -93,6 +93,7 @@
93#include "kex.h" 93#include "kex.h"
94#include "monitor_wrap.h" 94#include "monitor_wrap.h"
95#include "sftp.h" 95#include "sftp.h"
96#include "consolekit.h"
96 97
97#if defined(KRB5) && defined(USE_AFS) 98#if defined(KRB5) && defined(USE_AFS)
98#include <kafs.h> 99#include <kafs.h>
@@ -1143,6 +1144,9 @@ do_setup_env(Session *s, const char *shell)
1143#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) 1144#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
1144 char *path = NULL; 1145 char *path = NULL;
1145#endif 1146#endif
1147#ifdef USE_CONSOLEKIT
1148 const char *ckcookie = NULL;
1149#endif /* USE_CONSOLEKIT */
1146 1150
1147 /* Initialize the environment. */ 1151 /* Initialize the environment. */
1148 envsize = 100; 1152 envsize = 100;
@@ -1287,6 +1291,11 @@ do_setup_env(Session *s, const char *shell)
1287 child_set_env(&env, &envsize, "KRB5CCNAME", 1291 child_set_env(&env, &envsize, "KRB5CCNAME",
1288 s->authctxt->krb5_ccname); 1292 s->authctxt->krb5_ccname);
1289#endif 1293#endif
1294#ifdef USE_CONSOLEKIT
1295 ckcookie = PRIVSEP(consolekit_register(s, s->display));
1296 if (ckcookie)
1297 child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie);
1298#endif /* USE_CONSOLEKIT */
1290#ifdef USE_PAM 1299#ifdef USE_PAM
1291 /* 1300 /*
1292 * Pull in any environment variables that may have 1301 * Pull in any environment variables that may have
@@ -2350,6 +2359,10 @@ session_pty_cleanup2(Session *s)
2350 2359
2351 debug("session_pty_cleanup: session %d release %s", s->self, s->tty); 2360 debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
2352 2361
2362#ifdef USE_CONSOLEKIT
2363 consolekit_unregister(s);
2364#endif /* USE_CONSOLEKIT */
2365
2353 /* Record that the user has logged out. */ 2366 /* Record that the user has logged out. */
2354 if (s->pid != 0) 2367 if (s->pid != 0)
2355 record_logout(s->pid, s->tty, s->pw->pw_name); 2368 record_logout(s->pid, s->tty, s->pw->pw_name);
diff --git a/session.h b/session.h
index ef6593c34..a6b69837b 100644
--- a/session.h
+++ b/session.h
@@ -26,6 +26,8 @@
26#ifndef SESSION_H 26#ifndef SESSION_H
27#define SESSION_H 27#define SESSION_H
28 28
29struct _CkConnector;
30
29#define TTYSZ 64 31#define TTYSZ 64
30typedef struct Session Session; 32typedef struct Session Session;
31struct Session { 33struct Session {
@@ -61,6 +63,10 @@ struct Session {
61 char *name; 63 char *name;
62 char *val; 64 char *val;
63 } *env; 65 } *env;
66
67#ifdef USE_CONSOLEKIT
68 struct _CkConnector *ckc;
69#endif /* USE_CONSOLEKIT */
64}; 70};
65 71
66void do_authenticated(Authctxt *); 72void do_authenticated(Authctxt *);