diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 23 |
1 files changed, 18 insertions, 5 deletions
| @@ -92,6 +92,7 @@ | |||
| 92 | #include "kex.h" | 92 | #include "kex.h" |
| 93 | #include "monitor_wrap.h" | 93 | #include "monitor_wrap.h" |
| 94 | #include "sftp.h" | 94 | #include "sftp.h" |
| 95 | #include "consolekit.h" | ||
| 95 | 96 | ||
| 96 | #if defined(KRB5) && defined(USE_AFS) | 97 | #if defined(KRB5) && defined(USE_AFS) |
| 97 | #include <kafs.h> | 98 | #include <kafs.h> |
| @@ -1132,6 +1133,9 @@ do_setup_env(Session *s, const char *shell) | |||
| 1132 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) | 1133 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) |
| 1133 | char *path = NULL; | 1134 | char *path = NULL; |
| 1134 | #endif | 1135 | #endif |
| 1136 | #ifdef USE_CONSOLEKIT | ||
| 1137 | const char *ckcookie = NULL; | ||
| 1138 | #endif /* USE_CONSOLEKIT */ | ||
| 1135 | 1139 | ||
| 1136 | /* Initialize the environment. */ | 1140 | /* Initialize the environment. */ |
| 1137 | envsize = 100; | 1141 | envsize = 100; |
| @@ -1276,6 +1280,11 @@ do_setup_env(Session *s, const char *shell) | |||
| 1276 | child_set_env(&env, &envsize, "KRB5CCNAME", | 1280 | child_set_env(&env, &envsize, "KRB5CCNAME", |
| 1277 | s->authctxt->krb5_ccname); | 1281 | s->authctxt->krb5_ccname); |
| 1278 | #endif | 1282 | #endif |
| 1283 | #ifdef USE_CONSOLEKIT | ||
| 1284 | ckcookie = PRIVSEP(consolekit_register(s, s->display)); | ||
| 1285 | if (ckcookie) | ||
| 1286 | child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie); | ||
| 1287 | #endif /* USE_CONSOLEKIT */ | ||
| 1279 | #ifdef USE_PAM | 1288 | #ifdef USE_PAM |
| 1280 | /* | 1289 | /* |
| 1281 | * Pull in any environment variables that may have | 1290 | * Pull in any environment variables that may have |
| @@ -1474,7 +1483,7 @@ safely_chroot(const char *path, uid_t uid) | |||
| 1474 | 1483 | ||
| 1475 | /* Set login name, uid, gid, and groups. */ | 1484 | /* Set login name, uid, gid, and groups. */ |
| 1476 | void | 1485 | void |
| 1477 | do_setusercontext(struct passwd *pw) | 1486 | do_setusercontext(struct passwd *pw, const char *role) |
| 1478 | { | 1487 | { |
| 1479 | char *chroot_path, *tmp; | 1488 | char *chroot_path, *tmp; |
| 1480 | 1489 | ||
| @@ -1502,7 +1511,7 @@ do_setusercontext(struct passwd *pw) | |||
| 1502 | endgrent(); | 1511 | endgrent(); |
| 1503 | #endif | 1512 | #endif |
| 1504 | 1513 | ||
| 1505 | platform_setusercontext_post_groups(pw); | 1514 | platform_setusercontext_post_groups(pw, role); |
| 1506 | 1515 | ||
| 1507 | if (options.chroot_directory != NULL && | 1516 | if (options.chroot_directory != NULL && |
| 1508 | strcasecmp(options.chroot_directory, "none") != 0) { | 1517 | strcasecmp(options.chroot_directory, "none") != 0) { |
| @@ -1646,7 +1655,7 @@ do_child(Session *s, const char *command) | |||
| 1646 | 1655 | ||
| 1647 | /* Force a password change */ | 1656 | /* Force a password change */ |
| 1648 | if (s->authctxt->force_pwchange) { | 1657 | if (s->authctxt->force_pwchange) { |
| 1649 | do_setusercontext(pw); | 1658 | do_setusercontext(pw, s->authctxt->role); |
| 1650 | child_close_fds(); | 1659 | child_close_fds(); |
| 1651 | do_pwchange(s); | 1660 | do_pwchange(s); |
| 1652 | exit(1); | 1661 | exit(1); |
| @@ -1673,7 +1682,7 @@ do_child(Session *s, const char *command) | |||
| 1673 | /* When PAM is enabled we rely on it to do the nologin check */ | 1682 | /* When PAM is enabled we rely on it to do the nologin check */ |
| 1674 | if (!options.use_pam) | 1683 | if (!options.use_pam) |
| 1675 | do_nologin(pw); | 1684 | do_nologin(pw); |
| 1676 | do_setusercontext(pw); | 1685 | do_setusercontext(pw, s->authctxt->role); |
| 1677 | /* | 1686 | /* |
| 1678 | * PAM session modules in do_setusercontext may have | 1687 | * PAM session modules in do_setusercontext may have |
| 1679 | * generated messages, so if this in an interactive | 1688 | * generated messages, so if this in an interactive |
| @@ -2084,7 +2093,7 @@ session_pty_req(Session *s) | |||
| 2084 | tty_parse_modes(s->ttyfd, &n_bytes); | 2093 | tty_parse_modes(s->ttyfd, &n_bytes); |
| 2085 | 2094 | ||
| 2086 | if (!use_privsep) | 2095 | if (!use_privsep) |
| 2087 | pty_setowner(s->pw, s->tty); | 2096 | pty_setowner(s->pw, s->tty, s->authctxt->role); |
| 2088 | 2097 | ||
| 2089 | /* Set window size from the packet. */ | 2098 | /* Set window size from the packet. */ |
| 2090 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); | 2099 | pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); |
| @@ -2320,6 +2329,10 @@ session_pty_cleanup2(Session *s) | |||
| 2320 | 2329 | ||
| 2321 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); | 2330 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); |
| 2322 | 2331 | ||
| 2332 | #ifdef USE_CONSOLEKIT | ||
| 2333 | consolekit_unregister(s); | ||
| 2334 | #endif /* USE_CONSOLEKIT */ | ||
| 2335 | |||
| 2323 | /* Record that the user has logged out. */ | 2336 | /* Record that the user has logged out. */ |
| 2324 | if (s->pid != 0) | 2337 | if (s->pid != 0) |
| 2325 | record_logout(s->pid, s->tty, s->pw->pw_name); | 2338 | record_logout(s->pid, s->tty, s->pw->pw_name); |