From 301aad188299b268452af6b67261336c88f44ab1 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Wed, 31 Oct 2012 10:35:38 +0000 Subject: * Merge from Ubuntu: - Add support for registering ConsoleKit sessions on login. (This is currently enabled only when building for Ubuntu.) --- debian/patches/authorized-keys-man-symlink.patch | 2 +- debian/patches/consolekit.patch | 725 +++++++++++++++++++++++ debian/patches/lintian-symlink-pickiness.patch | 2 +- debian/patches/series | 3 + 4 files changed, 730 insertions(+), 2 deletions(-) create mode 100644 debian/patches/consolekit.patch (limited to 'debian/patches') diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 08ba01e37..6ffc716ee 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch @@ -8,7 +8,7 @@ Index: b/Makefile.in =================================================================== --- a/Makefile.in +++ b/Makefile.in -@@ -276,6 +276,7 @@ +@@ -277,6 +277,7 @@ $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch new file mode 100644 index 000000000..a952e4405 --- /dev/null +++ b/debian/patches/consolekit.patch @@ -0,0 +1,725 @@ +Description: Add support for registering ConsoleKit sessions on login +Author: Colin Watson +Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450 +Last-Updated: 2012-10-31 + +Index: b/Makefile.in +=================================================================== +--- a/Makefile.in ++++ b/Makefile.in +@@ -94,7 +94,8 @@ + sftp-server.o sftp-common.o \ + roaming_common.o roaming_serv.o \ + sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ +- sandbox-seccomp-filter.o ++ sandbox-seccomp-filter.o \ ++ consolekit.o + + MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out + MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5 +Index: b/configure.ac +=================================================================== +--- a/configure.ac ++++ b/configure.ac +@@ -3672,6 +3672,30 @@ + ] + ) + ++# Check whether user wants ConsoleKit support ++CONSOLEKIT_MSG="no" ++LIBCK_CONNECTOR="" ++AC_ARG_WITH(consolekit, ++ [ --with-consolekit Enable ConsoleKit support], ++ [ if test "x$withval" != "xno" ; then ++ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) ++ if test "$PKGCONFIG" != "no"; then ++ AC_MSG_CHECKING([for ck-connector]) ++ if $PKGCONFIG --exists ck-connector; then ++ CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector` ++ CKCON_LIBS=`$PKGCONFIG --libs ck-connector` ++ CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS" ++ SSHDLIBS="$SSHDLIBS $CKCON_LIBS" ++ AC_MSG_RESULT([yes]) ++ AC_DEFINE(USE_CONSOLEKIT, 1, [Define if you want ConsoleKit support.]) ++ CONSOLEKIT_MSG="yes" ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ fi ++ fi ] ++) ++ + # Looking for programs, paths and files + + PRIVSEP_PATH=/var/empty +@@ -4435,6 +4459,7 @@ + echo " libedit support: $LIBEDIT_MSG" + echo " Solaris process contract support: $SPC_MSG" + echo " Solaris project support: $SP_MSG" ++echo " ConsoleKit support: $CONSOLEKIT_MSG" + echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" + echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + echo " BSD Auth support: $BSD_AUTH_MSG" +Index: b/configure +=================================================================== +--- a/configure ++++ b/configure +@@ -735,6 +735,7 @@ + with_sandbox + with_selinux + with_kerberos5 ++with_consolekit + with_privsep_path + with_xauth + enable_strip +@@ -1425,6 +1426,7 @@ + --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter) + --with-selinux Enable SELinux support + --with-kerberos5=PATH Enable Kerberos 5 support ++ --with-consolekit Enable ConsoleKit support + --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) + --with-xauth=PATH Specify path to xauth program + --with-maildir=/path/to/mail Specify your system mail directory +@@ -15683,6 +15685,135 @@ + fi + + ++# Check whether user wants ConsoleKit support ++CONSOLEKIT_MSG="no" ++LIBCK_CONNECTOR="" ++ ++# Check whether --with-consolekit was given. ++if test "${with_consolekit+set}" = set; then : ++ withval=$with_consolekit; if test "x$withval" != "xno" ; then ++ if test -n "$ac_tool_prefix"; then ++ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. ++set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++$as_echo_n "checking for $ac_word... " >&6; } ++if ${ac_cv_path_PKGCONFIG+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ case $PKGCONFIG in ++ [\\/]* | ?:[\\/]*) ++ ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. ++ ;; ++ *) ++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ++ ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" ++ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++ done ++IFS=$as_save_IFS ++ ++ ;; ++esac ++fi ++PKGCONFIG=$ac_cv_path_PKGCONFIG ++if test -n "$PKGCONFIG"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 ++$as_echo "$PKGCONFIG" >&6; } ++else ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++fi ++ ++ ++fi ++if test -z "$ac_cv_path_PKGCONFIG"; then ++ ac_pt_PKGCONFIG=$PKGCONFIG ++ # Extract the first word of "pkg-config", so it can be a program name with args. ++set dummy pkg-config; ac_word=$2 ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++$as_echo_n "checking for $ac_word... " >&6; } ++if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ case $ac_pt_PKGCONFIG in ++ [\\/]* | ?:[\\/]*) ++ ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. ++ ;; ++ *) ++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ++ ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" ++ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++ done ++IFS=$as_save_IFS ++ ++ ;; ++esac ++fi ++ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG ++if test -n "$ac_pt_PKGCONFIG"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 ++$as_echo "$ac_pt_PKGCONFIG" >&6; } ++else ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++fi ++ ++ if test "x$ac_pt_PKGCONFIG" = x; then ++ PKGCONFIG="no" ++ else ++ case $cross_compiling:$ac_tool_warned in ++yes:) ++{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++ac_tool_warned=yes ;; ++esac ++ PKGCONFIG=$ac_pt_PKGCONFIG ++ fi ++else ++ PKGCONFIG="$ac_cv_path_PKGCONFIG" ++fi ++ ++ if test "$PKGCONFIG" != "no"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ck-connector" >&5 ++$as_echo_n "checking for ck-connector... " >&6; } ++ if $PKGCONFIG --exists ck-connector; then ++ CKCON_CFLAGS=`$PKGCONFIG --cflags ck-connector` ++ CKCON_LIBS=`$PKGCONFIG --libs ck-connector` ++ CPPFLAGS="$CPPFLAGS $CKCON_CFLAGS" ++ SSHDLIBS="$SSHDLIBS $CKCON_LIBS" ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++$as_echo "yes" >&6; } ++ ++$as_echo "#define USE_CONSOLEKIT 1" >>confdefs.h ++ ++ CONSOLEKIT_MSG="yes" ++ else ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++ fi ++ fi ++ fi ++ ++fi ++ ++ + # Looking for programs, paths and files + + PRIVSEP_PATH=/var/empty +@@ -18155,6 +18286,7 @@ + echo " libedit support: $LIBEDIT_MSG" + echo " Solaris process contract support: $SPC_MSG" + echo " Solaris project support: $SP_MSG" ++echo " ConsoleKit support: $CONSOLEKIT_MSG" + echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" + echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + echo " BSD Auth support: $BSD_AUTH_MSG" +Index: b/consolekit.c +=================================================================== +--- /dev/null ++++ b/consolekit.c +@@ -0,0 +1,239 @@ ++/* ++ * Copyright (c) 2008 Colin Watson. All rights reserved. ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++/* ++ * Loosely based on pam-ck-connector, which is: ++ * ++ * Copyright (c) 2007 David Zeuthen ++ * ++ * Permission is hereby granted, free of charge, to any person ++ * obtaining a copy of this software and associated documentation ++ * files (the "Software"), to deal in the Software without ++ * restriction, including without limitation the rights to use, ++ * copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the ++ * Software is furnished to do so, subject to the following ++ * conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ++ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ++ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ++ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR ++ * OTHER DEALINGS IN THE SOFTWARE. ++ */ ++ ++#include "includes.h" ++ ++#ifdef USE_CONSOLEKIT ++ ++#include ++ ++#include "xmalloc.h" ++#include "channels.h" ++#include "key.h" ++#include "hostfile.h" ++#include "auth.h" ++#include "log.h" ++#include "servconf.h" ++#include "canohost.h" ++#include "session.h" ++#include "consolekit.h" ++ ++extern ServerOptions options; ++extern u_int utmp_len; ++ ++void ++set_active(const char *cookie) ++{ ++ DBusError err; ++ DBusConnection *connection; ++ DBusMessage *message = NULL, *reply = NULL; ++ char *sid; ++ DBusMessageIter iter, subiter; ++ const char *interface, *property; ++ dbus_bool_t active; ++ ++ dbus_error_init(&err); ++ connection = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err); ++ if (!connection) { ++ if (dbus_error_is_set(&err)) { ++ error("unable to open DBus connection: %s", ++ err.message); ++ dbus_error_free(&err); ++ } ++ goto out; ++ } ++ dbus_connection_set_exit_on_disconnect(connection, FALSE); ++ ++ message = dbus_message_new_method_call("org.freedesktop.ConsoleKit", ++ "/org/freedesktop/ConsoleKit/Manager", ++ "org.freedesktop.ConsoleKit.Manager", ++ "GetSessionForCookie"); ++ if (!message) ++ goto out; ++ if (!dbus_message_append_args(message, DBUS_TYPE_STRING, &cookie, ++ DBUS_TYPE_INVALID)) { ++ if (dbus_error_is_set(&err)) { ++ error("unable to get current session: %s", ++ err.message); ++ dbus_error_free(&err); ++ } ++ goto out; ++ } ++ ++ dbus_error_init(&err); ++ reply = dbus_connection_send_with_reply_and_block(connection, message, ++ -1, &err); ++ if (!reply) { ++ if (dbus_error_is_set(&err)) { ++ error("unable to get current session: %s", ++ err.message); ++ dbus_error_free(&err); ++ } ++ goto out; ++ } ++ ++ dbus_error_init(&err); ++ if (!dbus_message_get_args(reply, &err, ++ DBUS_TYPE_OBJECT_PATH, &sid, ++ DBUS_TYPE_INVALID)) { ++ if (dbus_error_is_set(&err)) { ++ error("unable to get current session: %s", ++ err.message); ++ dbus_error_free(&err); ++ } ++ goto out; ++ } ++ dbus_message_unref(reply); ++ dbus_message_unref(message); ++ message = reply = NULL; ++ ++ message = dbus_message_new_method_call("org.freedesktop.ConsoleKit", ++ sid, "org.freedesktop.DBus.Properties", "Set"); ++ if (!message) ++ goto out; ++ interface = "org.freedesktop.ConsoleKit.Session"; ++ property = "active"; ++ if (!dbus_message_append_args(message, ++ DBUS_TYPE_STRING, &interface, DBUS_TYPE_STRING, &property, ++ DBUS_TYPE_INVALID)) ++ goto out; ++ dbus_message_iter_init_append(message, &iter); ++ if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_VARIANT, ++ DBUS_TYPE_BOOLEAN_AS_STRING, &subiter)) ++ goto out; ++ active = TRUE; ++ if (!dbus_message_iter_append_basic(&subiter, DBUS_TYPE_BOOLEAN, ++ &active)) ++ goto out; ++ if (!dbus_message_iter_close_container(&iter, &subiter)) ++ goto out; ++ ++ dbus_error_init(&err); ++ reply = dbus_connection_send_with_reply_and_block(connection, message, ++ -1, &err); ++ if (!reply) { ++ if (dbus_error_is_set(&err)) { ++ error("unable to make current session active: %s", ++ err.message); ++ dbus_error_free(&err); ++ } ++ goto out; ++ } ++ ++out: ++ if (reply) ++ dbus_message_unref(reply); ++ if (message) ++ dbus_message_unref(message); ++} ++ ++/* ++ * We pass display separately rather than using s->display because the ++ * latter is not available in the monitor when using privsep. ++ */ ++ ++char * ++consolekit_register(Session *s, const char *display) ++{ ++ DBusError err; ++ const char *tty = s->tty; ++ const char *remote_host_name; ++ dbus_bool_t is_local = FALSE; ++ const char *cookie = NULL; ++ ++ if (s->ckc) { ++ debug("already registered with ConsoleKit"); ++ return xstrdup(ck_connector_get_cookie(s->ckc)); ++ } ++ ++ s->ckc = ck_connector_new(); ++ if (!s->ckc) { ++ error("ck_connector_new failed"); ++ return NULL; ++ } ++ ++ if (!tty) ++ tty = ""; ++ if (!display) ++ display = ""; ++ remote_host_name = get_remote_name_or_ip(utmp_len, options.use_dns); ++ if (!remote_host_name) ++ remote_host_name = ""; ++ ++ dbus_error_init(&err); ++ if (!ck_connector_open_session_with_parameters(s->ckc, &err, ++ "unix-user", &s->pw->pw_uid, ++ "display-device", &tty, ++ "x11-display", &display, ++ "remote-host-name", &remote_host_name, ++ "is-local", &is_local, ++ NULL)) { ++ if (dbus_error_is_set(&err)) { ++ debug("%s", err.message); ++ dbus_error_free(&err); ++ } else { ++ debug("insufficient privileges or D-Bus / ConsoleKit " ++ "not available"); ++ } ++ return NULL; ++ } ++ ++ debug("registered uid=%d on tty='%s' with ConsoleKit", ++ s->pw->pw_uid, s->tty); ++ ++ cookie = ck_connector_get_cookie(s->ckc); ++ set_active(cookie); ++ return xstrdup(cookie); ++} ++ ++void ++consolekit_unregister(Session *s) ++{ ++ if (s->ckc) { ++ debug("unregistering ConsoleKit session %s", ++ ck_connector_get_cookie(s->ckc)); ++ ck_connector_unref(s->ckc); ++ s->ckc = NULL; ++ } ++} ++ ++#endif /* USE_CONSOLEKIT */ +Index: b/consolekit.h +=================================================================== +--- /dev/null ++++ b/consolekit.h +@@ -0,0 +1,24 @@ ++/* ++ * Copyright (c) 2008 Colin Watson. All rights reserved. ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++ ++#ifdef USE_CONSOLEKIT ++ ++struct Session; ++ ++char * consolekit_register(struct Session *, const char *); ++void consolekit_unregister(struct Session *); ++ ++#endif /* USE_CONSOLEKIT */ +Index: b/monitor.c +=================================================================== +--- a/monitor.c ++++ b/monitor.c +@@ -97,6 +97,9 @@ + #include "ssh2.h" + #include "jpake.h" + #include "roaming.h" ++#ifdef USE_CONSOLEKIT ++#include "consolekit.h" ++#endif + + #ifdef GSSAPI + static Gssctxt *gsscontext = NULL; +@@ -192,6 +195,10 @@ + + static int monitor_read_log(struct monitor *); + ++#ifdef USE_CONSOLEKIT ++int mm_answer_consolekit_register(int, Buffer *); ++#endif ++ + static Authctxt *authctxt; + static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ + +@@ -283,6 +290,9 @@ + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, + #endif ++#ifdef USE_CONSOLEKIT ++ {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, ++#endif + {0, 0, NULL} + }; + +@@ -325,6 +335,9 @@ + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, + #endif ++#ifdef USE_CONSOLEKIT ++ {MONITOR_REQ_CONSOLEKIT_REGISTER, 0, mm_answer_consolekit_register}, ++#endif + {0, 0, NULL} + }; + +@@ -495,6 +508,9 @@ + monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); + } ++#ifdef USE_CONSOLEKIT ++ monitor_permit(mon_dispatch, MONITOR_REQ_CONSOLEKIT_REGISTER, 1); ++#endif + + for (;;) + monitor_read(pmonitor, mon_dispatch, NULL); +@@ -2196,6 +2212,34 @@ + buffer_put_int(m, major); + buffer_put_string(m, hash.value, hash.length); + ++#ifdef USE_CONSOLEKIT ++int ++mm_answer_consolekit_register(int sock, Buffer *m) ++{ ++ Session *s; ++ char *tty, *display; ++ char *cookie = NULL; ++ ++ debug3("%s entering", __func__); ++ ++ tty = buffer_get_string(m, NULL); ++ display = buffer_get_string(m, NULL); ++ s = session_by_tty(tty); ++ if (s != NULL) ++ cookie = consolekit_register(s, display); ++ buffer_clear(m); ++ buffer_put_cstring(m, cookie != NULL ? cookie : ""); ++ mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); ++ ++ if (cookie != NULL) ++ xfree(cookie); ++ xfree(display); ++ xfree(tty); ++ ++ return (0); ++} ++#endif /* USE_CONSOLEKIT */ ++ + mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); + + gss_release_buffer(&minor, &hash); +Index: b/monitor.h +=================================================================== +--- a/monitor.h ++++ b/monitor.h +@@ -62,6 +62,7 @@ + MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, + MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, ++ MONITOR_REQ_CONSOLEKIT_REGISTER, MONITOR_ANS_CONSOLEKIT_REGISTER, + MONITOR_REQ_TERM, + MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, + MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, +Index: b/monitor_wrap.c +=================================================================== +--- a/monitor_wrap.c ++++ b/monitor_wrap.c +@@ -1310,6 +1310,37 @@ + mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) + { + Buffer m; ++ ++#ifdef USE_CONSOLEKIT ++char * ++mm_consolekit_register(Session *s, const char *display) ++{ ++ Buffer m; ++ char *cookie; ++ ++ debug3("%s entering", __func__); ++ ++ if (s->ttyfd == -1) ++ return NULL; ++ buffer_init(&m); ++ buffer_put_cstring(&m, s->tty); ++ buffer_put_cstring(&m, display != NULL ? display : ""); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_CONSOLEKIT_REGISTER, &m); ++ buffer_clear(&m); ++ ++ mm_request_receive_expect(pmonitor->m_recvfd, ++ MONITOR_ANS_CONSOLEKIT_REGISTER, &m); ++ cookie = buffer_get_string(&m, NULL); ++ buffer_free(&m); ++ ++ /* treat empty cookie as missing cookie */ ++ if (strlen(cookie) == 0) { ++ xfree(cookie); ++ cookie = NULL; ++ } ++ return (cookie); ++} ++#endif /* USE_CONSOLEKIT */ + OM_uint32 major; + u_int len; + +Index: b/monitor_wrap.h +=================================================================== +--- a/monitor_wrap.h ++++ b/monitor_wrap.h +@@ -131,4 +131,8 @@ + void mm_zfree(struct mm_master *, void *); + void mm_init_compression(struct mm_master *); + ++#ifdef USE_CONSOLEKIT ++char *mm_consolekit_register(struct Session *, const char *); ++#endif /* USE_CONSOLEKIT */ ++ + #endif /* _MM_WRAP_H_ */ +Index: b/session.c +=================================================================== +--- a/session.c ++++ b/session.c +@@ -91,6 +91,7 @@ + #include "kex.h" + #include "monitor_wrap.h" + #include "sftp.h" ++#include "consolekit.h" + + #if defined(KRB5) && defined(USE_AFS) + #include +@@ -1129,6 +1130,9 @@ + #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) + char *path = NULL; + #endif ++#ifdef USE_CONSOLEKIT ++ const char *ckcookie = NULL; ++#endif /* USE_CONSOLEKIT */ + + /* Initialize the environment. */ + envsize = 100; +@@ -1273,6 +1277,11 @@ + child_set_env(&env, &envsize, "KRB5CCNAME", + s->authctxt->krb5_ccname); + #endif ++#ifdef USE_CONSOLEKIT ++ ckcookie = PRIVSEP(consolekit_register(s, s->display)); ++ if (ckcookie) ++ child_set_env(&env, &envsize, "XDG_SESSION_COOKIE", ckcookie); ++#endif /* USE_CONSOLEKIT */ + #ifdef USE_PAM + /* + * Pull in any environment variables that may have +@@ -2300,6 +2309,10 @@ + + debug("session_pty_cleanup: session %d release %s", s->self, s->tty); + ++#ifdef USE_CONSOLEKIT ++ consolekit_unregister(s); ++#endif /* USE_CONSOLEKIT */ ++ + /* Record that the user has logged out. */ + if (s->pid != 0) + record_logout(s->pid, s->tty, s->pw->pw_name); +Index: b/session.h +=================================================================== +--- a/session.h ++++ b/session.h +@@ -26,6 +26,8 @@ + #ifndef SESSION_H + #define SESSION_H + ++struct _CkConnector; ++ + #define TTYSZ 64 + typedef struct Session Session; + struct Session { +@@ -60,6 +62,10 @@ + char *name; + char *val; + } *env; ++ ++#ifdef USE_CONSOLEKIT ++ struct _CkConnector *ckc; ++#endif /* USE_CONSOLEKIT */ + }; + + void do_authenticated(Authctxt *); diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 12877d32f..ae32969ea 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch @@ -9,7 +9,7 @@ Index: b/Makefile.in =================================================================== --- a/Makefile.in +++ b/Makefile.in -@@ -283,9 +283,9 @@ +@@ -284,9 +284,9 @@ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 -rm -f $(DESTDIR)$(bindir)/slogin diff --git a/debian/patches/series b/debian/patches/series index dd34d62e0..c5cf8de4b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -17,6 +17,9 @@ syslog-level-silent.patch quieter-signals.patch helpful-wait-terminate.patch +# ConsoleKit +consolekit.patch + # Miscellaneous bug fixes user-group-modes.patch scp-quoting.patch -- cgit v1.2.3