pool/polkit
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9cd6695f73
polkit/polkit-revert-session-magic.patch
Marcus Meissner 8404e7816a Accepting request 346395 from home:msmeissn:branches:Base:System 
- revert a session detection change that could lead
  to sessions not being detected as active due to 
  a systemd bug. bsc#954139

OBS-URL: https://build.opensuse.org/request/show/346395
OBS-URL: https://build.opensuse.org/package/show/Base:System/polkit?expand=0&rev=107
2015-11-26 16:31:33 +00:00

67 lines
2.6 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

commit a29653ffa99e0809e15aa34afcd7b2df8593871c
Author: Philip Withnall <philip.withnall@collabora.co.uk>
Date: Tue Jun 2 16:19:51 2015 +0100
sessionmonitor-systemd: Use sd_uid_get_state() to check session activity
Instead of using sd_pid_get_session() then sd_session_is_active() to
determine whether the user is active, use sd_uid_get_state() directly.
This gets the maximum of the states of all the users sessions, rather
than the state of the session containing the subject process. Since the
user is the security boundary, this is fine.
This change is necessary for `systemd --user` sessions, where most user
code will be forked off user@.service, rather than running inside the
logind session (whether that be a foreground/active or background/online
session).
Policy-wise, the change is from checking whether the subject process is
in an active session; to checking whether the subject process is owned
by a user with at least one active session.
https://bugs.freedesktop.org/show_bug.cgi?id=76358
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
index 9995f87..2a6c739 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
@@ -389,6 +389,37 @@ gboolean
polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
- return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
+ const char *session_id;
+ char *state;
+ uid_t uid;
+ gboolean is_active = FALSE;
+
+ session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session));
+
+ g_debug ("Checking whether session %s is active.", session_id);
+
+ /* Check whether *any* of the user's current sessions are active. */
+ if (sd_session_get_uid (session_id, &uid) < 0)
+ goto fallback;
+
+ g_debug ("Session %s has UID %u.", session_id, uid);
+
+ if (sd_uid_get_state (uid, &state) < 0)
+ goto fallback;
+
+ g_debug ("UID %u has state %s.", uid, state);
+
+ is_active = (g_strcmp0 (state, "active") == 0);
+ free (state);
+
+ return is_active;
+
+fallback:
+ /* Fall back to checking the session. This is not ideal, since the user
+ * might have multiple sessions, and we cannot guarantee to have chosen
+ * the active one.
+ *
+ * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */
+ return sd_session_is_active (session_id);
}
Reference in New Issue View Git Blame Copy Permalink