diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2024-05-21 09:01:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-21 09:01:17 +0200 |
| commit | 72192b6cc9b856c10abc7f1e5f98240fde17b8b4 (patch) | |
| tree | e23d9b71c103c83f3bb938428bf84dc8c47210e1 | |
| parent | Merge pull request #32942 from yuwata/test-journal-sync-more (diff) | |
| parent | logind: make ReleaseSession "unprivileged" and allow closing of own session (diff) | |
| download | systemd-72192b6cc9b856c10abc7f1e5f98240fde17b8b4.tar.xz systemd-72192b6cc9b856c10abc7f1e5f98240fde17b8b4.zip | |
Merge pull request #32869 from keszybz/dbus-release-session
Allow pam stack to call ReleaseSession
| -rw-r--r-- | man/org.freedesktop.login1.xml | 1 | ||||
| -rw-r--r-- | src/login/logind-dbus.c | 11 | ||||
| -rw-r--r-- | src/login/org.freedesktop.login1.conf | 20 |
3 files changed, 21 insertions, 11 deletions
diff --git a/man/org.freedesktop.login1.xml b/man/org.freedesktop.login1.xml index dffd16e325..20936a6936 100644 --- a/man/org.freedesktop.login1.xml +++ b/man/org.freedesktop.login1.xml @@ -104,7 +104,6 @@ node /org/freedesktop/login1 { out s seat_id, out u vtnr, out b existing); - @org.freedesktop.systemd1.Privileged("true") ReleaseSession(in s session_id); ActivateSession(in s session_id); ActivateSessionOnSeat(in s session_id, diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 70fc9aeebf..5fdf28ced0 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1172,7 +1172,7 @@ static int method_create_session_pidfd(sd_bus_message *message, void *userdata, static int method_release_session(sd_bus_message *message, void *userdata, sd_bus_error *error) { Manager *m = ASSERT_PTR(userdata); - Session *session; + Session *session, *sender_session; const char *name; int r; @@ -1186,6 +1186,13 @@ static int method_release_session(sd_bus_message *message, void *userdata, sd_bu if (r < 0) return r; + r = get_sender_session(m, message, /* consult_display= */ false, error, &sender_session); + if (r < 0) + return r; + + if (session != sender_session) + return sd_bus_error_set(error, BUS_ERROR_NOT_IN_CONTROL, "You are not in control of this session"); + r = session_release(session); if (r < 0) return r; @@ -3767,7 +3774,7 @@ static const sd_bus_vtable manager_vtable[] = { SD_BUS_ARGS("s", session_id), SD_BUS_NO_RESULT, method_release_session, - 0), + SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD_WITH_ARGS("ActivateSession", SD_BUS_ARGS("s", session_id), SD_BUS_NO_RESULT, diff --git a/src/login/org.freedesktop.login1.conf b/src/login/org.freedesktop.login1.conf index 9b59e9ce55..dff944f172 100644 --- a/src/login/org.freedesktop.login1.conf +++ b/src/login/org.freedesktop.login1.conf @@ -275,6 +275,10 @@ send_member="FlushDevices"/> <allow send_destination="org.freedesktop.login1" + send_interface="org.freedesktop.login1.Manager" + send_member="ReleaseSession"/> + + <allow send_destination="org.freedesktop.login1" send_interface="org.freedesktop.login1.Seat" send_member="Terminate"/> @@ -355,14 +359,6 @@ send_member="SetBrightness"/> <allow send_destination="org.freedesktop.login1" - send_interface="org.freedesktop.login1.User" - send_member="Terminate"/> - - <allow send_destination="org.freedesktop.login1" - send_interface="org.freedesktop.login1.User" - send_member="Kill"/> - - <allow send_destination="org.freedesktop.login1" send_interface="org.freedesktop.login1.Session" send_member="SetDisplay"/> @@ -370,6 +366,14 @@ send_interface="org.freedesktop.login1.Session" send_member="SetTTY"/> + <allow send_destination="org.freedesktop.login1" + send_interface="org.freedesktop.login1.User" + send_member="Terminate"/> + + <allow send_destination="org.freedesktop.login1" + send_interface="org.freedesktop.login1.User" + send_member="Kill"/> + <allow receive_sender="org.freedesktop.login1"/> </policy> |