- Try opening the console-kit session after the user's UID has already been
granted access to the server by localuser.sh, so that
console-kit-daemon can connect and ask the server for information just
by having switch to the user's UID (#287941).
This commit is contained in:
Nalin Dahyabhai
parent
67a11219f7
commit
6a6479cb4b
90
ck-xinit-session.c
Normal file
90
ck-xinit-session.c
Normal file
@ -0,0 +1,90 @@
|
||||
/*
|
||||
* Copyright Red Hat, Inc. 2007.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
* * Neither the name of Red Hat, Inc., nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||||
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
||||
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* Gate a process inside of a ConsoleKit session.
|
||||
*
|
||||
* We want to do this instead of doing it from inside of xinit because at the
|
||||
* point we're doing it, we've already added the user's UID to the list of
|
||||
* allowed clients for the X server, so the ConsoleKit daemon, which assumes
|
||||
* the user's UID, will be able to connect without needing to be able to read
|
||||
* the user's X cookies.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <paths.h>
|
||||
#include <stdlib.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
#include <ck-connector.h>
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
CkConnector *ckc = NULL;
|
||||
DBusError error;
|
||||
const char *shell;
|
||||
pid_t pid;
|
||||
int status;
|
||||
|
||||
ckc = ck_connector_new();
|
||||
if (ckc != NULL) {
|
||||
dbus_error_init (&error);
|
||||
if (ck_connector_open_session(ckc, &error)) {
|
||||
pid = fork();
|
||||
switch (pid) {
|
||||
case -1:
|
||||
syslog(LOG_ERR, "error forking child");
|
||||
break;
|
||||
case 0:
|
||||
setenv("XDG_SESSION_COOKIE",
|
||||
ck_connector_get_cookie(ckc), 1);
|
||||
break;
|
||||
default:
|
||||
waitpid(pid, &status, 0);
|
||||
exit(status);
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
syslog(LOG_ERR, "error connecting to console-kit");
|
||||
}
|
||||
} else {
|
||||
syslog(LOG_ERR, "error setting up to connect to console-kit");
|
||||
}
|
||||
if (argc > 1) {
|
||||
execvp(argv[1], argv + 1);
|
||||
} else {
|
||||
shell = getenv("SHELL");
|
||||
if (shell == NULL) {
|
||||
shell = _PATH_BSHELL;
|
||||
}
|
||||
execlp(shell, shell, NULL);
|
||||
}
|
||||
_exit(1);
|
||||
}
|
||||
8
xinitrc
8
xinitrc
@ -18,11 +18,11 @@
|
||||
# The user may have their own clients they want to run. If they don't,
|
||||
# fall back to system defaults.
|
||||
if [ -f $HOME/.Xclients ]; then
|
||||
exec $SSH_AGENT $DBUS_LAUNCH $HOME/.Xclients || \
|
||||
exec $SSH_AGENT $HOME/.Xclients
|
||||
exec $CK_XINIT_SESSION $SSH_AGENT $DBUS_LAUNCH $HOME/.Xclients || \
|
||||
exec $CK_XINIT_SESSION $SSH_AGENT $HOME/.Xclients
|
||||
elif [ -f /etc/X11/xinit/Xclients ]; then
|
||||
exec $SSH_AGENT $DBUS_LAUNCH /etc/X11/xinit/Xclients || \
|
||||
exec $SSH_AGENT /etc/X11/xinit/Xclients
|
||||
exec $CK_XINIT_SESSION $SSH_AGENT $DBUS_LAUNCH /etc/X11/xinit/Xclients || \
|
||||
exec $CK_XINIT_SESSION $SSH_AGENT /etc/X11/xinit/Xclients
|
||||
else
|
||||
# Failsafe settings. Although we should never get here
|
||||
# (we provide fallbacks in Xclients as well) it can't hurt.
|
||||
|
||||
@ -71,3 +71,5 @@ fi
|
||||
DBUS_LAUNCH=
|
||||
[ -x /usr/bin/dbus-launch -a -z "$DBUS_SESSION_BUS_ADDRESS" ] && DBUS_LAUNCH="/usr/bin/dbus-launch --exit-with-session"
|
||||
|
||||
CK_XINIT_SESSION=
|
||||
[ -x /usr/bin/ck-xinit-session ] && CK_XINIT_SESSION="/usr/bin/ck-xinit-session"
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Summary: X.Org X11 X Window System xinit startup scripts
|
||||
Name: xorg-x11-%{pkgname}
|
||||
Version: 1.0.7
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: MIT/X11
|
||||
Group: User Interface/X
|
||||
URL: http://www.x.org
|
||||
@ -19,6 +19,7 @@ Source14: Xresources
|
||||
# here instead of the xdm package.
|
||||
Source16: Xsession
|
||||
Source17: localuser.sh
|
||||
Source100: ck-xinit-session.c
|
||||
|
||||
Patch1: xinit-1.0.2-client-session.patch
|
||||
Patch2: xinit-1.0.7-poke-ck.patch
|
||||
@ -54,7 +55,7 @@ X.Org X11 X Window System xinit startup scripts
|
||||
%prep
|
||||
%setup -q -n %{pkgname}-%{version}
|
||||
%patch1 -p1 -b .client-session
|
||||
%patch2 -p1 -b .poke-ck
|
||||
#%patch2 -p1 -b .poke-ck
|
||||
|
||||
%build
|
||||
autoreconf
|
||||
@ -62,12 +63,17 @@ autoreconf
|
||||
# FIXME: Upstream should default to XINITDIR being this. Make a patch to
|
||||
# Makefile.am and submit it in a bug report or check into CVS.
|
||||
make XINITDIR=/etc/X11/xinit
|
||||
%{__cc} -o ck-xinit-session \
|
||||
`pkg-config --cflags ck-connector` $RPM_OPT_FLAGS \
|
||||
$RPM_SOURCE_DIR/ck-xinit-session.c \
|
||||
`pkg-config --libs ck-connector`
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
# FIXME: Upstream should default to XINITDIR being this. Make a patch to
|
||||
# Makefile.am and submit it in a bug report or check into CVS.
|
||||
%makeinstall XINITDIR=$RPM_BUILD_ROOT/etc/X11/xinit
|
||||
install -m755 ck-xinit-session $RPM_BUILD_ROOT/%{_bindir}
|
||||
|
||||
# Install Red Hat custom xinitrc, etc.
|
||||
{
|
||||
@ -92,6 +98,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%doc AUTHORS COPYING README NEWS ChangeLog
|
||||
%{_bindir}/startx
|
||||
%{_bindir}/xinit
|
||||
%{_bindir}/ck-xinit-session
|
||||
%dir %{_sysconfdir}/X11
|
||||
%dir %{_sysconfdir}/X11/xinit
|
||||
%{_sysconfdir}/X11/xinit/xinitrc
|
||||
@ -108,6 +115,12 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man1/xinit.1*
|
||||
|
||||
%changelog
|
||||
* Fri Oct 12 2007 Nalin Dahyabhai <nalin@redhat.com> 1.0.7-2
|
||||
- Try opening the console-kit session after the user's UID has already
|
||||
been granted access to the server by localuser.sh, so that console-kit-daemon
|
||||
can connect and ask the server for information just by having switch to the
|
||||
user's UID (#287941).
|
||||
|
||||
* Mon Sep 24 2007 Adam Jackson <ajax@redhat.com> 1.0.7-1
|
||||
- xinit 1.0.7
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user