Merge pull request #32869 from keszybz/dbus-release-session

Allow pam stack to call ReleaseSession
2025-01-24 06:04:05 +03:00 · 2024-05-21 09:01:17 +02:00 · 2024-05-21 09:01:17 +02:00 · 72192b6cc9
commit 72192b6cc9
parent 1bfa83e77d fc0bb7ccc7
3 changed files with 21 additions and 11 deletions
--- a/man/org.freedesktop.login1.xml
+++ b/man/org.freedesktop.login1.xml
@ -104,7 +104,6 @@ node /org/freedesktop/login1 {
                             out s seat_id,
                             out u vtnr,
                             out b existing);
      @org.freedesktop.systemd1.Privileged("true")
      ReleaseSession(in  s session_id);
      ActivateSession(in  s session_id);
      ActivateSessionOnSeat(in  s session_id,
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@ -1172,7 +1172,7 @@ static int method_create_session_pidfd(sd_bus_message *message, void *userdata,
 static int method_release_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
        Manager *m = ASSERT_PTR(userdata);
-        Session *session;
+        Session *session, *sender_session;
        const char *name;
        int r;
@ -1186,6 +1186,13 @@ static int method_release_session(sd_bus_message *message, void *userdata, sd_bu
        if (r < 0)
                return r;
        r = get_sender_session(m, message, /* consult_display= */ false, error, &sender_session);
        if (r < 0)
                return r;
        if (session != sender_session)
                return sd_bus_error_set(error, BUS_ERROR_NOT_IN_CONTROL, "You are not in control of this session");
        r = session_release(session);
        if (r < 0)
                return r;
@ -3767,7 +3774,7 @@ static const sd_bus_vtable manager_vtable[] = {
                                SD_BUS_ARGS("s", session_id),
                                SD_BUS_NO_RESULT,
                                method_release_session,
-                                0),
+                                SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD_WITH_ARGS("ActivateSession",
                                SD_BUS_ARGS("s", session_id),
                                SD_BUS_NO_RESULT,
--- a/src/login/org.freedesktop.login1.conf
+++ b/src/login/org.freedesktop.login1.conf
@ -274,6 +274,10 @@
                       send_interface="org.freedesktop.login1.Manager"
                       send_member="FlushDevices"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.Manager"
                       send_member="ReleaseSession"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.Seat"
                       send_member="Terminate"/>
@ -354,14 +358,6 @@
                       send_interface="org.freedesktop.login1.Session"
                       send_member="SetBrightness"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.User"
                       send_member="Terminate"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.User"
                       send_member="Kill"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.Session"
                       send_member="SetDisplay"/>
@ -370,6 +366,14 @@
                       send_interface="org.freedesktop.login1.Session"
                       send_member="SetTTY"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.User"
                       send_member="Terminate"/>
                <allow send_destination="org.freedesktop.login1"
                       send_interface="org.freedesktop.login1.User"
                       send_member="Kill"/>
                <allow receive_sender="org.freedesktop.login1"/>
        </policy>