/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Copyright (C) 2008 - 2015 Red Hat, Inc.
* Author: David Zeuthen <davidz@redhat.com>
* Author: Dan Williams <dcbw@redhat.com>
* Author: Matthias Clasen
* Author: Pavel Šimerda <psimerda@redhat.com>
*/
#include "nm-default.h"
#include "nm-session-monitor.h"
#include <pwd.h>
#include <sys/stat.h>
#if SESSION_TRACKING_SYSTEMD && SESSION_TRACKING_ELOGIND
#error Cannot build both systemd-logind and elogind support
#endif
#if SESSION_TRACKING_SYSTEMD
#include <systemd/sd-login.h>
#define LOGIND_NAME "systemd-logind"
#endif
#if SESSION_TRACKING_ELOGIND
#include <elogind/sd-login.h>
#define LOGIND_NAME "elogind"
#endif
#include "NetworkManagerUtils.h"
#define SESSION_TRACKING_XLOGIND (SESSION_TRACKING_SYSTEMD || SESSION_TRACKING_ELOGIND)
#define CKDB_PATH "/run/ConsoleKit/database"
/*****************************************************************************/
enum {
CHANGED,
LAST_SIGNAL,
};
static guint signals[LAST_SIGNAL] = {0};
struct _NMSessionMonitor {
GObject parent;
#if SESSION_TRACKING_XLOGIND
struct {
sd_login_monitor *monitor;
GSource * watch;
} sd;
#endif
#if SESSION_TRACKING_CONSOLEKIT
struct {
GFileMonitor *monitor;
GHashTable * cache;
time_t timestamp;
} ck;
#endif
};
struct _NMSessionMonitorClass {
GObjectClass parent;
};
G_DEFINE_TYPE(NMSessionMonitor, nm_session_monitor, G_TYPE_OBJECT);
#define _NMLOG_DOMAIN LOGD_CORE
#define _NMLOG(level, ...) __NMLOG_DEFAULT(level, _NMLOG_DOMAIN, "session-monitor", __VA_ARGS__)
/*****************************************************************************/
#if SESSION_TRACKING_XLOGIND
static gboolean
st_sd_session_exists(NMSessionMonitor *monitor, uid_t uid, gboolean active)
{
int status;
if (!monitor->sd.monitor)
return FALSE;
status = sd_uid_get_sessions(uid, active, NULL);
if (status < 0)
_LOGE("failed to get " LOGIND_NAME " sessions for uid %d: %d", uid, status);
return status > 0;
}
static gboolean
st_sd_changed(int fd, GIOCondition condition, gpointer user_data)
{
NMSessionMonitor *monitor = user_data;
g_signal_emit(monitor, signals[CHANGED], 0);
sd_login_monitor_flush(monitor->sd.monitor);
return G_SOURCE_CONTINUE;
}
static void
st_sd_init(NMSessionMonitor *monitor)
{
int status;
if (!g_file_test("/run/systemd/seats/", G_FILE_TEST_EXISTS))
return;
if ((status = sd_login_monitor_new(NULL, &monitor->sd.monitor)) < 0) {
_LOGE("failed to create " LOGIND_NAME " monitor: %d", status);
return;
}
monitor->sd.watch = nm_g_unix_fd_source_new(sd_login_monitor_get_fd(monitor->sd.monitor),
G_IO_IN,
G_PRIORITY_DEFAULT,
st_sd_changed,
monitor,
NULL);
g_source_attach(monitor->sd.watch, NULL);
}
static void
st_sd_finalize(NMSessionMonitor *monitor)
{
if (monitor->sd.monitor) {
sd_login_monitor_unref(monitor->sd.monitor);
monitor->sd.monitor = NULL;
}
nm_clear_g_source_inst(&monitor->sd.watch);
}
#endif /* SESSION_TRACKING_XLOGIND */
/*****************************************************************************/
#if SESSION_TRACKING_CONSOLEKIT
typedef struct {
gboolean active;
} CkSession;
static gboolean
ck_load_cache(GHashTable *cache)
{
GKeyFile *keyfile = g_key_file_new();
char ** groups = NULL;
GError * error = NULL;
gsize i, len;
gboolean finished = FALSE;
if (!g_key_file_load_from_file(keyfile, CKDB_PATH, G_KEY_FILE_NONE, &error))
goto out;
if (!(groups = g_key_file_get_groups(keyfile, &len))) {
_LOGE("could not load groups from " CKDB_PATH);
goto out;
}
g_hash_table_remove_all(cache);
for (i = 0; i < len; i++) {
guint uid = G_MAXUINT;
CkSession session = {.active = FALSE};
if (!g_str_has_prefix(groups[i], "Session "))
continue;
uid = g_key_file_get_integer(keyfile, groups[i], "uid", &error);
if (error)
goto out;
session.active = g_key_file_get_boolean(keyfile, groups[i], "is_active", &error);
if (error)
goto out;
g_hash_table_insert(cache, GUINT_TO_POINTER(uid), nm_memdup(&session, sizeof session));
}
finished = TRUE;
out:
if (error)
_LOGE("failed to load ConsoleKit database: %s", error->message);
g_clear_error(&error);
nm_clear_pointer(&groups, g_strfreev);
nm_clear_pointer(&keyfile, g_key_file_free);
return finished;
}
static gboolean
ck_update_cache(NMSessionMonitor *monitor)
{
struct stat statbuf;
int errsv;
if (!monitor->ck.cache)
return FALSE;
/* Check the database file */
if (stat(CKDB_PATH, &statbuf) != 0) {
errsv = errno;
_LOGE("failed to check ConsoleKit timestamp: %s", nm_strerror_native(errsv));
return FALSE;
}
if (statbuf.st_mtime == monitor->ck.timestamp)
return TRUE;
/* Update the cache */
if (!ck_load_cache(monitor->ck.cache))
return FALSE;
monitor->ck.timestamp = statbuf.st_mtime;
return TRUE;
}
static gboolean
ck_session_exists(NMSessionMonitor *monitor, uid_t uid, gboolean active)
{
CkSession *session;
if (!ck_update_cache(monitor))
return FALSE;
session = g_hash_table_lookup(monitor->ck.cache, GUINT_TO_POINTER(uid));
if (!session)
return FALSE;
if (active && !session->active)
return FALSE;
return TRUE;
}
static void
ck_changed(GFileMonitor * file_monitor,
GFile * file,
GFile * other_file,
GFileMonitorEvent event_type,
gpointer user_data)
{
g_signal_emit(user_data, signals[CHANGED], 0);
}
static void
ck_init(NMSessionMonitor *monitor)
{
GFile * file = g_file_new_for_path(CKDB_PATH);
GError *error = NULL;
if (g_file_query_exists(file, NULL)) {
if ((monitor->ck.monitor = g_file_monitor_file(file, G_FILE_MONITOR_NONE, NULL, &error))) {
monitor->ck.cache = g_hash_table_new_full(nm_direct_hash, NULL, NULL, g_free);
g_signal_connect(monitor->ck.monitor, "changed", G_CALLBACK(ck_changed), monitor);
} else {
_LOGE("error monitoring " CKDB_PATH ": %s", error->message);
g_clear_error(&error);
}
}
g_object_unref(file);
}
static void
ck_finalize(NMSessionMonitor *monitor)
{
nm_clear_pointer(&monitor->ck.cache, g_hash_table_unref);
g_clear_object(&monitor->ck.monitor);
}
#endif /* SESSION_TRACKING_CONSOLEKIT */
/*****************************************************************************/
NM_DEFINE_SINGLETON_GETTER(NMSessionMonitor, nm_session_monitor_get, NM_TYPE_SESSION_MONITOR);
/**
* nm_session_monitor_session_exists:
* @self: the session monitor
* @uid: A user ID.
* @active: Ignore inactive sessions.
*
* Checks whether the given @uid is logged into an active session. Don't
* use this feature for security purposes. It is there just to allow you
* to prefer an agent from an active session over an agent from an
* inactive one.
*
* Returns: %FALSE if @error is set otherwise %TRUE if the given @uid is
* logged into an active session.
*/
gboolean
nm_session_monitor_session_exists(NMSessionMonitor *self, uid_t uid, gboolean active)
{
g_return_val_if_fail(NM_IS_SESSION_MONITOR(self), FALSE);
#if SESSION_TRACKING_XLOGIND
if (st_sd_session_exists(self, uid, active))
return TRUE;
#endif
#if SESSION_TRACKING_CONSOLEKIT
if (ck_session_exists(self, uid, active))
return TRUE;
#endif
return FALSE;
}
/*****************************************************************************/
static void
nm_session_monitor_init(NMSessionMonitor *monitor)
{
#if SESSION_TRACKING_XLOGIND
st_sd_init(monitor);
_LOGD("using " LOGIND_NAME " session tracking");
#endif
#if SESSION_TRACKING_CONSOLEKIT
ck_init(monitor);
_LOGD("using ConsoleKit session tracking");
#endif
}
static void
finalize(GObject *object)
{
#if SESSION_TRACKING_XLOGIND
st_sd_finalize(NM_SESSION_MONITOR(object));
#endif
#if SESSION_TRACKING_CONSOLEKIT
ck_finalize(NM_SESSION_MONITOR(object));
#endif
G_OBJECT_CLASS(nm_session_monitor_parent_class)->finalize(object);
}
static void
nm_session_monitor_class_init(NMSessionMonitorClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS(klass);
gobject_class->finalize = finalize;
/**
* NMSessionMonitor::changed:
* @monitor: A #NMSessionMonitor
*
* Emitted when something changes.
*/
signals[CHANGED] = g_signal_new(NM_SESSION_MONITOR_CHANGED,
NM_TYPE_SESSION_MONITOR,
G_SIGNAL_RUN_LAST,
0,
NULL,
NULL,
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE,
0);
}