Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 1 | From 7d2fea61a95e9498b5a19c8cffcb2ab5631d5685 Mon Sep 17 00:00:00 2001 |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 2 | From: Tom Hochstein <tom.hochstein@nxp.com> |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 3 | Date: Wed, 22 Feb 2017 15:53:30 +0200 |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 4 | Subject: [PATCH] weston-launch: Provide a default version that doesn't require |
| 5 | PAM |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 6 | |
| 7 | weston-launch requires PAM for starting weston as a non-root user. |
| 8 | |
| 9 | Since starting weston as root is a valid use case by itself, if |
| 10 | PAM is not available, provide a default version of weston-launch |
| 11 | without non-root-user support. |
| 12 | |
| 13 | Upstream-Status: Pending |
| 14 | |
| 15 | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 16 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 17 | Signed-off-by: Denys Dmytriyenko <denys@ti.com> |
| 18 | |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 19 | --- |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 20 | configure.ac | 9 +++++++-- |
| 21 | libweston/weston-launch.c | 20 ++++++++++++++++++++ |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 22 | 2 files changed, 27 insertions(+), 2 deletions(-) |
| 23 | |
| 24 | diff --git a/configure.ac b/configure.ac |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 25 | index 6da6e04..681f7c8 100644 |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 26 | --- a/configure.ac |
| 27 | +++ b/configure.ac |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 28 | @@ -515,13 +515,17 @@ AC_ARG_ENABLE(resize-optimization, |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 29 | AS_IF([test "x$enable_resize_optimization" = "xyes"], |
| 30 | [AC_DEFINE([USE_RESIZE_POOL], [1], [Use resize memory pool as a performance optimization])]) |
| 31 | |
| 32 | +AC_ARG_WITH(pam, |
| 33 | + AS_HELP_STRING([--with-pam], [Use PAM]), |
| 34 | + [use_pam=$withval], [use_pam=yes]) |
| 35 | AC_ARG_ENABLE(weston-launch, [ --enable-weston-launch],, enable_weston_launch=yes) |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 36 | AM_CONDITIONAL(BUILD_WESTON_LAUNCH, test x$enable_weston_launch = xyes) |
| 37 | -if test x$enable_weston_launch = xyes; then |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 38 | +if test x$enable_weston_launch = xyes -a x$use_pam = xyes; then |
| 39 | WESTON_SEARCH_LIBS([PAM], [pam], [pam_open_session], [have_pam=yes], [have_pam=no]) |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 40 | if test x$have_pam = xno; then |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 41 | - AC_ERROR([weston-launch requires pam]) |
| 42 | + AC_ERROR([PAM support is explicitly requested, but libpam couldn't be found]) |
| 43 | fi |
| 44 | + AC_DEFINE([HAVE_PAM], [1], [Define if PAM is available]) |
| 45 | fi |
| 46 | |
| 47 | AM_CONDITIONAL(HAVE_PANGO, test "x$have_pango" = "xyes") |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 48 | @@ -767,6 +771,7 @@ AC_MSG_RESULT([ |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 49 | Enable developer documentation ${enable_devdocs} |
| 50 | |
| 51 | weston-launch utility ${enable_weston_launch} |
| 52 | + PAM support ${use_pam} |
| 53 | systemd-login support ${have_systemd_login} |
| 54 | systemd notify support ${enable_systemd_notify} |
| 55 | |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 56 | diff --git a/libweston/weston-launch.c b/libweston/weston-launch.c |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 57 | index 9064439..c6abe92 100644 |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 58 | --- a/libweston/weston-launch.c |
| 59 | +++ b/libweston/weston-launch.c |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 60 | @@ -51,7 +51,9 @@ |
| 61 | |
| 62 | #include <pwd.h> |
| 63 | #include <grp.h> |
| 64 | +#ifdef HAVE_PAM |
| 65 | #include <security/pam_appl.h> |
| 66 | +#endif |
| 67 | |
| 68 | #ifdef HAVE_SYSTEMD_LOGIN |
| 69 | #include <systemd/sd-login.h> |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 70 | @@ -101,8 +103,10 @@ drmSetMaster(int drm_fd) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 71 | #endif |
| 72 | |
| 73 | struct weston_launch { |
| 74 | +#ifdef HAVE_PAM |
| 75 | struct pam_conv pc; |
| 76 | pam_handle_t *ph; |
| 77 | +#endif |
| 78 | int tty; |
| 79 | int ttynr; |
| 80 | int sock[2]; |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 81 | @@ -191,6 +195,7 @@ weston_launch_allowed(struct weston_launch *wl) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 82 | return false; |
| 83 | } |
| 84 | |
| 85 | +#ifdef HAVE_PAM |
| 86 | static int |
| 87 | pam_conversation_fn(int msg_count, |
| 88 | const struct pam_message **messages, |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 89 | @@ -231,6 +236,7 @@ setup_pam(struct weston_launch *wl) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 90 | |
| 91 | return 0; |
| 92 | } |
| 93 | +#endif |
| 94 | |
| 95 | static int |
| 96 | setup_launcher_socket(struct weston_launch *wl) |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 97 | @@ -424,6 +430,7 @@ quit(struct weston_launch *wl, int status) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 98 | close(wl->signalfd); |
| 99 | close(wl->sock[0]); |
| 100 | |
| 101 | +#ifdef HAVE_PAM |
| 102 | if (wl->new_user) { |
| 103 | err = pam_close_session(wl->ph, 0); |
| 104 | if (err) |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 105 | @@ -431,6 +438,7 @@ quit(struct weston_launch *wl, int status) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 106 | err, pam_strerror(wl->ph, err)); |
| 107 | pam_end(wl->ph, err); |
| 108 | } |
| 109 | +#endif |
| 110 | |
| 111 | if (ioctl(wl->tty, KDSKBMUTE, 0) && |
| 112 | ioctl(wl->tty, KDSKBMODE, wl->kb_mode)) |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 113 | @@ -610,6 +618,7 @@ setup_session(struct weston_launch *wl, char **child_argv) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 114 | setenv("HOME", wl->pw->pw_dir, 1); |
| 115 | setenv("SHELL", wl->pw->pw_shell, 1); |
| 116 | |
| 117 | +#ifdef HAVE_PAM |
| 118 | env = pam_getenvlist(wl->ph); |
| 119 | if (env) { |
| 120 | for (i = 0; env[i]; ++i) { |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 121 | @@ -618,6 +627,7 @@ setup_session(struct weston_launch *wl, char **child_argv) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 122 | } |
| 123 | free(env); |
| 124 | } |
| 125 | +#endif |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 126 | |
Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 127 | /* |
| 128 | * We open a new session, so it makes sense |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 129 | @@ -685,8 +695,10 @@ static void |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 130 | help(const char *name) |
| 131 | { |
| 132 | fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", name); |
| 133 | +#ifdef HAVE_PAM |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 134 | fprintf(stderr, " -u, --user Start session as specified username,\n" |
| 135 | " e.g. -u joe, requires root.\n"); |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 136 | +#endif |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 137 | fprintf(stderr, " -t, --tty Start session on alternative tty,\n" |
| 138 | " e.g. -t /dev/tty4, requires -u option.\n"); |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 139 | fprintf(stderr, " -v, --verbose Be verbose\n"); |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 140 | @@ -700,7 +712,9 @@ main(int argc, char *argv[]) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 141 | int i, c; |
| 142 | char *tty = NULL; |
| 143 | struct option opts[] = { |
| 144 | +#ifdef HAVE_PAM |
| 145 | { "user", required_argument, NULL, 'u' }, |
| 146 | +#endif |
| 147 | { "tty", required_argument, NULL, 't' }, |
| 148 | { "verbose", no_argument, NULL, 'v' }, |
| 149 | { "help", no_argument, NULL, 'h' }, |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 150 | @@ -712,9 +726,13 @@ main(int argc, char *argv[]) |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 151 | while ((c = getopt_long(argc, argv, "u:t:vh", opts, &i)) != -1) { |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 152 | switch (c) { |
| 153 | case 'u': |
| 154 | +#ifdef HAVE_PAM |
| 155 | wl.new_user = optarg; |
| 156 | if (getuid() != 0) |
| 157 | error(1, 0, "Permission denied. -u allowed for root only"); |
| 158 | +#else |
| 159 | + error(1, 0, "-u is unsupported in this weston-launch build"); |
| 160 | +#endif |
| 161 | break; |
| 162 | case 't': |
| 163 | tty = optarg; |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame^] | 164 | @@ -755,8 +773,10 @@ main(int argc, char *argv[]) |
Patrick Williams | c0f7c04 | 2017-02-23 20:41:17 -0600 | [diff] [blame] | 165 | if (setup_tty(&wl, tty) < 0) |
| 166 | exit(EXIT_FAILURE); |
| 167 | |
| 168 | +#ifdef HAVE_PAM |
| 169 | if (wl.new_user && setup_pam(&wl) < 0) |
| 170 | exit(EXIT_FAILURE); |
| 171 | +#endif |
| 172 | |
| 173 | if (setup_launcher_socket(&wl) < 0) |
| 174 | exit(EXIT_FAILURE); |