diff --git a/NEWS b/NEWS index e0a7c270..b9854358 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,19 @@ D-Bus 1.11.18 (UNRELEASED) == +Build-time configuration changes: + +• By default, dbus-daemon on Unix no longer checks for flag files + /var/run/console/${username} created by the obsolete pam_console and + pam_foreground PAM modules when deciding whether ${username} is + currently at the console. The old default behaviour can be restored + by specifying --with-console-auth-dir=/var/run/console in the + recommended Autotools build system, or + -DDBUS_CONSOLE_AUTH_DIR=/var/run/console in CMake. This feature is + now deprecated, and will be removed in dbus 1.13 unless feedback via + fd.o #101629 indicates that this would be problematic. + (fd.o #101629, Simon McVittie) + Enhancements: • and rules in dbus-daemon configuration can now diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index 9f41ca74..a003f282 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -435,11 +435,7 @@ endif() # Not used on Windows, where there is no system bus set (DBUS_SYSTEM_PID_FILE ${DBUS_RUNSTATEDIR}/dbus/pid) -if (WIN32) - set (DBUS_CONSOLE_AUTH_DIR "") -else (WIN32) - set (DBUS_CONSOLE_AUTH_DIR "/var/run/console/") -endif (WIN32) +set (DBUS_CONSOLE_AUTH_DIR "" CACHE STRING "Directory to check for pam_console/pam_foreground flag files, or empty to ignore") # This won't work on Windows. It's not meant to - the system bus is # meaningless on Windows anyway. @@ -611,7 +607,13 @@ message(" System bus socket: ${DBUS_SYSTEM_SOCKET} " message(" System bus PID file: ${DBUS_SYSTEM_PID_FILE} ") message(" System bus user: ${DBUS_USER} ") message(" Session bus socket dir: ${DBUS_SESSION_SOCKET_DIR} ") -message(" Console auth dir: ${DBUS_CONSOLE_AUTH_DIR} ") + +if(DBUS_CONSOLE_AUTH_DIR) +message(" pam_console auth dir: ${DBUS_CONSOLE_AUTH_DIR} ") +else() +message(" pam_console auth dir: (none) ") +endif() + message(" 'make check' socket dir: ${TEST_SOCKET_DIR} ") endif() message(" Test listen address: ${TEST_LISTEN} ") diff --git a/configure.ac b/configure.ac index 05182d1f..8b011e7e 100644 --- a/configure.ac +++ b/configure.ac @@ -1606,16 +1606,10 @@ fi AC_SUBST(DBUS_SYSTEM_PID_FILE) #### Directory to check for console ownership -if ! test -z "$with_console_auth_dir"; then - DBUS_CONSOLE_AUTH_DIR=$with_console_auth_dir -else - # We don't use runstatedir for this, because /var/run is the - # path that was traditionally used by pam_console and pam_foreground. - DBUS_CONSOLE_AUTH_DIR=/var/run/console/ -fi - -AC_SUBST(DBUS_CONSOLE_AUTH_DIR) -AC_DEFINE_UNQUOTED(DBUS_CONSOLE_AUTH_DIR, "$DBUS_CONSOLE_AUTH_DIR", [Directory to check for console ownerhip]) +AS_IF([test -n "$with_console_auth_dir" && test "x$with_console_auth_dir" != xno], + [AC_DEFINE_UNQUOTED([DBUS_CONSOLE_AUTH_DIR], ["$with_console_auth_dir"], + [Directory to check for pam_console/pam_foreground flag files, or undefined])], + [with_console_auth_dir=]) #### File to check for console ownership if test x$have_console_owner_file = xyes; then @@ -1982,7 +1976,7 @@ echo " System bus PID file: ${DBUS_SYSTEM_PID_FILE} Session bus listens on: ${DBUS_SESSION_BUS_LISTEN_ADDRESS} Session clients connect to: ${DBUS_SESSION_BUS_CONNECT_ADDRESS} - Console auth dir: ${DBUS_CONSOLE_AUTH_DIR} + pam_console auth dir: ${with_console_auth_dir:-(none)} Console owner file: ${have_console_owner_file} Console owner file path: ${DBUS_CONSOLE_OWNER_FILE} System bus user: ${DBUS_USER} diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 5d08c0ba..2be5b779 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -548,7 +548,7 @@ dbus_bool_t _dbus_user_at_console (const char *username, DBusError *error) { - +#ifdef DBUS_CONSOLE_AUTH_DIR DBusString u, f; dbus_bool_t result; @@ -579,6 +579,9 @@ _dbus_user_at_console (const char *username, _dbus_string_free (&f); return result; +#else + return FALSE; +#endif } diff --git a/tools/ci-build.sh b/tools/ci-build.sh index b5dcb606..2aa283a7 100755 --- a/tools/ci-build.sh +++ b/tools/ci-build.sh @@ -175,6 +175,9 @@ case "$ci_buildsys" in set "$@" --disable-launchd --disable-systemd # No X11 autolaunching set "$@" --disable-x11-autolaunch + # Re-enable the deprecated pam_console support to make + # sure it still builds + set "$@" --with-console-auth-dir=/var/run/console shift ;;