From 1acfbbff463e5d9a7cbf4860059ca6b12e36dbe8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 10:28:14 +0200 Subject: [PATCH 01/12] man: document that pam_systemd actually sets XDG_SEAT and XDG_VTNR The old wording is not clear regarding whether the env var will be updated or just a fallbacked is used. --- man/pam_systemd.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 5eab995a52..ae500809bc 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -231,9 +231,9 @@ - If not set, pam_systemd will determine the - values for $XDG_SEAT and $XDG_VTNR - based on the $DISPLAY variable. + If not set, pam_systemd will initialize + $XDG_SEAT and $XDG_VTNR + based on the $DISPLAY variable (if the latter is set). From 2b2b7228bffef626fe8e9f131095995f3d50ee3b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 10:07:26 +0200 Subject: [PATCH 02/12] pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS Since D-Bus 1.9.14 (2015-03-02) dbus looks in $XDG_RUNTIME_DIR/bus for the system bus on its own, hence we can finally drop setting this environment variable. gdbus since glib 2.45.3 (June 2015) also supports it. --- README | 2 +- src/login/pam_systemd.c | 42 ----------------------------------------- 2 files changed, 1 insertion(+), 43 deletions(-) diff --git a/README b/README index 6801d0dc2d..c0b264abf4 100644 --- a/README +++ b/README @@ -169,7 +169,7 @@ REQUIREMENTS: dependencies: util-linux >= v2.27.1 required - dbus >= 1.4.0 (strictly speaking optional, but recommended) + dbus >= 1.9.14 (strictly speaking optional, but recommended) NOTE: If using dbus < 1.9.18, you should override the default policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). dracut (optional) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 7037c13cd8..f148b1bd81 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -160,40 +160,6 @@ static int get_seat_from_display(const char *display, const char **seat, uint32_ return 0; } -static int export_legacy_dbus_address( - pam_handle_t *handle, - uid_t uid, - const char *runtime) { - - _cleanup_free_ char *s = NULL; - int r = PAM_BUF_ERR; - - /* FIXME: We *really* should move the access() check into the - * daemons that spawn dbus-daemon, instead of forcing - * DBUS_SESSION_BUS_ADDRESS= here. */ - - s = strjoin(runtime, "/bus"); - if (!s) - goto error; - - if (access(s, F_OK) < 0) - return PAM_SUCCESS; - - s = mfree(s); - if (asprintf(&s, DEFAULT_USER_BUS_ADDRESS_FMT, runtime) < 0) - goto error; - - r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0); - if (r != PAM_SUCCESS) - goto error; - - return PAM_SUCCESS; - -error: - pam_syslog(handle, LOG_ERR, "Failed to set bus variable."); - return r; -} - static int append_session_memory_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) { uint64_t val; int r; @@ -338,10 +304,6 @@ _public_ PAM_EXTERN int pam_sm_open_session( return r; } - r = export_legacy_dbus_address(handle, pw->pw_uid, rt); - if (r != PAM_SUCCESS) - return r; - return PAM_SUCCESS; } @@ -568,10 +530,6 @@ _public_ PAM_EXTERN int pam_sm_open_session( pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); return r; } - - r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path); - if (r != PAM_SUCCESS) - return r; } if (!isempty(seat)) { From 0ecc1c9d7c69ed9ffaa41b6ffd34d32cf73950c5 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 10:58:27 +0200 Subject: [PATCH 03/12] pam_systemd: simplify how we process env vars Let's introduce a single unified getenv() implementation for the various fields we need. No change in behaviour. --- src/login/pam_systemd.c | 48 +++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index f148b1bd81..89535de1ae 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -240,6 +240,26 @@ static int append_session_cg_weight(pam_handle_t *handle, sd_bus_message *m, con return 0; } +static const char* getenv_harder(pam_handle_t *handle, const char *key, const char *fallback) { + const char *v; + + assert(handle); + assert(key); + + /* Looks for an environment variable, preferrably in the environment block associated with the specified PAM + * handle, falling back to the process' block instead. */ + + v = pam_getenv(handle, key); + if (!isempty(v)) + return v; + + v = getenv(key); + if (!isempty(v)) + return v; + + return fallback; +} + _public_ PAM_EXTERN int pam_sm_open_session( pam_handle_t *handle, int flags, @@ -314,29 +334,11 @@ _public_ PAM_EXTERN int pam_sm_open_session( pam_get_item(handle, PAM_RUSER, (const void**) &remote_user); pam_get_item(handle, PAM_RHOST, (const void**) &remote_host); - seat = pam_getenv(handle, "XDG_SEAT"); - if (isempty(seat)) - seat = getenv("XDG_SEAT"); - - cvtnr = pam_getenv(handle, "XDG_VTNR"); - if (isempty(cvtnr)) - cvtnr = getenv("XDG_VTNR"); - - type = pam_getenv(handle, "XDG_SESSION_TYPE"); - if (isempty(type)) - type = getenv("XDG_SESSION_TYPE"); - if (isempty(type)) - type = type_pam; - - class = pam_getenv(handle, "XDG_SESSION_CLASS"); - if (isempty(class)) - class = getenv("XDG_SESSION_CLASS"); - if (isempty(class)) - class = class_pam; - - desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP"); - if (isempty(desktop)) - desktop = getenv("XDG_SESSION_DESKTOP"); + seat = getenv_harder(handle, "XDG_SEAT", NULL); + cvtnr = getenv_harder(handle, "XDG_VTNR", NULL); + type = getenv_harder(handle, "XDG_SESSION_TYPE", type_pam); + class = getenv_harder(handle, "XDG_SESSION_CLASS", class_pam); + desktop = getenv_harder(handle, "XDG_SESSION_DESKTOP", NULL); tty = strempty(tty); From f5cb2820fde1bc327329354de8c930c48b1d9475 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:01:18 +0200 Subject: [PATCH 04/12] pam_systemd: also make $XDG_SESSION_DESKTOP configurable via PAM module command line Let's make this symmetric with XDG_SESSION_CLASS and XDG_SESSION_TYPE, so that PAM stacks can configure this easily without involving env vars, in case there are PAM session managers which only support a single desktop anyway. --- src/login/pam_systemd.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 89535de1ae..ab2cddebac 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -37,6 +37,7 @@ static int parse_argv( int argc, const char **argv, const char **class, const char **type, + const char **desktop, bool *debug) { unsigned i; @@ -53,6 +54,10 @@ static int parse_argv( if (type) *type = argv[i] + 5; + } else if (startswith(argv[i], "desktop=")) { + if (desktop) + *desktop = argv[i] + 8; + } else if (streq(argv[i], "debug")) { if (debug) *debug = true; @@ -274,7 +279,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type = NULL, *class = NULL, - *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, + *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, *desktop_pam = NULL, *memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; int session_fd = -1, existing, r; @@ -293,6 +298,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( argc, argv, &class_pam, &type_pam, + &desktop_pam, &debug) < 0) return PAM_SESSION_ERR; @@ -338,7 +344,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( cvtnr = getenv_harder(handle, "XDG_VTNR", NULL); type = getenv_harder(handle, "XDG_SESSION_TYPE", type_pam); class = getenv_harder(handle, "XDG_SESSION_CLASS", class_pam); - desktop = getenv_harder(handle, "XDG_SESSION_DESKTOP", NULL); + desktop = getenv_harder(handle, "XDG_SESSION_DESKTOP", desktop_pam); tty = strempty(tty); From 5fdfbbd505857ca17349fab4edcb942f359a50dd Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:26:59 +0200 Subject: [PATCH 05/12] pam_systemd: tiny coding style fix --- src/login/pam_systemd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index ab2cddebac..48dc59b1d4 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -202,8 +202,7 @@ static int append_session_memory_max(pam_handle_t *handle, sd_bus_message *m, co return 0; } -static int append_session_tasks_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) -{ +static int append_session_tasks_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) { uint64_t val; int r; From d6baaa6978d3eb5b8e8497021c4ba576aee936a3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:27:55 +0200 Subject: [PATCH 06/12] pam_systemd: simplify code which with we set environment variables Let's shorten things a bit by splitting out common code in a new function. --- src/login/pam_systemd.c | 46 ++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 48dc59b1d4..a9d0fdb5b7 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -264,6 +264,24 @@ static const char* getenv_harder(pam_handle_t *handle, const char *key, const ch return fallback; } +static int update_environment(pam_handle_t *handle, const char *key, const char *value) { + int r; + + assert(handle); + assert(key); + + /* Updates the environment, but only if there's actually a value set. Also, log about errors */ + + if (isempty(value)) + return PAM_SUCCESS; + + r = pam_misc_setenv(handle, key, value, 0); + if (r != PAM_SUCCESS) + pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s.", key); + + return r; +} + _public_ PAM_EXTERN int pam_sm_open_session( pam_handle_t *handle, int flags, @@ -519,11 +537,9 @@ _public_ PAM_EXTERN int pam_sm_open_session( "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u", id, object_path, runtime_path, session_fd, seat, vtnr, original_uid); - r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set session id."); + r = update_environment(handle, "XDG_SESSION_ID", id); + if (r != PAM_SUCCESS) return r; - } if (original_uid == pw->pw_uid) { /* Don't set $XDG_RUNTIME_DIR if the user we now @@ -532,30 +548,22 @@ _public_ PAM_EXTERN int pam_sm_open_session( * in privileged apps clobbering the runtime directory * unnecessarily. */ - r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); + r = update_environment(handle, "XDG_RUNTIME_DIR", runtime_path); + if (r != PAM_SUCCESS) return r; - } } - if (!isempty(seat)) { - r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set seat."); - return r; - } - } + r = update_environment(handle, "XDG_SEAT", seat); + if (r != PAM_SUCCESS) + return r; if (vtnr > 0) { char buf[DECIMAL_STR_MAX(vtnr)]; sprintf(buf, "%u", vtnr); - r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number."); + r = update_environment(handle, "XDG_VTNR", buf); + if (r != PAM_SUCCESS) return r; - } } r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL); From b2f74f079dce955c1aa8d9cdcd602a4127157581 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:28:37 +0200 Subject: [PATCH 07/12] pam_systemd: always set XDG_SESSION_{CLASS|TYPE|DESKTOP} We likely get the data from the env block, but we might also determine it from elsewhere (such as PAM module parameters). Let's set the env vars on the env block explicitly, so that they are available always, and apps can rely on it. --- src/login/pam_systemd.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index a9d0fdb5b7..a01963622d 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -553,6 +553,22 @@ _public_ PAM_EXTERN int pam_sm_open_session( return r; } + /* Most likely we got the session/type/class from environment variables, but might have gotten the data + * somewhere else (for example PAM module parameters). Let's now update the environment variables, so that this + * data is inherited into the session processes, and programs can rely on them to be initialized. */ + + r = update_environment(handle, "XDG_SESSION_TYPE", type); + if (r != PAM_SUCCESS) + return r; + + r = update_environment(handle, "XDG_SESSION_CLASS", class); + if (r != PAM_SUCCESS) + return r; + + r = update_environment(handle, "XDG_SESSION_DESKTOP", desktop); + if (r != PAM_SUCCESS) + return r; + r = update_environment(handle, "XDG_SEAT", seat); if (r != PAM_SUCCESS) return r; From e37e5ed32e0c480ee6acf01a84b58f11701d537e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:35:57 +0200 Subject: [PATCH 08/12] pam_systemd: sort includes properly --- src/login/pam_systemd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index a01963622d..8c5afeb1f7 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -16,6 +16,7 @@ #include "bus-common-errors.h" #include "bus-error.h" #include "bus-util.h" +#include "cgroup-util.h" #include "def.h" #include "fd-util.h" #include "fileio.h" @@ -24,13 +25,12 @@ #include "login-util.h" #include "macro.h" #include "parse-util.h" +#include "path-util.h" #include "process-util.h" #include "socket-util.h" #include "strv.h" #include "terminal-util.h" #include "util.h" -#include "path-util.h" -#include "cgroup-util.h" static int parse_argv( pam_handle_t *handle, From f7b8b5c4fb8bb6490160e2accb77a7aeaf952ddf Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:36:10 +0200 Subject: [PATCH 09/12] pam_systemd: move socket_from_display() from util.[ch] to pam_systemd.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's highly specific, kinda legacy (X11…) and only used at one place, let's move this out of the common code, and into pam_systemd.c where it is used. --- src/basic/util.c | 25 ------------------------- src/basic/util.h | 1 - src/login/pam_systemd.c | 25 +++++++++++++++++++++++++ 3 files changed, 25 insertions(+), 26 deletions(-) diff --git a/src/basic/util.c b/src/basic/util.c index 8f2d6061da..2206c1b4ad 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -77,31 +77,6 @@ bool display_is_local(const char *display) { display[1] <= '9'; } -int socket_from_display(const char *display, char **path) { - size_t k; - char *f, *c; - - assert(display); - assert(path); - - if (!display_is_local(display)) - return -EINVAL; - - k = strspn(display+1, "0123456789"); - - f = new(char, STRLEN("/tmp/.X11-unix/X") + k + 1); - if (!f) - return -ENOMEM; - - c = stpcpy(f, "/tmp/.X11-unix/X"); - memcpy(c, display+1, k); - c[k] = 0; - - *path = f; - - return 0; -} - bool kexec_loaded(void) { _cleanup_free_ char *s = NULL; diff --git a/src/basic/util.h b/src/basic/util.h index 9699d228f9..42c262f598 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -50,7 +50,6 @@ static inline const char* enable_disable(bool b) { bool plymouth_running(void); bool display_is_local(const char *display) _pure_; -int socket_from_display(const char *display, char **path); #define NULSTR_FOREACH(i, l) \ for ((i) = (l); (i) && *(i); (i) = strchr((i), 0)+1) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 8c5afeb1f7..91802439e9 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -114,6 +114,31 @@ static int get_user_data( return PAM_SUCCESS; } +static int socket_from_display(const char *display, char **path) { + size_t k; + char *f, *c; + + assert(display); + assert(path); + + if (!display_is_local(display)) + return -EINVAL; + + k = strspn(display+1, "0123456789"); + + f = new(char, STRLEN("/tmp/.X11-unix/X") + k + 1); + if (!f) + return -ENOMEM; + + c = stpcpy(f, "/tmp/.X11-unix/X"); + memcpy(c, display+1, k); + c[k] = 0; + + *path = f; + + return 0; +} + static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) { union sockaddr_union sa = { .un.sun_family = AF_UNIX, From 36a4dbae4b2ac9006b58baed8c1b7ae0603386b8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:41:17 +0200 Subject: [PATCH 10/12] pam_systemd: reduce append_session_cg_weight() indentation level a bit by moving to early exit --- src/login/pam_systemd.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 91802439e9..79a8b22102 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -252,19 +252,20 @@ static int append_session_cg_weight(pam_handle_t *handle, sd_bus_message *m, con uint64_t val; int r; - if (!isempty(limit)) { - r = cg_weight_parse(limit, &val); - if (r >= 0) { - r = sd_bus_message_append(m, "(sv)", field, "t", val); - if (r < 0) { - pam_syslog(handle, LOG_ERR, "Failed to append to bus message: %s", strerror(-r)); - return r; - } - } else if (streq(field, "CPUWeight")) - pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.cpu_weight: %s, ignoring.", limit); - else - pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.io_weight: %s, ignoring.", limit); - } + if (isempty(limit)) + return 0; + + r = cg_weight_parse(limit, &val); + if (r >= 0) { + r = sd_bus_message_append(m, "(sv)", field, "t", val); + if (r < 0) { + pam_syslog(handle, LOG_ERR, "Failed to append to bus message: %s", strerror(-r)); + return r; + } + } else if (streq(field, "CPUWeight")) + pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.cpu_weight: %s, ignoring.", limit); + else + pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.io_weight: %s, ignoring.", limit); return 0; } From d487e2d68d01a8c4bd331b4c6c0f0e45eb92a8ea Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:43:38 +0200 Subject: [PATCH 11/12] pam_systemd: cast calls whose result we knowingly ignore to (void) --- src/login/pam_systemd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 79a8b22102..4d0e7fd5e6 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -428,9 +428,9 @@ _public_ PAM_EXTERN int pam_sm_open_session( if (!isempty(display) && !vtnr) { if (isempty(seat)) - get_seat_from_display(display, &seat, &vtnr); + (void) get_seat_from_display(display, &seat, &vtnr); else if (streq(seat, "seat0")) - get_seat_from_display(display, NULL, &vtnr); + (void) get_seat_from_display(display, NULL, &vtnr); } if (seat && !streq(seat, "seat0") && vtnr != 0) { @@ -647,7 +647,7 @@ _public_ PAM_EXTERN int pam_sm_close_session( /* Only release session if it wasn't pre-existing when we * tried to create it */ - pam_get_data(handle, "systemd.existing", &existing); + (void) pam_get_data(handle, "systemd.existing", &existing); id = pam_getenv(handle, "XDG_SESSION_ID"); if (id && !existing) { From b115f33cc62602080b65b0040081c516917e5c47 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 20 Jul 2018 11:53:34 +0200 Subject: [PATCH 12/12] man: update pam_systemd to reflect recent changes 1. Document the new desktop= parameter 2. Clarify that we set XDG_SESSION_DESKTOP, XDG_SESSION_CLASS, XDG_SESSION_TYPE if we have the data, and don't just read it. --- man/pam_systemd.xml | 103 ++++++++++++++++++++------------------------ 1 file changed, 46 insertions(+), 57 deletions(-) diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index ae500809bc..3ce3b282bd 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -84,40 +84,43 @@ - Takes a string argument which sets the session - class. The XDG_SESSION_CLASS environmental variable takes - precedence. One of - user, - greeter, - lock-screen or - background. See - sd_session_get_class3 - for details about the session class. + Takes a string argument which sets the session class. The XDG_SESSION_CLASS + environment variable (see below) takes precedence. One of user, greeter, + lock-screen or background. See + sd_session_get_class3 for + details about the session class. - Takes a string argument which sets the session - type. The XDG_SESSION_TYPE environmental variable takes - precedence. One of - unspecified, - tty, - x11, - wayland or - mir. See - sd_session_get_type3 - for details about the session type. + Takes a string argument which sets the session type. The XDG_SESSION_TYPE + environment variable (see below) takes precedence. One of unspecified, + tty, x11, wayland or mir. See + sd_session_get_type3 for + details about the session type. + + + + + + Takes a single, short identifier string for the desktop environment. The + XDG_SESSION_DESKTOP environment variable (see below) takes precedence. This may be used to + indicate the session desktop used, where this applies and if this information is available. For example: + GNOME, or KDE. It is recommended to use the same identifiers and + capitalization as for $XDG_CURRENT_DESKTOP, as defined by the Desktop Entry + Specification. (However, note that the option only takes a single item, and not a colon-separated list + like $XDG_CURRENT_DESKTOP.) See + sd_session_get_desktop3 for + further details. - Takes an optional - boolean argument. If yes or without - the argument, the module will log - debugging information as it - operates. + Takes an optional boolean argument. If yes or without the argument, the module will log + debugging information as it operates. @@ -131,20 +134,20 @@ Environment - The following environment variables are set for the - processes of the user's session: + The following environment variables are initialized by the module and available to the processes of the + user's session: $XDG_SESSION_ID - A session identifier, suitable to be used in - filenames. The string itself should be considered opaque, - although often it is just the audit session ID as reported by - /proc/self/sessionid. Each ID will be - assigned only once during machine uptime. It may hence be used - to uniquely label files or other resources of this - session. + A short session identifier, suitable to be used in filenames. The string itself should be + considered opaque, although often it is just the audit session ID as reported by + /proc/self/sessionid. Each ID will be assigned only once during machine uptime. It may + hence be used to uniquely label files or other resources of this session. Combine this ID with the boot + identifier, as returned by + sd_id128_get_boot3, for a + globally unique identifier for the current session. @@ -174,45 +177,31 @@ - The following environment variables are read by the module - and may be used by the PAM service to pass metadata to the - module: + The following environment variables are read by the module and may be used by the PAM service to pass + metadata to the module. If these variables are not set when the PAM module is invoked but can be determined + otherwise they are set by the module, so that these variables are initialized for the session and applications if + known at all. $XDG_SESSION_TYPE - The session type. This may be used instead of - on the module parameter line, and is - usually preferred. + The session type. This may be used instead of on the module parameter + line, and is usually preferred. $XDG_SESSION_CLASS - The session class. This may be used instead of - on the module parameter line, and is - usually preferred. + The session class. This may be used instead of on the module parameter + line, and is usually preferred. $XDG_SESSION_DESKTOP - A single, short identifier string for the - desktop environment. This may be used to indicate the session - desktop used, where this applies and if this information is - available. For example: GNOME, or - KDE. It is recommended to use the same - identifiers and capitalization as for - $XDG_CURRENT_DESKTOP, as defined by the - Desktop - Entry Specification. (However, note that - $XDG_SESSION_DESKTOP only takes a single - item, and not a colon-separated list like - $XDG_CURRENT_DESKTOP.) See - sd_session_get_desktop3 - for more details. + The desktop identifier. This may be used instead of on the module + parameter line, and is usually preferred.