From a8a0d952293337544da4681f0c896052eafd9d0f Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>

Date: Fri, 5 Apr 2024 16:44:07 +0200

Subject: [PATCH] Add headless session files

It consists of a python script for running the session, and a systemd

system service template.

---

 data/gnome-headless-session@.service |   6 +

 data/meson.build                     |   4 +

 utils/gdm-headless-login-session     | 157 +++++++++++++++++++++++++++

 utils/meson.build                    |   5 +

 4 files changed, 172 insertions(+)

 create mode 100644 data/gnome-headless-session@.service

 create mode 100644 utils/gdm-headless-login-session

diff --git a/data/gnome-headless-session@.service b/data/gnome-headless-session@.service

new file mode 100644

index 000000000..269d16288

--- /dev/null

+++ b/data/gnome-headless-session@.service

@@ -0,0 +1,6 @@

+[Unit]

+Description=Headless desktop session

+

+[Service]

+ExecStart=/usr/libexec/gdm-headless-login-session --user=%i

+Restart=on-failure

diff --git a/data/meson.build b/data/meson.build

index 2211e98b5..2df07cd32 100644

--- a/data/meson.build

+++ b/data/meson.build

@@ -221,3 +221,7 @@ if get_option('gdm-xsession')

     install_dir: gdmconfdir,

   )

 endif

+

+headless_session_service = install_data('gnome-headless-session@.service',

+    install_dir: systemd_systemunitdir,

+  )

diff --git a/utils/gdm-headless-login-session b/utils/gdm-headless-login-session

new file mode 100644

index 000000000..e108be523

--- /dev/null

+++ b/utils/gdm-headless-login-session

@@ -0,0 +1,157 @@

+#!/usr/bin/env python3

+

+import argparse

+import pam

+import pwd

+import os

+import signal

+import sys

+

+import gi

+gi.require_version('AccountsService', '1.0')

+from gi.repository import AccountsService, GLib

+

+def run_desktop_in_new_session(pam_environment, user, session_desktop, tty_input, tty_output):

+    keyfile = GLib.KeyFile()

+    keyfile.load_from_data_dirs(f'wayland-sessions/{session_desktop}.desktop',

+                                GLib.KeyFileFlags.NONE)

+

+    try:

+        can_run_headless = keyfile.get_boolean(GLib.KEY_FILE_DESKTOP_GROUP,

+                                               'X-GDM-CanRunHeadless')

+    except GLib.GError:

+            raise Exception(f"Session {session_desktop} can't run headlessly")

+

+    if not can_run_headless:

+        raise Exception(f"Session {session_desktop} can't run headlessly")

+

+    executable = keyfile.get_string(GLib.KEY_FILE_DESKTOP_GROUP,

+                                    GLib.KEY_FILE_DESKTOP_KEY_TRY_EXEC)

+    if GLib.find_program_in_path(executable) is None:

+        raise Exception(f"Invalid session {session_desktop}")

+

+    command = keyfile.get_string(GLib.KEY_FILE_DESKTOP_GROUP,

+                                 GLib.KEY_FILE_DESKTOP_KEY_EXEC)

+    [success, args] = GLib.shell_parse_argv(command)

+

+    pam_handle = pam.pam()

+

+    for key, value in pam_environment.items():

+        pam_handle.putenv(f'{key}={value}')

+

+    if not pam_handle.authenticate(user, '', service='gdm-autologin', call_end=False):

+        raise Exception("Authentication failed")

+

+    for key, value in pam_environment.items():

+        pam_handle.putenv(f'{key}={value}')

+

+    if pam_handle.open_session() != pam.PAM_SUCCESS:

+        raise Exception("Failed to open PAM session")

+

+    session_environment = os.environ.copy()

+    session_environment.update(pam_handle.getenvlist())

+

+    user_info = pwd.getpwnam(user)

+    uid = user_info.pw_uid

+    gid = user_info.pw_gid

+

+    old_tty_output = os.fdopen(os.dup(2), 'w')

+

+    pid = os.fork()

+    if pid == 0:

+        try:

+            os.setsid()

+        except OSError as e:

+            print(f"Could not create new pid session: {e}", file=old_tty_output)

+

+        try:

+            os.dup2(tty_input.fileno(), 0)

+            os.dup2(tty_output.fileno(), 1)

+            os.dup2(tty_output.fileno(), 2)

+        except OSError as e:

+            print(f"Could not set up standard i/o: {e}", file=old_tty_output)

+

+        try:

+            os.initgroups(user, gid)

+            os.setgid(gid)

+            os.setuid(uid);

+        except OSError as e:

+            print(f"Could not become user {user} (uid={uid}): {e}", file=old_tty_output)

+

+        try:

+            os.execvpe(args[0], args, session_environment)

+        except OSError as e:

+            print(f"Could not run program \"{' '.join(arguments)}\": {e}", file=old_tty_output)

+        os._exit(1)

+

+

+    def signal_handler(sig, frame):

+        os.kill(pid, sig)

+

+    signal.signal(signal.SIGTERM, signal_handler)

+

+    try:

+        (_, exit_code) = os.waitpid(pid, 0);

+    except KeyboardInterrupt:

+        os.kill(pid, signal.SIGTERM)

+    except OSError as e:

+        print(f"Could not wait for program to finish: {e}", file=old_tty_output)

+

+    if os.WIFEXITED(exit_code):

+        exit_code = os.WEXITSTATUS(exit_code)

+    else:

+        os.kill(os.getpid(), os.WTERMSIG(exit_code))

+    old_tty_output.close()

+

+    if pam_handle.close_session() != pam.PAM_SUCCESS:

+        raise Exception("Failed to close PAM session")

+

+    pam_handle.end()

+

+    return exit_code

+

+def wait_for_user_data(user):

+    main_context = GLib.MainContext.default()

+    while not user.is_loaded():

+        main_context.iteration(True)

+

+def main():

+    parser = argparse.ArgumentParser(description='Run a desktop session in a PAM session as a specified user.')

+    parser.add_argument('--user', help='Username for which to run the session')

+

+    args = parser.parse_args()

+

+    if args.user is None:

+        parser.print_usage()

+        sys.exit(1)

+

+    try:

+        tty_path = '/dev/null'

+

+        tty_input = open(tty_path, 'r')

+        tty_output = open(tty_path, 'w')

+    except OSError as e:

+        raise Exception(f"Error opening /dev/null as tty associated with VT {vt}: {e}")

+

+    user_manager = AccountsService.UserManager().get_default()

+    user = user_manager.get_user(args.user)

+    wait_for_user_data(user)

+    session_desktop = user.get_session()

+    if not session_desktop:

+        session_desktop = 'gnome'

+

+    pam_environment = {}

+    pam_environment['XDG_SESSION_TYPE'] = 'wayland'

+    pam_environment['XDG_SESSION_CLASS'] = 'user'

+    pam_environment['XDG_SESSION_DESKTOP'] = session_desktop

+

+    try:

+        result = run_desktop_in_new_session(pam_environment, args.user, session_desktop, tty_input, tty_output)

+    except Exception as e:

+        raise Exception(f"Error running desktop session \"{session_desktop}\": {e}")

+    tty_input.close()

+    tty_output.close()

+    sys.exit(result)

+

+if __name__ == '__main__':

+    main()

diff --git a/utils/meson.build b/utils/meson.build

index e4141fb13..57dd6519f 100644

--- a/utils/meson.build

+++ b/utils/meson.build

@@ -65,3 +65,8 @@ if distro != 'none'

     install_dir: get_option('libexecdir'),

   )

 endif

+

+gdm_headless_login_session = install_data('gdm-headless-login-session',

+    install_mode: 'rwxr-xr-x',

+    install_dir: get_option('libexecdir'),

+  )

-- 

2.44.0