Introduction ------------ The session broadcast service provides a way for the greeter to communicate information back to user sessions without requiring special privileges. In a multi-user system, the greeter is untrusted, and shouldn't directly connect to a user session. How it works ------------ The greeter session can send a message to a service that exists on the system DBus. That messages is then rebroadcast as a signal coming from the well-known name of the system service. Each user session that is currently active has a listener for that well known signal and can act on it taking into account the current settings and user preferences of the session. Greeter Session User Session +----------------------------------+ +------------------------------------+ | | | | | | | | | +--------------------+ | | +-------------------+ | | | | | | | | | | | | | | | | | | | Greeter | | | | User Agent | | | | | | | | | | | | | | | | | | | +--------------------+ | | +-------------------+ | | + | | + | | | | | | | | | | | | | +-----------------------------|----+ +-----------|------------------------+ |Sends message | Listens for Signal | | +------------------|----------------------------|---------+ | | v | | System Bus | ^ | +------------------|-------------------|------------------+ v + Emits Signal +-----------------------------+ | | | Session Broadcast | | | +-----------------------------+ Security -------- All active user session receive greeter broadcasted signals. The following security policies are in place: * Messages are only accepted from the lightdm user. All other messages from other folks on the bus are rejected. * The User session will have configuration options to determine which events will be acted on. This allows for users to configure their session with an appropriate security policy (complete privacy, enterprise or government users, etc.) * Each message and feature will be well defined without dictionaries or other extension mechanisms.