This patch was meant to remove the trolling of /proc for uids but I haven't got there yet. I meant to use utmp as a fallback but I realized utmp does not deal with uid numbers rather usernames, and I need to think if it makes sense to go that way as it may be hairy when we use subdomains as now I need to know what kind of user name was used (fully qualified or not etcc.).
So for now I left the old code as a fallback in case systemd is not available or fails unexpectedly. Ticket: #2084 Simo. -- Simo Sorce * Red Hat, Inc * New York
>From e5c8cd07eca20d4939edef4a5e500542445f79e1 Mon Sep 17 00:00:00 2001 From: Simo Sorce <s...@redhat.com> Date: Tue, 10 Sep 2013 18:24:41 -0400 Subject: [PATCH] util: Use systemd-login to check user sessions Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084 --- Makefile.am | 29 ++++++++++++++++++++++++----- src/external/systemd.m4 | 4 ++++ src/util/find_uid.c | 20 ++++++++++++++++++++ 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 25a4cbf83c790b85fab9ccccd611f59704a5b301..e585bdc9be275e7efc6a607b88d9f5a7e099d9fb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -766,8 +766,11 @@ sss_userdel_SOURCES = \ $(SSSD_LCL_TOOLS_OBJ) sss_userdel_LDADD = \ $(TOOLS_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) -sss_userdel_CFLAGS = $(AM_CFLAGS) +sss_userdel_CFLAGS = \ + $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) sss_userdel_LDFLAGS = \ $(CLIENT_LIBS) @@ -972,12 +975,14 @@ krb5_utils_tests_SOURCES = \ $(SSSD_FAILOVER_OBJ) krb5_utils_tests_CFLAGS = \ $(AM_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) krb5_utils_tests_LDADD = \ $(SSSD_LIBS)\ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @@ -1074,12 +1079,14 @@ find_uid_tests_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ $(DHASH_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) find_uid_tests_LDADD = \ libsss_debug.la \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_test_common.la auth_tests_SOURCES = \ @@ -1233,12 +1240,14 @@ krb5_child_test_SOURCES = \ krb5_child_test_CFLAGS = \ $(AM_CFLAGS) \ -DKRB5_CHILD_DIR=\"$(builddir)\" \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) krb5_child_test_LDADD = \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @@ -1285,11 +1294,13 @@ test_find_uid_SOURCES = \ test_find_uid_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ - $(DHASH_CFLAGS) + $(DHASH_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) test_find_uid_LDADD = \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CMOCKA_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_debug.la test_io_SOURCES = \ @@ -1539,12 +1550,14 @@ libsss_ldap_la_SOURCES = \ src/util/sss_krb5.c libsss_ldap_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(KRB5_CFLAGS) libsss_ldap_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la libsss_ldap_la_LDFLAGS = \ @@ -1583,8 +1596,10 @@ libsss_krb5_la_SOURCES = \ src/util/sss_krb5.c libsss_krb5_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(DHASH_CFLAGS) libsss_krb5_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ @@ -1630,11 +1645,13 @@ libsss_ipa_la_SOURCES = \ src/util/sss_krb5.c libsss_ipa_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(NDR_NBT_CFLAGS) \ $(KRB5_CFLAGS) libsss_ipa_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(NDR_NBT_LIBS) \ @@ -1682,11 +1699,13 @@ libsss_ad_la_SOURCES = \ libsss_ad_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) \ $(NDR_NBT_CFLAGS) libsss_ad_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ diff --git a/src/external/systemd.m4 b/src/external/systemd.m4 index 2c26dc19b2c0a087cf1af58206b65473c5d250f9..202915a560e54ba92912ad8f289ae33e1d1a001f 100644 --- a/src/external/systemd.m4 +++ b/src/external/systemd.m4 @@ -6,3 +6,7 @@ AC_DEFUN([AM_CHECK_SYSTEMD], [AC_MSG_ERROR([Could not detect systemd presence])] ) ]) +AM_COND_IF([HAVE_SYSTEMD], + [PKG_CHECK_MODULES([SYSTEMD_LOGIN], [libsystemd-login], + [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 1, [Build with libsystemdlogin support])], + [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 0, [Build without libsystemd-login support])])]) diff --git a/src/util/find_uid.c b/src/util/find_uid.c index d34a4abd2c2bb4965ff49b9a750f387519544b0e..10086ad6755c5a93199ea2b71133f3bb7c3eaebd 100644 --- a/src/util/find_uid.c +++ b/src/util/find_uid.c @@ -40,6 +40,10 @@ #include "util/util.h" #include "util/strtonum.h" +#ifdef HAVE_SYSTEMD_LOGIN +#include <systemd/sd-login.h> +#endif + #define INITIAL_TABLE_SIZE 64 #define PATHLEN (NAME_MAX + 14) #define BUFSIZE 4096 @@ -301,6 +305,22 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result) { int ret; +#ifdef HAVE_SYSTEMD_LOGIN + ret = sd_uid_get_sessions(uid, 0, NULL); + if (ret > 0) { + *result = true; + } + if (ret == 0) { + *result = false; + } + if (ret >= 0) { + return EOK; + } + DEBUG(0, ("systemd-login gave error %d: %s\n", + -ret, strerror(-ret))); + /* fall back to the old method */ +#endif + ret = get_active_uid_linux(NULL, uid); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("get_uid_table failed.\n")); -- 1.8.3.1
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
