On Wed, 2013-09-11 at 19:19 +0200, Jakub Hrozek wrote:
> On Wed, Sep 11, 2013 at 10:26:41AM -0400, Simo Sorce wrote:
> > This patch was meant to remove the trolling of /proc for uids but I
> > haven't got there yet.
> > I meant to use utmp as a fallback but I realized utmp does not deal with
> > uid numbers rather usernames, and I need to think if it makes sense to
> > go that way as it may be hairy when we use subdomains as now I need to
> > know what kind of user name was used (fully qualified or not etcc.).
> >
> > So for now I left the old code as a fallback in case systemd is not
> > available or fails unexpectedly.
> >
> > Ticket: #2084
> >
> > Simo.
> > +#ifdef HAVE_SYSTEMD_LOGIN
> > + ret = sd_uid_get_sessions(uid, 0, NULL);
> > + if (ret > 0) {
> > + *result = true;
> > + }
> > + if (ret == 0) {
> > + *result = false;
> > + }
> > + if (ret >= 0) {
> > + return EOK;
> > + }
> > + DEBUG(0, ("systemd-login gave error %d: %s\n",
> > + -ret, strerror(-ret)));
> > + /* fall back to the old method */
>
> Please use SSSDBG here.
attached.
> Otherwise the code looks OK. Can you also open a
> ticket to to document this change in behaviour either in man page or at
> the very least the release notes?
I already have a ticket for this change, so I added a release note in
that appropriate field there.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 8f41e16b9ec65d41ba0d6939576569f1feeca3ac Mon Sep 17 00:00:00 2001
From: Simo Sorce <[email protected]>
Date: Tue, 10 Sep 2013 18:24:41 -0400
Subject: [PATCH] util: Use systemd-login to check user sessions
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
---
Makefile.am | 29 ++++++++++++++++++++++++-----
src/external/systemd.m4 | 4 ++++
src/util/find_uid.c | 20 ++++++++++++++++++++
3 files changed, 48 insertions(+), 5 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 25a4cbf83c790b85fab9ccccd611f59704a5b301..e585bdc9be275e7efc6a607b88d9f5a7e099d9fb 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -766,8 +766,11 @@ sss_userdel_SOURCES = \
$(SSSD_LCL_TOOLS_OBJ)
sss_userdel_LDADD = \
$(TOOLS_LIBS) \
+ $(SYSTEMD_LOGIN_LIBS) \
$(SSSD_INTERNAL_LTLIBS)
-sss_userdel_CFLAGS = $(AM_CFLAGS)
+sss_userdel_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS)
sss_userdel_LDFLAGS = \
$(CLIENT_LIBS)
@@ -972,12 +975,14 @@ krb5_utils_tests_SOURCES = \
$(SSSD_FAILOVER_OBJ)
krb5_utils_tests_CFLAGS = \
$(AM_CFLAGS) \
- $(CHECK_CFLAGS)
+ $(CHECK_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS)
krb5_utils_tests_LDADD = \
$(SSSD_LIBS)\
$(CARES_LIBS) \
$(KRB5_LIBS) \
$(CHECK_LIBS) \
+ $(SYSTEMD_LOGIN_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -1074,12 +1079,14 @@ find_uid_tests_CFLAGS = \
$(AM_CFLAGS) \
$(TALLOC_CFLAGS) \
$(DHASH_CFLAGS) \
- $(CHECK_CFLAGS)
+ $(CHECK_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS)
find_uid_tests_LDADD = \
libsss_debug.la \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(CHECK_LIBS) \
+ $(SYSTEMD_LOGIN_LIBS) \
libsss_test_common.la
auth_tests_SOURCES = \
@@ -1233,12 +1240,14 @@ krb5_child_test_SOURCES = \
krb5_child_test_CFLAGS = \
$(AM_CFLAGS) \
-DKRB5_CHILD_DIR=\"$(builddir)\" \
- $(CHECK_CFLAGS)
+ $(CHECK_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS)
krb5_child_test_LDADD = \
$(SSSD_LIBS) \
$(CARES_LIBS) \
$(KRB5_LIBS) \
$(CHECK_LIBS) \
+ $(SYSTEMD_LOGIN_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -1285,11 +1294,13 @@ test_find_uid_SOURCES = \
test_find_uid_CFLAGS = \
$(AM_CFLAGS) \
$(TALLOC_CFLAGS) \
- $(DHASH_CFLAGS)
+ $(DHASH_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS)
test_find_uid_LDADD = \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(CMOCKA_LIBS) \
+ $(SYSTEMD_LOGIN_LIBS) \
libsss_debug.la
test_io_SOURCES = \
@@ -1539,12 +1550,14 @@ libsss_ldap_la_SOURCES = \
src/util/sss_krb5.c
libsss_ldap_la_CFLAGS = \
$(AM_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS) \
$(LDAP_CFLAGS) \
$(KRB5_CFLAGS)
libsss_ldap_la_LIBADD = \
$(OPENLDAP_LIBS) \
$(DHASH_LIBS) \
$(KRB5_LIBS) \
+ $(SYSTEMD_LOGIN_LIBS) \
libsss_ldap_common.la \
libsss_idmap.la
libsss_ldap_la_LDFLAGS = \
@@ -1583,8 +1596,10 @@ libsss_krb5_la_SOURCES = \
src/util/sss_krb5.c
libsss_krb5_la_CFLAGS = \
$(AM_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS) \
$(DHASH_CFLAGS)
libsss_krb5_la_LIBADD = \
+ $(SYSTEMD_LOGIN_LIBS) \
$(DHASH_LIBS) \
$(KEYUTILS_LIBS) \
$(KRB5_LIBS) \
@@ -1630,11 +1645,13 @@ libsss_ipa_la_SOURCES = \
src/util/sss_krb5.c
libsss_ipa_la_CFLAGS = \
$(AM_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS) \
$(LDAP_CFLAGS) \
$(DHASH_CFLAGS) \
$(NDR_NBT_CFLAGS) \
$(KRB5_CFLAGS)
libsss_ipa_la_LIBADD = \
+ $(SYSTEMD_LOGIN_LIBS) \
$(OPENLDAP_LIBS) \
$(DHASH_LIBS) \
$(NDR_NBT_LIBS) \
@@ -1682,11 +1699,13 @@ libsss_ad_la_SOURCES = \
libsss_ad_la_CFLAGS = \
$(AM_CFLAGS) \
+ $(SYSTEMD_LOGIN_CFLAGS) \
$(LDAP_CFLAGS) \
$(DHASH_CFLAGS) \
$(KRB5_CFLAGS) \
$(NDR_NBT_CFLAGS)
libsss_ad_la_LIBADD = \
+ $(SYSTEMD_LOGIN_LIBS) \
$(OPENLDAP_LIBS) \
$(DHASH_LIBS) \
$(KEYUTILS_LIBS) \
diff --git a/src/external/systemd.m4 b/src/external/systemd.m4
index 2c26dc19b2c0a087cf1af58206b65473c5d250f9..202915a560e54ba92912ad8f289ae33e1d1a001f 100644
--- a/src/external/systemd.m4
+++ b/src/external/systemd.m4
@@ -6,3 +6,7 @@ AC_DEFUN([AM_CHECK_SYSTEMD],
[AC_MSG_ERROR([Could not detect systemd presence])]
)
])
+AM_COND_IF([HAVE_SYSTEMD],
+ [PKG_CHECK_MODULES([SYSTEMD_LOGIN], [libsystemd-login],
+ [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 1, [Build with libsystemdlogin support])],
+ [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 0, [Build without libsystemd-login support])])])
diff --git a/src/util/find_uid.c b/src/util/find_uid.c
index d34a4abd2c2bb4965ff49b9a750f387519544b0e..63b34645748c8af589a0c2999fcf749ef4f75502 100644
--- a/src/util/find_uid.c
+++ b/src/util/find_uid.c
@@ -40,6 +40,10 @@
#include "util/util.h"
#include "util/strtonum.h"
+#ifdef HAVE_SYSTEMD_LOGIN
+#include <systemd/sd-login.h>
+#endif
+
#define INITIAL_TABLE_SIZE 64
#define PATHLEN (NAME_MAX + 14)
#define BUFSIZE 4096
@@ -301,6 +305,22 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result)
{
int ret;
+#ifdef HAVE_SYSTEMD_LOGIN
+ ret = sd_uid_get_sessions(uid, 0, NULL);
+ if (ret > 0) {
+ *result = true;
+ }
+ if (ret == 0) {
+ *result = false;
+ }
+ if (ret >= 0) {
+ return EOK;
+ }
+ DEBUG(SSSDBG_CRIT_FAILURE, ("systemd-login gave error %d: %s\n",
+ -ret, strerror(-ret)));
+ /* fall back to the old method */
+#endif
+
ret = get_active_uid_linux(NULL, uid);
if (ret != EOK && ret != ENOENT) {
DEBUG(1, ("get_uid_table failed.\n"));
--
1.8.3.1
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
