URL: https://github.com/SSSD/sssd/pull/94 Author: fidencio Title: #94: Enable {socket,dbus}-activation for responders Action: opened
PR body: """ This series fixes [#2243](https://fedorahosted.org/sssd/ticket/2243), [#3129](https://fedorahosted.org/sssd/ticket/3129) and [#3245](https://fedorahosted.org/sssd/ticket/3245) following what was discussed in the [ML](https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/H6JOF5SGGSIJUIWYNANDA73ODHWBS7J2/) and summed up at [this](https://fedorahosted.org/sssd/wiki/DesignDocs/SocketActivatableResponders) design document. The approach taken was the less intrusive possible and keeps the backward compatibility. [PR#84](https://github.com/SSSD/sssd/pull/84) was closed due to my lack of skills with github. :-\ """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/94/head:pr94 git checkout pr94
From 2ea7727fd6c0c2b23a273fc0dd755405a7db94e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 17:21:54 +0100 Subject: [PATCH 01/21] MONITOR: Expose the monitor's services type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's expose the monitor's service type so it can be passed by the services to the RegisterService method. It will be needed in the future, for socket-activation of the responders, as we will need to differentiate the cases where the service being registered is still not in the list of the services but is still a valid case because it was just socket-activated. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 5 ----- src/monitor/monitor_interfaces.h | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 935febb..23b0f79 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -91,11 +91,6 @@ int cmdline_debug_microseconds; struct svc_spy; -enum mt_svc_type { - MT_SVC_SERVICE, - MT_SVC_PROVIDER -}; - struct mt_svc { struct mt_svc *prev; struct mt_svc *next; diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index 8a9e4fe..9004801 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -35,6 +35,11 @@ #define SSSD_SERVICE_PIPE "private/sbus-monitor" +enum mt_svc_type { + MT_SVC_SERVICE, + MT_SVC_PROVIDER +}; + int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); int monitor_common_send_id(struct sbus_connection *conn, const char *name, uint16_t version); From c4b002fe793b95ad42b9a68b6d72eae974b575b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 17:32:10 +0100 Subject: [PATCH 02/21] MONITOR: Pass the service type to the RegisterService method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Passing the service type to the RegisterService method will help us in the future, for socket-activation, as we will need to differentiate cases where the service being registered is still not in the services' list but is a valid case and has to be added there as it was socket-activated. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 2 ++ src/monitor/monitor_interfaces.h | 3 ++- src/monitor/monitor_sbus.c | 6 ++++-- src/providers/data_provider_be.c | 2 +- src/responder/common/responder_common.c | 4 ++-- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 23b0f79..969b854 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -227,6 +227,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) struct mt_svc *svc; DBusError dbus_error; dbus_uint16_t svc_ver; + dbus_uint16_t svc_type; char *svc_name; dbus_bool_t dbret; int ret; @@ -245,6 +246,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) dbret = dbus_message_get_args(dbus_req->message, &dbus_error, DBUS_TYPE_STRING, &svc_name, DBUS_TYPE_UINT16, &svc_ver, + DBUS_TYPE_UINT16, &svc_type, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index 9004801..986bac5 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -42,7 +42,7 @@ enum mt_svc_type { int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); int monitor_common_send_id(struct sbus_connection *conn, - const char *name, uint16_t version); + const char *name, uint16_t version, uint16_t type); int monitor_common_res_init(struct sbus_request *dbus_req, void *data); errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, @@ -50,5 +50,6 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, struct mon_cli_iface *mon_iface, const char *svc_name, uint16_t svc_version, + uint16_t svc_type, void *pvt, struct sbus_connection **mon_conn); diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c index cc25c40..afd82f6 100644 --- a/src/monitor/monitor_sbus.c +++ b/src/monitor/monitor_sbus.c @@ -110,7 +110,7 @@ static void id_callback(DBusPendingCall *pending, void *ptr) } int monitor_common_send_id(struct sbus_connection *conn, - const char *name, uint16_t version) + const char *name, uint16_t version, uint16_t type) { DBusMessage *msg; dbus_bool_t ret; @@ -131,6 +131,7 @@ int monitor_common_send_id(struct sbus_connection *conn, ret = dbus_message_append_args(msg, DBUS_TYPE_STRING, &name, DBUS_TYPE_UINT16, &version, + DBUS_TYPE_UINT16, &type, DBUS_TYPE_INVALID); if (!ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to build message\n"); @@ -162,6 +163,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, struct mon_cli_iface *mon_iface, const char *svc_name, uint16_t svc_version, + uint16_t svc_type, void *pvt, struct sbus_connection **mon_conn) { @@ -191,7 +193,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, } /* Identify ourselves to the monitor */ - ret = monitor_common_send_id(conn, svc_name, svc_version); + ret = monitor_common_send_id(conn, svc_name, svc_version, svc_type); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the monitor!\n"); return ret; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 28787bc..36f96df 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -408,7 +408,7 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, ret = sss_monitor_init(be_ctx, be_ctx->ev, &monitor_be_methods, be_ctx->identity, DATA_PROVIDER_VERSION, - be_ctx, &be_ctx->mon_conn); + MT_SVC_PROVIDER, be_ctx, &be_ctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize monitor connection\n"); goto done; diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 6fbc074..a2d3e79 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1024,8 +1024,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx, } ret = sss_monitor_init(rctx, rctx->ev, monitor_intf, - svc_name, svc_version, rctx, - &rctx->mon_conn); + svc_name, svc_version, MT_SVC_SERVICE, + rctx, &rctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up message bus\n"); goto fail; From 725ccdb129f87e15596b639773ad4017f11440a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 18:01:39 +0100 Subject: [PATCH 03/21] RESPONDER: Make responders' common code ready for socket activation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of simply setting the unix socket during the process initialization, let's make it socket-activatable. It's the first step in order to have socket-activated responders and doesn't introduce any kind of regression with the current code. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/responder/common/responder_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index a2d3e79..86fab67 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1062,7 +1062,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, } /* after all initializations we are ready to listen on our socket */ - ret = set_unix_socket(rctx, conn_setup); + ret = activate_unix_sockets(rctx, conn_setup); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing socket\n"); goto fail; From cbcd00a8db3c122161b918847ce82e10cb9dc27d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 16 Nov 2016 18:39:15 +0100 Subject: [PATCH 04/21] AUTOFS: Make AutoFS responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable, let's make the autofs responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 26 ++++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-autofs.service.in | 12 ++++++++++++ src/sysv/systemd/sssd-autofs.socket.in | 9 +++++++++ 4 files changed, 49 insertions(+) create mode 100644 src/sysv/systemd/sssd-autofs.service.in create mode 100644 src/sysv/systemd/sssd-autofs.socket.in diff --git a/Makefile.am b/Makefile.am index 707c049..7196d81 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3872,6 +3872,12 @@ if HAVE_SYSTEMD_UNIT src/sysv/systemd/sssd-secrets.socket \ src/sysv/systemd/sssd-secrets.service \ $(NULL) +if BUILD_AUTOFS + systemdunit_DATA += \ + src/sysv/systemd/sssd-autofs.socket \ + src/sysv/systemd/sssd-autofs.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3910,6 +3916,7 @@ edit_cmd = $(SED) \ -e 's|@environment_file[@]|$(environment_file)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@libexecdir[@]|$(libexecdir)|g' \ + -e 's|@pipepath[@]|$(pipepath)|g' \ -e 's|@prefix[@]|$(prefix)|g' replace_script = \ @@ -3926,6 +3933,13 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-secrets.service.in \ $(NULL) +if BUILD_AUTOFS +EXTRA_DIST += \ + src/sysv/systemd/sssd-autofs.socket.in \ + src/sysv/systemd/sssd-autofs.service.in \ + $(NULL) +endif + src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) @@ -3942,6 +3956,16 @@ src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +if BUILD_AUTOFS +src/sysv/systemd/sssd-autofs.socket: src/sysv/systemd/sssd-autofs.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4161,6 +4185,8 @@ endif done; rm -Rf ldb_mod_test_dir rm -f $(builddir)/src/sysv/systemd/sssd.service + rm -f $(builddir)/src/sysv/systemd/sssd-autofs.socket + rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index f0b61ec..2284f7c 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -799,6 +799,8 @@ done %{_sbindir}/sssd %if (0%{?use_systemd} == 1) %{_unitdir}/sssd.service +%{_unitdir}/sssd-autofs.socket +%{_unitdir}/sssd-autofs.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-autofs.service.in b/src/sysv/systemd/sssd-autofs.service.in new file mode 100644 index 0000000..473071d --- /dev/null +++ b/src/sysv/systemd/sssd-autofs.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=SSSD AutoFS Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-autofs.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_autofs --uid 0 --gid 0 --debug-to-files diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in new file mode 100644 index 0000000..0b236c9 --- /dev/null +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD AutoFS Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/autofs + +[Install] +WantedBy=sockets.target From aca45ce29300e6b90ef19369885be243ce5c411f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 00:24:25 +0100 Subject: [PATCH 05/21] NSS: Make NSS responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable, let's make the NSS responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 14 ++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-nss.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-nss.socket.in | 9 +++++++++ 4 files changed, 38 insertions(+) create mode 100644 src/sysv/systemd/sssd-nss.service.in create mode 100644 src/sysv/systemd/sssd-nss.socket.in diff --git a/Makefile.am b/Makefile.am index 7196d81..58a7f9f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3869,6 +3869,8 @@ systemdconf_DATA = if HAVE_SYSTEMD_UNIT systemdunit_DATA += \ src/sysv/systemd/sssd.service \ + src/sysv/systemd/sssd-nss.socket \ + src/sysv/systemd/sssd-nss.service \ src/sysv/systemd/sssd-secrets.socket \ src/sysv/systemd/sssd-secrets.service \ $(NULL) @@ -3929,6 +3931,8 @@ replace_script = \ EXTRA_DIST += \ src/sysv/systemd/sssd.service.in \ src/sysv/systemd/journal.conf.in \ + src/sysv/systemd/sssd-nss.socket.in \ + src/sysv/systemd/sssd-nss.service.in \ src/sysv/systemd/sssd-secrets.socket.in \ src/sysv/systemd/sssd-secrets.service.in \ $(NULL) @@ -3948,6 +3952,14 @@ src/sysv/systemd/journal.conf: src/sysv/systemd/journal.conf.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +src/sysv/systemd/sssd-nss.socket: src/sysv/systemd/sssd-nss.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-nss.service: src/sysv/systemd/sssd-nss.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) @@ -4187,6 +4199,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd.service rm -f $(builddir)/src/sysv/systemd/sssd-autofs.socket rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service + rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket + rm -f $(builddir)/src/sysv/systemd/sssd-nss.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 2284f7c..999dcd0 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -801,6 +801,8 @@ done %{_unitdir}/sssd.service %{_unitdir}/sssd-autofs.socket %{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-nss.socket +%{_unitdir}/sssd-nss.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-nss.service.in b/src/sysv/systemd/sssd-nss.service.in new file mode 100644 index 0000000..3302d0e --- /dev/null +++ b/src/sysv/systemd/sssd-nss.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD NSS Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-nss.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in new file mode 100644 index 0000000..43a84aa --- /dev/null +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD NSS Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/nss + +[Install] +WantedBy=sockets.target From 71f20231710030440514e49dfa28ea0779cd04c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 00:36:10 +0100 Subject: [PATCH 06/21] PAC: Make PAC responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make PAC responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 24 ++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-pac.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-pac.socket.in | 9 +++++++++ 4 files changed, 48 insertions(+) create mode 100644 src/sysv/systemd/sssd-pac.service.in create mode 100644 src/sysv/systemd/sssd-pac.socket.in diff --git a/Makefile.am b/Makefile.am index 58a7f9f..8362e57 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3880,6 +3880,12 @@ if BUILD_AUTOFS src/sysv/systemd/sssd-autofs.service \ $(NULL) endif +if BUILD_PAC_RESPONDER + systemdunit_DATA += \ + src/sysv/systemd/sssd-pac.socket \ + src/sysv/systemd/sssd-pac.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3943,6 +3949,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-autofs.service.in \ $(NULL) endif +if BUILD_PAC_RESPONDER +EXTRA_DIST += \ + src/sysv/systemd/sssd-pac.socket.in \ + src/sysv/systemd/sssd-pac.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -3978,6 +3990,16 @@ src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Ma $(replace_script) endif +if BUILD_PAC_RESPONDER +src/sysv/systemd/sssd-pac.socket: src/sysv/systemd/sssd-pac.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pac.service: src/sysv/systemd/sssd-pac.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4201,6 +4223,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket rm -f $(builddir)/src/sysv/systemd/sssd-nss.service + rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pac.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 999dcd0..47b9248 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -803,6 +803,8 @@ done %{_unitdir}/sssd-autofs.service %{_unitdir}/sssd-nss.socket %{_unitdir}/sssd-nss.service +%{_unitdir}/sssd-pac.socket +%{_unitdir}/sssd-pac.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-pac.service.in b/src/sysv/systemd/sssd-pac.service.in new file mode 100644 index 0000000..fb51a93 --- /dev/null +++ b/src/sysv/systemd/sssd-pac.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD PAC Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-pac.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in new file mode 100644 index 0000000..19a6588 --- /dev/null +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD PAC Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/pac + +[Install] +WantedBy=sockets.target From f6266f2f4e207f33fc04011f623956514c467ee4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 00:53:22 +0100 Subject: [PATCH 07/21] PAM: Make PAM responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make PAM responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 21 +++++++++++++++++++++ contrib/sssd.spec.in | 3 +++ src/sysv/systemd/sssd-pam-priv.socket.in | 9 +++++++++ src/sysv/systemd/sssd-pam.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-pam.socket.in | 9 +++++++++ 5 files changed, 55 insertions(+) create mode 100644 src/sysv/systemd/sssd-pam-priv.socket.in create mode 100644 src/sysv/systemd/sssd-pam.service.in create mode 100644 src/sysv/systemd/sssd-pam.socket.in diff --git a/Makefile.am b/Makefile.am index 8362e57..14cc1a2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3871,6 +3871,9 @@ if HAVE_SYSTEMD_UNIT src/sysv/systemd/sssd.service \ src/sysv/systemd/sssd-nss.socket \ src/sysv/systemd/sssd-nss.service \ + src/sysv/systemd/sssd-pam.socket \ + src/sysv/systemd/sssd-pam-priv.socket \ + src/sysv/systemd/sssd-pam.service \ src/sysv/systemd/sssd-secrets.socket \ src/sysv/systemd/sssd-secrets.service \ $(NULL) @@ -3939,6 +3942,9 @@ EXTRA_DIST += \ src/sysv/systemd/journal.conf.in \ src/sysv/systemd/sssd-nss.socket.in \ src/sysv/systemd/sssd-nss.service.in \ + src/sysv/systemd/sssd-pam.socket.in \ + src/sysv/systemd/sssd-pam-priv.socket.in \ + src/sysv/systemd/sssd-pam.service.in \ src/sysv/systemd/sssd-secrets.socket.in \ src/sysv/systemd/sssd-secrets.service.in \ $(NULL) @@ -3972,6 +3978,18 @@ src/sysv/systemd/sssd-nss.service: src/sysv/systemd/sssd-nss.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) +src/sysv/systemd/sssd-pam.socket: src/sysv/systemd/sssd-pam.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pam-priv.socket: src/sysv/systemd/sssd-pam-priv.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-pam.service: src/sysv/systemd/sssd-pam.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) @@ -4225,6 +4243,9 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-nss.service rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket rm -f $(builddir)/src/sysv/systemd/sssd-pac.service + rm -f $(builddir)/src/sysv/systemd/sssd-pam.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pam-priv.socket + rm -f $(builddir)/src/sysv/systemd/sssd-pam.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 47b9248..f7f3400 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -805,6 +805,9 @@ done %{_unitdir}/sssd-nss.service %{_unitdir}/sssd-pac.socket %{_unitdir}/sssd-pac.service +%{_unitdir}/sssd-pam.socket +%{_unitdir}/sssd-pam-priv.socket +%{_unitdir}/sssd-pam.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in new file mode 100644 index 0000000..92cda61 --- /dev/null +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD PAM Service responder private socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/private/pam + +[Install] +WantedBy=sockets.target diff --git a/src/sysv/systemd/sssd-pam.service.in b/src/sysv/systemd/sssd-pam.service.in new file mode 100644 index 0000000..65b7a5a --- /dev/null +++ b/src/sysv/systemd/sssd-pam.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD PAM Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-pam.socket sssd-pam-priv.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in new file mode 100644 index 0000000..590f771 --- /dev/null +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD PAM Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/pam + +[Install] +WantedBy=sockets.target From 19adbf5304bd8670f3aaac3390045ad3dc9ac642 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 01:09:56 +0100 Subject: [PATCH 08/21] SSH: Make SSH responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make SSH responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 24 ++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-ssh.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-ssh.socket.in | 9 +++++++++ 4 files changed, 48 insertions(+) create mode 100644 src/sysv/systemd/sssd-ssh.service.in create mode 100644 src/sysv/systemd/sssd-ssh.socket.in diff --git a/Makefile.am b/Makefile.am index 14cc1a2..7ba0d8c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3889,6 +3889,12 @@ if BUILD_PAC_RESPONDER src/sysv/systemd/sssd-pac.service \ $(NULL) endif +if BUILD_SSH + systemdunit_DATA += \ + src/sysv/systemd/sssd-ssh.socket \ + src/sysv/systemd/sssd-ssh.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3961,6 +3967,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-pac.service.in \ $(NULL) endif +if BUILD_SSH +EXTRA_DIST += \ + src/sysv/systemd/sssd-ssh.socket.in \ + src/sysv/systemd/sssd-ssh.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4018,6 +4030,16 @@ src/sysv/systemd/sssd-pac.service: src/sysv/systemd/sssd-pac.service.in Makefile $(replace_script) endif +if BUILD_SSH +src/sysv/systemd/sssd-ssh.socket: src/sysv/systemd/sssd-ssh.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-ssh.service: src/sysv/systemd/sssd-ssh.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4246,6 +4268,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-pam.socket rm -f $(builddir)/src/sysv/systemd/sssd-pam-priv.socket rm -f $(builddir)/src/sysv/systemd/sssd-pam.service + rm -f $(builddir)/src/sysv/systemd/sssd-ssh.socket + rm -f $(builddir)/src/sysv/systemd/sssd-ssh.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index f7f3400..a7a8efb 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -808,6 +808,8 @@ done %{_unitdir}/sssd-pam.socket %{_unitdir}/sssd-pam-priv.socket %{_unitdir}/sssd-pam.service +%{_unitdir}/sssd-ssh.socket +%{_unitdir}/sssd-ssh.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-ssh.service.in b/src/sysv/systemd/sssd-ssh.service.in new file mode 100644 index 0000000..21a7e0b --- /dev/null +++ b/src/sysv/systemd/sssd-ssh.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD SSH Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-ssh.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in new file mode 100644 index 0000000..8766ab3 --- /dev/null +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD SSH Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/ssh + +[Install] +WantedBy=sockets.target From fe03a7e49dd22f5af90494388a1b0db80db06b3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 01:03:13 +0100 Subject: [PATCH 09/21] SUDO: Make Sudo responder socket-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responder socket-activatable, let's make Sudo responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 24 ++++++++++++++++++++++++ contrib/sssd.spec.in | 2 ++ src/sysv/systemd/sssd-sudo.service.in | 13 +++++++++++++ src/sysv/systemd/sssd-sudo.socket.in | 9 +++++++++ 4 files changed, 48 insertions(+) create mode 100644 src/sysv/systemd/sssd-sudo.service.in create mode 100644 src/sysv/systemd/sssd-sudo.socket.in diff --git a/Makefile.am b/Makefile.am index 7ba0d8c..a208d99 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3895,6 +3895,12 @@ if BUILD_SSH src/sysv/systemd/sssd-ssh.service \ $(NULL) endif +if BUILD_SUDO + systemdunit_DATA += \ + src/sysv/systemd/sssd-sudo.socket \ + src/sysv/systemd/sssd-sudo.service \ + $(NULL) +endif if WITH_JOURNALD systemdconf_DATA += \ src/sysv/systemd/journal.conf @@ -3973,6 +3979,12 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-ssh.service.in \ $(NULL) endif +if BUILD_SUDO +EXTRA_DIST += \ + src/sysv/systemd/sssd-sudo.socket.in \ + src/sysv/systemd/sssd-sudo.service.in \ + $(NULL) +endif src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4040,6 +4052,16 @@ src/sysv/systemd/sssd-ssh.service: src/sysv/systemd/sssd-ssh.service.in Makefile $(replace_script) endif +if BUILD_SUDO +src/sysv/systemd/sssd-sudo.socket: src/sysv/systemd/sssd-sudo.socket.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) + +src/sysv/systemd/sssd-sudo.service: src/sysv/systemd/sssd-sudo.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(replace_script) +endif + SSSD_USER_DIRS = \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(keytabdir) \ @@ -4270,6 +4292,8 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-pam.service rm -f $(builddir)/src/sysv/systemd/sssd-ssh.socket rm -f $(builddir)/src/sysv/systemd/sssd-ssh.service + rm -f $(builddir)/src/sysv/systemd/sssd-sudo.socket + rm -f $(builddir)/src/sysv/systemd/sssd-sudo.service rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service rm -f $(builddir)/src/sysv/systemd/journal.conf diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index a7a8efb..766ce9c 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -810,6 +810,8 @@ done %{_unitdir}/sssd-pam.service %{_unitdir}/sssd-ssh.socket %{_unitdir}/sssd-ssh.service +%{_unitdir}/sssd-sudo.socket +%{_unitdir}/sssd-sudo.service %{_unitdir}/sssd-secrets.socket %{_unitdir}/sssd-secrets.service %else diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in new file mode 100644 index 0000000..4194699 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=SSSD Sudo Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Install] +Also=sssd-sudo.socket + +[Service] +ExecStart=@libexecdir@/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files + diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in new file mode 100644 index 0000000..ab755e2 --- /dev/null +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -0,0 +1,9 @@ +[Unit] +Description=SSSD Sudo Service responder socket +Documentation=man:sssd.conf(5) + +[Socket] +ListenStream=@pipepath@/sudo + +[Install] +WantedBy=sockets.target From c1eb252ad87b8b2bdba57fef1a6f4e9ce5ab096b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 01:20:14 +0100 Subject: [PATCH 10/21] IFP: Make IFP responder dbus-activatable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable (or, in the IFP case, dbus-activatable), let's make the IFP responder ready for this by providing its systemd's units. Related: https://fedorahosted.org/sssd/ticket/2243 Resolves: https://fedorahosted.org/sssd/ticket/3129 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 45 ++++++++++++++++++++++ configure.ac | 1 - contrib/sssd.spec.in | 1 + .../ifp/org.freedesktop.sssd.infopipe.service.in | 3 +- src/sysv/systemd/sssd-ifp.service.in | 11 ++++++ 5 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 src/sysv/systemd/sssd-ifp.service.in diff --git a/Makefile.am b/Makefile.am index a208d99..ee193dd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -88,6 +88,14 @@ polkitdir = @polkitdir@ pamconfdir = $(sysconfdir)/pam.d systemtap_tapdir = @tapset_dir@ +if HAVE_SYSTEMD_UNIT +ifp_exec = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --debug-to-files +ifp_systemdservice = SystemdService=sssd-ifp.service +else +ifp_exec = $(sssdlibexecdir)/sss_signal +ifp_systemdservice = +endif + secdbpath = @secdbpath@ UNICODE_LIBS=@UNICODE_LIBS@ @@ -1358,6 +1366,25 @@ dist_dbuspolicy_DATA = \ src/responder/ifp/org.freedesktop.sssd.infopipe.conf dist_dbusservice_DATA = \ src/responder/ifp/org.freedesktop.sssd.infopipe.service + +EXTRA_DIST += \ + src/responder/ifp/org.freedesktop.sssd.infopipe.service.in \ + $(NULL) + +ifp_edit_cmd = $(SED) \ + -e 's|@ifp_exec[@]|$(ifp_exec)|g' \ + -e 's|@ifp_systemdservice[@]|$(ifp_systemdservice)|g' + +ifp_replace_script = \ + @rm -f $@ $@.tmp; \ + srcdir=''; \ + test -f ./$@.in || srcdir=$(srcdir)/; \ + $(ifp_edit_cmd) $${srcdir}$@.in >$@.tmp; \ + mv $@.tmp $@ + +src/responder/ifp/org.freedesktop.sssd.infopipe.service: src/responder/ifp/org.freedesktop.sssd.infopipe.service.in Makefile + $(ifp_replace_script) + endif if BUILD_SECRETS @@ -3883,6 +3910,11 @@ if BUILD_AUTOFS src/sysv/systemd/sssd-autofs.service \ $(NULL) endif +if BUILD_IFP + systemdunit_DATA += \ + src/sysv/systemd/sssd-ifp.service \ + $(NULL) +endif if BUILD_PAC_RESPONDER systemdunit_DATA += \ src/sysv/systemd/sssd-pac.socket \ @@ -3967,6 +3999,11 @@ EXTRA_DIST += \ src/sysv/systemd/sssd-autofs.service.in \ $(NULL) endif +if BUILD_IFP +EXTRA_DIST += \ + src/sysv/systemd/sssd-ifp.service.in \ + $(NULL) +endif if BUILD_PAC_RESPONDER EXTRA_DIST += \ src/sysv/systemd/sssd-pac.socket.in \ @@ -4032,6 +4069,12 @@ src/sysv/systemd/sssd-autofs.service: src/sysv/systemd/sssd-autofs.service.in Ma $(replace_script) endif +if BUILD_IFP +src/sysv/systemd/sssd-ifp.service: src/sysv/systemd/sssd-ifp.service.in Makefile + @$(MKDIR_P) src/sysv/systemd/ + $(ifp_replace_script) +endif + if BUILD_PAC_RESPONDER src/sysv/systemd/sssd-pac.socket: src/sysv/systemd/sssd-pac.socket.in Makefile @$(MKDIR_P) src/sysv/systemd/ @@ -4280,9 +4323,11 @@ endif rm -Rf $$doc; \ done; rm -Rf ldb_mod_test_dir + rm -f $(builddir)/src/responder/ifp/org.freedesktop.sssd.infopipe.service rm -f $(builddir)/src/sysv/systemd/sssd.service rm -f $(builddir)/src/sysv/systemd/sssd-autofs.socket rm -f $(builddir)/src/sysv/systemd/sssd-autofs.service + rm -f $(builddir)/src/sysv/systemd/sssd-ifp.service rm -f $(builddir)/src/sysv/systemd/sssd-nss.socket rm -f $(builddir)/src/sysv/systemd/sssd-nss.service rm -f $(builddir)/src/sysv/systemd/sssd-pac.socket diff --git a/configure.ac b/configure.ac index e37e84a..2915046 100644 --- a/configure.ac +++ b/configure.ac @@ -464,7 +464,6 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config src/lib/sifp/sss_simpleifp.pc src/lib/sifp/sss_simpleifp.doxy src/config/setup.py - src/responder/ifp/org.freedesktop.sssd.infopipe.service src/systemtap/sssd.stp src/config/SSSDConfig/__init__.py]) AC_OUTPUT diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 766ce9c..577fb02 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -801,6 +801,7 @@ done %{_unitdir}/sssd.service %{_unitdir}/sssd-autofs.socket %{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-ifp.service %{_unitdir}/sssd-nss.socket %{_unitdir}/sssd-nss.service %{_unitdir}/sssd-pac.socket diff --git a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in index 7820866..e3affe7 100644 --- a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in +++ b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in @@ -1,4 +1,5 @@ [D-BUS Service] Name=org.freedesktop.sssd.infopipe -Exec=@libexecdir@/sssd/sss_signal +Exec=@ifp_exec@ User=root +@ifp_systemdservice@ diff --git a/src/sysv/systemd/sssd-ifp.service.in b/src/sysv/systemd/sssd-ifp.service.in new file mode 100644 index 0000000..e845099 --- /dev/null +++ b/src/sysv/systemd/sssd-ifp.service.in @@ -0,0 +1,11 @@ +[Unit] +Description=SSSD IFP Service responder +Documentation=man:sssd.conf(5) +Requires=sssd.service +PartOf=sssd.service +After=sssd.service + +[Service] +Type=dbus +BusName=org.freedesktop.sssd.infopipe +ExecStart=@ifp_exec@ From 63fee1ce745c9b20e1ebe726df9b06e1f0a26295 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 17 Nov 2016 16:24:38 +0100 Subject: [PATCH 11/21] MONITOR: Split up check_services() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's split up check_services() function and create a check_service() function, that receives a single service name as parameter and checks whether the service is a known service or not. This new function will be used in order to check the socket activated services. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 969b854..46809d2 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -778,21 +778,28 @@ static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx return ret; } -static char *check_services(char **services) +static char *check_service(char *service) { const char * const *known_services = get_known_services(); - int i; - int ii; - /* Check if services we are about to start are in the list if known */ - for (i = 0; services[i]; i++) { - for (ii=0; known_services[ii]; ii++) { - if (strcasecmp(services[i], known_services[ii]) == 0) { - break; - } + for (int i = 0; known_services[i] != NULL; i++) { + if (strcasecmp(service, known_services[i]) == 0) { + break; } - if (known_services[ii] == NULL) { + if (known_services[i] == NULL) { + return service; + } + } + + return NULL; +} + +static char *check_services(char **services) +{ + /* Check if services we are about to start are in the list if known */ + for (int i = 0; services[i]; i++) { + if (check_service(services[i]) != NULL) { return services[i]; } } From 2cd03fc3ea594b0484c67efd8eea5d3e637c4b41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Sat, 19 Nov 2016 13:52:26 +0100 Subject: [PATCH 12/21] MONITOR: Deal with no services set up MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When SSSD deals with socket-activation properly, the services' line in the SSSD's config file may not be present anymore in case the admin doesn't want any service to be explicitelly activavte during SSSD's startup. Taking this into consideration, let's make SSSD ready to deal with an empty list of services in platforms were systemd is present. Explanation Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 46809d2..e033778 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -423,12 +423,14 @@ static int mark_service_as_started(struct mt_svc *svc) goto done; } - ctx->services_started = true; + if (ctx->services != NULL) { + ctx->services_started = true; - DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n"); - /* then start all services */ - for (i = 0; ctx->services[i]; i++) { - add_new_service(ctx, ctx->services[i], 0); + DEBUG(SSSDBG_CONF_SETTINGS, "Now starting services!\n"); + /* then start all services */ + for (i = 0; ctx->services[i]; i++) { + add_new_service(ctx, ctx->services[i], 0); + } } } @@ -471,6 +473,10 @@ static void services_startup_timeout(struct tevent_context *ev, struct mt_ctx *ctx = talloc_get_type(ptr, struct mt_ctx); int i; + if (ctx->services == NULL) { + return; + } + DEBUG(SSSDBG_TRACE_FUNC, "Handling timeout\n"); if (!ctx->services_started) { @@ -797,6 +803,10 @@ static char *check_service(char *service) static char *check_services(char **services) { + if (services == NULL) { + return NULL; + } + /* Check if services we are about to start are in the list if known */ for (int i = 0; services[i]; i++) { if (check_service(services[i]) != NULL) { @@ -871,8 +881,11 @@ static int get_monitor_config(struct mt_ctx *ctx) ctx->started_services = 0; ctx->num_services = 0; - for (i = 0; ctx->services[i] != NULL; i++) { - ctx->num_services++; + + if (ctx->services != NULL) { + for (i = 0; ctx->services[i] != NULL; i++) { + ctx->num_services++; + } } ret = get_service_user(ctx); @@ -2220,7 +2233,7 @@ static int monitor_process_init(struct mt_ctx *ctx, if (ret != EOK) { return ret; } - } else { + } else if (ctx->services != NULL) { int i; ctx->services_started = true; From 7bb8b11341f3dfa8e8f70dbd6f46a9b4ad1c502b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Sat, 19 Nov 2016 13:56:42 +0100 Subject: [PATCH 13/21] MONITOR: Deal with socket-activated responders MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of the effort of making all responders socket-activatable, let's make the monitor able to deal with this situation. When a responder is socket-activated the monitor has to: - Mark the service as started; - Increase the services' counter; - Get the responders' configuration; - Set the service's restart number; - Add the service to the services' list. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 73 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index e033778..91a1aaf 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -180,7 +180,10 @@ static int add_new_provider(struct mt_ctx *ctx, const char *name, int restarts); -static int mark_service_as_started(struct mt_svc *svc); +static char *check_service(char *service); + +static int mark_service_as_started(struct mt_svc *svc, + bool explicitly_configured); static int monitor_cleanup(void); @@ -231,6 +234,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) char *svc_name; dbus_bool_t dbret; int ret; + bool explicitly_configured = true; mini = talloc_get_type(data, struct mon_init_conn); if (!mini) { @@ -271,19 +275,54 @@ static int client_registration(struct sbus_request *dbus_req, void *data) svc = svc->next; } if (!svc) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Unable to find peer [%s] in list of services," +#ifdef HAVE_SYSTEMD + if (svc_type == MT_SVC_PROVIDER) +#endif + { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to find peer [%s] in list of services," " killing connection!\n", svc_name); - sbus_disconnect(dbus_req->conn); - sbus_request_finish(dbus_req, NULL); - /* FIXME: should we just talloc_zfree(conn) ? */ - goto done; + sbus_disconnect(dbus_req->conn); + sbus_request_finish(dbus_req, NULL); + /* FIXME: should we just talloc_zfree(conn) ? */ + goto done; + } + +#ifdef HAVE_SYSTEMD + /* + * MT_SVC_SERVICE + * As the service wasn't part of the services' list, it basically + * means that the service has been socket activated and has to be + * configured and added to the list. + */ + if (check_service(svc_name) != NULL) { + ret = EINVAL; + DEBUG(SSSDBG_FATAL_FAILURE, "Invalid service %s\n", svc_name); + goto done; + } + + mini->ctx->services_started = true; + mini->ctx->num_services++; + + ret = get_service_config(mini->ctx, svc_name, &svc); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unable to get the configuration for the service: %s\n", + svc_name); + goto done; + } + svc->restarts = 0; + + DLIST_ADD(mini->ctx->svc_list, svc); + + explicitly_configured = false; +#endif } /* Fill in svc structure with connection data */ svc->conn = mini->conn; - ret = mark_service_as_started(svc); + ret = mark_service_as_started(svc, explicitly_configured); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to mark service [%s]!\n", svc_name); goto done; @@ -388,7 +427,8 @@ static void svc_child_info(struct mt_svc *svc, int wait_status) } } -static int mark_service_as_started(struct mt_svc *svc) +static int mark_service_as_started(struct mt_svc *svc, + bool explicitly_configured) { struct mt_ctx *ctx = svc->mt_ctx; struct mt_svc *iter; @@ -439,6 +479,12 @@ static int mark_service_as_started(struct mt_svc *svc) } if (ctx->started_services == ctx->num_services) { + if (!explicitly_configured) { + /* There's no reason for trying to terminate the parent process + * when the responder was socket-activated. */ + goto done; + } + /* Initialization is complete, terminate parent process if in daemon * mode. Make sure we send the signal to the right process */ if (ctx->is_daemon) { @@ -862,8 +908,13 @@ static int get_monitor_config(struct mt_ctx *ctx) CONFDB_MONITOR_ACTIVE_SERVICES, &ctx->services); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n"); - return EINVAL; +#ifdef HAVE_SYSTEMD + if (ret != ENOENT) +#endif + { + DEBUG(SSSDBG_FATAL_FAILURE, "No services configured!\n"); + return EINVAL; + } } ret = add_implicit_services(ctx->cdb, ctx, &ctx->services); From e6536a06e191b8a7e8ed6374b8284f8562bc5150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 21 Nov 2016 15:48:52 +0100 Subject: [PATCH 14/21] MAN: Mention that the services' list is optional MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For platforms where systemd is supported, after making the responders socket-activatable, the services' list is completely optional. So, let's mention that in the manual page for sssd.conf. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/man/Makefile.am | 5 ++++- src/man/sssd.conf.5.xml | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/man/Makefile.am b/src/man/Makefile.am index 5e41d3a..49058bc 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -32,7 +32,10 @@ GPO_CONDS = ;gpo_default_enforcing else GPO_CONDS = ;gpo_default_permissive endif -CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SEC_CONDS) +if HAVE_SYSTEMD_UNIT +SYSTEMD_CONDS = ;have_systemd +endif +CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SEC_CONDS)$(SYSTEMD_CONDS) #Special Rules: diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 71ace52..5b34f6c 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -202,6 +202,9 @@ <para> Comma separated list of services that are started when sssd itself starts. + <phrase condition="have_systemd">The list + of services is optional for SSSD 1.15.0 or + later.</phrase> </para> <para> Supported services: nss, pam From 201a83757aea00253445818fe6ef10e9ab472d59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Tue, 22 Nov 2016 21:38:38 +0100 Subject: [PATCH 15/21] MONITOR: Let the responder know whether it was socket-activated MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit is preparing the ground for follow-up commits which will introduce a "responder idle timeout". The "responder idle timeout" doesn't make sense in case the responders were explicitly configured in the "services" line of sssd.conf but, currently, the responders are not aware of its initialization method and the monitor is the only component that knows this info. For now, let's add this info in the D-Bus reply message of the RegisterService method. Later on this series we will use this info in order to have the timeout scheduled based on this info. For some reason using DBUS_TYPE_BOOLEAN hadn't worked for me. That's the reason I'm sticking with DBUS_TYPE_UINT16 for the new attribute. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor.c | 3 ++- src/monitor/monitor_sbus.c | 9 ++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 91a1aaf..bf5d01f 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -231,10 +231,10 @@ static int client_registration(struct sbus_request *dbus_req, void *data) DBusError dbus_error; dbus_uint16_t svc_ver; dbus_uint16_t svc_type; + dbus_uint16_t explicitly_configured = true; char *svc_name; dbus_bool_t dbret; int ret; - bool explicitly_configured = true; mini = talloc_get_type(data, struct mon_init_conn); if (!mini) { @@ -331,6 +331,7 @@ static int client_registration(struct sbus_request *dbus_req, void *data) /* reply that all is ok */ sbus_request_return_and_finish(dbus_req, DBUS_TYPE_UINT16, &version, + DBUS_TYPE_UINT16, &explicitly_configured, DBUS_TYPE_INVALID); done: diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c index afd82f6..554c8af 100644 --- a/src/monitor/monitor_sbus.c +++ b/src/monitor/monitor_sbus.c @@ -51,6 +51,7 @@ static void id_callback(DBusPendingCall *pending, void *ptr) DBusError dbus_error; dbus_bool_t ret; dbus_uint16_t mon_ver; + dbus_uint16_t explicitly_configured; int type; dbus_error_init(&dbus_error); @@ -72,8 +73,10 @@ static void id_callback(DBusPendingCall *pending, void *ptr) type = dbus_message_get_type(reply); switch (type) { case DBUS_MESSAGE_TYPE_METHOD_RETURN: + ret = dbus_message_get_args(reply, &dbus_error, DBUS_TYPE_UINT16, &mon_ver, + DBUS_TYPE_UINT16, &explicitly_configured, DBUS_TYPE_INVALID); if (!ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message\n"); @@ -83,7 +86,11 @@ static void id_callback(DBusPendingCall *pending, void *ptr) } DEBUG(SSSDBG_CONF_SETTINGS, - "Got id ack and version (%d) from Monitor\n", mon_ver); + "Got id ack and version (%d) from Monitor.\n" + "The service has been %s.\n", + mon_ver, + !!explicitly_configured == 1 ? "explicitly configured" : + "socket/dbus activated"); break; From 59e14b129bec28f0cc11c31684bc2b44cbcd7525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 23 Nov 2016 01:42:17 +0100 Subject: [PATCH 16/21] MONITOR: Don't expose monitor_common_send_id() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As this function is only called by sss_monitor_init(), which is part of monitor_sbus.c file (same file where monitor_common_send_id() is declared), there is no reason to expose the function. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor_interfaces.h | 2 -- src/monitor/monitor_sbus.c | 6 ++++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index 986bac5..c5f3f7c 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -41,8 +41,6 @@ enum mt_svc_type { }; int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); -int monitor_common_send_id(struct sbus_connection *conn, - const char *name, uint16_t version, uint16_t type); int monitor_common_res_init(struct sbus_request *dbus_req, void *data); errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c index 554c8af..892ee0c 100644 --- a/src/monitor/monitor_sbus.c +++ b/src/monitor/monitor_sbus.c @@ -116,8 +116,10 @@ static void id_callback(DBusPendingCall *pending, void *ptr) dbus_message_unref(reply); } -int monitor_common_send_id(struct sbus_connection *conn, - const char *name, uint16_t version, uint16_t type) +static int monitor_common_send_id(struct sbus_connection *conn, + const char *name, + uint16_t version, + uint16_t type) { DBusMessage *msg; dbus_bool_t ret; From 6ed07e34783d841743dfd200f05810d36b690339 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 23 Nov 2016 02:12:24 +0100 Subject: [PATCH 17/21] SBUS: Introduce sbus_service_timetout structure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "sbus_service_timeout" has been introduced in order to achieve two goals: - The first one is to setup the responder idle timeout as soon as the responder has some information about the way it was enabled/activated. In other words, as soon as a response of RegisterService method arrives. - The second one is to provide a way to re-set the responder timeout for the IFP responder, which will be done every time sbus_dispatch() is called (obviously, just for the IFP responder and just when it's been dbus-activated). The struct consists basically in: - reset_timeout_fn(): a function that resets the timeout of the service. It will be called in every activity done by the service or during its startup. - reset_timeout_data: the data to be passed to the reset_timeout_fn(). - iface_validate_fn(): a function that will validate, when dealing with dbus-activated services, whether the interface used belongs to the service that will have the timeout reset. - iface_validate_data: the data to be passed to the iface_validate_fn(). For now it's not being used anywhere as all the functions that will receive this new structure as parameter are currently receiving NULL. It will be used by follow-up patches. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/monitor/monitor_interfaces.h | 1 + src/monitor/monitor_sbus.c | 15 ++++++++++++--- src/providers/data_provider_be.c | 2 +- src/responder/common/responder_common.c | 2 +- src/responder/ifp/ifpsrv.c | 2 +- src/sbus/sssd_dbus.h | 10 ++++++++++ src/sbus/sssd_dbus_connection.c | 3 ++- src/sbus/sssd_dbus_server.c | 2 +- 8 files changed, 29 insertions(+), 8 deletions(-) diff --git a/src/monitor/monitor_interfaces.h b/src/monitor/monitor_interfaces.h index c5f3f7c..6166683 100644 --- a/src/monitor/monitor_interfaces.h +++ b/src/monitor/monitor_interfaces.h @@ -50,4 +50,5 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, uint16_t svc_version, uint16_t svc_type, void *pvt, + struct sbus_service_timeout *svc_timeout, struct sbus_connection **mon_conn); diff --git a/src/monitor/monitor_sbus.c b/src/monitor/monitor_sbus.c index 892ee0c..3b09685 100644 --- a/src/monitor/monitor_sbus.c +++ b/src/monitor/monitor_sbus.c @@ -85,6 +85,13 @@ static void id_callback(DBusPendingCall *pending, void *ptr) goto done; } + if (ptr != NULL && !explicitly_configured) { + struct sbus_service_timeout *svc_timeout; + + svc_timeout = talloc_get_type(ptr, struct sbus_service_timeout); + svc_timeout->reset_timeout_fn(svc_timeout->reset_timeout_data); + } + DEBUG(SSSDBG_CONF_SETTINGS, "Got id ack and version (%d) from Monitor.\n" "The service has been %s.\n", @@ -119,7 +126,8 @@ static void id_callback(DBusPendingCall *pending, void *ptr) static int monitor_common_send_id(struct sbus_connection *conn, const char *name, uint16_t version, - uint16_t type) + uint16_t type, + struct sbus_service_timeout *svc_timeout) { DBusMessage *msg; dbus_bool_t ret; @@ -149,7 +157,7 @@ static int monitor_common_send_id(struct sbus_connection *conn, retval = sbus_conn_send(conn, msg, 3000, id_callback, - NULL, NULL); + svc_timeout, NULL); dbus_message_unref(msg); return retval; } @@ -174,6 +182,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, uint16_t svc_version, uint16_t svc_type, void *pvt, + struct sbus_service_timeout *svc_timeout, struct sbus_connection **mon_conn) { errno_t ret; @@ -202,7 +211,7 @@ errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, } /* Identify ourselves to the monitor */ - ret = monitor_common_send_id(conn, svc_name, svc_version, svc_type); + ret = monitor_common_send_id(conn, svc_name, svc_version, svc_type, svc_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to identify to the monitor!\n"); return ret; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 36f96df..ca8560c 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -408,7 +408,7 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx, ret = sss_monitor_init(be_ctx, be_ctx->ev, &monitor_be_methods, be_ctx->identity, DATA_PROVIDER_VERSION, - MT_SVC_PROVIDER, be_ctx, &be_ctx->mon_conn); + MT_SVC_PROVIDER, be_ctx, NULL, &be_ctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize monitor connection\n"); goto done; diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 86fab67..8a59a07 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1025,7 +1025,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, ret = sss_monitor_init(rctx, rctx->ev, monitor_intf, svc_name, svc_version, MT_SVC_SERVICE, - rctx, &rctx->mon_conn); + rctx, NULL, &rctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up message bus\n"); goto fail; diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index d9dca51..f23e9c6 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -138,7 +138,7 @@ sysbus_init(TALLOC_CTX *mem_ctx, /* Integrate with tevent loop */ ret = sbus_init_connection(system_bus, ev, conn, SBUS_CONN_TYPE_SYSBUS, - &system_bus->conn); + NULL, &system_bus->conn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not integrate D-BUS into mainloop.\n"); diff --git a/src/sbus/sssd_dbus.h b/src/sbus/sssd_dbus.h index 15e3b11..421e417 100644 --- a/src/sbus/sssd_dbus.h +++ b/src/sbus/sssd_dbus.h @@ -25,6 +25,7 @@ struct sbus_connection; struct sbus_interface; struct sbus_request; +struct sbus_service_timeout; #include <dbus/dbus.h> #include <sys/types.h> @@ -134,6 +135,14 @@ struct sbus_interface { void *handler_data; }; +struct sbus_service_timeout { + bool (*iface_validator_fn)(const char *iface); + const char *iface_validator_data; + + errno_t (*reset_timeout_fn)(void *); + void *reset_timeout_data; +}; + /* Server Functions */ int sbus_new_server(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -173,6 +182,7 @@ int sbus_init_connection(TALLOC_CTX *ctx, struct tevent_context *ev, DBusConnection *dbus_conn, int connection_type, + struct sbus_service_timeout *svc_timeout, struct sbus_connection **_conn); DBusConnection *sbus_get_connection(struct sbus_connection *conn); diff --git a/src/sbus/sssd_dbus_connection.c b/src/sbus/sssd_dbus_connection.c index 6f48e27..b210d79 100644 --- a/src/sbus/sssd_dbus_connection.c +++ b/src/sbus/sssd_dbus_connection.c @@ -148,6 +148,7 @@ int sbus_init_connection(TALLOC_CTX *ctx, struct tevent_context *ev, DBusConnection *dbus_conn, int connection_type, + struct sbus_service_timeout *svc_timeout, struct sbus_connection **_conn) { struct sbus_connection *conn; @@ -278,7 +279,7 @@ int sbus_new_connection(TALLOC_CTX *ctx, struct tevent_context *ev, return EIO; } - ret = sbus_init_connection(ctx, ev, dbus_conn, SBUS_CONN_TYPE_SHARED, &conn); + ret = sbus_init_connection(ctx, ev, dbus_conn, SBUS_CONN_TYPE_SHARED, NULL, &conn); if (ret != EOK) { /* FIXME: release resources */ } diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c index 6cc4172..9000869 100644 --- a/src/sbus/sssd_dbus_server.c +++ b/src/sbus/sssd_dbus_server.c @@ -53,7 +53,7 @@ static void sbus_server_init_new_connection(DBusServer *dbus_server, DEBUG(SSSDBG_FUNC_DATA,"Adding connection %p.\n", dbus_conn); ret = sbus_init_connection(server, server->ev, dbus_conn, - SBUS_CONN_TYPE_PRIVATE, &conn); + SBUS_CONN_TYPE_PRIVATE, NULL, &conn); if (ret != 0) { dbus_connection_close(dbus_conn); DEBUG(SSSDBG_FUNC_DATA, "Closing connection (failed setup)\n"); From c788d80161117ffaae221eb1e8f8cf98f4603cfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 24 Nov 2016 22:34:33 +0100 Subject: [PATCH 18/21] RESPONDER: Introduce sss_resp_iface_validator() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sss_resp_iface_validator() is the function that will be used to validate whether the D-Bus interface that received a signal belongs to the responder's D-Bus interface. For a lack of a better place to put the function, it's now in responder_utils.c. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/responder/common/responder.h | 2 ++ src/responder/common/responder_utils.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 9e3b2fd..aba0dfa 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -193,6 +193,8 @@ int create_pipe_fd(const char *sock_name, int *_fd, mode_t umaskval); int activate_unix_sockets(struct resp_ctx *rctx, connection_setup_t conn_setup); +bool sss_resp_iface_validator(const char *iface); + /* responder_cmd.c */ int sss_cmd_empty_packet(struct sss_packet *packet); int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx); diff --git a/src/responder/common/responder_utils.c b/src/responder/common/responder_utils.c index b02212d..6c7310c 100644 --- a/src/responder/common/responder_utils.c +++ b/src/responder/common/responder_utils.c @@ -193,3 +193,18 @@ char *sss_resp_create_fqname(TALLOC_CTX *mem_ctx, talloc_free(tmp_ctx); return name; } + +#define IFP_INTERFACE_NAME "org.freedesktop.sssd.infopipe" + +bool sss_resp_iface_validator(const char *iface) +{ + const char *valid_interfaces[] = { IFP_INTERFACE_NAME, NULL }; + + for (int i = 0; valid_interfaces[i] != NULL; i++) { + if (strncmp(iface, valid_interfaces[i], strlen(valid_interfaces[i])) == 0) { + return true; + } + } + + return false; +} From 871c3e4e27cfeafafc6e5fff77918f244a719686 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 23 Nov 2016 02:47:14 +0100 Subject: [PATCH 19/21] RESPONDER: Make clear {reset_,}idle_timer() are related to client MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those public functions dealing with idle_timer are related to the client's timeout. Let's make it explicit as we will introduce more timeout handlers (this time, related to the responder itself). Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/responder/common/responder.h | 10 +++++----- src/responder/common/responder_common.c | 16 ++++++++-------- src/responder/secrets/secsrv_cmd.c | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index aba0dfa..48f5d89 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -317,11 +317,11 @@ bool sss_utf8_check(const uint8_t *s, size_t n); void responder_set_fd_limit(rlim_t fd_limit); -errno_t reset_idle_timer(struct cli_ctx *cctx); -void idle_handler(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval current_time, - void *data); +errno_t reset_client_idle_timer(struct cli_ctx *cctx); +void client_idle_handler(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval current_time, + void *data); #define GET_DOMAINS_DEFAULT_TIMEOUT 60 diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 8a59a07..daa3270 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -358,7 +358,7 @@ static void client_fd_handler(struct tevent_context *ev, struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); /* Always reset the idle timer on any activity */ - ret = reset_idle_timer(cctx); + ret = reset_client_idle_timer(cctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not create idle timer for client. " @@ -502,7 +502,7 @@ static void accept_fd_handler(struct tevent_context *ev, cctx->rctx = rctx; /* Set up the idle timer */ - ret = reset_idle_timer(cctx); + ret = reset_client_idle_timer(cctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not create idle timer for client. " @@ -517,14 +517,14 @@ static void accept_fd_handler(struct tevent_context *ev, return; } -errno_t reset_idle_timer(struct cli_ctx *cctx) +errno_t reset_client_idle_timer(struct cli_ctx *cctx) { struct timeval tv = tevent_timeval_current_ofs(cctx->rctx->client_idle_timeout, 0); talloc_zfree(cctx->idle); - cctx->idle = tevent_add_timer(cctx->ev, cctx, tv, idle_handler, cctx); + cctx->idle = tevent_add_timer(cctx->ev, cctx, tv, client_idle_handler, cctx); if (!cctx->idle) return ENOMEM; DEBUG(SSSDBG_TRACE_ALL, @@ -534,10 +534,10 @@ errno_t reset_idle_timer(struct cli_ctx *cctx) return EOK; } -void idle_handler(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval current_time, - void *data) +void client_idle_handler(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval current_time, + void *data) { /* This connection is idle. Terminate it */ struct cli_ctx *cctx = diff --git a/src/responder/secrets/secsrv_cmd.c b/src/responder/secrets/secsrv_cmd.c index 36de6ef..70679ec 100644 --- a/src/responder/secrets/secsrv_cmd.c +++ b/src/responder/secrets/secsrv_cmd.c @@ -584,7 +584,7 @@ static void sec_fd_handler(struct tevent_context *ev, struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); /* Always reset the idle timer on any activity */ - ret = reset_idle_timer(cctx); + ret = reset_client_idle_timer(cctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not create idle timer for client. " From 61f8979dd8eb05862d23ea145b99a8a70d8ed339 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 23 Nov 2016 02:56:36 +0100 Subject: [PATCH 20/21] RESPONDER: Don't expose client_idle_handler() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's been only used by reset_client_idle_handler(). So, no need to expose this function. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/responder/common/responder.h | 4 ---- src/responder/common/responder_common.c | 34 ++++++++++++++++----------------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 48f5d89..664a237 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -318,10 +318,6 @@ bool sss_utf8_check(const uint8_t *s, size_t n); void responder_set_fd_limit(rlim_t fd_limit); errno_t reset_client_idle_timer(struct cli_ctx *cctx); -void client_idle_handler(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval current_time, - void *data); #define GET_DOMAINS_DEFAULT_TIMEOUT 60 diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index daa3270..24c1d63 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -517,6 +517,23 @@ static void accept_fd_handler(struct tevent_context *ev, return; } +static void client_idle_handler(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval current_time, + void *data) +{ + /* This connection is idle. Terminate it */ + struct cli_ctx *cctx = + talloc_get_type(data, struct cli_ctx); + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Terminating idle client [%p][%d]\n", + cctx, cctx->cfd); + + /* The cli_ctx destructor will handle the rest */ + talloc_free(cctx); +} + errno_t reset_client_idle_timer(struct cli_ctx *cctx) { struct timeval tv = @@ -534,23 +551,6 @@ errno_t reset_client_idle_timer(struct cli_ctx *cctx) return EOK; } -void client_idle_handler(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval current_time, - void *data) -{ - /* This connection is idle. Terminate it */ - struct cli_ctx *cctx = - talloc_get_type(data, struct cli_ctx); - - DEBUG(SSSDBG_TRACE_INTERNAL, - "Terminating idle client [%p][%d]\n", - cctx, cctx->cfd); - - /* The cli_ctx destructor will handle the rest */ - talloc_free(cctx); -} - static int sss_dp_init(struct resp_ctx *rctx, struct sbus_iface_map *sbus_iface, const char *cli_name, From 6f672a1f3842b7bdae529582c36d3eb9e58c3f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Tue, 22 Nov 2016 15:02:33 +0100 Subject: [PATCH 21/21] RESPONDER: Shutdown {dbus,socket}-activated responders in case they're idle MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit introduces a new option for the responders called responder_idle_timeout, which specifies the number of seconds that the responder process can be up without being used. The default value is 300 seconds (5 minutes) and can be configured per responder, being 60 seconds the minimum acceptable value. The shutdown timeout is activated per responder when the responder finds out whether it was explicitly configured or {dbus,socket}-activated. In case the responder is used, the timeout is reset thereby ensuring we won't shutdown a responder that is not idle. Resetting the timeout is done differently for socket-activated and dbus-activated responders. For the former case, the reset is done every time its socket is used. For the latter, the reset is done every time a DBus signal is received by the responder's interface (or valid sub-interfaces). Currently it works properly with all responders but the secrets one, which has a different logic and must be treated separately in case some change is required there. Is worth to mention that this commit does not affect the responders explicitly configured in the "services" line of sssd.conf. Related: https://fedorahosted.org/sssd/ticket/3245 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/confdb/confdb.h | 2 + src/config/SSSDConfig/__init__.py.in | 1 + src/config/SSSDConfigTest.py | 1 + src/config/etc/sssd.api.conf | 1 + src/man/sssd.conf.5.xml | 19 ++++++ src/responder/common/responder.h | 6 ++ src/responder/common/responder_common.c | 102 +++++++++++++++++++++++++++++++- src/responder/ifp/ifpsrv.c | 62 +++++++++++++++++-- src/sbus/sssd_dbus_connection.c | 1 + src/sbus/sssd_dbus_private.h | 3 + src/sbus/sssd_dbus_signals.c | 16 +++++ 11 files changed, 207 insertions(+), 7 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 12beaab..9055048 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -86,6 +86,8 @@ #define CONFDB_RESPONDER_CLI_IDLE_TIMEOUT "client_idle_timeout" #define CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT 60 #define CONFDB_RESPONDER_LOCAL_NEG_TIMEOUT "local_negative_timeout" +#define CONFDB_RESPONDER_IDLE_TIMEOUT "responder_idle_timeout" +#define CONFDB_RESPONDER_IDLE_DEFAULT_TIMEOUT 300 /* NSS */ #define CONFDB_NSS_CONF_ENTRY "config/nss" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index be09e8f..8c23fd2 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -50,6 +50,7 @@ option_strings = { 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'), 'fd_limit' : _('The number of file descriptors that may be opened by this responder'), 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'), + 'responder_idle_timeout' : _('Idle time before automatic shutdown of the responder'), # [sssd] 'services' : _('SSSD Services to start'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 4850073..0da5d63 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -308,6 +308,7 @@ def testListOptions(self): 'reconnection_retries', 'fd_limit', 'client_idle_timeout', + 'responder_idle_timeout', 'description', 'certificate_verification', 'override_space', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index d591228..5654006 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -13,6 +13,7 @@ command = str, None, false reconnection_retries = int, None, false fd_limit = int, None, false client_idle_timeout = int, None, false +responder_idle_timeout = int, None, false description = str, None, false [sssd] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 5b34f6c..de61337 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -601,6 +601,25 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>responder_idle_timeout</term> + <listitem> + <para> + This option specifies the number of seconds that + an SSSD responder process can be up without being + used. This value is limited in order to avoid + resource exhaustion on the system. + The minimum acceptable value for this option is 60 + seconds. + + This option only has effect when SSSD is built with + systemd support and only for SSSD 1.15.0 or later. + </para> + <para> + Default: 300 + </para> + </listitem> + </varlistentry> </variablelist> </refsect2> diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 664a237..866d4ac 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -107,6 +107,9 @@ struct resp_ctx { int domains_timeout; int client_idle_timeout; + int idle_timeout; + struct tevent_timer *idle; + struct sss_cmd_table *sss_cmds; const char *sss_pipe_name; const char *confdb_service_path; @@ -126,6 +129,7 @@ struct resp_ctx { void *pvt_ctx; bool shutting_down; + bool explicitly_configured; }; struct cli_creds; @@ -319,6 +323,8 @@ void responder_set_fd_limit(rlim_t fd_limit); errno_t reset_client_idle_timer(struct cli_ctx *cctx); +errno_t reset_responder_idle_timer(void *ptr); + #define GET_DOMAINS_DEFAULT_TIMEOUT 60 struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 24c1d63..f5443eb 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -350,6 +350,70 @@ static void client_recv(struct cli_ctx *cctx) return; } +static void responder_idle_handler(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval current_time, + void *data) +{ + /* This responder is idle. Terminate it */ + struct resp_ctx *rctx; + + rctx = talloc_get_type(data, struct resp_ctx); + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Terminating idle respondeer [%p]\n", rctx); + + talloc_free(rctx); + + orderly_shutdown(0); +} + +errno_t reset_responder_idle_timer(void *ptr) +{ + struct resp_ctx *rctx; + struct timeval tv; + + rctx = talloc_get_type(ptr, struct resp_ctx); + + if (rctx->explicitly_configured) { + /* In case the service has been explicitly + * configured in the "services" line of + * sssd.conf, the shutdown timeout should + * jsut be ignored in order to keep backward + * compatibility. */ + return EOK; + } + + tv = tevent_timeval_current_ofs(rctx->idle_timeout, 0); + + talloc_zfree(rctx->idle); + + rctx->idle = tevent_add_timer(rctx->ev, + rctx, + tv, + responder_idle_handler, + rctx); + if (rctx->idle == NULL) { + return ENOMEM; + } + + DEBUG(SSSDBG_TRACE_ALL, + "Shutdown idle timer re-set for responder [%p]\n", rctx); + + return EOK; +} + +static errno_t setup_responder_idle_timer(void *ptr) +{ + struct resp_ctx *rctx; + + rctx = talloc_get_type(ptr, struct resp_ctx); + + rctx->explicitly_configured = false; + + return reset_responder_idle_timer(rctx); +} + static void client_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *ptr) @@ -358,6 +422,15 @@ static void client_fd_handler(struct tevent_context *ev, struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); /* Always reset the idle timer on any activity */ + ret = reset_responder_idle_timer(cctx->rctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not create idle timer for the responder. " + "This responder may not shutdown automatically\n"); + /* Non-fatal, continue */ + } + + /* Always reset the idle timer on any activity */ ret = reset_client_idle_timer(cctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -936,6 +1009,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, { struct resp_ctx *rctx; struct sss_domain_info *dom; + struct sbus_service_timeout *svc_timeout; int ret; char *tmp = NULL; @@ -953,9 +1027,19 @@ int sss_process_init(TALLOC_CTX *mem_ctx, rctx->priv_lfd = priv_pipe_fd; rctx->confdb_service_path = confdb_service_path; rctx->shutting_down = false; + rctx->explicitly_configured = true; talloc_set_destructor((TALLOC_CTX*)rctx, sss_responder_ctx_destructor); + svc_timeout = talloc_zero(mem_ctx, struct sbus_service_timeout); + if (svc_timeout == NULL) { + ret = ENOMEM; + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing svc_timeout\n"); + goto fail; + } + svc_timeout->reset_timeout_fn = setup_responder_idle_timer; + svc_timeout->reset_timeout_data = rctx; + ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path, CONFDB_RESPONDER_CLI_IDLE_TIMEOUT, CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT, @@ -973,6 +1057,22 @@ int sss_process_init(TALLOC_CTX *mem_ctx, } ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path, + CONFDB_RESPONDER_IDLE_TIMEOUT, + CONFDB_RESPONDER_IDLE_DEFAULT_TIMEOUT, + &rctx->idle_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Cannot get the responder idle timeout [%d]: %s\n", + ret, strerror(ret)); + goto fail; + } + + /* Ensure that the responder timeout is at least sixty seconds */ + if (rctx->idle_timeout < 60) { + rctx->idle_timeout = 60; + } + + ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path, CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT, GET_DOMAINS_DEFAULT_TIMEOUT, &rctx->domains_timeout); if (ret != EOK) { @@ -1025,7 +1125,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx, ret = sss_monitor_init(rctx, rctx->ev, monitor_intf, svc_name, svc_version, MT_SVC_SERVICE, - rctx, NULL, &rctx->mon_conn); + rctx, svc_timeout, &rctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error setting up message bus\n"); goto fail; diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index f23e9c6..7c83c9c 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -95,6 +95,7 @@ sysbus_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *dbus_name, void *pvt, + struct sbus_service_timeout *svc_timeout, struct sysbus_ctx **sysbus) { DBusError dbus_error; @@ -138,7 +139,7 @@ sysbus_init(TALLOC_CTX *mem_ctx, /* Integrate with tevent loop */ ret = sbus_init_connection(system_bus, ev, conn, SBUS_CONN_TYPE_SYSBUS, - NULL, &system_bus->conn); + svc_timeout, &system_bus->conn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not integrate D-BUS into mainloop.\n"); @@ -169,10 +170,47 @@ sysbus_init(TALLOC_CTX *mem_ctx, return ret; } +static errno_t setup_svc_timeout_struct(TALLOC_CTX *mem_ctx, + struct resp_ctx *rctx, + struct sbus_service_timeout **_svc_timeout) +{ + TALLOC_CTX *tmp_ctx; + struct sbus_service_timeout *svc_timeout; + errno_t ret; + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + svc_timeout = talloc_zero(tmp_ctx, struct sbus_service_timeout); + if (svc_timeout == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to allocate struct sbus_service_timeout\n"); + ret = ENOMEM; + goto done; + } + + svc_timeout->iface_validator_fn = sss_resp_iface_validator; + svc_timeout->iface_validator_data = IFACE_IFP; + + svc_timeout->reset_timeout_fn = reset_responder_idle_timer; + svc_timeout->reset_timeout_data = rctx; + + *_svc_timeout = talloc_steal(mem_ctx, svc_timeout); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + static int ifp_sysbus_reconnect(struct sbus_request *dbus_req, void *data) { struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx); struct ifp_ctx *ifp_ctx = (struct ifp_ctx*) rctx->pvt_ctx; + struct sbus_service_timeout *svc_timeout; errno_t ret; DEBUG(SSSDBG_TRACE_FUNC, "Attempting to reconnect to the system bus\n"); @@ -182,10 +220,17 @@ static int ifp_sysbus_reconnect(struct sbus_request *dbus_req, void *data) goto done; } + ret = setup_svc_timeout_struct(ifp_ctx, rctx, &svc_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to setup the svc_timeout_struct\n"); + return ret; + } + /* Connect to the D-BUS system bus and set up methods */ ret = sysbus_init(ifp_ctx, ifp_ctx->rctx->ev, - IFACE_IFP, - ifp_ctx, &ifp_ctx->sysbus); + IFACE_IFP, ifp_ctx, + svc_timeout, &ifp_ctx->sysbus); if (ret == ERR_NO_SYSBUS) { DEBUG(SSSDBG_MINOR_FAILURE, "The system bus is not available..\n"); @@ -210,12 +255,12 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, struct sss_cmd_table *ifp_cmds; struct ifp_ctx *ifp_ctx; struct be_conn *iter; + struct sbus_service_timeout *svc_timeout; int ret; int max_retries; char *uid_str; char *attr_list_str; char *wildcard_limit_str; - ifp_cmds = get_ifp_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, ifp_cmds, @@ -321,10 +366,15 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, ifp_dp_reconnect_init, iter); } + ret = setup_svc_timeout_struct(ifp_ctx, ifp_ctx->rctx, &svc_timeout); + if (ret != EOK) { + goto fail; + } + /* Connect to the D-BUS system bus and set up methods */ ret = sysbus_init(ifp_ctx, ifp_ctx->rctx->ev, - IFACE_IFP, - ifp_ctx, &ifp_ctx->sysbus); + IFACE_IFP, ifp_ctx, + svc_timeout, &ifp_ctx->sysbus); if (ret == ERR_NO_SYSBUS) { DEBUG(SSSDBG_MINOR_FAILURE, "The system bus is not available..\n"); diff --git a/src/sbus/sssd_dbus_connection.c b/src/sbus/sssd_dbus_connection.c index b210d79..94e17ee 100644 --- a/src/sbus/sssd_dbus_connection.c +++ b/src/sbus/sssd_dbus_connection.c @@ -162,6 +162,7 @@ int sbus_init_connection(TALLOC_CTX *ctx, conn->type = SBUS_CONNECTION; conn->dbus.conn = dbus_conn; conn->connection_type = connection_type; + conn->svc_timeout = svc_timeout; ret = sbus_opath_hash_init(conn, conn, &conn->managed_paths); if (ret != EOK) { diff --git a/src/sbus/sssd_dbus_private.h b/src/sbus/sssd_dbus_private.h index 44a116e..7f7d71c 100644 --- a/src/sbus/sssd_dbus_private.h +++ b/src/sbus/sssd_dbus_private.h @@ -66,6 +66,9 @@ struct sbus_connection { /* watches list */ struct sbus_watch_ctx *watch_list; + + /* used to restart the service's shutdown timeout */ + struct sbus_service_timeout *svc_timeout; }; /* =Standard=interfaces=================================================== */ diff --git a/src/sbus/sssd_dbus_signals.c b/src/sbus/sssd_dbus_signals.c index 3f463e6..c8d9d5a 100644 --- a/src/sbus/sssd_dbus_signals.c +++ b/src/sbus/sssd_dbus_signals.c @@ -254,6 +254,22 @@ sbus_signal_handler(DBusConnection *dbus_conn, } tevent_req_set_callback(req, sbus_signal_handler_got_caller_id, a_signal); + if (conn->svc_timeout != NULL) { + struct sbus_service_timeout *svc_timeout = conn->svc_timeout; + bool reset_timeout = true; + + /* We must check whether the interface that received the signal matches + * with the service's (sub)interface that will have its shutdown + * timeout reset. */ + if (svc_timeout->iface_validator_fn != NULL) { + reset_timeout = svc_timeout->iface_validator_fn(svc_timeout->iface_validator_data); + } + + if (reset_timeout) { + conn->svc_timeout->reset_timeout_fn(conn->svc_timeout->reset_timeout_data); + } + } + return DBUS_HANDLER_RESULT_HANDLED; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
