diff options
| author | Simo Sorce <simo@redhat.com> | 2013-09-10 18:24:41 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-16 15:48:34 +0200 |
| commit | b49a7d90708e816120ff88ce5a88fa62b35ff795 (patch) | |
| tree | 798ae2d5998a37a7efd7420cad9a483b76ef973c | |
| parent | 6d2942eb10f5fc4f791498d7f6c2ef021c3b8777 (diff) | |
| download | sssd-b49a7d90708e816120ff88ce5a88fa62b35ff795.tar.gz sssd-b49a7d90708e816120ff88ce5a88fa62b35ff795.tar.xz sssd-b49a7d90708e816120ff88ce5a88fa62b35ff795.zip | |
util: Use systemd-login to check user sessions
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
| -rw-r--r-- | Makefile.am | 29 | ||||
| -rw-r--r-- | contrib/sssd.spec.in | 3 | ||||
| -rw-r--r-- | src/external/systemd.m4 | 4 | ||||
| -rw-r--r-- | src/util/find_uid.c | 20 |
4 files changed, 51 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index bbc8415e6..610f14998 100644 --- a/Makefile.am +++ b/Makefile.am @@ -767,8 +767,11 @@ sss_userdel_SOURCES = \ $(SSSD_LCL_TOOLS_OBJ) sss_userdel_LDADD = \ $(TOOLS_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) -sss_userdel_CFLAGS = $(AM_CFLAGS) +sss_userdel_CFLAGS = \ + $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) sss_userdel_LDFLAGS = \ $(CLIENT_LIBS) @@ -973,12 +976,14 @@ krb5_utils_tests_SOURCES = \ $(SSSD_FAILOVER_OBJ) krb5_utils_tests_CFLAGS = \ $(AM_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) krb5_utils_tests_LDADD = \ $(SSSD_LIBS)\ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @@ -1075,12 +1080,14 @@ find_uid_tests_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ $(DHASH_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) find_uid_tests_LDADD = \ libsss_debug.la \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_test_common.la auth_tests_SOURCES = \ @@ -1234,12 +1241,14 @@ krb5_child_test_SOURCES = \ krb5_child_test_CFLAGS = \ $(AM_CFLAGS) \ -DKRB5_CHILD_DIR=\"$(builddir)\" \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) krb5_child_test_LDADD = \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @@ -1286,11 +1295,13 @@ test_find_uid_SOURCES = \ test_find_uid_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ - $(DHASH_CFLAGS) + $(DHASH_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) test_find_uid_LDADD = \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CMOCKA_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_debug.la test_io_SOURCES = \ @@ -1540,12 +1551,14 @@ libsss_ldap_la_SOURCES = \ src/util/sss_krb5.c libsss_ldap_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(KRB5_CFLAGS) libsss_ldap_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la libsss_ldap_la_LDFLAGS = \ @@ -1584,8 +1597,10 @@ libsss_krb5_la_SOURCES = \ src/util/sss_krb5.c libsss_krb5_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(DHASH_CFLAGS) libsss_krb5_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ @@ -1631,11 +1646,13 @@ libsss_ipa_la_SOURCES = \ src/util/sss_krb5.c libsss_ipa_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(NDR_NBT_CFLAGS) \ $(KRB5_CFLAGS) libsss_ipa_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(NDR_NBT_LIBS) \ @@ -1683,11 +1700,13 @@ libsss_ad_la_SOURCES = \ libsss_ad_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) \ $(NDR_NBT_CFLAGS) libsss_ad_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 3b6c2596f..fe002b6fa 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -125,6 +125,9 @@ BuildRequires: libnl3-devel %else BuildRequires: libnl-devel %endif +%if (0%{?use_systemd} == 1) +BuildRequires: systemd-devel +%endif # RHEL 5 is too old to support samba4 and the PAC responder %if !0%{?is_rhel5} diff --git a/src/external/systemd.m4 b/src/external/systemd.m4 index 2c26dc19b..202915a56 100644 --- a/src/external/systemd.m4 +++ b/src/external/systemd.m4 @@ -6,3 +6,7 @@ AC_DEFUN([AM_CHECK_SYSTEMD], [AC_MSG_ERROR([Could not detect systemd presence])] ) ]) +AM_COND_IF([HAVE_SYSTEMD], + [PKG_CHECK_MODULES([SYSTEMD_LOGIN], [libsystemd-login], + [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 1, [Build with libsystemdlogin support])], + [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 0, [Build without libsystemd-login support])])]) diff --git a/src/util/find_uid.c b/src/util/find_uid.c index d34a4abd2..63b346457 100644 --- a/src/util/find_uid.c +++ b/src/util/find_uid.c @@ -40,6 +40,10 @@ #include "util/util.h" #include "util/strtonum.h" +#ifdef HAVE_SYSTEMD_LOGIN +#include <systemd/sd-login.h> +#endif + #define INITIAL_TABLE_SIZE 64 #define PATHLEN (NAME_MAX + 14) #define BUFSIZE 4096 @@ -301,6 +305,22 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result) { int ret; +#ifdef HAVE_SYSTEMD_LOGIN + ret = sd_uid_get_sessions(uid, 0, NULL); + if (ret > 0) { + *result = true; + } + if (ret == 0) { + *result = false; + } + if (ret >= 0) { + return EOK; + } + DEBUG(SSSDBG_CRIT_FAILURE, ("systemd-login gave error %d: %s\n", + -ret, strerror(-ret))); + /* fall back to the old method */ +#endif + ret = get_active_uid_linux(NULL, uid); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("get_uid_table failed.\n")); |