util: Use systemd-login to check user sessions

Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.

Resolves:
https://fedorahosted.org/sssd/ticket/2084

1 files changed, 20 insertions, 0 deletions

diff --git a/src/util/find_uid.c b/src/util/find_uid.c
index d34a4abd2..63b346457 100644
--- a/src/util/find_uid.c
+++ b/src/util/find_uid.c
@@ -40,6 +40,10 @@
 #include "util/util.h"
 #include "util/strtonum.h"
 
+#ifdef HAVE_SYSTEMD_LOGIN
+#include <systemd/sd-login.h>
+#endif
+
 #define INITIAL_TABLE_SIZE 64
 #define PATHLEN (NAME_MAX + 14)
 #define BUFSIZE 4096
@@ -301,6 +305,22 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result)
 {
     int ret;
 
+#ifdef HAVE_SYSTEMD_LOGIN
+    ret = sd_uid_get_sessions(uid, 0, NULL);
+    if (ret > 0) {
+        *result = true;
+    }
+    if (ret == 0) {
+        *result = false;
+    }
+    if (ret >= 0) {
+        return EOK;
+    }
+    DEBUG(SSSDBG_CRIT_FAILURE, ("systemd-login gave error %d: %s\n",
+                                -ret, strerror(-ret)));
+    /* fall back to the old method */
+#endif
+
     ret = get_active_uid_linux(NULL, uid);
     if (ret != EOK && ret != ENOENT) {
         DEBUG(1, ("get_uid_table failed.\n"));