diff options
| author | Simo Sorce <simo@redhat.com> | 2013-09-10 18:24:41 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-09-11 09:17:41 -0400 |
| commit | e5c8cd07eca20d4939edef4a5e500542445f79e1 (patch) | |
| tree | 16fc5b387c829d3e72c01fb834cdad9f302e4035 | |
| parent | fbc419b2eb101c7491324499a698b6bdcb14ad43 (diff) | |
| download | sssd-logind.tar.gz sssd-logind.tar.xz sssd-logind.zip | |
util: Use systemd-login to check user sessionslogind
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
| -rw-r--r-- | Makefile.am | 29 | ||||
| -rw-r--r-- | src/external/systemd.m4 | 4 | ||||
| -rw-r--r-- | src/util/find_uid.c | 20 |
3 files changed, 48 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index 25a4cbf8..e585bdc9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -766,8 +766,11 @@ sss_userdel_SOURCES = \ $(SSSD_LCL_TOOLS_OBJ) sss_userdel_LDADD = \ $(TOOLS_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) -sss_userdel_CFLAGS = $(AM_CFLAGS) +sss_userdel_CFLAGS = \ + $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) sss_userdel_LDFLAGS = \ $(CLIENT_LIBS) @@ -972,12 +975,14 @@ krb5_utils_tests_SOURCES = \ $(SSSD_FAILOVER_OBJ) krb5_utils_tests_CFLAGS = \ $(AM_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) krb5_utils_tests_LDADD = \ $(SSSD_LIBS)\ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @@ -1074,12 +1079,14 @@ find_uid_tests_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ $(DHASH_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) find_uid_tests_LDADD = \ libsss_debug.la \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_test_common.la auth_tests_SOURCES = \ @@ -1233,12 +1240,14 @@ krb5_child_test_SOURCES = \ krb5_child_test_CFLAGS = \ $(AM_CFLAGS) \ -DKRB5_CHILD_DIR=\"$(builddir)\" \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) krb5_child_test_LDADD = \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @@ -1285,11 +1294,13 @@ test_find_uid_SOURCES = \ test_find_uid_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ - $(DHASH_CFLAGS) + $(DHASH_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) test_find_uid_LDADD = \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CMOCKA_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_debug.la test_io_SOURCES = \ @@ -1539,12 +1550,14 @@ libsss_ldap_la_SOURCES = \ src/util/sss_krb5.c libsss_ldap_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(KRB5_CFLAGS) libsss_ldap_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la libsss_ldap_la_LDFLAGS = \ @@ -1583,8 +1596,10 @@ libsss_krb5_la_SOURCES = \ src/util/sss_krb5.c libsss_krb5_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(DHASH_CFLAGS) libsss_krb5_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ @@ -1630,11 +1645,13 @@ libsss_ipa_la_SOURCES = \ src/util/sss_krb5.c libsss_ipa_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(NDR_NBT_CFLAGS) \ $(KRB5_CFLAGS) libsss_ipa_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(NDR_NBT_LIBS) \ @@ -1682,11 +1699,13 @@ libsss_ad_la_SOURCES = \ libsss_ad_la_CFLAGS = \ $(AM_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) \ $(NDR_NBT_CFLAGS) libsss_ad_la_LIBADD = \ + $(SYSTEMD_LOGIN_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ diff --git a/src/external/systemd.m4 b/src/external/systemd.m4 index 2c26dc19..202915a5 100644 --- a/src/external/systemd.m4 +++ b/src/external/systemd.m4 @@ -6,3 +6,7 @@ AC_DEFUN([AM_CHECK_SYSTEMD], [AC_MSG_ERROR([Could not detect systemd presence])] ) ]) +AM_COND_IF([HAVE_SYSTEMD], + [PKG_CHECK_MODULES([SYSTEMD_LOGIN], [libsystemd-login], + [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 1, [Build with libsystemdlogin support])], + [AC_DEFINE_UNQUOTED(HAVE_SYSTEMD_LOGIN, 0, [Build without libsystemd-login support])])]) diff --git a/src/util/find_uid.c b/src/util/find_uid.c index d34a4abd..10086ad6 100644 --- a/src/util/find_uid.c +++ b/src/util/find_uid.c @@ -40,6 +40,10 @@ #include "util/util.h" #include "util/strtonum.h" +#ifdef HAVE_SYSTEMD_LOGIN +#include <systemd/sd-login.h> +#endif + #define INITIAL_TABLE_SIZE 64 #define PATHLEN (NAME_MAX + 14) #define BUFSIZE 4096 @@ -301,6 +305,22 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result) { int ret; +#ifdef HAVE_SYSTEMD_LOGIN + ret = sd_uid_get_sessions(uid, 0, NULL); + if (ret > 0) { + *result = true; + } + if (ret == 0) { + *result = false; + } + if (ret >= 0) { + return EOK; + } + DEBUG(0, ("systemd-login gave error %d: %s\n", + -ret, strerror(-ret))); + /* fall back to the old method */ +#endif + ret = get_active_uid_linux(NULL, uid); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("get_uid_table failed.\n")); |