diff options
| author | David Herrmann <dh.herrmann@googlemail.com> | 2015-11-16 16:28:25 +0100 |
|---|---|---|
| committer | David Herrmann <dh.herrmann@googlemail.com> | 2015-11-16 16:28:25 +0100 |
| commit | f7eb988333abd6bb661ab4c2607aeffb1b3832ce (patch) | |
| tree | 9625779913464e0c2e101f566ac338415f7e6a90 | |
| parent | f5ed8d4a51b7f168eba9114a7cf4c2a3132cafff (diff) | |
| parent | 2f157acdae14962ed7b7f7734f3e3547477aea0a (diff) | |
Merge pull request #1918 from dvdhrm/user3
login: allow re-using users (v3)
| -rw-r--r-- | src/login/logind-core.c | 7 | ||||
| -rw-r--r-- | src/login/logind-dbus.c | 13 | ||||
| -rw-r--r-- | src/login/logind-user.c | 277 | ||||
| -rw-r--r-- | src/login/logind-user.h | 12 | ||||
| -rw-r--r-- | src/login/pam_systemd.c | 28 |
5 files changed, 149 insertions, 188 deletions
diff --git a/src/login/logind-core.c b/src/login/logind-core.c index b3f30c8dc9..38c426c1aa 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -98,15 +98,16 @@ int manager_add_session(Manager *m, const char *id, Session **_session) { int manager_add_user(Manager *m, uid_t uid, gid_t gid, const char *name, User **_user) { User *u; + int r; assert(m); assert(name); u = hashmap_get(m->users, UID_TO_PTR(uid)); if (!u) { - u = user_new(m, uid, gid, name); - if (!u) - return -ENOMEM; + r = user_new(&u, m, uid, gid, name); + if (r < 0) + return r; } if (_user) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 7cc0044bab..e507a19aef 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -2620,11 +2620,8 @@ int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *err } session = hashmap_get(m->session_units, unit); - if (session) { - - if (streq_ptr(path, session->scope_job)) - session->scope_job = mfree(session->scope_job); - + if (session && streq_ptr(path, session->scope_job)) { + session->scope_job = mfree(session->scope_job); session_jobs_reply(session, unit, result); session_save(session); @@ -2633,7 +2630,9 @@ int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *err } user = hashmap_get(m->user_units, unit); - if (user) { + if (user && + (streq_ptr(path, user->service_job) || + streq_ptr(path, user->slice_job))) { if (streq_ptr(path, user->service_job)) user->service_job = mfree(user->service_job); @@ -2964,7 +2963,7 @@ int manager_start_unit(Manager *manager, const char *unit, sd_bus_error *error, "StartUnit", error, &reply, - "ss", unit, "fail"); + "ss", unit, "replace"); if (r < 0) return r; diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 7bdbe6583c..778f19b50d 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -51,42 +51,62 @@ #include "user-util.h" #include "util.h" -User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) { - User *u; +int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) { + _cleanup_(user_freep) User *u = NULL; + char lu[DECIMAL_STR_MAX(uid_t) + 1]; + int r; + assert(out); assert(m); assert(name); u = new0(User, 1); if (!u) - return NULL; + return -ENOMEM; + + u->manager = m; + u->uid = uid; + u->gid = gid; + xsprintf(lu, UID_FMT, uid); u->name = strdup(name); if (!u->name) - goto fail; + return -ENOMEM; if (asprintf(&u->state_file, "/run/systemd/users/"UID_FMT, uid) < 0) - goto fail; + return -ENOMEM; - if (hashmap_put(m->users, UID_TO_PTR(uid), u) < 0) - goto fail; + if (asprintf(&u->runtime_path, "/run/user/"UID_FMT, uid) < 0) + return -ENOMEM; - u->manager = m; - u->uid = uid; - u->gid = gid; + r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &u->slice); + if (r < 0) + return r; - return u; + r = unit_name_build("user", lu, ".service", &u->service); + if (r < 0) + return r; -fail: - free(u->state_file); - free(u->name); - free(u); + r = hashmap_put(m->users, UID_TO_PTR(uid), u); + if (r < 0) + return r; + + r = hashmap_put(m->user_units, u->slice, u); + if (r < 0) + return r; - return NULL; + r = hashmap_put(m->user_units, u->service, u); + if (r < 0) + return r; + + *out = u; + u = NULL; + return 0; } -void user_free(User *u) { - assert(u); +User *user_free(User *u) { + if (!u) + return NULL; if (u->in_gc_queue) LIST_REMOVE(gc_queue, u->manager->user_gc_queue, u); @@ -94,26 +114,24 @@ void user_free(User *u) { while (u->sessions) session_free(u->sessions); - if (u->slice) { - hashmap_remove(u->manager->user_units, u->slice); - free(u->slice); - } + if (u->service) + hashmap_remove_value(u->manager->user_units, u->service, u); - if (u->service) { - hashmap_remove(u->manager->user_units, u->service); - free(u->service); - } + if (u->slice) + hashmap_remove_value(u->manager->user_units, u->slice, u); - free(u->slice_job); - free(u->service_job); + hashmap_remove_value(u->manager->users, UID_TO_PTR(u->uid), u); - free(u->runtime_path); + u->slice_job = mfree(u->slice_job); + u->service_job = mfree(u->service_job); - hashmap_remove(u->manager->users, UID_TO_PTR(u->uid)); + u->service = mfree(u->service); + u->slice = mfree(u->slice); + u->runtime_path = mfree(u->runtime_path); + u->state_file = mfree(u->state_file); + u->name = mfree(u->name); - free(u->name); - free(u->state_file); - free(u); + return mfree(u); } static int user_save_internal(User *u) { @@ -141,16 +159,13 @@ static int user_save_internal(User *u) { u->name, user_state_to_string(user_get_state(u))); + /* LEGACY: no-one reads RUNTIME= anymore, drop it at some point */ if (u->runtime_path) fprintf(f, "RUNTIME=%s\n", u->runtime_path); - if (u->service) - fprintf(f, "SERVICE=%s\n", u->service); if (u->service_job) fprintf(f, "SERVICE_JOB=%s\n", u->service_job); - if (u->slice) - fprintf(f, "SLICE=%s\n", u->slice); if (u->slice_job) fprintf(f, "SLICE_JOB=%s\n", u->slice_job); @@ -288,10 +303,7 @@ int user_load(User *u) { assert(u); r = parse_env_file(u->state_file, NEWLINE, - "RUNTIME", &u->runtime_path, - "SERVICE", &u->service, "SERVICE_JOB", &u->service_job, - "SLICE", &u->slice, "SLICE_JOB", &u->slice_job, "DISPLAY", &display, "REALTIME", &realtime, @@ -327,7 +339,6 @@ int user_load(User *u) { } static int user_mkdir_runtime_path(User *u) { - char *p; int r; assert(u); @@ -336,16 +347,10 @@ static int user_mkdir_runtime_path(User *u) { if (r < 0) return log_error_errno(r, "Failed to create /run/user: %m"); - if (!u->runtime_path) { - if (asprintf(&p, "/run/user/" UID_FMT, u->uid) < 0) - return log_oom(); - } else - p = u->runtime_path; - - if (path_is_mount_point(p, 0) <= 0) { + if (path_is_mount_point(u->runtime_path, 0) <= 0) { _cleanup_free_ char *t = NULL; - (void) mkdir_label(p, 0700); + (void) mkdir_label(u->runtime_path, 0700); if (mac_smack_use()) r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size); @@ -356,10 +361,10 @@ static int user_mkdir_runtime_path(User *u) { goto fail; } - r = mount("tmpfs", p, "tmpfs", MS_NODEV|MS_NOSUID, t); + r = mount("tmpfs", u->runtime_path, "tmpfs", MS_NODEV|MS_NOSUID, t); if (r < 0) { if (errno != EPERM) { - r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p); + r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", u->runtime_path); goto fail; } @@ -367,79 +372,54 @@ static int user_mkdir_runtime_path(User *u) { * CAP_SYS_ADMIN-less container? In this case, * just use a normal directory. */ - r = chmod_and_chown(p, 0700, u->uid, u->gid); + r = chmod_and_chown(u->runtime_path, 0700, u->uid, u->gid); if (r < 0) { log_error_errno(r, "Failed to change runtime directory ownership and mode: %m"); goto fail; } } - r = label_fix(p, false, false); + r = label_fix(u->runtime_path, false, false); if (r < 0) - log_warning_errno(r, "Failed to fix label of '%s', ignoring: %m", p); + log_warning_errno(r, "Failed to fix label of '%s', ignoring: %m", u->runtime_path); } - u->runtime_path = p; return 0; fail: - if (p) { - /* Try to clean up, but ignore errors */ - (void) rmdir(p); - free(p); - } - - u->runtime_path = NULL; + /* Try to clean up, but ignore errors */ + (void) rmdir(u->runtime_path); return r; } static int user_start_slice(User *u) { + _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + const char *description; + char *job; int r; assert(u); - if (!u->slice) { - _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; - char lu[DECIMAL_STR_MAX(uid_t) + 1], *slice, *job; - const char *description; - - u->slice_job = mfree(u->slice_job); - - xsprintf(lu, UID_FMT, u->uid); - r = slice_build_subslice(SPECIAL_USER_SLICE, lu, &slice); - if (r < 0) - return log_error_errno(r, "Failed to build slice name: %m"); - - description = strjoina("User Slice of ", u->name); - - r = manager_start_slice( - u->manager, - slice, - description, - "systemd-logind.service", - "systemd-user-sessions.service", - u->manager->user_tasks_max, - &error, - &job); - if (r < 0) { - - if (sd_bus_error_has_name(&error, BUS_ERROR_UNIT_EXISTS)) - /* The slice already exists? If so, that's fine, let's just reuse it */ - u->slice = slice; - else { - log_error_errno(r, "Failed to start user slice %s, ignoring: %s (%s)", slice, bus_error_message(&error, r), error.name); - free(slice); - /* we don't fail due to this, let's try to continue */ - } - } else { - u->slice = slice; - u->slice_job = job; - } + u->slice_job = mfree(u->slice_job); + description = strjoina("User Slice of ", u->name); + + r = manager_start_slice( + u->manager, + u->slice, + description, + "systemd-logind.service", + "systemd-user-sessions.service", + u->manager->user_tasks_max, + &error, + &job); + if (r < 0) { + /* we don't fail due to this, let's try to continue */ + if (!sd_bus_error_has_name(&error, BUS_ERROR_UNIT_EXISTS)) + log_error_errno(r, "Failed to start user slice %s, ignoring: %s (%s)", u->slice, bus_error_message(&error, r), error.name); + } else { + u->slice_job = job; } - if (u->slice) - (void) hashmap_put(u->manager->user_units, u->slice, u); - return 0; } @@ -450,34 +430,20 @@ static int user_start_service(User *u) { assert(u); - if (!u->service) { - char lu[DECIMAL_STR_MAX(uid_t) + 1], *service; + u->service_job = mfree(u->service_job); - xsprintf(lu, UID_FMT, u->uid); - r = unit_name_build("user", lu, ".service", &service); - if (r < 0) - return log_error_errno(r, "Failed to build service name: %m"); - - r = manager_start_unit( - u->manager, - service, - &error, - &job); - if (r < 0) { - log_error_errno(r, "Failed to start user service, ignoring: %s", bus_error_message(&error, r)); - free(service); - /* we don't fail due to this, let's try to continue */ - } else { - u->service = service; - - free(u->service_job); - u->service_job = job; - } + r = manager_start_unit( + u->manager, + u->service, + &error, + &job); + if (r < 0) { + /* we don't fail due to this, let's try to continue */ + log_error_errno(r, "Failed to start user service, ignoring: %s", bus_error_message(&error, r)); + } else { + u->service_job = job; } - if (u->service) - (void) hashmap_put(u->manager->user_units, u->service, u); - return 0; } @@ -486,15 +452,32 @@ int user_start(User *u) { assert(u); - if (u->started) + if (u->started && !u->stopping) return 0; - log_debug("New user %s logged in.", u->name); - - /* Make XDG_RUNTIME_DIR */ - r = user_mkdir_runtime_path(u); - if (r < 0) - return r; + /* + * If u->stopping is set, the user is marked for removal and the slice + * and service stop-jobs are queued. We have to clear that flag before + * queing the start-jobs again. If they succeed, the user object can be + * re-used just fine (pid1 takes care of job-ordering and proper + * restart), but if they fail, we want to force another user_stop() so + * possibly pending units are stopped. + * Note that we don't clear u->started, as we have no clue what state + * the user is in on failure here. Hence, we pretend the user is + * running so it will be properly taken down by GC. However, we clearly + * return an error from user_start() in that case, so no further + * reference to the user is taken. + */ + u->stopping = false; + + if (!u->started) { + log_debug("New user %s logged in.", u->name); + + /* Make XDG_RUNTIME_DIR */ + r = user_mkdir_runtime_path(u); + if (r < 0) + return r; + } /* Create cgroup */ r = user_start_slice(u); @@ -512,16 +495,16 @@ int user_start(User *u) { if (r < 0) return r; - if (!dual_timestamp_is_set(&u->timestamp)) - dual_timestamp_get(&u->timestamp); - - u->started = true; + if (!u->started) { + if (!dual_timestamp_is_set(&u->timestamp)) + dual_timestamp_get(&u->timestamp); + user_send_signal(u, true); + u->started = true; + } /* Save new user data */ user_save(u); - user_send_signal(u, true); - return 0; } @@ -532,9 +515,6 @@ static int user_stop_slice(User *u) { assert(u); - if (!u->slice) - return 0; - r = manager_stop_unit(u->manager, u->slice, &error, &job); if (r < 0) { log_error("Failed to stop user slice: %s", bus_error_message(&error, r)); @@ -554,9 +534,6 @@ static int user_stop_service(User *u) { assert(u); - if (!u->service) - return 0; - r = manager_stop_unit(u->manager, u->service, &error, &job); if (r < 0) { log_error("Failed to stop user service: %s", bus_error_message(&error, r)); @@ -574,9 +551,6 @@ static int user_remove_runtime_path(User *u) { assert(u); - if (!u->runtime_path) - return 0; - r = rm_rf(u->runtime_path, 0); if (r < 0) log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path); @@ -592,8 +566,6 @@ static int user_remove_runtime_path(User *u) { if (r < 0) log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path); - u->runtime_path = mfree(u->runtime_path); - return r; } @@ -785,9 +757,6 @@ UserState user_get_state(User *u) { int user_kill(User *u, int signo) { assert(u); - if (!u->slice) - return -ESRCH; - return manager_kill_unit(u->manager, u->slice, KILL_ALL, signo, NULL); } diff --git a/src/login/logind-user.h b/src/login/logind-user.h index 722247806b..de99cf47b4 100644 --- a/src/login/logind-user.h +++ b/src/login/logind-user.h @@ -39,16 +39,13 @@ typedef enum UserState { struct User { Manager *manager; - uid_t uid; gid_t gid; char *name; - char *state_file; char *runtime_path; - - char *service; char *slice; + char *service; char *service_job; char *slice_job; @@ -65,8 +62,11 @@ struct User { LIST_FIELDS(User, gc_queue); }; -User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name); -void user_free(User *u); +int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name); +User *user_free(User *u); + +DEFINE_TRIVIAL_CLEANUP_FUNC(User *, user_free); + bool user_check_gc(User *u, bool drop_not_started); void user_add_to_gc_queue(User *u); int user_start(User *u); diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 0d61f528db..3f7cbb78df 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -267,29 +267,21 @@ _public_ PAM_EXTERN int pam_sm_open_session( pam_get_item(handle, PAM_SERVICE, (const void**) &service); if (streq_ptr(service, "systemd-user")) { - _cleanup_free_ char *p = NULL, *rt = NULL; + _cleanup_free_ char *rt = NULL; - if (asprintf(&p, "/run/systemd/users/"UID_FMT, pw->pw_uid) < 0) + if (asprintf(&rt, "/run/user/"UID_FMT, pw->pw_uid) < 0) return PAM_BUF_ERR; - r = parse_env_file(p, NEWLINE, - "RUNTIME", &rt, - NULL); - if (r < 0 && r != -ENOENT) - return PAM_SESSION_ERR; - - if (rt) { - r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); - return r; - } - - r = export_legacy_dbus_address(handle, pw->pw_uid, rt); - if (r != PAM_SUCCESS) - return r; + r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0); + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); + return r; } + r = export_legacy_dbus_address(handle, pw->pw_uid, rt); + if (r != PAM_SUCCESS) + return r; + return PAM_SUCCESS; } |