summaryrefslogtreecommitdiff
path: root/src/login/pam-module.c
AgeCommit message (Collapse)Author
2013-09-11Add pam configuration to allow user sessions to work out of the boxZbigniew Jędrzejewski-Szmek
systemd-logind will start user@.service. user@.service unit uses PAM with service name 'systemd-user' to perform account and session managment tasks. Previously, the name was 'systemd-shared', it is now changed to 'systemd-user'. Most PAM installations use one common setup for different callers. Based on a quick poll, distributions fall into two camps: those that have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia, Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE). Distributions that have system-auth have just one configuration file that contains auth, password, account, and session blocks, and distributions that have common-auth also have common-session, common-password, and common-account. It is thus impossible to use one configuration file which would work for everybody. systemd-user now refers to system-auth, because it seems that the approach with one file is more popular and also easier, so let's follow that.
2013-07-02logind: port over to use scopes+slices for all cgroup stuffLennart Poettering
In order to prepare things for the single-writer cgroup scheme, let's make logind use systemd's own primitives for cgroup management. Every login user now gets his own private slice unit, in which his sessions live in a scope unit each. Also, add user@$UID.service to the same slice, and implicitly start it on first login.
2013-04-18move _cleanup_ attribute in front of the typeHarald Hoyer
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
2013-04-09logind: introduce an explicit session class for cronjobs and similarLennart Poettering
cronjobs are neither interactive user session, nor lock screens, nor login screens, hence they should get their own class.
2013-04-05Use initalization instead of explicit zeroingZbigniew Jędrzejewski-Szmek
Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.
2013-04-05PAM, uaccess: check for logind, not for systemdMartin Pitt
It is possible to build systemd without logind or run logind without systemd init. Commit 66e41181 fixed sd_booted() to only succeed for systemd init; with that, testing for systemd init is wrong in the parts that talk to logind. In particular, this affects the PAM module and the "uaccess" udev builtin. Change sd_booted() to a new logind_running() which tests for /run/systemd/seats/. For details, see: <https://mail.gnome.org/archives/desktop-devel-list/2013-March/msg00092.html> https://bugs.freedesktop.org/show_bug.cgi?id=62754
2013-02-14honor SELinux labels, when creating and writing config filesHarald Hoyer
Also split out some fileio functions to fileio.c and provide a SELinux aware pendant in fileio-label.c see https://bugzilla.redhat.com/show_bug.cgi?id=881577
2012-12-24pam_systemd: new option for the session classMatthew Monaco
2012-12-24pam: properly handle SSH logins lacking the PAM tty fieldLennart Poettering
2012-10-16logind: only release logind session from the PAM module if the same module ↵Lennart Poettering
instance actually created it
2012-10-01pam: check environ[] for XDG_SEAT as fallbackLennart Poettering
This is useful for systems such as kmscon which want to invoke classic /sbin/login but use it on multiple seats.
2012-09-21pam: document that we don't do error checking when parsing vtnrLennart Poettering
2012-09-12pam: Add session class to the debug log.Colin Guthrie
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-10util: move all to shared/ and split external dependencies in separate ↵Kay Sievers
internal libraries Before: $ ldd /lib/systemd/systemd-timestamp linux-vdso.so.1 => (0x00007fffb05ff000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f90aac57000) libcap.so.2 => /lib64/libcap.so.2 (0x00007f90aaa53000) librt.so.1 => /lib64/librt.so.1 (0x00007f90aa84a000) libc.so.6 => /lib64/libc.so.6 (0x00007f90aa494000) /lib64/ld-linux-x86-64.so.2 (0x00007f90aae90000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f90aa290000) libattr.so.1 => /lib64/libattr.so.1 (0x00007f90aa08a000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f90a9e6e000) After: $ ldd systemd-timestamp linux-vdso.so.1 => (0x00007fff3cbff000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5eaa1c3000) librt.so.1 => /lib64/librt.so.1 (0x00007f5ea9fbb000) libc.so.6 => /lib64/libc.so.6 (0x00007f5ea9c04000) /lib64/ld-linux-x86-64.so.2 (0x00007f5eaa3fc000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ea9a00000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ea97e4000)
2012-03-22logind: close FIFO before ending sessions cleanlyLennart Poettering
For clean session endings ask logind explicitly to get rid of the FIFO before closing it so that the FIFO logic doesn't result in su/sudo to be terminated immediately.
2012-02-14login: track login class (i.e. one of "user", "greeter", "lock-screen") for ↵Lennart Poettering
each session This introduces the new PAM environment variable XDG_SESSION_CLASS. If not set, defaults to "user". This is useful for apps that want to distuingish real user logins from "fake" ones which just exist to show a gdm login screen or a lock screen.
2012-01-13pam: fix buildLennart Poettering
2012-01-13pam: work correctly if a seat is specified but not vtnrLennart Poettering
2012-01-05build-sys: move public header files into a dir of their ownLennart Poettering
2011-12-31login: move the PAM module to src/login/ since it is just a client to logindLennart Poettering