X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;ds=sidebyside;f=src%2Flogin%2Flogind-session.c;h=e438c66332c7443d1250fdf7b5cc5bb213955b81;hb=0604381b9dbef4cc498b5a77311e1da99c1430b8;hp=bb802e5fc293176cbe9da97bb9fafc6f3205f53b;hpb=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c;p=elogind.git
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index bb802e5fc..e438c6633 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -6,16 +6,16 @@
Copyright 2011 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
***/
@@ -25,10 +25,12 @@
#include
#include
-#include "logind-session.h"
#include "strv.h"
#include "util.h"
+#include "mkdir.h"
+#include "path-util.h"
#include "cgroup-util.h"
+#include "logind-session.h"
#define IDLE_THRESHOLD_USEC (5*USEC_PER_MINUTE)
@@ -48,10 +50,10 @@ Session* session_new(Manager *m, User *u, const char *id) {
return NULL;
}
- s->id = file_name_from_path(s->state_file);
+ s->id = path_get_file_name(s->state_file);
if (hashmap_put(m->sessions, s->id, s) < 0) {
- free(s->id);
+ free(s->state_file);
free(s);
return NULL;
}
@@ -86,7 +88,7 @@ void session_free(Session *s) {
}
if (s->cgroup_path)
- hashmap_remove(s->manager->cgroups, s->cgroup_path);
+ hashmap_remove(s->manager->session_cgroups, s->cgroup_path);
free(s->cgroup_path);
strv_free(s->controllers);
@@ -98,7 +100,6 @@ void session_free(Session *s) {
free(s->service);
hashmap_remove(s->manager->sessions, s->id);
-
session_remove_fifo(s);
free(s->state_file);
@@ -115,7 +116,7 @@ int session_save(Session *s) {
if (!s->started)
return 0;
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
goto finish;
@@ -132,11 +133,13 @@ int session_save(Session *s) {
"UID=%lu\n"
"USER=%s\n"
"ACTIVE=%i\n"
+ "STATE=%s\n"
"REMOTE=%i\n"
"KILL_PROCESSES=%i\n",
(unsigned long) s->user->uid,
s->user->name,
session_is_active(s),
+ session_state_to_string(session_get_state(s)),
s->remote,
s->kill_processes);
@@ -145,6 +148,11 @@ int session_save(Session *s) {
"TYPE=%s\n",
session_type_to_string(s->type));
+ if (s->class >= 0)
+ fprintf(f,
+ "CLASS=%s\n",
+ session_class_to_string(s->class));
+
if (s->cgroup_path)
fprintf(f,
"CGROUP=%s\n",
@@ -225,7 +233,8 @@ int session_load(Session *s) {
*vtnr = NULL,
*leader = NULL,
*audit_id = NULL,
- *type = NULL;
+ *type = NULL,
+ *class = NULL;
int k, r;
@@ -245,6 +254,7 @@ int session_load(Session *s) {
"VTNR", &vtnr,
"LEADER", &leader,
"TYPE", &type,
+ "CLASS", &class,
NULL);
if (r < 0)
@@ -279,14 +289,9 @@ int session_load(Session *s) {
}
if (leader) {
- pid_t pid;
-
- k = parse_pid(leader, &pid);
- if (k >= 0 && pid >= 1) {
- s->leader = pid;
-
- audit_session_from_pid(pid, &s->audit_id);
- }
+ k = parse_pid(leader, &s->leader);
+ if (k >= 0)
+ audit_session_from_pid(s->leader, &s->audit_id);
}
if (type) {
@@ -297,6 +302,14 @@ int session_load(Session *s) {
s->type = t;
}
+ if (class) {
+ SessionClass c;
+
+ c = session_class_from_string(class);
+ if (c >= 0)
+ s->class = c;
+ }
+
if (s->fifo_path) {
int fd;
@@ -310,7 +323,6 @@ int session_load(Session *s) {
close_nointr_nofail(fd);
}
-
finish:
free(remote);
free(kill_processes);
@@ -318,6 +330,7 @@ finish:
free(vtnr);
free(leader);
free(audit_id);
+ free(class);
return r;
}
@@ -371,11 +384,15 @@ static int session_link_x11_socket(Session *s) {
c[k] = 0;
if (access(f, F_OK) < 0) {
- log_warning("Session %s has display %s with nonexisting socket %s.", s->id, s->display, f);
+ log_warning("Session %s has display %s with non-existing socket %s.", s->id, s->display, f);
free(f);
return -ENOENT;
}
+ /* Note that this cannot be in a subdir to avoid
+ * vulnerabilities since we are privileged but the runtime
+ * path is owned by the user */
+
t = strappend(s->user->runtime_path, "/X11-display");
if (!t) {
log_error("Out of memory");
@@ -434,7 +451,7 @@ static int session_create_one_group(Session *s, const char *controller, const ch
if (r < 0)
return r;
- r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid);
+ r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid, -1);
if (r >= 0)
r = cg_set_group_access(controller, path, 0755, s->user->uid, s->user->gid);
@@ -512,7 +529,7 @@ static int session_create_cgroup(Session *s) {
}
}
- hashmap_put(s->manager->cgroups, s->cgroup_path, s);
+ hashmap_put(s->manager->session_cgroups, s->cgroup_path, s);
return 0;
}
@@ -601,6 +618,23 @@ static int session_terminate_cgroup(Session *s) {
log_error("Failed to kill session cgroup: %s", strerror(-r));
} else {
+ if (s->leader > 0) {
+ Session *t;
+
+ /* We still send a HUP to the leader process,
+ * even if we are not supposed to kill the
+ * whole cgroup. But let's first check the
+ * leader still exists and belongs to our
+ * session... */
+
+ r = manager_get_session_by_pid(s->manager, s->leader, &t);
+ if (r > 0 && t == s) {
+ kill(s->leader, SIGTERM); /* for normal processes */
+ kill(s->leader, SIGHUP); /* for shells */
+ kill(s->leader, SIGCONT); /* in case they are stopped */
+ }
+ }
+
r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true);
if (r < 0)
log_error("Failed to check session cgroup: %s", strerror(-r));
@@ -608,19 +642,18 @@ static int session_terminate_cgroup(Session *s) {
r = cg_delete(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path);
if (r < 0)
log_error("Failed to delete session cgroup: %s", strerror(-r));
- } else
- r = -EBUSY;
+ }
}
STRV_FOREACH(k, s->user->manager->controllers)
cg_trim(*k, s->cgroup_path, true);
- hashmap_remove(s->manager->cgroups, s->cgroup_path);
+ hashmap_remove(s->manager->session_cgroups, s->cgroup_path);
free(s->cgroup_path);
s->cgroup_path = NULL;
- return r;
+ return 0;
}
static int session_unlink_x11_socket(Session *s) {
@@ -785,7 +818,7 @@ int session_create_fifo(Session *s) {
/* Create FIFO */
if (!s->fifo_path) {
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
return r;
@@ -804,13 +837,13 @@ int session_create_fifo(Session *s) {
if (s->fifo_fd < 0)
return -errno;
- r = hashmap_put(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1), s);
+ r = hashmap_put(s->manager->session_fds, INT_TO_PTR(s->fifo_fd + 1), s);
if (r < 0)
return r;
zero(ev);
ev.events = 0;
- ev.data.u32 = FD_FIFO_BASE + s->fifo_fd;
+ ev.data.u32 = FD_OTHER_BASE + s->fifo_fd;
if (epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_ADD, s->fifo_fd, &ev) < 0)
return -errno;
@@ -828,7 +861,7 @@ void session_remove_fifo(Session *s) {
assert(s);
if (s->fifo_fd >= 0) {
- assert_se(hashmap_remove(s->manager->fifo_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
+ assert_se(hashmap_remove(s->manager->session_fds, INT_TO_PTR(s->fifo_fd + 1)) == s);
assert_se(epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_DEL, s->fifo_fd, NULL) == 0);
close_nointr_nofail(s->fifo_fd);
s->fifo_fd = -1;
@@ -882,6 +915,18 @@ void session_add_to_gc_queue(Session *s) {
s->in_gc_queue = true;
}
+SessionState session_get_state(Session *s) {
+ assert(s);
+
+ if (s->fifo_fd < 0)
+ return SESSION_CLOSING;
+
+ if (session_is_active(s))
+ return SESSION_ACTIVE;
+
+ return SESSION_ONLINE;
+}
+
int session_kill(Session *s, KillWho who, int signo) {
int r = 0;
Set *pid_set = NULL;
@@ -923,6 +968,14 @@ int session_kill(Session *s, KillWho who, int signo) {
return r;
}
+static const char* const session_state_table[_SESSION_TYPE_MAX] = {
+ [SESSION_ONLINE] = "online",
+ [SESSION_ACTIVE] = "active",
+ [SESSION_CLOSING] = "closing"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_state, SessionState);
+
static const char* const session_type_table[_SESSION_TYPE_MAX] = {
[SESSION_TTY] = "tty",
[SESSION_X11] = "x11",
@@ -931,6 +984,14 @@ static const char* const session_type_table[_SESSION_TYPE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
+static const char* const session_class_table[_SESSION_CLASS_MAX] = {
+ [SESSION_USER] = "user",
+ [SESSION_GREETER] = "greeter",
+ [SESSION_LOCK_SCREEN] = "lock-screen"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);
+
static const char* const kill_who_table[_KILL_WHO_MAX] = {
[KILL_LEADER] = "leader",
[KILL_ALL] = "all"