X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flogin%2Flogind-session.c;h=6e1bf6d560cfef49fe5a8bd499b4341a4974126b;hp=e438c66332c7443d1250fdf7b5cc5bb213955b81;hb=374ec6abf31ada6ca554cc8ea99b282373fac010;hpb=0604381b9dbef4cc498b5a77311e1da99c1430b8 diff --git a/src/login/logind-session.c b/src/login/logind-session.c index e438c6633..6e1bf6d56 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -25,16 +25,19 @@ #include #include +#include +#include + #include "strv.h" #include "util.h" #include "mkdir.h" #include "path-util.h" #include "cgroup-util.h" +#include "fileio.h" +#include "dbus-common.h" #include "logind-session.h" -#define IDLE_THRESHOLD_USEC (5*USEC_PER_MINUTE) - -Session* session_new(Manager *m, User *u, const char *id) { +Session* session_new(Manager *m, const char *id) { Session *s; assert(m); @@ -60,9 +63,6 @@ Session* session_new(Manager *m, User *u, const char *id) { s->manager = m; s->fifo_fd = -1; - s->user = u; - - LIST_PREPEND(Session, sessions_by_user, u->sessions, s); return s; } @@ -87,11 +87,15 @@ void session_free(Session *s) { LIST_REMOVE(Session, sessions_by_seat, s->seat->sessions, s); } - if (s->cgroup_path) - hashmap_remove(s->manager->session_cgroups, s->cgroup_path); + if (s->scope) { + hashmap_remove(s->manager->session_units, s->scope); + free(s->scope); + } + + free(s->scope_job); - free(s->cgroup_path); - strv_free(s->controllers); + if (s->create_message) + dbus_message_unref(s->create_message); free(s->tty); free(s->display); @@ -106,13 +110,24 @@ void session_free(Session *s) { free(s); } +void session_set_user(Session *s, User *u) { + assert(s); + assert(!s->user); + + s->user = u; + LIST_PREPEND(Session, sessions_by_user, u->sessions, s); +} + int session_save(Session *s) { - FILE *f; + _cleanup_fclose_ FILE *f = NULL; + _cleanup_free_ char *temp_path = NULL; int r = 0; - char *temp_path; assert(s); + if (!s->user) + return -ESTALE; + if (!s->started) return 0; @@ -134,79 +149,61 @@ int session_save(Session *s) { "USER=%s\n" "ACTIVE=%i\n" "STATE=%s\n" - "REMOTE=%i\n" - "KILL_PROCESSES=%i\n", + "REMOTE=%i\n", (unsigned long) s->user->uid, s->user->name, session_is_active(s), session_state_to_string(session_get_state(s)), - s->remote, - s->kill_processes); + s->remote); if (s->type >= 0) - fprintf(f, - "TYPE=%s\n", - session_type_to_string(s->type)); + fprintf(f, "TYPE=%s\n", session_type_to_string(s->type)); if (s->class >= 0) - fprintf(f, - "CLASS=%s\n", - session_class_to_string(s->class)); + fprintf(f, "CLASS=%s\n", session_class_to_string(s->class)); - if (s->cgroup_path) - fprintf(f, - "CGROUP=%s\n", - s->cgroup_path); + if (s->scope) + fprintf(f, "SCOPE=%s\n", s->scope); + + if (s->scope_job) + fprintf(f, "SCOPE_JOB=%s\n", s->scope_job); if (s->fifo_path) - fprintf(f, - "FIFO=%s\n", - s->fifo_path); + fprintf(f, "FIFO=%s\n", s->fifo_path); if (s->seat) - fprintf(f, - "SEAT=%s\n", - s->seat->id); + fprintf(f, "SEAT=%s\n", s->seat->id); if (s->tty) - fprintf(f, - "TTY=%s\n", - s->tty); + fprintf(f, "TTY=%s\n", s->tty); if (s->display) - fprintf(f, - "DISPLAY=%s\n", - s->display); + fprintf(f, "DISPLAY=%s\n", s->display); if (s->remote_host) - fprintf(f, - "REMOTE_HOST=%s\n", - s->remote_host); + fprintf(f, "REMOTE_HOST=%s\n", s->remote_host); if (s->remote_user) - fprintf(f, - "REMOTE_USER=%s\n", - s->remote_user); + fprintf(f, "REMOTE_USER=%s\n", s->remote_user); if (s->service) - fprintf(f, - "SERVICE=%s\n", - s->service); + fprintf(f, "SERVICE=%s\n", s->service); if (s->seat && seat_can_multi_session(s->seat)) - fprintf(f, - "VTNR=%i\n", - s->vtnr); + fprintf(f, "VTNR=%i\n", s->vtnr); if (s->leader > 0) - fprintf(f, - "LEADER=%lu\n", - (unsigned long) s->leader); + fprintf(f, "LEADER=%lu\n", (unsigned long) s->leader); if (s->audit_id > 0) + fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id); + + if (dual_timestamp_is_set(&s->timestamp)) fprintf(f, - "AUDIT=%llu\n", - (unsigned long long) s->audit_id); + "REALTIME=%llu\n" + "MONOTONIC=%llu\n", + (unsigned long long) s->timestamp.realtime, + (unsigned long long) s->timestamp.monotonic); fflush(f); @@ -216,9 +213,6 @@ int session_save(Session *s) { unlink(temp_path); } - fclose(f); - free(temp_path); - finish: if (r < 0) log_error("Failed to save session data for %s: %s", s->id, strerror(-r)); @@ -227,14 +221,16 @@ finish: } int session_load(Session *s) { - char *remote = NULL, - *kill_processes = NULL, + _cleanup_free_ char *remote = NULL, *seat = NULL, *vtnr = NULL, *leader = NULL, *audit_id = NULL, *type = NULL, - *class = NULL; + *class = NULL, + *uid = NULL, + *realtime = NULL, + *monotonic = NULL; int k, r; @@ -242,8 +238,8 @@ int session_load(Session *s) { r = parse_env_file(s->state_file, NEWLINE, "REMOTE", &remote, - "KILL_PROCESSES", &kill_processes, - "CGROUP", &s->cgroup_path, + "SCOPE", &s->scope, + "SCOPE_JOB", &s->scope_job, "FIFO", &s->fifo_path, "SEAT", &seat, "TTY", &s->tty, @@ -255,10 +251,39 @@ int session_load(Session *s) { "LEADER", &leader, "TYPE", &type, "CLASS", &class, + "UID", &uid, + "REALTIME", &realtime, + "MONOTONIC", &monotonic, NULL); - if (r < 0) - goto finish; + if (r < 0) { + log_error("Failed to read %s: %s", s->state_file, strerror(-r)); + return r; + } + + if (!s->user) { + uid_t u; + User *user; + + if (!uid) { + log_error("UID not specified for session %s", s->id); + return -ENOENT; + } + + r = parse_uid(uid, &u); + if (r < 0) { + log_error("Failed to parse UID value %s for session %s.", uid, s->id); + return r; + } + + user = hashmap_get(s->manager->users, ULONG_TO_PTR((unsigned long) u)); + if (!user) { + log_error("User of session %s not known.", s->id); + return -ENOENT; + } + + session_set_user(s, user); + } if (remote) { k = parse_boolean(remote); @@ -266,12 +291,6 @@ int session_load(Session *s) { s->remote = k; } - if (kill_processes) { - k = parse_boolean(kill_processes); - if (k >= 0) - s->kill_processes = k; - } - if (seat && !s->seat) { Seat *o; @@ -323,14 +342,17 @@ int session_load(Session *s) { close_nointr_nofail(fd); } -finish: - free(remote); - free(kill_processes); - free(seat); - free(vtnr); - free(leader); - free(audit_id); - free(class); + if (realtime) { + unsigned long long l; + if (sscanf(realtime, "%llu", &l) > 0) + s->timestamp.realtime = l; + } + + if (monotonic) { + unsigned long long l; + if (sscanf(monotonic, "%llu", &l) > 0) + s->timestamp.monotonic = l; + } return r; } @@ -339,6 +361,7 @@ int session_activate(Session *s) { int r; assert(s); + assert(s->user); if (s->vtnr < 0) return -ENOTSUP; @@ -374,10 +397,8 @@ static int session_link_x11_socket(Session *s) { k = strspn(s->display+1, "0123456789"); f = new(char, sizeof("/tmp/.X11-unix/X") + k); - if (!f) { - log_error("Out of memory"); - return -ENOMEM; - } + if (!f) + return log_oom(); c = stpcpy(f, "/tmp/.X11-unix/X"); memcpy(c, s->display+1, k); @@ -395,9 +416,8 @@ static int session_link_x11_socket(Session *s) { t = strappend(s->user->runtime_path, "/X11-display"); if (!t) { - log_error("Out of memory"); free(f); - return -ENOMEM; + return log_oom(); } if (link(f, t) < 0) { @@ -434,103 +454,39 @@ done: return 0; } -static int session_create_one_group(Session *s, const char *controller, const char *path) { - int r; - - assert(s); - assert(controller); - assert(path); - - if (s->leader > 0) { - r = cg_create_and_attach(controller, path, s->leader); - if (r < 0) - r = cg_create(controller, path); - } else - r = cg_create(controller, path); - - if (r < 0) - return r; - - r = cg_set_task_access(controller, path, 0644, s->user->uid, s->user->gid, -1); - if (r >= 0) - r = cg_set_group_access(controller, path, 0755, s->user->uid, s->user->gid); - - return r; -} - -static int session_create_cgroup(Session *s) { - char **k; - char *p; +static int session_start_scope(Session *s) { + _cleanup_free_ char *description = NULL; + DBusError error; + char *job; int r; assert(s); assert(s->user); - assert(s->user->cgroup_path); + assert(s->user->slice); - if (!s->cgroup_path) { - if (asprintf(&p, "%s/%s", s->user->cgroup_path, s->id) < 0) { - log_error("Out of memory"); - return -ENOMEM; - } - } else - p = s->cgroup_path; + dbus_error_init(&error); - r = session_create_one_group(s, SYSTEMD_CGROUP_CONTROLLER, p); - if (r < 0) { - log_error("Failed to create "SYSTEMD_CGROUP_CONTROLLER":%s: %s", p, strerror(-r)); - free(p); - s->cgroup_path = NULL; - return r; - } + if (!s->scope) { + s->scope = strjoin("session-", s->id, ".scope", NULL); + if (!s->scope) + return log_oom(); - s->cgroup_path = p; - - STRV_FOREACH(k, s->controllers) { - - if (strv_contains(s->reset_controllers, *k)) - continue; - - r = session_create_one_group(s, *k, p); - if (r < 0) - log_warning("Failed to create %s:%s: %s", *k, p, strerror(-r)); - } - - STRV_FOREACH(k, s->manager->controllers) { - - if (strv_contains(s->reset_controllers, *k) || - strv_contains(s->manager->reset_controllers, *k) || - strv_contains(s->controllers, *k)) - continue; - - r = session_create_one_group(s, *k, p); + r = hashmap_put(s->manager->session_units, s->scope, s); if (r < 0) - log_warning("Failed to create %s:%s: %s", *k, p, strerror(-r)); + log_warning("Failed to create mapping between unit and session"); } - if (s->leader > 0) { - - STRV_FOREACH(k, s->reset_controllers) { - r = cg_attach(*k, "/", s->leader); - if (r < 0) - log_warning("Failed to reset controller %s: %s", *k, strerror(-r)); - - } + description = strjoin("Session ", s->id, " of user ", s->user->name, NULL); - STRV_FOREACH(k, s->manager->reset_controllers) { - - if (strv_contains(s->reset_controllers, *k) || - strv_contains(s->controllers, *k)) - continue; - - r = cg_attach(*k, "/", s->leader); - if (r < 0) - log_warning("Failed to reset controller %s: %s", *k, strerror(-r)); - - } + r = manager_start_scope(s->manager, s->scope, s->leader, s->user->slice, description, &error, &job); + if (r < 0) { + log_error("Failed to start session scope: %s %s", bus_error(&error, r), error.name); + dbus_error_free(&error); + } else { + free(s->scope_job); + s->scope_job = job; } - hashmap_put(s->manager->session_cgroups, s->cgroup_path, s); - return 0; } @@ -538,7 +494,9 @@ int session_start(Session *s) { int r; assert(s); - assert(s->user); + + if (!s->user) + return -ESTALE; if (s->started) return 0; @@ -547,18 +505,24 @@ int session_start(Session *s) { if (r < 0) return r; - log_full(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG, - "New session %s of user %s.", s->id, s->user->name); - /* Create cgroup */ - r = session_create_cgroup(s); + r = session_start_scope(s); if (r < 0) return r; + log_struct(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG, + MESSAGE_ID(SD_MESSAGE_SESSION_START), + "SESSION_ID=%s", s->id, + "USER_ID=%s", s->user->name, + "LEADER=%lu", (unsigned long) s->leader, + "MESSAGE=New session %s of user %s.", s->id, s->user->name, + NULL); + /* Create X11 symlink */ session_link_x11_socket(s); - dual_timestamp_get(&s->timestamp); + if (!dual_timestamp_is_set(&s->timestamp)) + dual_timestamp_get(&s->timestamp); if (s->seat) seat_read_active_vt(s->seat); @@ -585,73 +549,42 @@ int session_start(Session *s) { return 0; } -static bool session_shall_kill(Session *s) { - assert(s); +/* static bool session_shall_kill(Session *s) { */ +/* assert(s); */ - if (!s->kill_processes) - return false; +/* if (!s->kill_processes) */ +/* return false; */ - if (strv_contains(s->manager->kill_exclude_users, s->user->name)) - return false; +/* if (strv_contains(s->manager->kill_exclude_users, s->user->name)) */ +/* return false; */ - if (strv_isempty(s->manager->kill_only_users)) - return true; +/* if (strv_isempty(s->manager->kill_only_users)) */ +/* return true; */ - return strv_contains(s->manager->kill_only_users, s->user->name); -} +/* return strv_contains(s->manager->kill_only_users, s->user->name); */ +/* } */ -static int session_terminate_cgroup(Session *s) { +static int session_stop_scope(Session *s) { + DBusError error; + char *job; int r; - char **k; assert(s); - if (!s->cgroup_path) - return 0; - - cg_trim(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, false); - - if (session_shall_kill(s)) { + dbus_error_init(&error); - r = cg_kill_recursive_and_wait(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true); - if (r < 0) - log_error("Failed to kill session cgroup: %s", strerror(-r)); - - } else { - if (s->leader > 0) { - Session *t; - - /* We still send a HUP to the leader process, - * even if we are not supposed to kill the - * whole cgroup. But let's first check the - * leader still exists and belongs to our - * session... */ - - r = manager_get_session_by_pid(s->manager, s->leader, &t); - if (r > 0 && t == s) { - kill(s->leader, SIGTERM); /* for normal processes */ - kill(s->leader, SIGHUP); /* for shells */ - kill(s->leader, SIGCONT); /* in case they are stopped */ - } - } + if (!s->scope) + return 0; - r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, true); - if (r < 0) - log_error("Failed to check session cgroup: %s", strerror(-r)); - else if (r > 0) { - r = cg_delete(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path); - if (r < 0) - log_error("Failed to delete session cgroup: %s", strerror(-r)); - } + r = manager_stop_unit(s->manager, s->scope, &error, &job); + if (r < 0) { + log_error("Failed to stop session scope: %s", bus_error(&error, r)); + dbus_error_free(&error); + return r; } - STRV_FOREACH(k, s->user->manager->controllers) - cg_trim(*k, s->cgroup_path, true); - - hashmap_remove(s->manager->session_cgroups, s->cgroup_path); - - free(s->cgroup_path); - s->cgroup_path = NULL; + free(s->scope_job); + s->scope_job = job; return 0; } @@ -669,10 +602,8 @@ static int session_unlink_x11_socket(Session *s) { s->user->display = NULL; t = strappend(s->user->runtime_path, "/X11-display"); - if (!t) { - log_error("Out of memory"); - return -ENOMEM; - } + if (!t) + return log_oom(); r = unlink(t); free(t); @@ -685,12 +616,20 @@ int session_stop(Session *s) { assert(s); + if (!s->user) + return -ESTALE; + if (s->started) - log_full(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG, - "Removed session %s.", s->id); + log_struct(s->type == SESSION_TTY || s->type == SESSION_X11 ? LOG_INFO : LOG_DEBUG, + MESSAGE_ID(SD_MESSAGE_SESSION_STOP), + "SESSION_ID=%s", s->id, + "USER_ID=%s", s->user->name, + "LEADER=%lu", (unsigned long) s->leader, + "MESSAGE=Removed session %s.", s->id, + NULL); /* Kill cgroup */ - k = session_terminate_cgroup(s); + k = session_stop_scope(s); if (k < 0) r = k; @@ -704,16 +643,18 @@ int session_stop(Session *s) { if (s->started) session_send_signal(s, false); + s->started = false; + if (s->seat) { if (s->seat->active == s) seat_set_active(s->seat, NULL); seat_send_changed(s->seat, "Sessions\0"); + seat_save(s->seat); } user_send_changed(s->user, "Sessions\0"); - - s->started = false; + user_save(s->user); return r; } @@ -727,15 +668,50 @@ bool session_is_active(Session *s) { return s->seat->active == s; } -int session_get_idle_hint(Session *s, dual_timestamp *t) { - char *p; +static int get_tty_atime(const char *tty, usec_t *atime) { + _cleanup_free_ char *p = NULL; struct stat st; - usec_t u, n; - bool b; - int k; + + assert(tty); + assert(atime); + + if (!path_is_absolute(tty)) { + p = strappend("/dev/", tty); + if (!p) + return -ENOMEM; + + tty = p; + } else if (!path_startswith(tty, "/dev/")) + return -ENOENT; + + if (lstat(tty, &st) < 0) + return -errno; + + *atime = timespec_load(&st.st_atim); + return 0; +} + +static int get_process_ctty_atime(pid_t pid, usec_t *atime) { + _cleanup_free_ char *p = NULL; + int r; + + assert(pid > 0); + assert(atime); + + r = get_ctty(pid, NULL, &p); + if (r < 0) + return r; + + return get_tty_atime(p, atime); +} + +int session_get_idle_hint(Session *s, dual_timestamp *t) { + usec_t atime = 0, n; + int r; assert(s); + /* Explicit idle hint is set */ if (s->idle_hint) { if (t) *t = s->idle_hint_timestamp; @@ -743,41 +719,43 @@ int session_get_idle_hint(Session *s, dual_timestamp *t) { return s->idle_hint; } - if (isempty(s->tty)) + /* Graphical sessions should really implement a real + * idle hint logic */ + if (s->display) goto dont_know; - if (s->tty[0] != '/') { - p = strappend("/dev/", s->tty); - if (!p) - return -ENOMEM; - } else - p = NULL; - - if (!startswith(p ? p : s->tty, "/dev/")) { - free(p); - goto dont_know; + /* For sessions with an explicitly configured tty, let's check + * its atime */ + if (s->tty) { + r = get_tty_atime(s->tty, &atime); + if (r >= 0) + goto found_atime; } - k = lstat(p ? p : s->tty, &st); - free(p); + /* For sessions with a leader but no explicitly configured + * tty, let's check the controlling tty of the leader */ + if (s->leader > 0) { + r = get_process_ctty_atime(s->leader, &atime); + if (r >= 0) + goto found_atime; + } - if (k < 0) - goto dont_know; +dont_know: + if (t) + *t = s->idle_hint_timestamp; - u = timespec_load(&st.st_atim); - n = now(CLOCK_REALTIME); - b = u + IDLE_THRESHOLD_USEC < n; + return 0; +found_atime: if (t) - dual_timestamp_from_realtime(t, u + b ? IDLE_THRESHOLD_USEC : 0); + dual_timestamp_from_realtime(t, atime); - return b; + n = now(CLOCK_REALTIME); -dont_know: - if (t) - *t = s->idle_hint_timestamp; + if (s->manager->idle_action_usec <= 0) + return 0; - return 0; + return atime + s->manager->idle_action_usec <= n; } void session_set_idle_hint(Session *s, bool b) { @@ -831,7 +809,7 @@ int session_create_fifo(Session *s) { /* Open reading side */ if (s->fifo_fd < 0) { - struct epoll_event ev; + struct epoll_event ev = {}; s->fifo_fd = open(s->fifo_path, O_RDONLY|O_CLOEXEC|O_NDELAY); if (s->fifo_fd < 0) @@ -841,7 +819,6 @@ int session_create_fifo(Session *s) { if (r < 0) return r; - zero(ev); ev.events = 0; ev.data.u32 = FD_OTHER_BASE + s->fifo_fd; @@ -865,6 +842,9 @@ void session_remove_fifo(Session *s) { assert_se(epoll_ctl(s->manager->epoll_fd, EPOLL_CTL_DEL, s->fifo_fd, NULL) == 0); close_nointr_nofail(s->fifo_fd); s->fifo_fd = -1; + + session_save(s); + user_save(s->user); } if (s->fifo_path) { @@ -882,6 +862,9 @@ int session_check_gc(Session *s, bool drop_not_started) { if (drop_not_started && !s->started) return 0; + if (!s->user) + return 0; + if (s->fifo_fd >= 0) { r = pipe_eof(s->fifo_fd); @@ -892,15 +875,11 @@ int session_check_gc(Session *s, bool drop_not_started) { return 1; } - if (s->cgroup_path) { - - r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, false); - if (r < 0) - return r; + if (s->scope_job) + return 1; - if (r <= 0) - return 1; - } + if (s->scope) + return manager_unit_is_active(s->manager, s->scope) != 0; return 0; } @@ -918,6 +897,9 @@ void session_add_to_gc_queue(Session *s) { SessionState session_get_state(Session *s) { assert(s); + if (s->scope_job) + return s->started ? SESSION_OPENING : SESSION_CLOSING; + if (s->fifo_fd < 0) return SESSION_CLOSING; @@ -928,47 +910,16 @@ SessionState session_get_state(Session *s) { } int session_kill(Session *s, KillWho who, int signo) { - int r = 0; - Set *pid_set = NULL; - assert(s); - if (!s->cgroup_path) - return -ESRCH; - - if (s->leader <= 0 && who == KILL_LEADER) + if (!s->scope) return -ESRCH; - if (s->leader > 0) - if (kill(s->leader, signo) < 0) - r = -errno; - - if (who == KILL_ALL) { - int q; - - pid_set = set_new(trivial_hash_func, trivial_compare_func); - if (!pid_set) - return -ENOMEM; - - if (s->leader > 0) { - q = set_put(pid_set, LONG_TO_PTR(s->leader)); - if (q < 0) - r = q; - } - - q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_path, signo, false, true, false, pid_set); - if (q < 0) - if (q != -EAGAIN && q != -ESRCH && q != -ENOENT) - r = q; - } - - if (pid_set) - set_free(pid_set); - - return r; + return manager_kill_unit(s->manager, s->scope, who, signo, NULL); } -static const char* const session_state_table[_SESSION_TYPE_MAX] = { +static const char* const session_state_table[_SESSION_STATE_MAX] = { + [SESSION_OPENING] = "opening", [SESSION_ONLINE] = "online", [SESSION_ACTIVE] = "active", [SESSION_CLOSING] = "closing" @@ -987,7 +938,8 @@ DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType); static const char* const session_class_table[_SESSION_CLASS_MAX] = { [SESSION_USER] = "user", [SESSION_GREETER] = "greeter", - [SESSION_LOCK_SCREEN] = "lock-screen" + [SESSION_LOCK_SCREEN] = "lock-screen", + [SESSION_BACKGROUND] = "background" }; DEFINE_STRING_TABLE_LOOKUP(session_class, SessionClass);