chiark / gitweb /
pam: remove only sessions we ourselves created in the first place
authorLennart Poettering <lennart@poettering.net>
Wed, 21 Jul 2010 02:32:44 +0000 (04:32 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 21 Jul 2010 02:32:44 +0000 (04:32 +0200)
src/cgroup-util.c
src/log.c
src/pam-module.c

index 828b304..2f3fcb5 100644 (file)
@@ -25,6 +25,8 @@
 #include <string.h>
 #include <stdlib.h>
 #include <dirent.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 
 #include "cgroup-util.h"
 #include "log.h"
@@ -546,7 +548,17 @@ int cg_create(const char *controller, const char *path) {
         if ((r = cg_get_path(controller, path, NULL, &fs)) < 0)
                 return r;
 
-        r = mkdir_p(fs, 0755);
+        r = mkdir_parents(fs, 0755);
+
+        if (r >= 0) {
+                if (mkdir(fs, 0755) >= 0)
+                        r = 1;
+                else if (errno == EEXIST)
+                        r = 0;
+                else
+                        r = -errno;
+        }
+
         free(fs);
 
         return r;
@@ -577,7 +589,7 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
 }
 
 int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
-        int r;
+        int r, q;
 
         assert(controller);
         assert(path);
@@ -586,8 +598,8 @@ int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
         if ((r = cg_create(controller, path)) < 0)
                 return r;
 
-        if ((r = cg_attach(controller, path, pid)) < 0)
-                return r;
+        if ((q = cg_attach(controller, path, pid)) < 0)
+                return q;
 
         /* This does not remove the cgroup on failure */
 
index e67a5b3..28bfb9a 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -279,7 +279,7 @@ static int write_to_syslog(
         msghdr.msg_iov = iovec;
         msghdr.msg_iovlen = ELEMENTSOF(iovec);
 
-        if (sendmsg(syslog_fd, &msghdr, 0) < 0)
+        if (sendmsg(syslog_fd, &msghdr, MSG_NOSIGNAL) < 0)
                 return -errno;
 
         return 1;
index e5652ac..f668c3b 100644 (file)
@@ -208,7 +208,7 @@ static int get_user_data(
         return PAM_SUCCESS;
 }
 
-static int create_user_group(pam_handle_t *handle, const char *group, struct passwd *pw, bool attach) {
+static int create_user_group(pam_handle_t *handle, const char *group, struct passwd *pw, bool attach, bool remember) {
         int r;
 
         assert(handle);
@@ -224,6 +224,17 @@ static int create_user_group(pam_handle_t *handle, const char *group, struct pas
                 return PAM_SESSION_ERR;
         }
 
+        if (r > 0 && remember) {
+                /* Remember that it was us who created this group, and
+                 * that hence we need to remove it too. This is a
+                 * protection against removing the cgroup when run
+                 * recursively. */
+                if ((r = pam_set_data(handle, "systemd.created", INT_TO_PTR(1), NULL)) != PAM_SUCCESS) {
+                        pam_syslog(handle, LOG_ERR, "Failed to install created variable.");
+                        return r;
+                }
+        }
+
         if ((r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, group, 0755, pw->pw_uid, pw->pw_gid)) < 0 ||
             (r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, group, 0755, pw->pw_uid, pw->pw_gid)) < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to change access modes: %s", strerror(-r));
@@ -247,7 +258,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
 
         assert(handle);
 
-        pam_syslog(handle, LOG_INFO, "pam-systemd initializing");
+        /* pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing"); */
 
         if (parse_argv(handle, argc, argv, &create_session, NULL, NULL) < 0)
                 return PAM_SESSION_ERR;
@@ -331,7 +342,9 @@ _public_ PAM_EXTERN int pam_sm_open_session(
                 goto finish;
         }
 
-        if ((r = create_user_group(handle, buf, pw, true)) != PAM_SUCCESS)
+        pam_syslog(handle, LOG_INFO, "Moving new user session for %s into control group %s.", username, buf);
+
+        if ((r = create_user_group(handle, buf, pw, true, true)) != PAM_SUCCESS)
                 goto finish;
 
         r = PAM_SUCCESS;
@@ -383,6 +396,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
         char *session_path = NULL, *nosession_path = NULL, *user_path = NULL;
         const char *id;
         struct passwd *pw;
+        const void *created = NULL;
 
         assert(handle);
 
@@ -411,7 +425,9 @@ _public_ PAM_EXTERN int pam_sm_close_session(
                 goto finish;
         }
 
-        if ((id = pam_getenv(handle, "XDG_SESSION_ID"))) {
+        pam_get_data(handle, "systemd.created", &created);
+
+        if ((id = pam_getenv(handle, "XDG_SESSION_ID")) && created) {
 
                 if (asprintf(&session_path, "/user/%s/%s", username, id) < 0 ||
                     asprintf(&nosession_path, "/user/%s/no-session", username) < 0) {
@@ -420,15 +436,19 @@ _public_ PAM_EXTERN int pam_sm_close_session(
                 }
 
                 if (kill_session)  {
+                        pam_syslog(handle, LOG_INFO, "Killing remaining processes of user session %s of %s.", id, username);
+
                         /* Kill processes in session cgroup, and delete it */
                         if ((r = cg_kill_recursive_and_wait(SYSTEMD_CGROUP_CONTROLLER, session_path, true)) < 0)
                                 pam_syslog(handle, LOG_ERR, "Failed to kill session cgroup: %s", strerror(-r));
                 } else {
+                        pam_syslog(handle, LOG_INFO, "Moving remaining processes of user session %s of %s into control group %s.", id, username, nosession_path);
+
                         /* Migrate processes from session to
                          * no-session cgroup. First, try to create the
                          * no-session group in case it doesn't exist
                          * yet. Also, delete the session group. */
-                        create_user_group(handle, nosession_path, pw, 0);
+                        create_user_group(handle, nosession_path, pw, false, false);
 
                         if ((r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, session_path, nosession_path, false, true)) < 0)
                                 pam_syslog(handle, LOG_ERR, "Failed to migrate session cgroup: %s", strerror(-r));
@@ -465,13 +485,13 @@ _public_ PAM_EXTERN int pam_sm_close_session(
         if (r >= 0) {
                 const char *runtime_dir;
 
-                /* This will migrate us to the /user cgroup. */
-
                 if ((runtime_dir = pam_getenv(handle, "XDG_RUNTIME_DIR")))
                         if ((r = rm_rf(runtime_dir, false, true)) < 0)
                                 pam_syslog(handle, LOG_ERR, "Failed to remove runtime directory: %s", strerror(-r));
         }
 
+        /* pam_syslog(handle, LOG_DEBUG, "pam-systemd done"); */
+
         r = PAM_SUCCESS;
 
 finish: