bool *debug) {
unsigned i;
- bool reset_controller_set = false;
- bool kill_exclude_users_set = false;
assert(argc >= 0);
assert(argc == 0 || argv);
for (i = 0; i < (unsigned) argc; i++) {
int k;
- if (startswith(argv[i], "kill-processes=")) {
- if ((k = parse_boolean(argv[i] + 15)) < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to parse kill-processes= argument.");
+ if (startswith(argv[i], "kill-session-processes=")) {
+ if ((k = parse_boolean(argv[i] + 23)) < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
return k;
}
*reset_controllers = l;
}
- reset_controller_set = true;
-
} else if (startswith(argv[i], "kill-only-users=")) {
if (kill_only_users) {
*kill_exclude_users = l;
}
- kill_exclude_users_set = true;
-
} else if (startswith(argv[i], "debug=")) {
if ((k = parse_boolean(argv[i] + 6)) < 0) {
pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
}
}
- if (!reset_controller_set && reset_controllers) {
- char **l;
-
- if (!(l = strv_new("cpu", NULL))) {
- pam_syslog(handle, LOG_ERR, "Out of memory");
- return -ENOMEM;
- }
-
- *reset_controllers = l;
- }
-
- if (controllers)
- strv_remove(*controllers, SYSTEMD_CGROUP_CONTROLLER);
-
- if (reset_controllers)
- strv_remove(*reset_controllers, SYSTEMD_CGROUP_CONTROLLER);
-
- if (!kill_exclude_users_set && kill_exclude_users) {
- char **l;
-
- if (!(l = strv_new("root", NULL))) {
- pam_syslog(handle, LOG_ERR, "Out of memory");
- return -ENOMEM;
- }
-
- *kill_exclude_users = l;
- }
-
return 0;
}
* it probably contains a uid of the host system. */
if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
- uint32_t u;
+ uid_t uid;
- r = safe_atou32(s, &u);
+ r = parse_uid(s, &uid);
free(s);
- if (r >= 0 && u != (uint32_t) -1 && u > 0) {
+ if (r >= 0 && uid != (uint32_t) -1) {
have_loginuid = true;
- pw = pam_modutil_getpwuid(handle, u);
+ pw = pam_modutil_getpwuid(handle, uid);
}
}
}
}
STRV_FOREACH(l, kill_exclude_users) {
- uint32_t id;
+ uid_t u;
- if (safe_atou32(*l, &id) >= 0)
- if ((uid_t) id == uid)
+ if (parse_uid(*l, &u) >= 0)
+ if (u == uid)
return false;
if (name && streq(name, *l))
return true;
STRV_FOREACH(l, kill_only_users) {
- uint32_t id;
+ uid_t u;
- if (safe_atou32(*l, &id) >= 0)
- if ((uid_t) id == uid)
+ if (parse_uid(*l, &u) >= 0)
+ if (u == uid)
return true;
if (name && streq(name, *l))
if (r != PAM_SUCCESS)
goto finish;
+ /* Make sure we don't enter a loop by talking to
+ * systemd-logind when it is actually waiting for the
+ * background to finish start-up. If the service is
+ * "systemd-shared" we simply set XDG_RUNTIME_DIR and
+ * leave. */
+
+ pam_get_item(handle, PAM_SERVICE, (const void**) &service);
+ if (streq_ptr(service, "systemd-shared")) {
+ char *p, *rt = NULL;
+
+ if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
+ r = PAM_BUF_ERR;
+ goto finish;
+ }
+
+ r = parse_env_file(p, NEWLINE,
+ "RUNTIME", &rt,
+ NULL);
+ free(p);
+
+ if (r < 0 && r != -ENOENT) {
+ r = PAM_SESSION_ERR;
+ free(rt);
+ goto finish;
+ }
+
+ if (rt) {
+ r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
+ free(rt);
+
+ if (r != PAM_SUCCESS) {
+ pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
+ goto finish;
+ }
+ }
+
+ r = PAM_SUCCESS;
+ goto finish;
+ }
+
if (kill_processes)
kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
uid = pw->pw_uid;
pid = getpid();
- pam_get_item(handle, PAM_SERVICE, (const void**) &service);
pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
pam_get_item(handle, PAM_TTY, (const void**) &tty);
pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
~ianmdlvl / elogind.git / blobdiff