X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fpam-module.c;h=a3ce2468d57ed6e1861121988b59b2c0e4d26f03;hp=e1ad8c9bfade571dc1ea020c8bcb2d1c4910dd28;hb=ddd88763921a1534081ed28e36f6712a85449005;hpb=4d6d6518c301c844be59c1b3a0d2092a3218572f diff --git a/src/pam-module.c b/src/pam-module.c index e1ad8c9bf..a3ce2468d 100644 --- a/src/pam-module.c +++ b/src/pam-module.c @@ -50,8 +50,6 @@ static int parse_argv(pam_handle_t *handle, bool *debug) { unsigned i; - bool reset_controller_set = false; - bool kill_exclude_users_set = false; assert(argc >= 0); assert(argc == 0 || argv); @@ -59,9 +57,9 @@ static int parse_argv(pam_handle_t *handle, for (i = 0; i < (unsigned) argc; i++) { int k; - if (startswith(argv[i], "kill-processes=")) { - if ((k = parse_boolean(argv[i] + 15)) < 0) { - pam_syslog(handle, LOG_ERR, "Failed to parse kill-processes= argument."); + if (startswith(argv[i], "kill-session-processes=")) { + if ((k = parse_boolean(argv[i] + 23)) < 0) { + pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument."); return k; } @@ -107,8 +105,6 @@ static int parse_argv(pam_handle_t *handle, *reset_controllers = l; } - reset_controller_set = true; - } else if (startswith(argv[i], "kill-only-users=")) { if (kill_only_users) { @@ -137,8 +133,6 @@ static int parse_argv(pam_handle_t *handle, *kill_exclude_users = l; } - kill_exclude_users_set = true; - } else if (startswith(argv[i], "debug=")) { if ((k = parse_boolean(argv[i] + 6)) < 0) { pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument."); @@ -159,34 +153,6 @@ static int parse_argv(pam_handle_t *handle, } } - if (!reset_controller_set && reset_controllers) { - char **l; - - if (!(l = strv_new("cpu", NULL))) { - pam_syslog(handle, LOG_ERR, "Out of memory"); - return -ENOMEM; - } - - *reset_controllers = l; - } - - if (controllers) - strv_remove(*controllers, SYSTEMD_CGROUP_CONTROLLER); - - if (reset_controllers) - strv_remove(*reset_controllers, SYSTEMD_CGROUP_CONTROLLER); - - if (!kill_exclude_users_set && kill_exclude_users) { - char **l; - - if (!(l = strv_new("root", NULL))) { - pam_syslog(handle, LOG_ERR, "Out of memory"); - return -ENOMEM; - } - - *kill_exclude_users = l; - } - return 0; } @@ -214,14 +180,14 @@ static int get_user_data( * it probably contains a uid of the host system. */ if (read_one_line_file("/proc/self/loginuid", &s) >= 0) { - uint32_t u; + uid_t uid; - r = safe_atou32(s, &u); + r = parse_uid(s, &uid); free(s); - if (r >= 0 && u != (uint32_t) -1 && u > 0) { + if (r >= 0 && uid != (uint32_t) -1) { have_loginuid = true; - pw = pam_modutil_getpwuid(handle, u); + pw = pam_modutil_getpwuid(handle, uid); } } } @@ -273,10 +239,10 @@ static bool check_user_lists( } STRV_FOREACH(l, kill_exclude_users) { - uint32_t id; + uid_t u; - if (safe_atou32(*l, &id) >= 0) - if ((uid_t) id == uid) + if (parse_uid(*l, &u) >= 0) + if (u == uid) return false; if (name && streq(name, *l)) @@ -287,10 +253,10 @@ static bool check_user_lists( return true; STRV_FOREACH(l, kill_only_users) { - uint32_t id; + uid_t u; - if (safe_atou32(*l, &id) >= 0) - if ((uid_t) id == uid) + if (parse_uid(*l, &u) >= 0) + if (u == uid) return true; if (name && streq(name, *l)) @@ -408,6 +374,46 @@ _public_ PAM_EXTERN int pam_sm_open_session( if (r != PAM_SUCCESS) goto finish; + /* Make sure we don't enter a loop by talking to + * systemd-logind when it is actually waiting for the + * background to finish start-up. If the service is + * "systemd-shared" we simply set XDG_RUNTIME_DIR and + * leave. */ + + pam_get_item(handle, PAM_SERVICE, (const void**) &service); + if (streq_ptr(service, "systemd-shared")) { + char *p, *rt = NULL; + + if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) { + r = PAM_BUF_ERR; + goto finish; + } + + r = parse_env_file(p, NEWLINE, + "RUNTIME", &rt, + NULL); + free(p); + + if (r < 0 && r != -ENOENT) { + r = PAM_SESSION_ERR; + free(rt); + goto finish; + } + + if (rt) { + r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0); + free(rt); + + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); + goto finish; + } + } + + r = PAM_SUCCESS; + goto finish; + } + if (kill_processes) kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users); @@ -435,7 +441,6 @@ _public_ PAM_EXTERN int pam_sm_open_session( uid = pw->pw_uid; pid = getpid(); - pam_get_item(handle, PAM_SERVICE, (const void**) &service); pam_get_item(handle, PAM_XDISPLAY, (const void**) &display); pam_get_item(handle, PAM_TTY, (const void**) &tty); pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);