[systemd-commits] 6 commits - src/execute.c src/main.c src/pam-module.c src/util.c src/util.h
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Jun 29 19:32:01 PDT 2011
src/execute.c | 27 +++++++++++++++++----------
src/main.c | 2 ++
src/pam-module.c | 47 ++++++++++++++++++++++++++++++++++++++++-------
src/util.c | 17 +++++++++++++++++
src/util.h | 3 +++
5 files changed, 79 insertions(+), 17 deletions(-)
New commits:
commit 30b2c336d80aa08ffcc6ebba9540b15b07563a73
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jun 30 04:31:49 2011 +0200
pam: initialize XDG_RUNTIME_DIR
diff --git a/src/pam-module.c b/src/pam-module.c
index 178c469..dfeab97 100644
--- a/src/pam-module.c
+++ b/src/pam-module.c
@@ -361,13 +361,6 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (sd_booted() <= 0)
return PAM_SUCCESS;
- /* Make sure we don't enter a loop by talking to
- * systemd-logind when it is actually waiting for the
- * background to finish start-up, */
- pam_get_item(handle, PAM_SERVICE, (const void**) &service);
- if (streq_ptr(service, "systemd-shared"))
- return PAM_SUCCESS;
-
if (parse_argv(handle,
argc, argv,
&controllers, &reset_controllers,
@@ -381,6 +374,46 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (r != PAM_SUCCESS)
goto finish;
+ /* Make sure we don't enter a loop by talking to
+ * systemd-logind when it is actually waiting for the
+ * background to finish start-up. If the service is
+ * "systemd-shared" we simply set XDG_RUNTIME_DIR and
+ * leave. */
+
+ pam_get_item(handle, PAM_SERVICE, (const void**) &service);
+ if (streq_ptr(service, "systemd-shared")) {
+ char *p, *rt = NULL;
+
+ if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
+ r = PAM_BUF_ERR;
+ goto finish;
+ }
+
+ r = parse_env_file(p, NEWLINE,
+ "RUNTIME", &rt,
+ NULL);
+ free(p);
+
+ if (r < 0 && r != -ENOENT) {
+ r = PAM_SESSION_ERR;
+ free(rt);
+ goto finish;
+ }
+
+ if (rt) {
+ r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
+ free(rt);
+
+ if (r != PAM_SUCCESS) {
+ pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
+ goto finish;
+ }
+ }
+
+ r = PAM_SUCCESS;
+ goto finish;
+ }
+
if (kill_processes)
kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
commit aa87e624744cb7fbd9e28e70e855e28fd3b255c2
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jun 30 04:31:34 2011 +0200
execute: properly pass PAM environment to executed process
diff --git a/src/execute.c b/src/execute.c
index d297e0a..9c390c0 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -898,6 +898,9 @@ static int setup_pam(
* might have opened it, but we don't want this fd around. */
closelog();
+ *pam_env = e;
+ e = NULL;
+
return 0;
fail:
@@ -1063,7 +1066,7 @@ int exec_spawn(ExecCommand *command,
/* This string must fit in 10 chars (i.e. the length
* of "/sbin/init") */
- rename_process("sd.exec");
+ rename_process("sd(EXEC)");
/* We reset exactly these signals, since they are the
* only ones we set to SIG_IGN in the main daemon. All
commit 9a0e68963464b6bc159cad53fd745491cd0b90f7
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jun 30 04:16:10 2011 +0200
util: try harder to rename the process
diff --git a/src/main.c b/src/main.c
index 0452033..e10441c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1033,6 +1033,8 @@ int main(int argc, char *argv[]) {
program_invocation_short_name = systemd;
prctl(PR_SET_NAME, systemd);
+ saved_argv = argv;
+ saved_argc = argc;
log_show_color(isatty(STDERR_FILENO) > 0);
log_show_location(false);
diff --git a/src/util.c b/src/util.c
index a0c04e3..270c7da 100644
--- a/src/util.c
+++ b/src/util.c
@@ -64,6 +64,9 @@
#include "exit-status.h"
#include "hashmap.h"
+int saved_argc = 0;
+char **saved_argv = NULL;
+
size_t page_size(void) {
static __thread size_t pgsz = 0;
long r;
@@ -3026,6 +3029,20 @@ void rename_process(const char name[8]) {
if (program_invocation_name)
strncpy(program_invocation_name, name, strlen(program_invocation_name));
+
+ if (saved_argc > 0) {
+ int i;
+
+ if (saved_argv[0])
+ strncpy(saved_argv[0], name, strlen(saved_argv[0]));
+
+ for (i = 1; i < saved_argc; i++) {
+ if (!saved_argv[i])
+ break;
+
+ memset(saved_argv[i], 0, strlen(saved_argv[i]));
+ }
+ }
}
void sigset_add_many(sigset_t *ss, ...) {
diff --git a/src/util.h b/src/util.h
index a26fb6f..083da2a 100644
--- a/src/util.h
+++ b/src/util.h
@@ -477,4 +477,7 @@ int signal_from_string(const char *s);
int signal_from_string_try_harder(const char *s);
+extern int saved_argc;
+extern char **saved_argv;
+
#endif
commit 7fbf31dfe3cb2f9619df28258208eba36922e9d3
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jun 30 04:15:53 2011 +0200
execute: fix PAM error checking
diff --git a/src/execute.c b/src/execute.c
index c69442d..d297e0a 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1269,7 +1269,7 @@ int exec_spawn(ExecCommand *command,
#ifdef HAVE_PAM
if (context->pam_name && username) {
- if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
+ if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) != 0) {
r = EXIT_PAM;
goto fail_child;
}
commit 3dead8d925ea9db1fbd65b702b6b807e49ddeacf
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jun 30 04:15:39 2011 +0200
execute: invoke sigwait() in a loop when waiting for PAM parent, to avoid spurious wake-ups
diff --git a/src/execute.c b/src/execute.c
index 1a5f09d..c69442d 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -843,7 +843,7 @@ static int setup_pam(
/* This string must fit in 10 chars (i.e. the length
* of "/sbin/init") */
- rename_process("sd:pam");
+ rename_process("sd(PAM)");
/* Make sure we don't keep open the passed fds in this
child. We assume that otherwise only those fds are
@@ -861,13 +861,20 @@ static int setup_pam(
/* Check if our parent process might already have
* died? */
if (getppid() == parent_pid) {
- if (sigwait(&ss, &sig) < 0)
- goto child_finish;
+ for (;;) {
+ if (sigwait(&ss, &sig) < 0) {
+ if (errno == EINTR)
+ continue;
+
+ goto child_finish;
+ }
- assert(sig == SIGTERM);
+ assert(sig == SIGTERM);
+ break;
+ }
}
- /* Only if our parent died we'll end the session */
+ /* If our parent died we'll end the session */
if (getppid() != parent_pid)
if ((pam_code = pam_close_session(handle, PAM_DATA_SILENT)) != PAM_SUCCESS)
goto child_finish;
commit 0f1df8e1691f6a0397153860caf28fda38231833
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Jun 30 04:14:50 2011 +0200
execute: don't invoke pam_setcred, since we are not running on a tty where the user could change his password
diff --git a/src/execute.c b/src/execute.c
index cb55843..1a5f09d 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -817,9 +817,6 @@ static int setup_pam(
close_session = true;
- if ((pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | PAM_SILENT)) != PAM_SUCCESS)
- goto fail;
-
if ((!(e = pam_getenvlist(handle)))) {
pam_code = PAM_BUF_ERR;
goto fail;
More information about the systemd-commits
mailing list