Commit 8c6db833 authored by Lennart Poettering's avatar Lennart Poettering

pam: implement systemd PAM module and generelize cgroup API for that a bit

parent 96551bae
systemd.pc
test-cgroup
.libs/
systemd-notify
test-daemon
systemd-install
......
......@@ -23,6 +23,8 @@ dbussessionservicedir=@dbussessionservicedir@
dbussystemservicedir=@dbussystemservicedir@
dbusinterfacedir=@dbusinterfacedir@
udevrulesdir=@udevrulesdir@
pamlibdir=@pamlibdir@
pkgconfigdatadir=$(datadir)/pkgconfig
# Our own, non-special dirs
pkgsysconfdir=$(sysconfdir)/systemd
......@@ -45,6 +47,7 @@ AM_CPPFLAGS = \
-DCGROUP_AGENT_PATH=\"$(rootlibexecdir)/systemd-cgroups-agent\" \
-DSYSTEMD_BINARY_PATH=\"$(rootbindir)/systemd\" \
-DSYSTEMCTL_BINARY_PATH=\"$(rootbindir)/systemctl\" \
-DRUNTIME_DIR=\"$(localstatedir)/run\" \
-I $(top_srcdir)/src
rootbin_PROGRAMS = \
......@@ -70,7 +73,13 @@ noinst_PROGRAMS = \
test-job-type \
test-ns \
test-loopback \
test-daemon
test-daemon \
test-cgroup
if HAVE_PAM
pamlib_LTLIBRARIES = \
pam_systemd.la
endif
dist_dbuspolicy_DATA = \
src/org.freedesktop.systemd1.conf
......@@ -158,7 +167,8 @@ EXTRA_DIST = \
units/session/exit.service.in \
LICENSE \
README \
DISTRO_PORTING
DISTRO_PORTING \
src/systemd.pc.in
if TARGET_FEDORA
dist_systemunit_DATA += \
......@@ -201,6 +211,9 @@ dist_doc_DATA = \
src/sd-daemon.h \
src/sd-daemon.c
pkgconfigdata_DATA = \
systemd.pc
noinst_LTLIBRARIES = \
libsystemd-basic.la \
libsystemd-core.la
......@@ -262,7 +275,8 @@ libsystemd_core_la_SOURCES = \
src/unit-name.c \
src/fdset.c \
src/namespace.c \
src/tcpwrap.c
src/tcpwrap.c \
src/cgroup-util.c
libsystemd_core_la_CFLAGS = \
$(AM_CFLAGS) \
......@@ -356,6 +370,18 @@ test_daemon_SOURCES = \
test_daemon_LDADD = \
libsystemd-basic.la
test_cgroup_SOURCES = \
src/test-cgroup.c \
src/cgroup-util.c
test_cgroup_CFLAGS = \
$(AM_CFLAGS) \
$(CGROUP_CFLAGS)
test_cgroup_LDADD = \
libsystemd-basic.la \
$(CGROUP_LIBS)
systemd_logger_SOURCES = \
src/logger.c \
src/sd-daemon.c \
......@@ -442,12 +468,41 @@ systemadm_LDADD = \
$(DBUSGLIB_LIBS) \
$(GTK_LIBS)
pam_systemd_la_SOURCES = \
src/pam-module.c \
src/cgroup-util.c \
src/sd-daemon.c
pam_systemd_la_CFLAGS = \
$(AM_CFLAGS) \
$(CGROUP_CFLAGS) \
-fvisibility=hidden
pam_systemd_la_LDFLAGS = \
-module \
-export-dynamic \
-avoid-version \
-shared \
-export-symbols-regex '^pam_sm_.*'
pam_systemd_la_LIBADD = \
libsystemd-basic.la \
$(PAM_LIBS) \
$(CGROUP_LIBS)
SED_PROCESS = \
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(SED) -e 's,@rootlibexecdir\@,$(rootlibexecdir),g' \
-e 's,@SPECIAL_SYSLOG_SERVICE\@,$(SPECIAL_SYSLOG_SERVICE),g' \
-e 's,@SPECIAL_DBUS_SERVICE\@,$(SPECIAL_DBUS_SERVICE),g' \
-e 's,@SYSTEMCTL\@,$(rootbindir)/systemctl,g' \
-e 's,@pkgsysconfdir\@,$(pkgsysconfdir),g' \
-e 's,@pkgdatadir\@,$(pkgdatadir),g' \
-e 's,@systemunitdir\@,$(systemunitdir),g' \
-e 's,@PACKAGE_VERSION\@,$(PACKAGE_VERSION),g' \
-e 's,@PACKAGE_NAME\@,$(PACKAGE_NAME),g' \
-e 's,@PACKAGE_URL\@,$(PACKAGE_URL),g' \
-e 's,@prefix\@,$(prefix),g' \
< $< > $@
units/%: units/%.in Makefile
......@@ -456,6 +511,9 @@ units/%: units/%.in Makefile
man/%: man/%.in Makefile
$(SED_PROCESS)
%.pc: %.pc.in Makefile
$(SED_PROCESS)
M4_PROCESS_SYSTEM = \
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(M4) -P $(M4_DISTRO_FLAG) -DFOR_SYSTEM=1 < $< > $@
......@@ -639,4 +697,5 @@ DISTCHECK_CONFIGURE_FLAGS = \
--with-dbussystemservicedir=$$dc_install_base/$(dbussystemservicedir) \
--with-dbusinterfacedir=$$dc_install_base/$(dbusinterfacedir) \
--with-udevrulesdir=$$dc_install_base/$(udevrulesdir) \
--with-pamlibdir=$$dc_install_base/$(pamlibdir) \
--with-rootdir=$$dc_install_base/$(rootdir)
......@@ -352,7 +352,12 @@ AC_ARG_WITH([dbusinterfacedir],
AC_ARG_WITH([udevrulesdir],
AS_HELP_STRING([--with-udevrulesdir=DIR], [Diectory for udev rules]),
[],
[with_udevrulesdir=/lib/udev/rules.d])
[with_udevrulesdir=`pkg-config --variable=udevdir udev`/rules.d])
AC_ARG_WITH([pamlibdir],
AS_HELP_STRING([--with-pamlibdir=DIR], [Diectory for PAM modules]),
[],
[with_pamlibdir=/lib/`$CC -print-multi-os-directory`/security])
AC_ARG_WITH([rootdir],
AS_HELP_STRING([--with-rootdir=DIR], [Root directory for files necessary for boot]),
......@@ -364,6 +369,7 @@ AC_SUBST([dbussessionservicedir], [$with_dbussessionservicedir])
AC_SUBST([dbussystemservicedir], [$with_dbussystemservicedir])
AC_SUBST([dbusinterfacedir], [$with_dbusinterfacedir])
AC_SUBST([udevrulesdir], [$with_udevrulesdir])
AC_SUBST([pamlibdir], [$with_pamlibdir])
AC_SUBST([rootdir], [$with_rootdir])
AC_CONFIG_FILES([Makefile])
......@@ -383,6 +389,7 @@ echo "
prefix: ${prefix}
root dir: ${with_rootdir}
udev rules dir: ${with_udevrulesdir}
pam modules dir: ${with_pamlibdir}
dbus policy dir: ${with_dbuspolicydir}
dbus session dir: ${with_dbussessionservicedir}
dbus system dir: ${with_dbussystemservicedir}
......
* calendar time support in timer
* calendar time support in timer, iCalendar semantics for the timer stuff (RFC2445)
* complete dbus exposure
* make conf parser work more like .desktop parsers
* implicitly import "defaults" settings file into all types
* service startup should be delayed if the matching socket is being started
* add #ifdefs for non-redhat builds in sysv parser
* add #ifdefs for non-sysv builds
* bootchart hookup
* reinvestigate random seed, hwclock
* "disabled" load state?
* %m in printf() instead of strerror();
* gc: don't reap broken services
* iCalendar semantics for the timer stuff (RFC2445)
* ability to kill services? i.e. in contrast to stopping them, go directly
into killing mode?
......@@ -47,10 +35,6 @@
* follow property change dbus spec
* make systemd bus activatable (?)
* pam module
* selinux
External:
......@@ -68,3 +52,5 @@ Regularly:
* check for strerror(r) instead of strerror(-r)
* Use PR_SET_PROCTITLE_AREA if it becomes available in the kernel
* %m in printf() instead of strerror();
This diff is collapsed.
/*-*- Mode: C; c-basic-offset: 8 -*-*/
#ifndef foocgrouputilhfoo
#define foocgrouputilhfoo
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <sys/types.h>
int cg_translate_error(int error, int _errno);
int cg_kill(const char *controller, const char *path, int sig, bool ignore_self);
int cg_kill_recursive(const char *controller, const char *path, int sig, bool ignore_self);
int cg_kill_recursive_and_wait(const char *controller, const char *path);
int cg_migrate(const char *controller, const char *from, const char *to, bool ignore_self);
int cg_migrate_recursive(const char *controller, const char *from, const char *to, bool ignore_self);
int cg_get_path(const char *controller, const char *path, const char *suffix, char **fs);
int cg_get_by_pid(const char *controller, pid_t pid, char **path);
int cg_trim(const char *controller, const char *path, bool delete_root);
int cg_delete(const char *controller, const char *path);
int cg_create(const char *controller, const char *path);
int cg_attach(const char *controller, const char *path, pid_t pid);
int cg_create_and_attach(const char *controller, const char *path, pid_t pid);
int cg_set_group_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid);
int cg_set_task_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid);
int cg_install_release_agent(const char *controller, const char *agent);
int cg_is_empty(const char *controller, const char *path, bool ignore_self);
int cg_is_empty_recursive(const char *controller, const char *path, bool ignore_self);
#endif
This diff is collapsed.
......@@ -22,8 +22,6 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <libcgroup.h>
typedef struct CGroupBonding CGroupBonding;
#include "unit.h"
......@@ -35,8 +33,6 @@ struct CGroupBonding {
Unit *unit;
struct cgroup *cgroup;
/* For the Unit::cgroup_bondings list */
LIST_FIELDS(CGroupBonding, by_unit);
......@@ -48,6 +44,9 @@ struct CGroupBonding {
/* When our tasks are the only ones in this group */
bool only_us:1;
/* This cgroup is realized */
bool realized:1;
};
int cgroup_bonding_realize(CGroupBonding *b);
......@@ -72,7 +71,7 @@ char *cgroup_bonding_to_string(CGroupBonding *b);
#include "manager.h"
int manager_setup_cgroup(Manager *m);
int manager_shutdown_cgroup(Manager *m, bool delete);
int manager_shutdown_cgroup(Manager *m);
int cgroup_notify_empty(Manager *m, const char *group);
......
......@@ -32,7 +32,6 @@
#include <sys/reboot.h>
#include <sys/ioctl.h>
#include <linux/kd.h>
#include <libcgroup.h>
#include <termios.h>
#include <fcntl.h>
#include <sys/types.h>
......@@ -421,7 +420,8 @@ void manager_free(Manager *m) {
/* If we reexecute ourselves, we keep the root cgroup
* around */
manager_shutdown_cgroup(m, m->exit_code != MANAGER_REEXECUTE);
if (m->exit_code != MANAGER_REEXECUTE)
manager_shutdown_cgroup(m);
bus_done(m);
......
This diff is collapsed.
/*-*- Mode: C; c-basic-offset: 8 -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <unistd.h>
#include <string.h>
#include <libcgroup.h>
#include "cgroup-util.h"
#include "util.h"
#include "log.h"
int main(int argc, char*argv[]) {
char *path;
assert_se(cgroup_init() == 0);
assert_se(cg_create("name=systemd", "/test-a") == 0);
assert_se(cg_create("name=systemd", "/test-a") == 0);
assert_se(cg_create("name=systemd", "/test-b") == 0);
assert_se(cg_create("name=systemd", "/test-b/test-c") == 0);
assert_se(cg_create_and_attach("name=systemd", "/test-b", 0) == 0);
assert_se(cg_get_by_pid("name=systemd", getpid(), &path) == 0);
assert_se(streq(path, "/test-b"));
free(path);
assert_se(cg_attach("name=systemd", "/test-a", 0) == 0);
assert_se(cg_get_by_pid("name=systemd", getpid(), &path) == 0);
assert_se(path_equal(path, "/test-a"));
free(path);
assert_se(cg_create_and_attach("name=systemd", "/test-b/test-d", 0) == 0);
assert_se(cg_get_by_pid("name=systemd", getpid(), &path) == 0);
assert_se(path_equal(path, "/test-b/test-d"));
free(path);
assert_se(cg_get_path("name=systemd", "/test-b/test-d", NULL, &path) == 0);
assert_se(path_equal(path, "/cgroup/systemd/test-b/test-d"));
free(path);
assert_se(cg_is_empty("name=systemd", "/test-a", false) > 0);
assert_se(cg_is_empty("name=systemd", "/test-b", false) > 0);
assert_se(cg_is_empty_recursive("name=systemd", "/test-a", false) > 0);
assert_se(cg_is_empty_recursive("name=systemd", "/test-b", false) == 0);
assert_se(cg_kill_recursive("name=systemd", "/test-a", 0, false) == 0);
assert_se(cg_kill_recursive("name=systemd", "/test-b", 0, false) > 0);
assert_se(cg_migrate_recursive("name=systemd", "/test-b", "/test-a", false) == 0);
assert_se(cg_is_empty_recursive("name=systemd", "/test-a", false) == 0);
assert_se(cg_is_empty_recursive("name=systemd", "/test-b", false) > 0);
assert_se(cg_kill_recursive("name=systemd", "/test-a", 0, false) > 0);
assert_se(cg_kill_recursive("name=systemd", "/test-b", 0, false) == 0);
cg_trim("name=systemd", "/", false);
assert_se(cg_delete("name=systemd", "/test-b") < 0);
assert_se(cg_delete("name=systemd", "/test-a") == 0);
return 0;
}
......@@ -846,6 +846,28 @@ char *file_in_same_dir(const char *path, const char *filename) {
return r;
}
int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) {
struct stat st;
if (mkdir(path, mode) >= 0)
if (chmod_and_chown(path, mode, uid, gid) < 0)
return -errno;
if (lstat(path, &st) < 0)
return -errno;
if ((st.st_mode & 0777) != mode ||
st.st_uid != uid ||
st.st_gid != gid ||
!S_ISDIR(st.st_mode)) {
errno = EEXIST;
return -errno;
}
return 0;
}
int mkdir_parents(const char *path, mode_t mode) {
const char *p, *e;
......@@ -2325,6 +2347,18 @@ char* gethostname_malloc(void) {
return strdup(u.sysname);
}
int getmachineid_malloc(char **b) {
int r;
assert(b);
if ((r = read_one_line_file("/var/lib/dbus/machine-id", b)) < 0)
return r;
strstrip(*b);
return 0;
}
char* getlogname_malloc(void) {
uid_t uid;
long bufsize;
......@@ -2361,11 +2395,13 @@ char* getlogname_malloc(void) {
return name;
}
char *getttyname_malloc(void) {
char path[PATH_MAX], *p;
int getttyname_malloc(char **r) {
char path[PATH_MAX], *p, *c;
assert(r);
if (ttyname_r(STDIN_FILENO, path, sizeof(path)) < 0)
return strdup("unknown");
return -errno;
char_array_0(path);
......@@ -2373,7 +2409,132 @@ char *getttyname_malloc(void) {
if (startswith(path, "/dev/"))
p += 5;
return strdup(p);
if (!(c = strdup(p)))
return -ENOMEM;
*r = c;
return 0;
}
static int rm_rf_children(int fd, bool only_dirs) {
DIR *d;
int ret = 0;
assert(fd >= 0);
/* This returns the first error we run into, but nevertheless
* tries to go on */
if (!(d = fdopendir(fd))) {
close_nointr_nofail(fd);
return -errno;
}
for (;;) {
struct dirent buf, *de;
bool is_dir;
int r;
if ((r = readdir_r(d, &buf, &de)) != 0) {
if (ret == 0)
ret = -r;
break;
}
if (!de)
break;
if (streq(de->d_name, ".") || streq(de->d_name, ".."))
continue;
if (de->d_type == DT_UNKNOWN) {
struct stat st;
if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
if (ret == 0)
ret = -errno;
continue;
}
is_dir = S_ISDIR(st.st_mode);
} else
is_dir = de->d_type == DT_DIR;
if (is_dir) {
int subdir_fd;
if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {
if (ret == 0)
ret = -errno;
continue;
}
if ((r = rm_rf_children(subdir_fd, only_dirs)) < 0) {
if (ret == 0)
ret = r;
}
if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
if (ret == 0)
ret = -errno;
}
} else if (!only_dirs) {
if (unlinkat(fd, de->d_name, 0) < 0) {
if (ret == 0)
ret = -errno;
}
}
}
closedir(d);
return ret;
}
int rm_rf(const char *path, bool only_dirs, bool delete_root) {
int fd;
int r;
assert(path);
if ((fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {
if (errno != ENOTDIR)
return -errno;
if (delete_root && !only_dirs)
if (unlink(path) < 0)
return -errno;
return 0;
}
r = rm_rf_children(fd, only_dirs);
if (delete_root)
if (rmdir(path) < 0) {
if (r == 0)
r = -errno;
}
return r;
}
int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
assert(path);
/* Under the assumption that we are running privileged we
* first change the access mode and only then hand out
* ownership to avoid a window where access is too open. */
if (chmod(path, mode) < 0)
return -errno;
if (chown(path, uid, gid) < 0)
return -errno;
return 0;
}
static const char *const ioprio_class_table[] = {
......
......@@ -160,6 +160,7 @@ char *delete_chars(char *s, const char *bad);
char *truncate_nl(char *s);
char *file_in_same_dir(const char *path, const char *filename);
int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid);
int mkdir_parents(const char *path, mode_t mode);
int mkdir_p(const char *path, mode_t mode);
......@@ -263,7 +264,12 @@ void sigset_add_many(sigset_t *ss, ...);
char* gethostname_malloc(void);
char* getlogname_malloc(void);
char *getttyname_malloc(void);
int getttyname_malloc(char **r);
int getmachineid_malloc(char **r);
int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid);
int rm_rf(const char *path, bool only_dirs, bool delete_root);
const char *ioprio_class_to_string(int i);
int ioprio_class_from_string(const char *s);
......
......@@ -296,12 +296,14 @@ int utmp_wall(const char *message) {
time_t t;
if (!(hn = gethostname_malloc()) ||
!(un = getlogname_malloc()) ||
!(tty = getttyname_malloc())) {
!(un = getlogname_malloc())) {
r = -ENOMEM;
goto finish;
}
if ((r = getttyname_malloc(&tty)) < 0)
goto finish;
time(&t);
assert_se(ctime_r(&t, date));
delete_chars(date, "\n\r");
......
prefix=@prefix@
exec_prefix=${prefix}
systemdsystemunitdir=@systemunitdir@
systemdsessionunitdir=@pkgdatadir@/session
systemdsystemconfdir=@pkgsysconfdir@/system
systemdsessionconfdir=@pkgsysconfdir@/session
Name: systemd
Description: systemd System and Session Manager
URL: @PACKAGE_URL@
Version: @PACKAGE_VERSION@
Markdown is supported
0%