From 7c7734999ea003d756f8c0b6268bc374a1214e34 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 7 Aug 2018 13:49:34 +0200 Subject: logind: optionally watch utmp for login data This allows us to determine the TTY an ssh session is for, which is useful to to proper idle detection for ssh sessions. Fixes: #9622 (cherry picked from commit 3d0ef5c7e00155bc74f6f71c34cad518a4ff56ba) --- src/login/logind-core.c | 143 +++++++++++++++++++++++++++++++++++++++++++++ src/login/logind-dbus.c | 5 ++ src/login/logind-session.c | 24 ++++++++ src/login/logind-session.h | 14 ++++- src/login/logind.c | 10 ++++ src/login/logind.h | 8 +++ 6 files changed, 203 insertions(+), 1 deletion(-) diff --git a/src/login/logind-core.c b/src/login/logind-core.c index b24bc29c6..f9a07b54a 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -5,6 +5,9 @@ #include #include #include +#if ENABLE_UTMP +//#include +#endif #include "alloc-util.h" #include "bus-error.h" @@ -14,6 +17,7 @@ #include "fd-util.h" #include "logind.h" #include "parse-util.h" +//#include "path-util.h" #include "process-util.h" #include "strv.h" #include "terminal-util.h" @@ -728,3 +732,142 @@ bool manager_all_buttons_ignored(Manager *m) { return true; } + +int manager_read_utmp(Manager *m) { +#if ENABLE_UTMP + int r; + + assert(m); + + if (utmpxname(_PATH_UTMPX) < 0) + return log_error_errno(errno, "Failed to set utmp path to " _PATH_UTMPX ": %m"); + + setutxent(); + + for (;;) { + _cleanup_free_ char *t = NULL; + struct utmpx *u; + const char *c; + Session *s; + + errno = 0; + u = getutxent(); + if (!u) { + if (errno != 0) + log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); + r = 0; + break; + } + + if (u->ut_type != USER_PROCESS) + continue; + + if (!pid_is_valid(u->ut_pid)) + continue; + + t = strndup(u->ut_line, sizeof(u->ut_line)); + if (!t) { + r = log_oom(); + break; + } + + c = path_startswith(t, "/dev/"); + if (c) { + r = free_and_strdup(&t, c); + if (r < 0) { + log_oom(); + break; + } + } + + if (isempty(t)) + continue; + + s = hashmap_get(m->sessions_by_leader, PID_TO_PTR(u->ut_pid)); + if (!s) + continue; + + if (s->tty_validity == TTY_FROM_UTMP && !streq_ptr(s->tty, t)) { + /* This may happen on multiplexed SSH connection (i.e. 'SSH connection sharing'). In + * this case PAM and utmp sessions don't match. In such a case let's invalidate the TTY + * information and never acquire it again. */ + + s->tty = mfree(s->tty); + s->tty_validity = TTY_UTMP_INCONSISTENT; + log_debug("Session '%s' has inconsistent TTY information, dropping TTY information.", s->id); + continue; + } + + /* Never override what we figured out once */ + if (s->tty || s->tty_validity >= 0) + continue; + + s->tty = TAKE_PTR(t); + s->tty_validity = TTY_FROM_UTMP; + log_debug("Acquired TTY information '%s' from utmp for session '%s'.", s->tty, s->id); + } + + endutxent(); + return r; +#else + return 0 +#endif +} + +#if ENABLE_UTMP +static int manager_dispatch_utmp(sd_event_source *s, const struct inotify_event *event, void *userdata) { + Manager *m = userdata; + + assert(m); + + /* If there's indication the file itself might have been removed or became otherwise unavailable, then let's + * reestablish the watch on whatever there's now. */ + if ((event->mask & (IN_ATTRIB|IN_DELETE_SELF|IN_MOVE_SELF|IN_Q_OVERFLOW|IN_UNMOUNT)) != 0) + manager_connect_utmp(m); + + (void) manager_read_utmp(m); + return 0; +} +#endif + +void manager_connect_utmp(Manager *m) { +#if ENABLE_UTMP + sd_event_source *s = NULL; + int r; + + assert(m); + + /* Watch utmp for changes via inotify. We do this to deal with tools such as ssh, which will register the PAM + * session early, and acquire a TTY only much later for the connection. Thus during PAM the TTY won't be known + * yet. ssh will register itself with utmp when it finally acquired the TTY. Hence, let's make use of this, and + * watch utmp for the TTY asynchronously. We use the PAM session's leader PID as key, to find the right entry. + * + * Yes, relying on utmp is pretty ugly, but it's good enough for informational purposes, as well as idle + * detection (which, for tty sessions, relies on the TTY used) */ + + r = sd_event_add_inotify(m->event, &s, _PATH_UTMPX, IN_MODIFY|IN_MOVE_SELF|IN_DELETE_SELF|IN_ATTRIB, manager_dispatch_utmp, m); + if (r < 0) + log_full_errno(r == -ENOENT ? LOG_DEBUG: LOG_WARNING, r, "Failed to create inotify watch on " _PATH_UTMPX ", ignoring: %m"); + else { + r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE); + if (r < 0) + log_warning_errno(r, "Failed to adjust utmp event source priority, ignoring: %m"); + + (void) sd_event_source_set_description(s, "utmp"); + } + + sd_event_source_unref(m->utmp_event_source); + m->utmp_event_source = s; +#endif +} + +void manager_reconnect_utmp(Manager *m) { +#if ENABLE_UTMP + assert(m); + + if (m->utmp_event_source) + return; + + manager_connect_utmp(m); +#endif +} diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 855268a63..98228c74b 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -775,6 +775,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus } while (hashmap_get(m->sessions, id)); } + /* If we are not watching utmp aleady, try again */ + manager_reconnect_utmp(m); + r = manager_add_user_by_uid(m, uid, &user); if (r < 0) goto fail; @@ -797,6 +800,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus r = -ENOMEM; goto fail; } + + session->tty_validity = TTY_FROM_PAM; } if (!isempty(display)) { diff --git a/src/login/logind-session.c b/src/login/logind-session.c index d3bdbebb5..6e65c0bb5 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -60,6 +60,7 @@ int session_new(Session **ret, Manager *m, const char *id) { .fifo_fd = -1, .vtfd = -1, .audit_id = AUDIT_SESSION_INVALID, + .tty_validity = _TTY_VALIDITY_INVALID, }; s->state_file = strappend("/run/systemd/sessions/", id); @@ -254,6 +255,9 @@ int session_save(Session *s) { if (s->tty) fprintf(f, "TTY=%s\n", s->tty); + if (s->tty_validity >= 0) + fprintf(f, "TTY_VALIDITY=%s\n", tty_validity_to_string(s->tty_validity)); + if (s->display) fprintf(f, "DISPLAY=%s\n", s->display); @@ -390,6 +394,7 @@ static int session_load_devices(Session *s, const char *devices) { int session_load(Session *s) { _cleanup_free_ char *remote = NULL, *seat = NULL, + *tty_validity = NULL, *vtnr = NULL, *state = NULL, *position = NULL, @@ -417,6 +422,7 @@ int session_load(Session *s) { "FIFO", &s->fifo_path, "SEAT", &seat, "TTY", &s->tty, + "TTY_VALIDITY", &tty_validity, "DISPLAY", &s->display, "REMOTE_HOST", &s->remote_host, "REMOTE_USER", &s->remote_user, @@ -493,6 +499,16 @@ int session_load(Session *s) { seat_claim_position(s->seat, s, npos); } + if (tty_validity) { + TTYValidity v; + + v = tty_validity_from_string(tty_validity); + if (v < 0) + log_debug("Failed to parse TTY validity: %s", tty_validity); + else + s->tty_validity = v; + } + if (leader) { pid_t pid; @@ -1481,3 +1497,11 @@ static const char* const kill_who_table[_KILL_WHO_MAX] = { }; DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho); + +static const char* const tty_validity_table[_TTY_VALIDITY_MAX] = { + [TTY_FROM_PAM] = "from-pam", + [TTY_FROM_UTMP] = "from-utmp", + [TTY_UTMP_INCONSISTENT] = "utmp-inconsistent", +}; + +DEFINE_STRING_TABLE_LOOKUP(tty_validity, TTYValidity); diff --git a/src/login/logind-session.h b/src/login/logind-session.h index 74cda3c57..0bca7683a 100644 --- a/src/login/logind-session.h +++ b/src/login/logind-session.h @@ -46,6 +46,14 @@ enum KillWho { _KILL_WHO_INVALID = -1 }; +typedef enum TTYValidity { + TTY_FROM_PAM, + TTY_FROM_UTMP, + TTY_UTMP_INCONSISTENT, /* may happen on ssh sessions with multiplexed TTYs */ + _TTY_VALIDITY_MAX, + _TTY_VALIDITY_INVALID = -1, +} TTYValidity; + struct Session { Manager *manager; @@ -60,8 +68,9 @@ struct Session { dual_timestamp timestamp; - char *tty; char *display; + char *tty; + TTYValidity tty_validity; bool remote; char *remote_user; @@ -162,6 +171,9 @@ SessionClass session_class_from_string(const char *s) _pure_; const char *kill_who_to_string(KillWho k) _const_; KillWho kill_who_from_string(const char *s) _pure_; +const char* tty_validity_to_string(TTYValidity t) _const_; +TTYValidity tty_validity_from_string(const char *s) _pure_; + int session_prepare_vt(Session *s); void session_restore_vt(Session *s); void session_leave_vt(Session *s); diff --git a/src/login/logind.c b/src/login/logind.c index 5320820a5..c5d526b4b 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -154,6 +154,10 @@ static Manager* manager_unref(Manager *m) { sd_event_source_unref(m->udev_button_event_source); sd_event_source_unref(m->lid_switch_ignore_event_source); +#if ENABLE_UTMP + sd_event_source_unref(m->utmp_event_source); +#endif + safe_close(m->console_active_fd); udev_monitor_unref(m->udev_seat_monitor); @@ -1144,6 +1148,9 @@ static int manager_startup(Manager *m) { #if 1 /// elogind needs some extra preparations before connecting... elogind_manager_startup(m); #endif // 1 + /* Connect to utmp */ + manager_connect_utmp(m); + /* Connect to console */ r = manager_connect_console(m); if (r < 0) @@ -1201,6 +1208,9 @@ static int manager_startup(Manager *m) { manager_reserve_vt(m); #endif // 0 + /* Read in utmp if it exists */ + manager_read_utmp(m); + /* And start everything */ HASHMAP_FOREACH(seat, m->seats, i) (void) seat_start(seat); diff --git a/src/login/logind.h b/src/login/logind.h index 111a3dab0..7f3452591 100644 --- a/src/login/logind.h +++ b/src/login/logind.h @@ -55,6 +55,10 @@ struct Manager { sd_event_source *udev_vcsa_event_source; sd_event_source *udev_button_event_source; +#if ENABLE_UTMP + sd_event_source *utmp_event_source; +#endif + #if 0 /// elogind does not support autospawning of vts int console_active_fd; @@ -196,6 +200,10 @@ bool manager_is_docked_or_external_displays(Manager *m); bool manager_is_on_external_power(void); bool manager_all_buttons_ignored(Manager *m); +int manager_read_utmp(Manager *m); +void manager_connect_utmp(Manager *m); +void manager_reconnect_utmp(Manager *m); + extern const sd_bus_vtable manager_vtable[]; #if 0 /// UNNEEDED by elogind -- cgit v1.2.3