Implement ability to use both utmp and logind #1284
Conversation
|
|
||
| count = active_sessions_count(name, limit); | ||
| #ifdef ENABLE_LOGIND | ||
| if (exceeded < 0) |
There was a problem hiding this comment.
Isn't this dead code? The condition is always true, because exceeded is -1, so you could do that unconditionally, right?
| extern int active_sessions_limit_exceeded_utmp(const char *name, | ||
| unsigned long limit); |
There was a problem hiding this comment.
There is some alignment mistake here.
| extern int active_sessions_limit_exceeded_lgnd(const char *name, | ||
| unsigned long limit); |
There was a problem hiding this comment.
Alignment. Please use spaces for alignment (tabs for indentation).
| extern unsigned long active_sessions_count(const char *name, | ||
| unsigned long limit); | ||
| extern int active_sessions_limit_exceeded_lgnd(const char *name, | ||
| unsigned long limit); |
There was a problem hiding this comment.
Since this API set is becoming big and complex, it would be interesting to move it to its own header files, "lib/logind.h" and "lib/utmp.h".
| while ((ut = getutxent())) | ||
| while ((ut = getutxent()) && (count <= limit)) |
There was a problem hiding this comment.
Please don't add redundant parens (the existing ones are for allowing =).
| if (count > limit) { | ||
| break; | ||
| } |
There was a problem hiding this comment.
Why is this moved to the while condition? Is it necessary, or is it cosmetic? If the latter, please do it in a separate commit.
|
|
||
| err = get_session_host(&host); | ||
| #ifdef ENABLE_LOGIND | ||
| if (0 != err) |
| { | ||
| unsigned long limit, count; | ||
| unsigned long limit; | ||
| int exceeded = -1; |
There was a problem hiding this comment.
Please, don't initialize. Prefer assignment closer to use. Initialization of variables can hide logic bugs.
| if (count > limit) { | ||
| if (exceeded > 0) { |
There was a problem hiding this comment.
What if it's still -1? Is that possible?
| } | ||
|
|
||
| unsigned long active_sessions_count(const char *name, MAYBE_UNUSED unsigned long limit) | ||
| int active_sessions_limit_exceeded_lgnd(const char *name, unsigned long limit) |
There was a problem hiding this comment.
exceeds, in present, is probably more conventional, no?
There was a problem hiding this comment.
Or I don't know. I'm not convinced by the function name, but I don't want to strongly oppose it if you want it.
There was a problem hiding this comment.
English is not my native language, so I'm not very picky in English words. :)
I'm fine with renaming it to active_sessions_limit_exceeds_lgnd.
Probably it should be renamed to active_sessions_limit_ok_lgnd (with reversing the logic).
Select whatever is nice for you and I'll update the code.
There was a problem hiding this comment.
Please change it to exceeds for now. I'm not sure about ok.
(I still don't fully understand this, so we may need to come back to this issue. Sorry.)
|
I have significant concerns about this approach. As you've noted, this change could potentially break basic operating system software, and it appears to exacerbate the problem rather than mitigating it. Currently, the established practice is to choose between While I'm not privy to the specific reasons behind Introducing a scenario where both |
|
Cc: @thesamesam |
Actually, the basic system software is already broken.
And this will continue to work perfectly fine. Fedora still can use
I cannot see any instability, that can be introduced by this change. This PR can be extended with However, I'm sure that fallback is better than nothing when systemd fails.
This situation is already broken and must be fixed now. Glibc uses audit first (disabled on many distributions and has global performance penalty) and then utmp as a fallback: Probably glibc will never be fixed: In short:
This looks inconsistent (utmp is updated before firing When other software will be fixed, or utmp is completely eliminated, or when one does not want |
|
@thesamesam PR #1282 is needed to complete the fix for Gentoo. |
Is there a Gentoo bug ticket? Could you please link to it? |
I must have misunderstood the PR because I understood that the fallback was going to be forced. Since you are making it configurable I see it as fine.
From my conversations with their developers it's not going to be fixed, so we will all have to migrate to logind (or some other mechanism) sooner rather than later. |
|
(Just saying that I've seen the discussion(s) and I will look properly, but I can't look just yet and it's not the kind of thing I can give a quick take on. Thank you for the ping!) |
| count = sd_uid_get_sessions(pw->pw_uid, 0, NULL); | ||
|
|
||
| return count; | ||
| return (count > limit) ? 1 : 0; |
| /*********************** | ||
| * TEST | ||
| **********************/ | ||
| static void test_active_sessions_count_return_ok(void **state) |
There was a problem hiding this comment.
Since you are changing the meaning of the test I'd also change the name of the function.
| cmocka_unit_test(\ | ||
| test_active_sessions_limit_exceeded_lgnd_return_exceeded), | ||
| cmocka_unit_test(\ | ||
| test_active_sessions_limit_exceeded_lgnd_prefix_failure), |
There was a problem hiding this comment.
Let's keep this in the same line
There was a problem hiding this comment.
The line becomes longer then 80 chars.
If it is not a problem, I'll move back to the same line.
There was a problem hiding this comment.
In general, I prefer to avoid surpassing the right margin, but in this case, let's keep it in one line. Tests are special, anyway.
There was a problem hiding this comment.
Yes, let's keep it in the same line
| unsigned long | ||
| active_sessions_count(const char *name, unsigned long limit) | ||
| int | ||
| active_sessions_limit_exceeded_utmp(const char *name, unsigned long limit) |
There was a problem hiding this comment.
This function doesn't return -1 on error paths like setutxent() or getutxent() failures. Currently, if setutxent() fails, it will just iterate through 0 entries and return 0 (not exceeded). If getutxent() fails to return anything, it also returns 0. This means utmp might silently fail to check the limit and incorrectly report "not exceeded" if there's an issue with utmp file access.
There was a problem hiding this comment.
Yes, good point.
I'll update the code.
|
@alejandro-colomar Before further updating this PR, let's finish #1292 first, as this PR should be used on top. |
|
This needs to be rebased. |
|
This would need some rebasing. |
|
I'll take care about it soon or shortly after the New Year. |
4 participants
This PR adds ability to use BOTH utmp and logind.
If both enabled, then for the number of active sessions logind used first, and utmp is used as a fallback. The same for "get_session_host": logind tried first and then utmp tried as a fallback.
Other utmp functionality enabled independently from logind.
This patch is needed because modern systemd (at least 256, 257) does not update utmp. Neither pad_systemd, nor logind does not write information to utmp.
This still breaks some software, including basic
lognamecommand.With the patch utmp and logind can be enabled/disabled independently, allowing building a package that suits particular needs.
The only limitation is that utmp and logind cannot be simultaneously disabled (at least one option must be enabled).
The updated test has not been check for proper functioning on my machine.