]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/login/logind-core.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #10158 from keszybz/seccomp-log-tightening
[thirdparty/systemd.git] / src / login / logind-core.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <fcntl.h>
4 #include <pwd.h>
5 #include <sys/ioctl.h>
6 #include <sys/types.h>
7 #include <linux/vt.h>
8
9 #include "sd-device.h"
10
11 #include "alloc-util.h"
12 #include "bus-error.h"
13 #include "bus-util.h"
14 #include "cgroup-util.h"
15 #include "conf-parser.h"
16 #include "device-util.h"
17 #include "fd-util.h"
18 #include "logind.h"
19 #include "parse-util.h"
20 #include "process-util.h"
21 #include "strv.h"
22 #include "terminal-util.h"
23 #include "user-util.h"
24
25 void manager_reset_config(Manager *m) {
26 assert(m);
27
28 m->n_autovts = 6;
29 m->reserve_vt = 6;
30 m->remove_ipc = true;
31 m->inhibit_delay_max = 5 * USEC_PER_SEC;
32 m->handle_power_key = HANDLE_POWEROFF;
33 m->handle_suspend_key = HANDLE_SUSPEND;
34 m->handle_hibernate_key = HANDLE_HIBERNATE;
35 m->handle_lid_switch = HANDLE_SUSPEND;
36 m->handle_lid_switch_ep = _HANDLE_ACTION_INVALID;
37 m->handle_lid_switch_docked = HANDLE_IGNORE;
38 m->power_key_ignore_inhibited = false;
39 m->suspend_key_ignore_inhibited = false;
40 m->hibernate_key_ignore_inhibited = false;
41 m->lid_switch_ignore_inhibited = true;
42
43 m->holdoff_timeout_usec = 30 * USEC_PER_SEC;
44
45 m->idle_action_usec = 30 * USEC_PER_MINUTE;
46 m->idle_action = HANDLE_IGNORE;
47
48 m->runtime_dir_size = physical_memory_scale(10U, 100U); /* 10% */
49 m->user_tasks_max = system_tasks_max_scale(DEFAULT_USER_TASKS_MAX_PERCENTAGE, 100U); /* 33% */
50 m->sessions_max = 8192;
51 m->inhibitors_max = 8192;
52
53 m->kill_user_processes = KILL_USER_PROCESSES;
54
55 m->kill_only_users = strv_free(m->kill_only_users);
56 m->kill_exclude_users = strv_free(m->kill_exclude_users);
57 }
58
59 int manager_parse_config_file(Manager *m) {
60 assert(m);
61
62 return config_parse_many_nulstr(PKGSYSCONFDIR "/logind.conf",
63 CONF_PATHS_NULSTR("systemd/logind.conf.d"),
64 "Login\0",
65 config_item_perf_lookup, logind_gperf_lookup,
66 CONFIG_PARSE_WARN, m);
67 }
68
69 int manager_add_device(Manager *m, const char *sysfs, bool master, Device **_device) {
70 Device *d;
71
72 assert(m);
73 assert(sysfs);
74
75 d = hashmap_get(m->devices, sysfs);
76 if (d)
77 /* we support adding master-flags, but not removing them */
78 d->master = d->master || master;
79 else {
80 d = device_new(m, sysfs, master);
81 if (!d)
82 return -ENOMEM;
83 }
84
85 if (_device)
86 *_device = d;
87
88 return 0;
89 }
90
91 int manager_add_seat(Manager *m, const char *id, Seat **_seat) {
92 Seat *s;
93
94 assert(m);
95 assert(id);
96
97 s = hashmap_get(m->seats, id);
98 if (!s) {
99 s = seat_new(m, id);
100 if (!s)
101 return -ENOMEM;
102 }
103
104 if (_seat)
105 *_seat = s;
106
107 return 0;
108 }
109
110 int manager_add_session(Manager *m, const char *id, Session **_session) {
111 Session *s;
112
113 assert(m);
114 assert(id);
115
116 s = hashmap_get(m->sessions, id);
117 if (!s) {
118 s = session_new(m, id);
119 if (!s)
120 return -ENOMEM;
121 }
122
123 if (_session)
124 *_session = s;
125
126 return 0;
127 }
128
129 int manager_add_user(Manager *m, uid_t uid, gid_t gid, const char *name, User **_user) {
130 User *u;
131 int r;
132
133 assert(m);
134 assert(name);
135
136 u = hashmap_get(m->users, UID_TO_PTR(uid));
137 if (!u) {
138 r = user_new(&u, m, uid, gid, name);
139 if (r < 0)
140 return r;
141 }
142
143 if (_user)
144 *_user = u;
145
146 return 0;
147 }
148
149 int manager_add_user_by_name(Manager *m, const char *name, User **_user) {
150 uid_t uid;
151 gid_t gid;
152 int r;
153
154 assert(m);
155 assert(name);
156
157 r = get_user_creds(&name, &uid, &gid, NULL, NULL, 0);
158 if (r < 0)
159 return r;
160
161 return manager_add_user(m, uid, gid, name, _user);
162 }
163
164 int manager_add_user_by_uid(Manager *m, uid_t uid, User **_user) {
165 struct passwd *p;
166
167 assert(m);
168
169 errno = 0;
170 p = getpwuid(uid);
171 if (!p)
172 return errno > 0 ? -errno : -ENOENT;
173
174 return manager_add_user(m, uid, p->pw_gid, p->pw_name, _user);
175 }
176
177 int manager_add_inhibitor(Manager *m, const char* id, Inhibitor **_inhibitor) {
178 Inhibitor *i;
179
180 assert(m);
181 assert(id);
182
183 i = hashmap_get(m->inhibitors, id);
184 if (i) {
185 if (_inhibitor)
186 *_inhibitor = i;
187
188 return 0;
189 }
190
191 i = inhibitor_new(m, id);
192 if (!i)
193 return -ENOMEM;
194
195 if (_inhibitor)
196 *_inhibitor = i;
197
198 return 0;
199 }
200
201 int manager_add_button(Manager *m, const char *name, Button **_button) {
202 Button *b;
203
204 assert(m);
205 assert(name);
206
207 b = hashmap_get(m->buttons, name);
208 if (!b) {
209 b = button_new(m, name);
210 if (!b)
211 return -ENOMEM;
212 }
213
214 if (_button)
215 *_button = b;
216
217 return 0;
218 }
219
220 int manager_process_seat_device(Manager *m, sd_device *d) {
221 const char *action;
222 Device *device;
223 int r;
224
225 assert(m);
226
227 if (sd_device_get_property_value(d, "ACTION", &action) >= 0 &&
228 streq(action, "remove")) {
229 const char *syspath;
230
231 r = sd_device_get_syspath(d, &syspath);
232 if (r < 0)
233 return 0;
234
235 device = hashmap_get(m->devices, syspath);
236 if (!device)
237 return 0;
238
239 seat_add_to_gc_queue(device->seat);
240 device_free(device);
241
242 } else {
243 const char *sn, *syspath;
244 bool master;
245 Seat *seat;
246
247 if (sd_device_get_property_value(d, "ID_SEAT", &sn) < 0 || isempty(sn))
248 sn = "seat0";
249
250 if (!seat_name_is_valid(sn)) {
251 log_warning("Device with invalid seat name %s found, ignoring.", sn);
252 return 0;
253 }
254
255 seat = hashmap_get(m->seats, sn);
256 master = sd_device_has_tag(d, "master-of-seat") > 0;
257
258 /* Ignore non-master devices for unknown seats */
259 if (!master && !seat)
260 return 0;
261
262 r = sd_device_get_syspath(d, &syspath);
263 if (r < 0)
264 return r;
265
266 r = manager_add_device(m, syspath, master, &device);
267 if (r < 0)
268 return r;
269
270 if (!seat) {
271 r = manager_add_seat(m, sn, &seat);
272 if (r < 0) {
273 if (!device->seat)
274 device_free(device);
275
276 return r;
277 }
278 }
279
280 device_attach(device, seat);
281 seat_start(seat);
282 }
283
284 return 0;
285 }
286
287 int manager_process_button_device(Manager *m, sd_device *d) {
288 const char *action, *sysname;
289 Button *b;
290 int r;
291
292 assert(m);
293
294 r = sd_device_get_sysname(d, &sysname);
295 if (r < 0)
296 return r;
297
298 if (sd_device_get_property_value(d, "ACTION", &action) >= 0 &&
299 streq(action, "remove")) {
300
301 b = hashmap_get(m->buttons, sysname);
302 if (!b)
303 return 0;
304
305 button_free(b);
306
307 } else {
308 const char *sn;
309
310 r = manager_add_button(m, sysname, &b);
311 if (r < 0)
312 return r;
313
314 if (sd_device_get_property_value(d, "ID_SEAT", &sn) < 0 || isempty(sn))
315 sn = "seat0";
316
317 button_set_seat(b, sn);
318
319 r = button_open(b);
320 if (r < 0) /* event device doesn't have any keys or switches relevant to us? (or any other error
321 * opening the device?) let's close the button again. */
322 button_free(b);
323 }
324
325 return 0;
326 }
327
328 int manager_get_session_by_pid(Manager *m, pid_t pid, Session **ret) {
329 _cleanup_free_ char *unit = NULL;
330 Session *s;
331 int r;
332
333 assert(m);
334
335 if (!pid_is_valid(pid))
336 return -EINVAL;
337
338 r = cg_pid_get_unit(pid, &unit);
339 if (r < 0)
340 goto not_found;
341
342 s = hashmap_get(m->session_units, unit);
343 if (!s)
344 goto not_found;
345
346 if (ret)
347 *ret = s;
348
349 return 1;
350
351 not_found:
352 if (ret)
353 *ret = NULL;
354 return 0;
355 }
356
357 int manager_get_user_by_pid(Manager *m, pid_t pid, User **ret) {
358 _cleanup_free_ char *unit = NULL;
359 User *u;
360 int r;
361
362 assert(m);
363
364 if (!pid_is_valid(pid))
365 return -EINVAL;
366
367 r = cg_pid_get_slice(pid, &unit);
368 if (r < 0)
369 goto not_found;
370
371 u = hashmap_get(m->user_units, unit);
372 if (!u)
373 goto not_found;
374
375 if (ret)
376 *ret = u;
377
378 return 1;
379
380 not_found:
381 if (ret)
382 *ret = NULL;
383
384 return 0;
385 }
386
387 int manager_get_idle_hint(Manager *m, dual_timestamp *t) {
388 Session *s;
389 bool idle_hint;
390 dual_timestamp ts = DUAL_TIMESTAMP_NULL;
391 Iterator i;
392
393 assert(m);
394
395 idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, INHIBIT_BLOCK, t, false, false, 0, NULL);
396
397 HASHMAP_FOREACH(s, m->sessions, i) {
398 dual_timestamp k;
399 int ih;
400
401 ih = session_get_idle_hint(s, &k);
402 if (ih < 0)
403 return ih;
404
405 if (!ih) {
406 if (!idle_hint) {
407 if (k.monotonic < ts.monotonic)
408 ts = k;
409 } else {
410 idle_hint = false;
411 ts = k;
412 }
413 } else if (idle_hint) {
414
415 if (k.monotonic > ts.monotonic)
416 ts = k;
417 }
418 }
419
420 if (t)
421 *t = ts;
422
423 return idle_hint;
424 }
425
426 bool manager_shall_kill(Manager *m, const char *user) {
427 assert(m);
428 assert(user);
429
430 if (!m->kill_exclude_users && streq(user, "root"))
431 return false;
432
433 if (strv_contains(m->kill_exclude_users, user))
434 return false;
435
436 if (!strv_isempty(m->kill_only_users))
437 return strv_contains(m->kill_only_users, user);
438
439 return m->kill_user_processes;
440 }
441
442 int config_parse_n_autovts(
443 const char *unit,
444 const char *filename,
445 unsigned line,
446 const char *section,
447 unsigned section_line,
448 const char *lvalue,
449 int ltype,
450 const char *rvalue,
451 void *data,
452 void *userdata) {
453
454 unsigned *n = data;
455 unsigned o;
456 int r;
457
458 assert(filename);
459 assert(lvalue);
460 assert(rvalue);
461 assert(data);
462
463 r = safe_atou(rvalue, &o);
464 if (r < 0) {
465 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse number of autovts, ignoring: %s", rvalue);
466 return 0;
467 }
468
469 if (o > 15) {
470 log_syntax(unit, LOG_ERR, filename, line, r, "A maximum of 15 autovts are supported, ignoring: %s", rvalue);
471 return 0;
472 }
473
474 *n = o;
475 return 0;
476 }
477
478 static int vt_is_busy(unsigned int vtnr) {
479 struct vt_stat vt_stat;
480 int r = 0;
481 _cleanup_close_ int fd;
482
483 assert(vtnr >= 1);
484
485 /* VT_GETSTATE "cannot return state for more than 16 VTs, since v_state is short" */
486 assert(vtnr <= 15);
487
488 /* We explicitly open /dev/tty1 here instead of /dev/tty0. If
489 * we'd open the latter we'd open the foreground tty which
490 * hence would be unconditionally busy. By opening /dev/tty1
491 * we avoid this. Since tty1 is special and needs to be an
492 * explicitly loaded getty or DM this is safe. */
493
494 fd = open_terminal("/dev/tty1", O_RDWR|O_NOCTTY|O_CLOEXEC);
495 if (fd < 0)
496 return -errno;
497
498 if (ioctl(fd, VT_GETSTATE, &vt_stat) < 0)
499 r = -errno;
500 else
501 r = !!(vt_stat.v_state & (1 << vtnr));
502
503 return r;
504 }
505
506 int manager_spawn_autovt(Manager *m, unsigned int vtnr) {
507 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
508 char name[sizeof("autovt@tty.service") + DECIMAL_STR_MAX(unsigned int)];
509 int r;
510
511 assert(m);
512 assert(vtnr >= 1);
513
514 if (vtnr > m->n_autovts &&
515 vtnr != m->reserve_vt)
516 return 0;
517
518 if (vtnr != m->reserve_vt) {
519 /* If this is the reserved TTY, we'll start the getty
520 * on it in any case, but otherwise only if it is not
521 * busy. */
522
523 r = vt_is_busy(vtnr);
524 if (r < 0)
525 return r;
526 else if (r > 0)
527 return -EBUSY;
528 }
529
530 snprintf(name, sizeof(name), "autovt@tty%u.service", vtnr);
531 r = sd_bus_call_method(
532 m->bus,
533 "org.freedesktop.systemd1",
534 "/org/freedesktop/systemd1",
535 "org.freedesktop.systemd1.Manager",
536 "StartUnit",
537 &error,
538 NULL,
539 "ss", name, "fail");
540 if (r < 0)
541 return log_error_errno(r, "Failed to start %s: %s", name, bus_error_message(&error, r));
542
543 return 0;
544 }
545
546 static bool manager_is_docked(Manager *m) {
547 Iterator i;
548 Button *b;
549
550 HASHMAP_FOREACH(b, m->buttons, i)
551 if (b->docked)
552 return true;
553
554 return false;
555 }
556
557 static int manager_count_external_displays(Manager *m) {
558 _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
559 sd_device *d;
560 int r, n = 0;
561
562 r = sd_device_enumerator_new(&e);
563 if (r < 0)
564 return r;
565
566 r = sd_device_enumerator_allow_uninitialized(e);
567 if (r < 0)
568 return r;
569
570 r = sd_device_enumerator_add_match_subsystem(e, "drm", true);
571 if (r < 0)
572 return r;
573
574 FOREACH_DEVICE(e, d) {
575 sd_device *p;
576 const char *status, *enabled, *dash, *nn, *i, *subsys;
577 bool external = false;
578
579 if (sd_device_get_parent(d, &p) < 0)
580 continue;
581
582 /* If the parent shares the same subsystem as the
583 * device we are looking at then it is a connector,
584 * which is what we are interested in. */
585 if (sd_device_get_subsystem(p, &subsys) < 0 || !streq(subsys, "drm"))
586 continue;
587
588 if (sd_device_get_sysname(d, &nn) < 0)
589 continue;
590
591 /* Ignore internal displays: the type is encoded in the sysfs name, as the second dash separated item
592 * (the first is the card name, the last the connector number). We implement a blacklist of external
593 * displays here, rather than a whitelist of internal ones, to ensure we don't block suspends too
594 * eagerly. */
595 dash = strchr(nn, '-');
596 if (!dash)
597 continue;
598
599 dash++;
600 FOREACH_STRING(i, "VGA-", "DVI-I-", "DVI-D-", "DVI-A-"
601 "Composite-", "SVIDEO-", "Component-",
602 "DIN-", "DP-", "HDMI-A-", "HDMI-B-", "TV-") {
603
604 if (startswith(dash, i)) {
605 external = true;
606 break;
607 }
608 }
609 if (!external)
610 continue;
611
612 /* Ignore ports that are not enabled */
613 if (sd_device_get_sysattr_value(d, "enabled", &enabled) < 0 || !streq(enabled, "enabled"))
614 continue;
615
616 /* We count any connector which is not explicitly
617 * "disconnected" as connected. */
618 if (sd_device_get_sysattr_value(d, "status", &status) < 0 || !streq(status, "disconnected"))
619 n++;
620 }
621
622 return n;
623 }
624
625 bool manager_is_docked_or_external_displays(Manager *m) {
626 int n;
627
628 /* If we are docked don't react to lid closing */
629 if (manager_is_docked(m)) {
630 log_debug("System is docked.");
631 return true;
632 }
633
634 /* If we have more than one display connected,
635 * assume that we are docked. */
636 n = manager_count_external_displays(m);
637 if (n < 0)
638 log_warning_errno(n, "Display counting failed: %m");
639 else if (n >= 1) {
640 log_debug("External (%i) displays connected.", n);
641 return true;
642 }
643
644 return false;
645 }
646
647 bool manager_is_on_external_power(void) {
648 int r;
649
650 /* For now we only check for AC power, but 'external power' can apply
651 * to anything that isn't an internal battery */
652 r = on_ac_power();
653 if (r < 0)
654 log_warning_errno(r, "Failed to read AC power status: %m");
655 else if (r > 0)
656 return true;
657
658 return false;
659 }
660
661 bool manager_all_buttons_ignored(Manager *m) {
662 assert(m);
663
664 if (m->handle_power_key != HANDLE_IGNORE)
665 return false;
666 if (m->handle_suspend_key != HANDLE_IGNORE)
667 return false;
668 if (m->handle_hibernate_key != HANDLE_IGNORE)
669 return false;
670 if (m->handle_lid_switch != HANDLE_IGNORE)
671 return false;
672 if (m->handle_lid_switch_ep != _HANDLE_ACTION_INVALID &&
673 m->handle_lid_switch_ep != HANDLE_IGNORE)
674 return false;
675 if (m->handle_lid_switch_docked != HANDLE_IGNORE)
676 return false;
677
678 return true;
679 }
Unnamed repository; edit this file 'description' to name the repository.