systemd: Use systemd functions to consider systemd availability

* OpenVPN 2.3.x backport note
  This patch is the result of merging two commits from master, both
  ensuring that systemd and the needed utilities are available.

Commit f33ee6bcb12fdc3869b17b7c528a209f16581e2e:
This is another systemd implementation clean-up.  It was found that
SELinux will block OpenVPN from checking /sys/fs/cgroups.  As OpenVPN
only checked /sys/fs/cgroups and /sys/fs/cgroups/systemd to see if
systemd was available or not, it was considered better to query
systemd directly to see whether or not to query for usernames and
passwords via systemd.

This patch has been compile tested on Fedora 19 and Fedora 21 alpha and
function tested on Fedora 19.

  v2 - Use PKG_CHECK_MODULES() + check for libsystemd before
       libystemd-daemon.  systemd >= 209 use a unified library

Commit 55480682b9bfa5894402954f4c740954d8c5c556:
Don't try to use systemd-ask-password if it is not available

If the SYSTEMD_ASK_PASSWORD_PATH executable cannot be found, we
don't consider systemd as running.

Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1412356567-27125-1-git-send-email-openvpn.list@topphemmelig.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9072
(cherry picked from commit f33ee6bcb12fdc3869b17b7c528a209f16581e2e)
Message-Id: 20140909202044.GJ1118@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/9035
(cherry picked from commit 55480682b9bfa5894402954f4c740954d8c5c556)

diff --git a/configure.ac b/configure.ac
index 1e2b5c706729a23d2cf1c771e862eaaa694de507..0e0fae578ccf088399d17f896366ed45bd3b930f 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -900,6 +900,31 @@ if test "${have_lzo}" = "yes"; then
        CFLAGS="${saved_CFLAGS}"
 fi
 
+
+dnl
+dnl Check for systemd
+dnl
+
+if test "$enable_systemd" = "yes" ; then
+    PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
+                      [],
+                      [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
+                      )
+    AC_CHECK_HEADERS(systemd/sd-daemon.h,
+       ,
+       [
+          AC_MSG_ERROR([systemd development headers not found.])
+       ])
+
+    saved_LIBS="${LIBS}"
+    LIBS="${LIBS} ${libsystemd_LIBS}"
+    AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
+    OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
+    AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
+    LIBS="${saved_LIBS}"
+fi
+
+
 AC_MSG_CHECKING([git checkout])
 GIT_CHECKOUT="no"
 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
@@ -940,7 +965,6 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d
 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
 test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file])
-test "${enable_systemd}" = "yes" && AC_DEFINE([ENABLE_SYSTEMD], [1], [Enable systemd support])
 
 case "${with_crypto_library}" in
        openssl)
@@ -1065,6 +1089,7 @@ AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
 AC_SUBST([OPTIONAL_LZO_CFLAGS])
 AC_SUBST([OPTIONAL_LZO_LIBS])
+AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
 

diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 5d38628d33c1dea72ffd474bbe03526467f93801..2e602f112cfcf4e56da4cb6ec6f1f23f510ea788 100644 (file)
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -119,6 +119,7 @@ openvpn_LDADD = \
        $(OPTIONAL_PKCS11_HELPER_LIBS) \
        $(OPTIONAL_CRYPTO_LIBS) \
        $(OPTIONAL_SELINUX_LIBS) \
+       $(OPTIONAL_SYSTEMD_LIBS) \
        $(OPTIONAL_DL_LIBS)
 if WIN32
 openvpn_SOURCES += openvpn_win32_resources.rc

diff --git a/src/openvpn/console.c b/src/openvpn/console.c
index 059b6f0bac5b661bb489ddf900b2d442e300512d..d66d408721bd2d43a2a21c2b361674ca04e05ba1 100644 (file)
--- a/src/openvpn/console.c
+++ b/src/openvpn/console.c
@@ -34,6 +34,10 @@
 #include "buffer.h"
 #include "misc.h"
 
+#ifdef ENABLE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
 #ifdef WIN32
 
 #include "win32.h"
@@ -143,14 +147,14 @@ close_tty (FILE *fp)
 static bool
 check_systemd_running ()
 {
-  struct stat a, b;
+  struct stat c;
 
   /* We simply test whether the systemd cgroup hierarchy is
-   * mounted */
+   * mounted, as well as the systemd-ask-password executable
+   * being available */
 
-  return (lstat("/sys/fs/cgroup", &a) == 0)
-         && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
-         && (a.st_dev != b.st_dev);
+  return (sd_booted() > 0)
+         && (stat(SYSTEMD_ASK_PASSWORD_PATH, &c) == 0);
 
 }