picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

man_systemd_home: intrdouce SYSTEMD_HOME_SUSPEND env var 

This variable is read by the module and can be used instead of the
suspend= PAM module parameter.

It is also set for the session itself to make debugging easy.
This commit is contained in:
Lennart Poettering 2020-05-07 12:38:05 +02:00
parent d08a6ec39c
commit 764ae4dd51
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
man/pam_systemd_home.xml
View File

@ -73,7 +73,12 @@
the re-authentication must take place from a component running outside of the user's context, so that
it does not require access to the user's home directory for operation. Traditionally, most desktop
environments do not implement screen locking this way, and need to be updated
accordingly.</para></listitem>
accordingly.</para>
<para>This setting may also be controlled via the <varname>$SYSTEMD_HOME_SUSPEND</varname>
environment variable (see below), which <command>pam_systemd_home</command> reads during initialization and sets
for sessions. If both the environment variable is set and the module parameter specified the latter
takes precedence.</para></listitem>
</varlistentry>
<varlistentry>
@ -105,6 +110,15 @@
<listitem><para>Indicates that the user's home directory is managed by <filename>systemd-homed.service</filename>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>$SYSTEMD_HOME_SUSPEND=</varname></term>
<listitem><para>Indicates whether the session has been registered with the suspend mechanism enabled
or disabled (see above). The variable's value is either <literal>0</literal> or
<literal>1</literal>. Note that the module both reads the variable when initializing, and sets it for
sessions.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>

44
src/home/pam_systemd_home.c
View File

@ -60,6 +60,35 @@ static int parse_argv(
return 0;
}
static int parse_env(
pam_handle_t *handle,
bool *please_suspend) {
const char *v;
int r;
/* Let's read the suspend setting from an env var in addition to the PAM command line. That makes it
* easy to declare the features of a display manager in code rather than configuration, and this is
* really a feature of code */
v = pam_getenv(handle, "SYSTEMD_HOME_SUSPEND");
if (!v) {
/* Also check the process env block, so that people can control this via an env var from the
* outside of our process. */
v = secure_getenv("SYSTEMD_HOME_SUSPEND");
if (!v)
return 0;
}
r = parse_boolean(v);
if (r < 0)
pam_syslog(handle, LOG_WARNING, "Failed to parse $SYSTEMD_HOME_SUSPEND argument, ignoring: %s", v);
else if (please_suspend)
*please_suspend = r;
return 0;
}
static int acquire_user_record(
pam_handle_t *handle,
const char *username,
@ -636,6 +665,9 @@ _public_ PAM_EXTERN int pam_sm_authenticate(
bool debug = false, suspend_please = false;
if (parse_env(handle, &suspend_please) < 0)
return PAM_AUTH_ERR;
if (parse_argv(handle,
argc, argv,
&suspend_please,
@ -660,6 +692,9 @@ _public_ PAM_EXTERN int pam_sm_open_session(
bool debug = false, suspend_please = false;
int r;
if (parse_env(handle, &suspend_please) < 0)
return PAM_SESSION_ERR;
if (parse_argv(handle,
argc, argv,
&suspend_please,
@ -681,6 +716,12 @@ _public_ PAM_EXTERN int pam_sm_open_session(
return r;
}
r = pam_putenv(handle, suspend_please ? "SYSTEMD_HOME_SUSPEND=1" : "SYSTEMD_HOME_SUSPEND=0");
if (r != PAM_SUCCESS) {
pam_syslog(handle, LOG_ERR, "Failed to set PAM environment variable $SYSTEMD_HOME_SUSPEND: %s", pam_strerror(handle, r));
return r;
}
/* Let's release the D-Bus connection, after all the session might live quite a long time, and we are
* not going to process the bus connection in that time, so let's better close before the daemon
* kicks us off because we are not processing anything. */
@ -764,6 +805,9 @@ _public_ PAM_EXTERN int pam_sm_acct_mgmt(
usec_t t;
int r;
if (parse_env(handle, &please_suspend) < 0)
return PAM_AUTH_ERR;
if (parse_argv(handle,
argc, argv,
&please_suspend,