Skip to content
Permalink
Browse files

MONITOR: Don't force the PAC responder to be always running

Instead of forcing the PAC responder to be always running when having an
IPA domain configured, let's just do it in when running on platforms
where systemd is not supported or where systemd is supported but the
service's socket is not enabled.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
  • Loading branch information...
fidencio committed Jan 13, 2017
1 parent 2bf284c commit fa069cc453e1e43470785ad7684806021abea31c
Showing with 100 additions and 0 deletions.
  1. +100 −0 src/monitor/monitor.c
@@ -56,7 +56,13 @@
#endif

#ifdef HAVE_SYSTEMD
#include <systemd/sd-bus.h>
#include <systemd/sd-daemon.h>

#define SYSTEMD_ADDRESS "org.freedesktop.systemd1"
#define SYSTEMD_PATH "/org/freedesktop/systemd1"
#define SYSTEMD_MANAGER_IFACE "org.freedesktop.systemd1.Manager"
#define SYSTEMD_UNIT_IFACE "org.freedesktop.systemd1.Unit"
#endif

/* terminate the child after this interval by default if it
@@ -841,6 +847,76 @@ static int check_local_domain_unique(struct sss_domain_info *domains)
return EOK;
}

#ifdef HAVE_SYSTEMD
static bool is_service_active(sd_bus *bus, const char *service)
{
sd_bus_message *msg = NULL;
sd_bus_error error = SD_BUS_ERROR_NULL;
const char *unit;
const char *state;
int r;
bool ret = false;

r = sd_bus_call_method(bus,
SYSTEMD_ADDRESS,
SYSTEMD_PATH,
SYSTEMD_MANAGER_IFACE,
"GetUnit",
&error,
&msg,
"s",
service);
if (r < 0) {
DEBUG(SSSDBG_OP_FAILURE,
"Failed to get state of the service \"%s\": %s\n",
service, error.message);

goto done;
}

r = sd_bus_message_read(msg, "o", &unit);
if (r < 0) {
r = -r;
DEBUG(SSSDBG_OP_FAILURE,
"Failed to parse \"GetUnit\" response message from systemd: %s [%d]\n",
sss_strerror(r), r);

goto done;
}

r = sd_bus_get_property(bus,
SYSTEMD_ADDRESS,
unit,
SYSTEMD_UNIT_IFACE,
"ActiveState",
&error,
&msg,
"s");

r = sd_bus_message_read(msg, "s", &state);
if (r < 0) {
r = -r;
DEBUG(SSSDBG_OP_FAILURE,
"Failed to parse \"ActiveState\"response message from systemd: %s [%d]\n",
sss_strerror(r), r);

goto done;
}

if (strcmp("active", state) != 0) {
goto done;
}

ret = true;

done:
sd_bus_error_free(&error);
sd_bus_message_unref(msg);

return ret;
}
#endif

static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx,
char ***_services)
{
@@ -897,6 +973,30 @@ static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx

if (BUILD_WITH_PAC_RESPONDER && add_pac &&
!string_in_list("pac", *_services, false)) {
#ifdef HAVE_SYSTEMD
sd_bus *bus = NULL;
const char *service = "sssd-pac.socket";
bool active;

ret = sd_bus_open_system(&bus);
if (ret < 0) {
ret = -ret;
DEBUG(SSSDBG_OP_FAILURE,
"Not able to connect to the system bus: %s [%d].\n",
sss_strerror(ret), ret);
/* Just follow the flow and try to add the "pac" to the
* services' list. */
} else {
active = is_service_active(bus, service);
sd_bus_unref(bus);

if (active) {
ret = EOK;

goto done;
}
}
#endif
ret = add_string_to_list(mem_ctx, "pac", _services);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "add_string_to_list failed.\n");

0 comments on commit fa069cc

Please sign in to comment.
You can’t perform that action at this time.