Bug 1007447

Summary: check for active sessions not troll proc for uids
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: grajaiya, jgalipea, lslebodn, mkosek, pbrezina, riehecky, sbose
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.12.0-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:27:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2013-09-12 13:54:27 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2084

When we want to check if a user is logged in (in oreder to decide, for example. whether to keep an old random FILE cache type name) we currently troll /proc to find if any user proces for that uid is present.

We should instead use proper system session management (libsystemd-login and utmp as fallback) to check if a user is actually logged in or not.

It will be faster and cleaner.

We need to just release note this issue. No special QE effort required.
Comment 1 Jakub Hrozek 2013-09-16 13:56:56 UTC 
Fixed upstream.
Comment 2 Jenny Severance 2013-09-19 13:14:01 UTC 
please add steps to reproduce
Comment 3 Jakub Hrozek 2013-09-19 15:24:18 UTC 
This is an improvement in functionality, so not much to "reproduce". But to make sure that the functionality to detect the user is logged in still works, do the following:

1) login from one terminal with ssh
type klist to see the ccache
2) login from another terminal as the same user
type klist again. It should be the same ccache path.

Please also test different methods of login, at least ssh and su. Sumit found out that with the current git head, su doesn't really work reliably.
Comment 6 Martin Kosek 2014-06-17 12:13:50 UTC 
Fixed upstream:

b49a7d90708e816120ff88ce5a88fa62b35ff795
Comment 8 Kaushik Banerjee 2015-01-13 14:11:44 UTC 
Verified with sssd-1.12.2-39.el7

Output from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ1007447 Validate ccache name for multiple logins
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service
:: [ 08:35:28 ] :: Sleeping for 5 seconds

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_1
-bash-4.2$ exit


spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_2
-bash-4.2$ exit

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:35:34 2015 from localhost
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_3
-bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)


spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_1
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_2
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_3
bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
BZ1007447-Validate-ccache-name-for-multiple-logins result: PASS
Comment 10 errata-xmlrpc 2015-03-05 10:27:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0441.html