[systemd-commits] 2 commits - configure.ac Makefile.am src/systemctl.c

Kay Sievers kay at kemper.freedesktop.org
Wed Feb 29 13:34:19 PST 2012


 Makefile.am     |    4 -
 configure.ac    |    1 
 src/systemctl.c |  133 ++++++++++++++++++++++++++++++++++++++++++++++++--------
 3 files changed, 118 insertions(+), 20 deletions(-)

New commits:
commit 79d4c0a2e19b225cccad633d69e540bb694241ed
Author: Kay Sievers <kay.sievers at vrfy.org>
Date:   Wed Feb 29 22:32:50 2012 +0100

    man: fix systemd.special build failure

diff --git a/Makefile.am b/Makefile.am
index ab5000b..fc8b20c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -672,6 +672,7 @@ MANPAGES = \
 	man/systemd.device.5 \
 	man/systemd.snapshot.5 \
 	man/systemd.exec.5 \
+	man/systemd.special.7 \
 	man/daemon.7 \
 	man/runlevel.8 \
 	man/telinit.8 \
@@ -704,9 +705,6 @@ dist_man_MANS = \
 	$(MANPAGES) \
 	$(MANPAGES_ALIAS)
 
-nodist_man_MANS = \
-	man/systemd.special.7
-
 XML_FILES = \
 	${patsubst %.1,%.xml,${patsubst %.3,%.xml,${patsubst %.5,%.xml,${patsubst %.7,%.xml,${patsubst %.8,%.xml,$(MANPAGES)}}}}}
 

commit 4c80c73c2b804576b1de27e644c1da4dab2f9026
Author: Kay Sievers <kay.sievers at vrfy.org>
Date:   Wed Feb 29 22:22:15 2012 +0100

    systemctl: forward untrusted user reboot, poweroff requests to logind

diff --git a/configure.ac b/configure.ac
index 62e8cdf..fe1771c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -335,6 +335,7 @@ if test "x$enable_logind" != "xno"; then
         have_logind=yes
 fi
 AM_CONDITIONAL(ENABLE_LOGIND, [test "$have_logind" = "yes"])
+AS_IF([test "$have_logind" = "yes"], [ AC_DEFINE(HAVE_LOGIND, [1], [Logind support available]) ])
 
 have_hostnamed=no
 AC_ARG_ENABLE(hostnamed, AS_HELP_STRING([--disable-hostnamed], [disable hostname daemon]))
diff --git a/src/systemctl.c b/src/systemctl.c
index dc37030..8f99a72 100644
--- a/src/systemctl.c
+++ b/src/systemctl.c
@@ -126,7 +126,7 @@ static OutputMode arg_output = OUTPUT_SHORT;
 static bool private_bus = false;
 
 static int daemon_reload(DBusConnection *bus, char **args);
-static void halt_now(int action);
+static void halt_now(enum action a);
 
 static bool on_tty(void) {
         static int t = -1;
@@ -226,7 +226,7 @@ static int translate_bus_error_to_exit_status(int r, const DBusError *error) {
         return EXIT_FAILURE;
 }
 
-static void warn_wall(enum action action) {
+static void warn_wall(enum action a) {
         static const char *table[_ACTION_MAX] = {
                 [ACTION_HALT]      = "The system is going down for system halt NOW!",
                 [ACTION_REBOOT]    = "The system is going down for reboot NOW!",
@@ -256,10 +256,10 @@ static void warn_wall(enum action action) {
                 free(p);
         }
 
-        if (!table[action])
+        if (!table[a])
                 return;
 
-        utmp_wall(table[action], NULL);
+        utmp_wall(table[a], NULL);
 }
 
 static bool avoid_bus(void) {
@@ -1682,33 +1682,125 @@ finish:
         return ret;
 }
 
+/* ask systemd-logind, which might grant access to unprivileged users through polkit */
+static int reboot_with_logind(DBusConnection *bus, enum action a) {
+#ifdef HAVE_LOGIND
+        const char *method;
+        DBusMessage *m = NULL, *reply = NULL;
+        DBusError error;
+        dbus_bool_t interactive = true;
+        int r;
+
+        dbus_error_init(&error);
+
+        switch (a) {
+
+        case ACTION_REBOOT:
+                method = "Reboot";
+                break;
+
+        case ACTION_POWEROFF:
+                method = "PowerOff";
+                break;
+
+        default:
+                return -EINVAL;
+        }
+
+        m = dbus_message_new_method_call(
+                                "org.freedesktop.login1",
+                                "/org/freedesktop/login1",
+                                "org.freedesktop.login1.Manager",
+                                method);
+        if (!m) {
+                log_error("Could not allocate message.");
+                r = -ENOMEM;
+                goto finish;
+        }
+
+        if (!dbus_message_append_args(m,
+                                      DBUS_TYPE_BOOLEAN, &interactive,
+                                      DBUS_TYPE_INVALID)) {
+                log_error("Could not append arguments to message.");
+                r = -ENOMEM;
+                goto finish;
+        }
+
+        reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
+        if (!reply) {
+                if (error_is_no_service(&error)) {
+                        log_debug("Failed to issue method call: %s", bus_error_message(&error));
+                        r = -ENOENT;
+                        goto finish;
+                }
+
+                if (dbus_error_has_name(&error, DBUS_ERROR_ACCESS_DENIED)) {
+                        log_debug("Failed to issue method call: %s", bus_error_message(&error));
+                        r = -EACCES;
+                        goto finish;
+                }
+
+                log_info("Failed to issue method call: %s", bus_error_message(&error));
+                r = -EIO;
+                goto finish;
+        }
+
+        r = 0;
+
+finish:
+        if (m)
+                dbus_message_unref(m);
+
+        if (reply)
+                dbus_message_unref(reply);
+
+        dbus_error_free(&error);
+
+        return r;
+#else
+        return -ENOSYS;
+#endif
+}
+
 static int start_special(DBusConnection *bus, char **args) {
+        enum action a;
         int r;
 
         assert(bus);
         assert(args);
 
-        if (arg_force >= 2 && streq(args[0], "halt"))
+        a = verb_to_action(args[0]);
+
+        if (arg_force >= 2 && a == ACTION_HALT)
                 halt_now(ACTION_HALT);
 
-        if (arg_force >= 2 && streq(args[0], "poweroff"))
+        if (arg_force >= 2 && a == ACTION_POWEROFF)
                 halt_now(ACTION_POWEROFF);
 
-        if (arg_force >= 2 && streq(args[0], "reboot"))
-                halt_now(ACTION_POWEROFF);
+        if (arg_force >= 2 && a == ACTION_REBOOT)
+                halt_now(ACTION_REBOOT);
 
         if (arg_force &&
-            (streq(args[0], "halt") ||
-             streq(args[0], "poweroff") ||
-             streq(args[0], "reboot") ||
-             streq(args[0], "kexec") ||
-             streq(args[0], "exit")))
+            (a == ACTION_HALT ||
+             a == ACTION_POWEROFF ||
+             a == ACTION_REBOOT ||
+             a == ACTION_KEXEC ||
+             a == ACTION_EXIT))
                 return daemon_reload(bus, args);
 
-        r = start_unit(bus, args);
+        if (geteuid() != 0) {
+                /* first try logind, to allow authentication with polkit */
+                if (a == ACTION_POWEROFF ||
+                    a == ACTION_REBOOT) {
+                        r = reboot_with_logind(bus, a);
+                        if (r >= 0)
+                                return r;
+                }
+        }
 
+        r = start_unit(bus, args);
         if (r >= 0)
-                warn_wall(verb_to_action(args[0]));
+                warn_wall(a);
 
         return r;
 }
@@ -5181,13 +5273,13 @@ done:
         return 0;
 }
 
-static void halt_now(int action) {
+static void halt_now(enum action a) {
 
        /* Make sure C-A-D is handled by the kernel from this
          * point on... */
         reboot(RB_ENABLE_CAD);
 
-        switch (action) {
+        switch (a) {
 
         case ACTION_HALT:
                 log_info("Halting.");
@@ -5215,6 +5307,13 @@ static int halt_main(DBusConnection *bus) {
         int r;
 
         if (geteuid() != 0) {
+                if (arg_action == ACTION_POWEROFF ||
+                    arg_action == ACTION_REBOOT) {
+                        r = reboot_with_logind(bus, arg_action);
+                        if (r >= 0)
+                                return r;
+                }
+
                 log_error("Must be root.");
                 return -EPERM;
         }



More information about the systemd-commits mailing list