Copyright 2011 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include "logind.h"
#include "dbus-common.h"
#include "strv.h"
+#include "mkdir.h"
#include "polkit.h"
#include "special.h"
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
" <arg name=\"session\" type=\"o\" direction=\"out\"/>\n" \
" </method>\n" \
+ " <method name=\"GetSessionByPID\">\n" \
+ " <arg name=\"pid\" type=\"u\" direction=\"in\"/>\n" \
+ " <arg name=\"session\" type=\"o\" direction=\"out\"/>\n" \
+ " </method>\n" \
" <method name=\"GetUser\">\n" \
" <arg name=\"uid\" type=\"u\" direction=\"in\"/>\n" \
" <arg name=\"user\" type=\"o\" direction=\"out\"/>\n" \
" <arg name=\"leader\" type=\"u\" direction=\"in\"/>\n" \
" <arg name=\"sevice\" type=\"s\" direction=\"in\"/>\n" \
" <arg name=\"type\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"class\" type=\"s\" direction=\"in\"/>\n" \
" <arg name=\"seat\" type=\"s\" direction=\"in\"/>\n" \
" <arg name=\"vtnr\" type=\"u\" direction=\"in\"/>\n" \
" <arg name=\"tty\" type=\"s\" direction=\"in\"/>\n" \
" <arg name=\"seat\" type=\"s\" direction=\"out\"/>\n" \
" <arg name=\"vtnr\" type=\"u\" direction=\"out\"/>\n" \
" </method>\n" \
+ " <method name=\"ReleaseSession\">\n" \
+ " <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
+ " </method>\n" \
" <method name=\"ActivateSession\">\n" \
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
" </method>\n" \
+ " <method name=\"ActivateSessionOnSeat\">\n" \
+ " <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"seat\" type=\"s\" direction=\"in\"/>\n" \
+ " </method>\n" \
" <method name=\"LockSession\">\n" \
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
" </method>\n" \
" </method>\n" \
" <method name=\"KillSession\">\n" \
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
- " <arg name=\"who\" type=\"s\"/>\n" \
- " <arg name=\"signal\" type=\"s\"/>\n" \
+ " <arg name=\"who\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"signal\" type=\"s\" direction=\"in\"/>\n" \
" </method>\n" \
" <method name=\"KillUser\">\n" \
" <arg name=\"uid\" type=\"u\" direction=\"in\"/>\n" \
- " <arg name=\"signal\" type=\"s\"/>\n" \
+ " <arg name=\"signal\" type=\"s\" direction=\"in\"/>\n" \
" </method>\n" \
" <method name=\"TerminateSession\">\n" \
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
" <method name=\"Reboot\">\n" \
" <arg name=\"interactive\" type=\"b\" direction=\"in\"/>\n" \
" </method>\n" \
+ " <method name=\"CanPowerOff\">\n" \
+ " <arg name=\"result\" type=\"s\" direction=\"out\"/>\n" \
+ " </method>\n" \
+ " <method name=\"CanReboot\">\n" \
+ " <arg name=\"result\" type=\"s\" direction=\"out\"/>\n" \
+ " </method>\n" \
+ " <method name=\"Inhibit\">\n" \
+ " <arg name=\"what\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"who\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"why\" type=\"s\" direction=\"in\"/>\n" \
+ " <arg name=\"fd\" type=\"h\" direction=\"out\"/>\n" \
+ " </method>\n" \
+ " <method name=\"ListInhibitors\">\n" \
+ " <arg name=\"inhibitors\" type=\"a(sssuu)\" direction=\"out\"/>\n" \
+ " </method>\n" \
" <signal name=\"SessionNew\">\n" \
" <arg name=\"id\" type=\"s\"/>\n" \
" <arg name=\"path\" type=\"o\"/>\n" \
" <property name=\"IdleHint\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"IdleSinceHint\" type=\"t\" access=\"read\"/>\n" \
" <property name=\"IdleSinceHintMonotonic\" type=\"t\" access=\"read\"/>\n" \
+ " <property name=\"Inhibited\" type=\"s\" access=\"read\"/>\n" \
" </interface>\n"
#define INTROSPECTION_BEGIN \
return 0;
}
+static int bus_manager_append_inhibited(DBusMessageIter *i, const char *property, void *data) {
+ Manager *m = data;
+ InhibitWhat w;
+ const char *p;
+
+ w = manager_inhibit_what(m);
+ p = inhibit_what_to_string(w);
+
+ if (!dbus_message_iter_append_basic(i, DBUS_TYPE_STRING, &p))
+ return -ENOMEM;
+
+ return 0;
+}
+
static int bus_manager_create_session(Manager *m, DBusMessage *message, DBusMessage **_reply) {
Session *session = NULL;
User *user = NULL;
- const char *type, *seat, *tty, *display, *remote_user, *remote_host, *service;
+ const char *type, *class, *seat, *tty, *display, *remote_user, *remote_host, *service;
uint32_t uid, leader, audit_id = 0;
dbus_bool_t remote, kill_processes;
char **controllers = NULL, **reset_controllers = NULL;
SessionType t;
+ SessionClass c;
Seat *s;
DBusMessageIter iter;
int r;
dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING)
return -EINVAL;
+ dbus_message_iter_get_basic(&iter, &class);
+ if (isempty(class))
+ c = SESSION_USER;
+ else
+ c = session_class_from_string(class);
+
+ if (c < 0 ||
+ !dbus_message_iter_next(&iter) ||
+ dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING)
+ return -EINVAL;
+
dbus_message_iter_get_basic(&iter, &seat);
if (isempty(seat))
vtnr = (uint32_t) v;
else if (vtnr != (uint32_t) v)
return -EINVAL;
+ } else if (tty_is_console(tty)) {
+
+ if (!s)
+ s = m->vtconsole;
+ else if (s != m->vtconsole)
+ return -EINVAL;
+
+ if (vtnr != 0)
+ return -EINVAL;
} else if (!isempty(tty) && s && seat_is_vtconsole(s))
return -EINVAL;
if (s) {
- if (seat_is_vtconsole(s)) {
- if (vtnr <= 0 || vtnr > 63)
+ if (seat_can_multi_session(s)) {
+ if (vtnr > 63)
return -EINVAL;
} else {
- if (vtnr > 0)
+ if (vtnr != 0)
return -EINVAL;
}
}
} else {
do {
free(id);
- asprintf(&id, "c%lu", ++m->session_counter);
+ id = NULL;
- if (!id) {
+ if (asprintf(&id, "c%lu", ++m->session_counter) < 0) {
r = -ENOMEM;
goto fail;
}
session->leader = leader;
session->audit_id = audit_id;
session->type = t;
+ session->class = c;
session->remote = remote;
session->controllers = controllers;
session->reset_controllers = reset_controllers;
return r;
}
+static int bus_manager_inhibit(Manager *m, DBusConnection *connection, DBusMessage *message, DBusError *error, DBusMessage **_reply) {
+ Inhibitor *i = NULL;
+ char *id = NULL;
+ const char *who, *why, *what;
+ pid_t pid;
+ InhibitWhat w;
+ unsigned long ul;
+ int r, fifo_fd = -1;
+ DBusMessage *reply = NULL;
+
+ assert(m);
+ assert(connection);
+ assert(message);
+ assert(error);
+ assert(_reply);
+
+ if (!dbus_message_get_args(
+ message,
+ error,
+ DBUS_TYPE_STRING, &what,
+ DBUS_TYPE_STRING, &who,
+ DBUS_TYPE_STRING, &why,
+ DBUS_TYPE_INVALID)) {
+ r = -EIO;
+ goto fail;
+ }
+
+ w = inhibit_what_from_string(what);
+ if (w <= 0) {
+ r = -EINVAL;
+ goto fail;
+ }
+
+ r = verify_polkit(connection, message, "org.freedesktop.login1.inhibit", false, NULL, error);
+ if (r < 0)
+ goto fail;
+
+ ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), error);
+ if (ul == (unsigned long) -1) {
+ r = -EIO;
+ goto fail;
+ }
+
+ pid = bus_get_unix_process_id(connection, dbus_message_get_sender(message), error);
+ if (pid <= 0) {
+ r = -EIO;
+ goto fail;
+ }
+
+ do {
+ free(id);
+ id = NULL;
+
+ if (asprintf(&id, "%lu", ++m->inhibit_counter) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ } while (hashmap_get(m->inhibitors, id));
+
+ r = manager_add_inhibitor(m, id, &i);
+ free(id);
+
+ if (r < 0)
+ goto fail;
+
+ i->what = w;
+ i->pid = pid;
+ i->uid = (uid_t) ul;
+ i->why = strdup(why);
+ i->who = strdup(who);
+
+ if (!i->why || !i->who) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ fifo_fd = inhibitor_create_fifo(i);
+ if (fifo_fd < 0) {
+ r = fifo_fd;
+ goto fail;
+ }
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ if (!dbus_message_append_args(
+ reply,
+ DBUS_TYPE_UNIX_FD, &fifo_fd,
+ DBUS_TYPE_INVALID)) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ close_nointr_nofail(fifo_fd);
+ *_reply = reply;
+
+ inhibitor_start(i);
+
+ return 0;
+
+fail:
+ if (i)
+ inhibitor_free(i);
+
+ if (fifo_fd >= 0)
+ close_nointr_nofail(fifo_fd);
+
+ if (reply)
+ dbus_message_unref(reply);
+
+ return r;
+}
+
static int trigger_device(Manager *m, struct udev_device *d) {
struct udev_enumerate *e;
struct udev_list_entry *first, *item;
return trigger_device(m, NULL);
}
+static int have_multiple_sessions(
+ DBusConnection *connection,
+ Manager *m,
+ DBusMessage *message,
+ DBusError *error) {
+
+ Session *s;
+
+ assert(m);
+
+ if (hashmap_size(m->sessions) > 1)
+ return true;
+
+ /* Hmm, there's only one session, but let's make sure it
+ * actually belongs to the user who is asking. If not, better
+ * be safe than sorry. */
+
+ s = hashmap_first(m->sessions);
+ if (s) {
+ unsigned long ul;
+
+ ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), error);
+ if (ul == (unsigned long) -1)
+ return -EIO;
+
+ return s->user->uid != ul;
+ }
+
+ return false;
+}
+
+static const BusProperty bus_login_manager_properties[] = {
+ { "ControlGroupHierarchy", bus_property_append_string, "s", offsetof(Manager, cgroup_path), true },
+ { "Controllers", bus_property_append_strv, "as", offsetof(Manager, controllers), true },
+ { "ResetControllers", bus_property_append_strv, "as", offsetof(Manager, reset_controllers), true },
+ { "NAutoVTs", bus_property_append_unsigned, "u", offsetof(Manager, n_autovts) },
+ { "KillOnlyUsers", bus_property_append_strv, "as", offsetof(Manager, kill_only_users), true },
+ { "KillExcludeUsers", bus_property_append_strv, "as", offsetof(Manager, kill_exclude_users), true },
+ { "KillUserProcesses", bus_property_append_bool, "b", offsetof(Manager, kill_user_processes) },
+ { "IdleHint", bus_manager_append_idle_hint, "b", 0 },
+ { "IdleSinceHint", bus_manager_append_idle_hint_since, "t", 0 },
+ { "IdleSinceHintMonotonic", bus_manager_append_idle_hint_since, "t", 0 },
+ { "Inhibited", bus_manager_append_inhibited, "s", 0 },
+ { NULL, }
+};
+
static DBusHandlerResult manager_message_handler(
DBusConnection *connection,
DBusMessage *message,
Manager *m = userdata;
- const BusProperty properties[] = {
- { "org.freedesktop.login1.Manager", "ControlGroupHierarchy", bus_property_append_string, "s", m->cgroup_path },
- { "org.freedesktop.login1.Manager", "Controllers", bus_property_append_strv, "as", m->controllers },
- { "org.freedesktop.login1.Manager", "ResetControllers", bus_property_append_strv, "as", m->reset_controllers },
- { "org.freedesktop.login1.Manager", "NAutoVTs", bus_property_append_unsigned, "u", &m->n_autovts },
- { "org.freedesktop.login1.Manager", "KillOnlyUsers", bus_property_append_strv, "as", m->kill_only_users },
- { "org.freedesktop.login1.Manager", "KillExcludeUsers", bus_property_append_strv, "as", m->kill_exclude_users },
- { "org.freedesktop.login1.Manager", "KillUserProcesses", bus_property_append_bool, "b", &m->kill_user_processes },
- { "org.freedesktop.login1.Manager", "IdleHint", bus_manager_append_idle_hint, "b", m },
- { "org.freedesktop.login1.Manager", "IdleSinceHint", bus_manager_append_idle_hint_since, "t", m },
- { "org.freedesktop.login1.Manager", "IdleSinceHintMonotonic", bus_manager_append_idle_hint_since, "t", m },
- { NULL, NULL, NULL, NULL, NULL }
- };
-
DBusError error;
DBusMessage *reply = NULL;
int r;
if (!b)
goto oom;
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "GetSessionByPID")) {
+ uint32_t pid;
+ char *p;
+ Session *session;
+ bool b;
+
+ if (!dbus_message_get_args(
+ message,
+ &error,
+ DBUS_TYPE_UINT32, &pid,
+ DBUS_TYPE_INVALID))
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
+
+ r = manager_get_session_by_pid(m, pid, &session);
+ if (r <= 0)
+ return bus_send_error_reply(connection, message, NULL, r < 0 ? r : -ENOENT);
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
+ p = session_bus_path(session);
+ if (!p)
+ goto oom;
+
+ b = dbus_message_append_args(
+ reply,
+ DBUS_TYPE_OBJECT_PATH, &p,
+ DBUS_TYPE_INVALID);
+ free(p);
+
+ if (!b)
+ goto oom;
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "GetUser")) {
uint32_t uid;
char *p;
if (!dbus_message_iter_close_container(&iter, &sub))
goto oom;
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ListInhibitors")) {
+ Inhibitor *inhibitor;
+ Iterator i;
+ DBusMessageIter iter, sub;
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
+ dbus_message_iter_init_append(reply, &iter);
+
+ if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, "(sssuu)", &sub))
+ goto oom;
+
+ HASHMAP_FOREACH(inhibitor, m->inhibitors, i) {
+ DBusMessageIter sub2;
+ dbus_uint32_t uid, pid;
+ const char *what, *who, *why;
+
+ if (!dbus_message_iter_open_container(&sub, DBUS_TYPE_STRUCT, NULL, &sub2))
+ goto oom;
+
+ what = inhibit_what_to_string(inhibitor->what);
+ who = strempty(inhibitor->who);
+ why = strempty(inhibitor->why);
+ uid = (dbus_uint32_t) inhibitor->uid;
+ pid = (dbus_uint32_t) inhibitor->pid;
+
+ if (!dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &what) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &who) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &why) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_UINT32, &uid) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_UINT32, &pid))
+ goto oom;
+
+ if (!dbus_message_iter_close_container(&sub, &sub2))
+ goto oom;
+ }
+
+ if (!dbus_message_iter_close_container(&iter, &sub))
+ goto oom;
+
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "Inhibit")) {
+
+ r = bus_manager_inhibit(m, connection, message, &error, &reply);
+
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) {
r = bus_manager_create_session(m, message, &reply);
* see this fail quickly then be retried later */
if (r < 0)
- return bus_send_error_reply(connection, message, &error, r);
+ return bus_send_error_reply(connection, message, NULL, r);
+
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) {
+ const char *name;
+ Session *session;
+
+ if (!dbus_message_get_args(
+ message,
+ &error,
+ DBUS_TYPE_STRING, &name,
+ DBUS_TYPE_INVALID))
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
+
+ session = hashmap_get(m->sessions, name);
+ if (!session)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+ /* We use the FIFO to detect stray sessions where the
+ process invoking PAM dies abnormally. We need to make
+ sure that that process is not killed if at the clean
+ end of the session it closes the FIFO. Hence, with
+ this call explicitly turn off the FIFO logic, so that
+ the PAM code can finish clean up on its own */
+ session_remove_fifo(session);
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) {
const char *name;
if (!reply)
goto oom;
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSessionOnSeat")) {
+ const char *session_name, *seat_name;
+ Session *session;
+ Seat *seat;
+
+ /* Same as ActivateSession() but refuses to work if
+ * the seat doesn't match */
+
+ if (!dbus_message_get_args(
+ message,
+ &error,
+ DBUS_TYPE_STRING, &session_name,
+ DBUS_TYPE_STRING, &seat_name,
+ DBUS_TYPE_INVALID))
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
+
+ session = hashmap_get(m->sessions, session_name);
+ if (!session)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+ seat = hashmap_get(m->seats, seat_name);
+ if (!seat)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+ if (session->seat != seat)
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
+
+ r = session_activate(session);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, NULL, r);
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "LockSession") ||
dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "UnlockSession")) {
const char *name;
if (!pw)
return bus_send_error_reply(connection, message, NULL, errno ? -errno : -EINVAL);
- r = verify_polkit(connection, message, "org.freedesktop.login1.set-user-linger", interactive, &error);
+ r = verify_polkit(connection, message, "org.freedesktop.login1.set-user-linger", interactive, NULL, &error);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
+ mkdir_p("/var/lib/systemd", 0755);
+
r = safe_mkdir("/var/lib/systemd/linger", 0755, 0, 0);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
if (!path_startswith(sysfs, "/sys") || !seat_name_is_valid(seat))
return bus_send_error_reply(connection, message, NULL, -EINVAL);
- r = verify_polkit(connection, message, "org.freedesktop.login1.attach-device", interactive, &error);
+ r = verify_polkit(connection, message, "org.freedesktop.login1.attach-device", interactive, NULL, &error);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
- r = verify_polkit(connection, message, "org.freedesktop.login1.flush-devices", interactive, &error);
+ r = verify_polkit(connection, message, "org.freedesktop.login1.flush-devices", interactive, NULL, &error);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "PowerOff") ||
dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "Reboot")) {
dbus_bool_t interactive;
- bool multiple_sessions;
+ bool multiple_sessions, inhibit;
DBusMessage *forward, *freply;
- const char *name;
+ const char *name, *action;
const char *mode = "replace";
- const char *action;
if (!dbus_message_get_args(
message,
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
- multiple_sessions = hashmap_size(m->sessions) > 1;
+ r = have_multiple_sessions(connection, m, message, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
- if (!multiple_sessions) {
- Session *s;
+ multiple_sessions = r > 0;
+ inhibit = manager_is_inhibited(m, INHIBIT_SHUTDOWN, NULL);
- /* Hmm, there's only one session, but let's
- * make sure it actually belongs to the user
- * who is asking. If not, better be safe than
- * sorry. */
+ if (multiple_sessions) {
+ action = streq(dbus_message_get_member(message), "PowerOff") ?
+ "org.freedesktop.login1.power-off-multiple-sessions" :
+ "org.freedesktop.login1.reboot-multiple-sessions";
- s = hashmap_first(m->sessions);
- if (s) {
- unsigned long ul;
+ r = verify_polkit(connection, message, action, interactive, NULL, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+ }
- ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), &error);
- if (ul == (unsigned long) -1)
- return bus_send_error_reply(connection, message, &error, -EIO);
+ if (inhibit) {
+ action = streq(dbus_message_get_member(message), "PowerOff") ?
+ "org.freedesktop.login1.power-off-ignore-inhibit" :
+ "org.freedesktop.login1.reboot-ignore-inhibit";
- multiple_sessions = s->user->uid != ul;
- }
+ r = verify_polkit(connection, message, action, interactive, NULL, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
}
- if (streq(dbus_message_get_member(message), "PowerOff")) {
- if (multiple_sessions)
- action = "org.freedesktop.login1.power-off-multiple-sessions";
- else
- action = "org.freedesktop.login1.power-off";
+ if (!multiple_sessions && !inhibit) {
+ action = streq(dbus_message_get_member(message), "PowerOff") ?
+ "org.freedesktop.login1.power-off" :
+ "org.freedesktop.login1.reboot";
- name = SPECIAL_POWEROFF_TARGET;
- } else {
- if (multiple_sessions)
- action = "org.freedesktop.login1.reboot-multiple-sessions";
- else
- action = "org.freedesktop.login1.reboot";
-
- name = SPECIAL_REBOOT_TARGET;
+ r = verify_polkit(connection, message, action, interactive, NULL, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
}
- r = verify_polkit(connection, message, action, interactive, &error);
- if (r < 0)
- return bus_send_error_reply(connection, message, &error, r);
-
forward = dbus_message_new_method_call(
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
if (!forward)
return bus_send_error_reply(connection, message, NULL, -ENOMEM);
+ name = streq(dbus_message_get_member(message), "PowerOff") ?
+ SPECIAL_POWEROFF_TARGET : SPECIAL_REBOOT_TARGET;
+
if (!dbus_message_append_args(forward,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_STRING, &mode,
if (!reply)
goto oom;
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CanPowerOff") ||
+ dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CanReboot")) {
+
+ bool multiple_sessions, challenge, inhibit, b;
+ const char *action, *result;
+
+ r = have_multiple_sessions(connection, m, message, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ multiple_sessions = r > 0;
+ inhibit = manager_is_inhibited(m, INHIBIT_SHUTDOWN, NULL);
+
+ if (multiple_sessions) {
+ action = streq(dbus_message_get_member(message), "CanPowerOff") ?
+ "org.freedesktop.login1.power-off-multiple-sessions" :
+ "org.freedesktop.login1.reboot-multiple-sessions";
+
+ r = verify_polkit(connection, message, action, false, &challenge, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ if (r > 0)
+ result = "yes";
+ else if (challenge)
+ result = "challenge";
+ else
+ result = "no";
+ }
+
+ if (inhibit) {
+ action = streq(dbus_message_get_member(message), "CanPowerOff") ?
+ "org.freedesktop.login1.power-off-ignore-inhibit" :
+ "org.freedesktop.login1.reboot-ignore-inhibit";
+
+ r = verify_polkit(connection, message, action, false, &challenge, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ if (r > 0 && !result)
+ result = "yes";
+ else if (challenge && (!result || streq(result, "yes")))
+ result = "challenge";
+ else
+ result = "no";
+ }
+
+ if (!multiple_sessions && !inhibit) {
+ /* If neither inhibit nor multiple sessions
+ * apply then just check the normal policy */
+
+ action = streq(dbus_message_get_member(message), "CanPowerOff") ?
+ "org.freedesktop.login1.power-off" :
+ "org.freedesktop.login1.reboot";
+
+ r = verify_polkit(connection, message, action, false, &challenge, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ if (r > 0)
+ result = "yes";
+ else if (challenge)
+ result = "challenge";
+ else
+ result = "no";
+ }
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
+ b = dbus_message_append_args(
+ reply,
+ DBUS_TYPE_STRING, &result,
+ DBUS_TYPE_INVALID);
+ if (!b)
+ goto oom;
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.DBus.Introspectable", "Introspect")) {
char *introspection = NULL;
FILE *f;
}
free(introspection);
- } else
- return bus_default_message_handler(connection, message, NULL, INTERFACES_LIST, properties);
+ } else {
+ const BusBoundProperties bps[] = {
+ { "org.freedesktop.login1.Manager", bus_login_manager_properties, m },
+ { NULL, }
+ };
+ return bus_default_message_handler(connection, message, NULL, INTERFACES_LIST, bps);
+ }
if (reply) {
if (!dbus_connection_send(connection, reply, NULL))