X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fsystemctl.c;h=2efc85635d8f3bd0e270d3baa03f24a312c49f39;hb=b1fc29fb70de560fe9a7a744a20a67aaa4b68b5f;hp=68e4a909eb6e4b8cc586ba6661ca30277f68af0e;hpb=e4a9373fb3ddeadd6b847449186fadf5963695f7;p=elogind.git

diff --git a/src/systemctl.c b/src/systemctl.c
index 68e4a909e..2efc85635 100644
--- a/src/systemctl.c
+++ b/src/systemctl.c
@@ -29,6 +29,7 @@
 #include <termios.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <sys/socket.h>
 
 #include <dbus/dbus.h>
 
@@ -103,6 +104,32 @@ static int bus_iter_get_basic_and_next(DBusMessageIter *iter, int type, void *da
         return 0;
 }
 
+static int bus_check_peercred(DBusConnection *c) {
+        int fd;
+        struct ucred ucred;
+        socklen_t l;
+
+        assert(c);
+
+        assert_se(dbus_connection_get_unix_fd(c, &fd));
+
+        l = sizeof(struct ucred);
+        if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0) {
+                log_error("SO_PEERCRED failed: %m");
+                return -errno;
+        }
+
+        if (l != sizeof(struct ucred)) {
+                log_error("SO_PEERCRED returned wrong size.");
+                return -E2BIG;
+        }
+
+        if (ucred.uid != 0)
+                return -EPERM;
+
+        return 1;
+}
+
 static int columns(void) {
         static int parsed_columns = 0;
         const char *e;
@@ -1426,7 +1453,7 @@ static int systemctl_help(void) {
                "  dump                            Dump server status\n"
                "  snapshot [NAME]                 Create a snapshot\n"
                "  daemon-reload                   Reload init daemon configuration\n"
-               "  daemon-reexecute                Reexecute init daemon\n"
+               "  daemon-reexec                   Reexecute init daemon\n"
                "  daemon-exit                     Ask the init daemon to quit\n"
                "  show-environment                Dump environment\n"
                "  set-environment [NAME=VALUE...] Set one or more environment variables\n"
@@ -1465,7 +1492,7 @@ static int halt_help(void) {
 
 static int shutdown_help(void) {
 
-        printf("%s [options] [IGNORED] [WALL...]\n\n"
+        printf("%s [options] [now] [WALL...]\n\n"
                "Shut down the system.\n\n"
                "     --help      Show this help\n"
                "  -H --halt      Halt the machine\n"
@@ -1741,6 +1768,9 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
                 }
         }
 
+        if (argc > optind && !streq(argv[optind], "now"))
+                log_warning("First argument '%s' isn't 'now'. Ignoring.", argv[optind]);
+
         /* We ignore the time argument */
         if (argc > optind + 1)
                 arg_wall = argv + optind + 1;
@@ -1748,7 +1778,6 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
         optind = argc;
 
         return 1;
-
 }
 
 static int telinit_parse_argv(int argc, char *argv[]) {
@@ -1929,7 +1958,7 @@ static int action_to_runlevel(void) {
         return table[arg_action];
 }
 
-static int talk_upstart(DBusConnection *bus) {
+static int talk_upstart(void) {
         DBusMessage *m = NULL, *reply = NULL;
         DBusError error;
         int previous, rl, r;
@@ -1940,6 +1969,7 @@ static int talk_upstart(DBusConnection *bus) {
         const char *emit = "runlevel";
         dbus_bool_t b_false = FALSE;
         DBusMessageIter iter, sub;
+        DBusConnection *bus;
 
         dbus_error_init(&error);
 
@@ -1949,6 +1979,22 @@ static int talk_upstart(DBusConnection *bus) {
         if (utmp_get_runlevel(&previous, NULL) < 0)
                 previous = 'N';
 
+        if (!(bus = dbus_connection_open("unix:abstract=/com/ubuntu/upstart", &error))) {
+                if (dbus_error_has_name(&error, DBUS_ERROR_NO_SERVER)) {
+                        r = 0;
+                        goto finish;
+                }
+
+                log_error("Failed to connect to Upstart bus: %s", error.message);
+                r = -EIO;
+                goto finish;
+        }
+
+        if ((r = bus_check_peercred(bus)) < 0) {
+                log_error("Failed to verify owner of bus.");
+                goto finish;
+        }
+
         if (!(m = dbus_message_new_method_call(
                               "com.ubuntu.Upstart",
                               "/com/ubuntu/Upstart",
@@ -1956,7 +2002,8 @@ static int talk_upstart(DBusConnection *bus) {
                               "EmitEvent"))) {
 
                 log_error("Could not allocate message.");
-                return -ENOMEM;
+                r = -ENOMEM;
+                goto finish;
         }
 
         dbus_message_iter_init_append(m, &iter);
@@ -1996,6 +2043,9 @@ finish:
         if (reply)
                 dbus_message_unref(reply);
 
+        if (bus)
+                dbus_connection_unref(bus);
+
         dbus_error_free(&error);
 
         return r;
@@ -2163,7 +2213,7 @@ static int start_with_fallback(DBusConnection *bus) {
 
                 /* Hmm, talking to systemd via D-Bus didn't work. Then
                  * let's try to talk to Upstart via D-Bus. */
-                if ((r = talk_upstart(bus)) > 0)
+                if ((r = talk_upstart()) > 0)
                         return 0;
         }
 
@@ -2259,7 +2309,18 @@ int main(int argc, char*argv[]) {
                 goto finish;
         }
 
-        if ((bus = dbus_bus_get(arg_session ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error)))
+        /* If we are root, then let's not go via the bus */
+        if (geteuid() == 0 && !arg_session) {
+                bus = dbus_connection_open("unix:abstract=/org/freedesktop/systemd1/private", &error);
+
+                if (bus && bus_check_peercred(bus) < 0) {
+                        log_error("Failed to verify owner of bus.");
+                        goto finish;
+                }
+        } else
+                bus = dbus_bus_get(arg_session ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error);
+
+        if (bus)
                 dbus_connection_set_exit_on_disconnect(bus, FALSE);
 
         switch (arg_action) {