X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flogin%2Flogind-dbus.c;h=b28d28093934877feb38c602b0306cbf62be813c;hp=c0d13094740d913cc660be7e4adb15d602c4c510;hb=9d10cbee89ca7f82d29b9cb27bef11e23e3803ba;hpb=d920e59c7df63300e5b5191d2a4be7b3baac6ea8 diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index c0d130947..b28d28093 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -24,7 +24,6 @@ #include #include -#include "sd-id128.h" #include "sd-messages.h" #include "strv.h" #include "mkdir.h" @@ -32,16 +31,99 @@ #include "special.h" #include "sleep-config.h" #include "fileio-label.h" -#include "label.h" -#include "utf8.h" #include "unit-name.h" -#include "virt.h" #include "audit.h" #include "bus-util.h" #include "bus-error.h" -#include "logind.h" #include "bus-common-errors.h" #include "udev-util.h" +#include "selinux-util.h" +#include "logind.h" + +int manager_get_session_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Session **ret) { + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; + Session *session; + int r; + + assert(m); + assert(message); + assert(ret); + + if (isempty(name)) { + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_SESSION|SD_BUS_CREDS_AUGMENT, &creds); + if (r < 0) + return r; + + r = sd_bus_creds_get_session(creds, &name); + if (r < 0) + return r; + } + + session = hashmap_get(m->sessions, name); + if (!session) + return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); + + *ret = session; + return 0; +} + +int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret) { + User *user; + int r; + + assert(m); + assert(message); + assert(ret); + + if (uid == UID_INVALID) { + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; + + /* Note that we get the owner UID of the session, not the actual client UID here! */ + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds); + if (r < 0) + return r; + + r = sd_bus_creds_get_owner_uid(creds, &uid); + if (r < 0) + return r; + } + + user = hashmap_get(m->users, UID_TO_PTR(uid)); + if (!user) + return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER, "No user "UID_FMT" known or logged in", uid); + + *ret = user; + return 0; +} + +int manager_get_seat_from_creds(Manager *m, sd_bus_message *message, const char *name, sd_bus_error *error, Seat **ret) { + Seat *seat; + int r; + + assert(m); + assert(message); + assert(ret); + + if (isempty(name)) { + Session *session; + + r = manager_get_session_from_creds(m, message, NULL, error, &session); + if (r < 0) + return r; + + seat = session->seat; + + if (!seat) + return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "Session has no seat."); + } else { + seat = hashmap_get(m->seats, name); + if (!seat) + return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", name); + } + + *ret = seat; + return 0; +} static int property_get_idle_hint( sd_bus *bus, @@ -144,9 +226,9 @@ static int method_get_session(sd_bus *bus, sd_bus_message *message, void *userda if (r < 0) return r; - session = hashmap_get(m->sessions, name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); + r = manager_get_session_from_creds(m, message, name, error, &session); + if (r < 0) + return r; p = session_bus_path(session); if (!p) @@ -172,23 +254,18 @@ static int method_get_session_by_pid(sd_bus *bus, sd_bus_message *message, void if (r < 0) return r; - if (pid == 0) { - _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; - - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds); + if (pid <= 0) { + r = manager_get_session_from_creds(m, message, NULL, error, &session); if (r < 0) return r; - - r = sd_bus_creds_get_pid(creds, &pid); + } else { + r = manager_get_session_by_pid(m, pid, &session); if (r < 0) return r; - } - r = manager_get_session_by_pid(m, pid, &session); - if (r < 0) - return r; - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SESSION_FOR_PID, "PID "PID_FMT" does not belong to any known session", pid); + if (!session) + return sd_bus_error_setf(error, BUS_ERROR_NO_SESSION_FOR_PID, "PID "PID_FMT" does not belong to any known session", pid); + } p = session_bus_path(session); if (!p) @@ -212,9 +289,9 @@ static int method_get_user(sd_bus *bus, sd_bus_message *message, void *userdata, if (r < 0) return r; - user = hashmap_get(m->users, ULONG_TO_PTR((unsigned long) uid)); - if (!user) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER, "No user "UID_FMT" known or logged in", uid); + r = manager_get_user_from_creds(m, message, uid, error, &user); + if (r < 0) + return r; p = user_bus_path(user); if (!p) @@ -240,24 +317,18 @@ static int method_get_user_by_pid(sd_bus *bus, sd_bus_message *message, void *us if (r < 0) return r; - if (pid == 0) { - _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; - - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds); + if (pid <= 0) { + r = manager_get_user_from_creds(m, message, UID_INVALID, error, &user); if (r < 0) return r; - - r = sd_bus_creds_get_pid(creds, &pid); + } else { + r = manager_get_user_by_pid(m, pid, &user); if (r < 0) return r; + if (!user) + return sd_bus_error_setf(error, BUS_ERROR_NO_USER_FOR_PID, "PID "PID_FMT" does not belong to any known or logged in user", pid); } - r = manager_get_user_by_pid(m, pid, &user); - if (r < 0) - return r; - if (!user) - return sd_bus_error_setf(error, BUS_ERROR_NO_USER_FOR_PID, "PID "PID_FMT" does not belong to any known or logged in user", pid); - p = user_bus_path(user); if (!p) return -ENOMEM; @@ -280,9 +351,9 @@ static int method_get_seat(sd_bus *bus, sd_bus_message *message, void *userdata, if (r < 0) return r; - seat = hashmap_get(m->seats, name); - if (!seat) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", name); + r = manager_get_seat_from_creds(m, message, name, error, &seat); + if (r < 0) + return r; p = seat_bus_path(seat); if (!p) @@ -569,8 +640,6 @@ static int method_create_session(sd_bus *bus, sd_bus_message *message, void *use if (r < 0) return r; - assert_cc(sizeof(uint32_t) == sizeof(pid_t)); - r = sd_bus_creds_get_pid(creds, (pid_t*) &leader); if (r < 0) return r; @@ -754,9 +823,9 @@ static int method_release_session(sd_bus *bus, sd_bus_message *message, void *us if (r < 0) return r; - session = hashmap_get(m->sessions, name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); + r = manager_get_session_from_creds(m, message, name, error, &session); + if (r < 0) + return r; session_release(session); @@ -777,15 +846,11 @@ static int method_activate_session(sd_bus *bus, sd_bus_message *message, void *u if (r < 0) return r; - session = hashmap_get(m->sessions, name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); - - r = session_activate(session); + r = manager_get_session_from_creds(m, message, name, error, &session); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_session_method_activate(bus, message, session, error); } static int method_activate_session_on_seat(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { @@ -806,13 +871,13 @@ static int method_activate_session_on_seat(sd_bus *bus, sd_bus_message *message, if (r < 0) return r; - session = hashmap_get(m->sessions, session_name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", session_name); + r = manager_get_session_from_creds(m, message, session_name, error, &session); + if (r < 0) + return r; - seat = hashmap_get(m->seats, seat_name); - if (!seat) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", seat_name); + r = manager_get_seat_from_creds(m, message, seat_name, error, &seat); + if (r < 0) + return r; if (session->seat != seat) return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, "Session %s not on seat %s", session_name, seat_name); @@ -838,15 +903,11 @@ static int method_lock_session(sd_bus *bus, sd_bus_message *message, void *userd if (r < 0) return r; - session = hashmap_get(m->sessions, name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); - - r = session_send_lock(session, streq(sd_bus_message_get_member(message), "LockSession")); + r = manager_get_session_from_creds(m, message, name, error, &session); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_session_method_lock(bus, message, session, error); } static int method_lock_sessions(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { @@ -857,6 +918,19 @@ static int method_lock_sessions(sd_bus *bus, sd_bus_message *message, void *user assert(message); assert(m); + r = bus_verify_polkit_async( + message, + CAP_SYS_ADMIN, + "org.freedesktop.login1.lock-sessions", + false, + UID_INVALID, + &m->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = session_send_lock_all(m, streq(sd_bus_message_get_member(message), "LockSessions")); if (r < 0) return r; @@ -865,47 +939,29 @@ static int method_lock_sessions(sd_bus *bus, sd_bus_message *message, void *user } static int method_kill_session(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { - const char *name, *swho; + const char *name; Manager *m = userdata; Session *session; - int32_t signo; - KillWho who; int r; assert(bus); assert(message); assert(m); - r = sd_bus_message_read(message, "ssi", &name, &swho, &signo); + r = sd_bus_message_read(message, "s", &name); if (r < 0) return r; - if (isempty(swho)) - who = KILL_ALL; - else { - who = kill_who_from_string(swho); - if (who < 0) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid kill parameter '%s'", swho); - } - - if (signo <= 0 || signo >= _NSIG) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid signal %i", signo); - - session = hashmap_get(m->sessions, name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); - - r = session_kill(session, who, signo); + r = manager_get_session_from_creds(m, message, name, error, &session); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_session_method_kill(bus, message, session, error); } static int method_kill_user(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { Manager *m = userdata; uint32_t uid; - int32_t signo; User *user; int r; @@ -913,22 +969,15 @@ static int method_kill_user(sd_bus *bus, sd_bus_message *message, void *userdata assert(message); assert(m); - r = sd_bus_message_read(message, "ui", &uid, &signo); + r = sd_bus_message_read(message, "u", &uid); if (r < 0) return r; - if (signo <= 0 || signo >= _NSIG) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid signal %i", signo); - - user = hashmap_get(m->users, ULONG_TO_PTR((unsigned long) uid)); - if (!user) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER, "No user "UID_FMT" known or logged in", uid); - - r = user_kill(user, signo); + r = manager_get_user_from_creds(m, message, uid, error, &user); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_user_method_kill(bus, message, user, error); } static int method_terminate_session(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { @@ -945,15 +994,11 @@ static int method_terminate_session(sd_bus *bus, sd_bus_message *message, void * if (r < 0) return r; - session = hashmap_get(m->sessions, name); - if (!session) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name); - - r = session_stop(session, true); + r = manager_get_session_from_creds(m, message, name, error, &session); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_session_method_terminate(bus, message, session, error); } static int method_terminate_user(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { @@ -970,15 +1015,11 @@ static int method_terminate_user(sd_bus *bus, sd_bus_message *message, void *use if (r < 0) return r; - user = hashmap_get(m->users, ULONG_TO_PTR((unsigned long) uid)); - if (!user) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER, "No user "UID_FMT" known or logged in", uid); - - r = user_stop(user, true); + r = manager_get_user_from_creds(m, message, uid, error, &user); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_user_method_terminate(bus, message, user, error); } static int method_terminate_seat(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { @@ -995,15 +1036,11 @@ static int method_terminate_seat(sd_bus *bus, sd_bus_message *message, void *use if (r < 0) return r; - seat = hashmap_get(m->seats, name); - if (!seat) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", name); - - r = seat_stop_sessions(seat, true); + r = manager_get_seat_from_creds(m, message, name, error, &seat); if (r < 0) return r; - return sd_bus_reply_method_return(message, NULL); + return bus_seat_method_terminate(bus, message, seat, error); } static int method_set_user_linger(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { @@ -1023,6 +1060,19 @@ static int method_set_user_linger(sd_bus *bus, sd_bus_message *message, void *us if (r < 0) return r; + if (uid == UID_INVALID) { + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; + + /* Note that we get the owner UID of the session, not the actual client UID here! */ + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds); + if (r < 0) + return r; + + r = sd_bus_creds_get_owner_uid(creds, &uid); + if (r < 0) + return r; + } + errno = 0; pw = getpwuid(uid); if (!pw) @@ -1033,6 +1083,7 @@ static int method_set_user_linger(sd_bus *bus, sd_bus_message *message, void *us CAP_SYS_ADMIN, "org.freedesktop.login1.set-user-linger", interactive, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -1050,7 +1101,7 @@ static int method_set_user_linger(sd_bus *bus, sd_bus_message *message, void *us if (!cc) return -ENOMEM; - path = strappenda("/var/lib/systemd/linger/", cc); + path = strjoina("/var/lib/systemd/linger/", cc); if (b) { User *u; @@ -1068,7 +1119,7 @@ static int method_set_user_linger(sd_bus *bus, sd_bus_message *message, void *us if (r < 0 && errno != ENOENT) return -errno; - u = hashmap_get(m->users, ULONG_TO_PTR((unsigned long) uid)); + u = hashmap_get(m->users, UID_TO_PTR(uid)); if (u) user_add_to_gc_queue(u); } @@ -1205,6 +1256,7 @@ static int method_attach_device(sd_bus *bus, sd_bus_message *message, void *user CAP_SYS_ADMIN, "org.freedesktop.login1.attach-device", interactive, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -1236,6 +1288,7 @@ static int method_flush_devices(sd_bus *bus, sd_bus_message *message, void *user CAP_SYS_ADMIN, "org.freedesktop.login1.flush-devices", interactive, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -1395,7 +1448,7 @@ static int execute_shutdown_or_sleep( m->action_what = w; /* Make sure the lid switch is ignored for a while */ - manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + IGNORE_LID_SWITCH_SUSPEND_USEC); + manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec); return 0; } @@ -1517,11 +1570,11 @@ static int method_do_shutdown_or_sleep( return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported"); } - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; @@ -1533,7 +1586,7 @@ static int method_do_shutdown_or_sleep( blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL); if (multiple_sessions) { - r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, interactive, &m->polkit_registry, error); + r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, interactive, UID_INVALID, &m->polkit_registry, error); if (r < 0) return r; if (r == 0) @@ -1541,7 +1594,7 @@ static int method_do_shutdown_or_sleep( } if (blocked) { - r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, interactive, &m->polkit_registry, error); + r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, interactive, UID_INVALID, &m->polkit_registry, error); if (r < 0) return r; if (r == 0) @@ -1549,7 +1602,7 @@ static int method_do_shutdown_or_sleep( } if (!multiple_sessions && !blocked) { - r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, interactive, &m->polkit_registry, error); + r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, interactive, UID_INVALID, &m->polkit_registry, error); if (r < 0) return r; if (r == 0) @@ -1670,11 +1723,11 @@ static int method_can_shutdown_or_sleep( return sd_bus_reply_method_return(message, "s", "na"); } - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; @@ -1686,7 +1739,7 @@ static int method_can_shutdown_or_sleep( blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL); if (multiple_sessions) { - r = bus_verify_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, false, &challenge, error); + r = bus_verify_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, false, UID_INVALID, &challenge, error); if (r < 0) return r; @@ -1699,7 +1752,7 @@ static int method_can_shutdown_or_sleep( } if (blocked) { - r = bus_verify_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, false, &challenge, error); + r = bus_verify_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, false, UID_INVALID, &challenge, error); if (r < 0) return r; @@ -1715,7 +1768,7 @@ static int method_can_shutdown_or_sleep( /* If neither inhibit nor multiple sessions * apply then just check the normal policy */ - r = bus_verify_polkit(message, CAP_SYS_BOOT, action, false, &challenge, error); + r = bus_verify_polkit(message, CAP_SYS_BOOT, action, false, UID_INVALID, &challenge, error); if (r < 0) return r; @@ -1835,25 +1888,30 @@ static int method_inhibit(sd_bus *bus, sd_bus_message *message, void *userdata, if (m->action_what & w) return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "The operation inhibition has been requested for is already running"); - r = bus_verify_polkit_async(message, CAP_SYS_BOOT, - w == INHIBIT_SHUTDOWN ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-shutdown" : "org.freedesktop.login1.inhibit-delay-shutdown") : - w == INHIBIT_SLEEP ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-sleep" : "org.freedesktop.login1.inhibit-delay-sleep") : - w == INHIBIT_IDLE ? "org.freedesktop.login1.inhibit-block-idle" : - w == INHIBIT_HANDLE_POWER_KEY ? "org.freedesktop.login1.inhibit-handle-power-key" : - w == INHIBIT_HANDLE_SUSPEND_KEY ? "org.freedesktop.login1.inhibit-handle-suspend-key" : - w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" : - "org.freedesktop.login1.inhibit-handle-lid-switch", - false, &m->polkit_registry, error); + r = bus_verify_polkit_async( + message, + CAP_SYS_BOOT, + w == INHIBIT_SHUTDOWN ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-shutdown" : "org.freedesktop.login1.inhibit-delay-shutdown") : + w == INHIBIT_SLEEP ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-sleep" : "org.freedesktop.login1.inhibit-delay-sleep") : + w == INHIBIT_IDLE ? "org.freedesktop.login1.inhibit-block-idle" : + w == INHIBIT_HANDLE_POWER_KEY ? "org.freedesktop.login1.inhibit-handle-power-key" : + w == INHIBIT_HANDLE_SUSPEND_KEY ? "org.freedesktop.login1.inhibit-handle-suspend-key" : + w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" : + "org.freedesktop.login1.inhibit-handle-lid-switch", + false, + UID_INVALID, + &m->polkit_registry, + error); if (r < 0) return r; if (r == 0) return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ - r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID, &creds); + r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID, &creds); if (r < 0) return r; - r = sd_bus_creds_get_uid(creds, &uid); + r = sd_bus_creds_get_euid(creds, &uid); if (r < 0) return r; @@ -1921,6 +1979,7 @@ const sd_bus_vtable manager_vtable[] = { SD_BUS_PROPERTY("HandleHibernateKey", "s", property_get_handle_action, offsetof(Manager, handle_hibernate_key), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("HandleLidSwitch", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("HandleLidSwitchDocked", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch_docked), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("HoldoffTimeoutUSec", "t", NULL, offsetof(Manager, holdoff_timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("IdleAction", "s", property_get_handle_action, offsetof(Manager, idle_action), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("IdleActionUSec", "t", NULL, offsetof(Manager, idle_action_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PreparingForShutdown", "b", property_get_preparing, 0, 0), @@ -1939,15 +1998,15 @@ const sd_bus_vtable manager_vtable[] = { SD_BUS_METHOD("ReleaseSession", "s", NULL, method_release_session, 0), SD_BUS_METHOD("ActivateSession", "s", NULL, method_activate_session, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("ActivateSessionOnSeat", "ss", NULL, method_activate_session_on_seat, SD_BUS_VTABLE_UNPRIVILEGED), - SD_BUS_METHOD("LockSession", "s", NULL, method_lock_session, 0), - SD_BUS_METHOD("UnlockSession", "s", NULL, method_lock_session, 0), - SD_BUS_METHOD("LockSessions", NULL, NULL, method_lock_sessions, 0), - SD_BUS_METHOD("UnlockSessions", NULL, NULL, method_lock_sessions, 0), - SD_BUS_METHOD("KillSession", "ssi", NULL, method_kill_session, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), - SD_BUS_METHOD("KillUser", "ui", NULL, method_kill_user, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), - SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), - SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), - SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), + SD_BUS_METHOD("LockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("UnlockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("LockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("UnlockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("KillSession", "ssi", NULL, method_kill_session, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("KillUser", "ui", NULL, method_kill_user, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, SD_BUS_VTABLE_UNPRIVILEGED), @@ -2110,9 +2169,10 @@ int match_properties_changed(sd_bus *bus, sd_bus_message *message, void *userdat return 0; r = unit_name_from_dbus_path(path, &unit); + if (r == -EINVAL) /* not a unit */ + return 0; if (r < 0) - /* quietly ignore non-units paths */ - return r == -EINVAL ? 0 : r; + return r; session = hashmap_get(m->session_units, unit); if (session)