X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flogin%2Flogind-dbus.c;h=d01cf1ae89fad8a1a7e861f88cc141f7c856a603;hp=506601b065d6b9c0d62d23ceb83c44aa4a0aaff8;hb=f8e2fb7b14e53f5a4bcfd66d26910af1dee185c6;hpb=84c3361e129a5ae7a5a408b1562f7f2336b1de3a
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 506601b06..d01cf1ae8 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -6,16 +6,16 @@
Copyright 2011 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see .
***/
@@ -27,6 +27,7 @@
#include "logind.h"
#include "dbus-common.h"
#include "strv.h"
+#include "mkdir.h"
#include "polkit.h"
#include "special.h"
@@ -62,6 +63,7 @@
" \n" \
" \n" \
" \n" \
+ " \n" \
" \n" \
" \n" \
" \n" \
@@ -79,6 +81,9 @@
" \n" \
" \n" \
" \n" \
+ " \n" \
+ " \n" \
+ " \n" \
" \n" \
" \n" \
" \n" \
@@ -94,12 +99,12 @@
" \n" \
" \n" \
" \n" \
- " \n" \
- " \n" \
+ " \n" \
+ " \n" \
" \n" \
" \n" \
" \n" \
- " \n" \
+ " \n" \
" \n" \
" \n" \
" \n" \
@@ -129,6 +134,21 @@
" \n" \
" \n" \
" \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
+ " \n" \
" \n" \
" \n" \
" \n" \
@@ -163,6 +183,7 @@
" \n" \
" \n" \
" \n" \
+ " \n" \
" \n"
#define INTROSPECTION_BEGIN \
@@ -213,14 +234,29 @@ static int bus_manager_append_idle_hint_since(DBusMessageIter *i, const char *pr
return 0;
}
+static int bus_manager_append_inhibited(DBusMessageIter *i, const char *property, void *data) {
+ Manager *m = data;
+ InhibitWhat w;
+ const char *p;
+
+ w = manager_inhibit_what(m);
+ p = inhibit_what_to_string(w);
+
+ if (!dbus_message_iter_append_basic(i, DBUS_TYPE_STRING, &p))
+ return -ENOMEM;
+
+ return 0;
+}
+
static int bus_manager_create_session(Manager *m, DBusMessage *message, DBusMessage **_reply) {
Session *session = NULL;
User *user = NULL;
- const char *type, *seat, *tty, *display, *remote_user, *remote_host, *service;
+ const char *type, *class, *seat, *tty, *display, *remote_user, *remote_host, *service;
uint32_t uid, leader, audit_id = 0;
dbus_bool_t remote, kill_processes;
char **controllers = NULL, **reset_controllers = NULL;
SessionType t;
+ SessionClass c;
Seat *s;
DBusMessageIter iter;
int r;
@@ -265,6 +301,17 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message, DBusMess
dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING)
return -EINVAL;
+ dbus_message_iter_get_basic(&iter, &class);
+ if (isempty(class))
+ c = SESSION_USER;
+ else
+ c = session_class_from_string(class);
+
+ if (c < 0 ||
+ !dbus_message_iter_next(&iter) ||
+ dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING)
+ return -EINVAL;
+
dbus_message_iter_get_basic(&iter, &seat);
if (isempty(seat))
@@ -443,9 +490,9 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message, DBusMess
} else {
do {
free(id);
- asprintf(&id, "c%lu", ++m->session_counter);
+ id = NULL;
- if (!id) {
+ if (asprintf(&id, "c%lu", ++m->session_counter) < 0) {
r = -ENOMEM;
goto fail;
}
@@ -461,6 +508,7 @@ static int bus_manager_create_session(Manager *m, DBusMessage *message, DBusMess
session->leader = leader;
session->audit_id = audit_id;
session->type = t;
+ session->class = c;
session->remote = remote;
session->controllers = controllers;
session->reset_controllers = reset_controllers;
@@ -578,6 +626,122 @@ fail:
return r;
}
+static int bus_manager_inhibit(Manager *m, DBusConnection *connection, DBusMessage *message, DBusError *error, DBusMessage **_reply) {
+ Inhibitor *i = NULL;
+ char *id = NULL;
+ const char *who, *why, *what;
+ pid_t pid;
+ InhibitWhat w;
+ unsigned long ul;
+ int r, fifo_fd = -1;
+ DBusMessage *reply = NULL;
+
+ assert(m);
+ assert(connection);
+ assert(message);
+ assert(error);
+ assert(_reply);
+
+ if (!dbus_message_get_args(
+ message,
+ error,
+ DBUS_TYPE_STRING, &what,
+ DBUS_TYPE_STRING, &who,
+ DBUS_TYPE_STRING, &why,
+ DBUS_TYPE_INVALID)) {
+ r = -EIO;
+ goto fail;
+ }
+
+ w = inhibit_what_from_string(what);
+ if (w <= 0) {
+ r = -EINVAL;
+ goto fail;
+ }
+
+ r = verify_polkit(connection, message, "org.freedesktop.login1.inhibit", false, NULL, error);
+ if (r < 0)
+ goto fail;
+
+ ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), error);
+ if (ul == (unsigned long) -1) {
+ r = -EIO;
+ goto fail;
+ }
+
+ pid = bus_get_unix_process_id(connection, dbus_message_get_sender(message), error);
+ if (pid <= 0) {
+ r = -EIO;
+ goto fail;
+ }
+
+ do {
+ free(id);
+ id = NULL;
+
+ if (asprintf(&id, "%lu", ++m->inhibit_counter) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ } while (hashmap_get(m->inhibitors, id));
+
+ r = manager_add_inhibitor(m, id, &i);
+ free(id);
+
+ if (r < 0)
+ goto fail;
+
+ i->what = w;
+ i->pid = pid;
+ i->uid = (uid_t) ul;
+ i->why = strdup(why);
+ i->who = strdup(who);
+
+ if (!i->why || !i->who) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ fifo_fd = inhibitor_create_fifo(i);
+ if (fifo_fd < 0) {
+ r = fifo_fd;
+ goto fail;
+ }
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ if (!dbus_message_append_args(
+ reply,
+ DBUS_TYPE_UNIX_FD, &fifo_fd,
+ DBUS_TYPE_INVALID)) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ close_nointr_nofail(fifo_fd);
+ *_reply = reply;
+
+ inhibitor_start(i);
+
+ return 0;
+
+fail:
+ if (i)
+ inhibitor_free(i);
+
+ if (fifo_fd >= 0)
+ close_nointr_nofail(fifo_fd);
+
+ if (reply)
+ dbus_message_unref(reply);
+
+ return r;
+}
+
static int trigger_device(Manager *m, struct udev_device *d) {
struct udev_enumerate *e;
struct udev_list_entry *first, *item;
@@ -714,6 +878,37 @@ static int flush_devices(Manager *m) {
return trigger_device(m, NULL);
}
+static int have_multiple_sessions(
+ DBusConnection *connection,
+ Manager *m,
+ DBusMessage *message,
+ DBusError *error) {
+
+ Session *s;
+
+ assert(m);
+
+ if (hashmap_size(m->sessions) > 1)
+ return true;
+
+ /* Hmm, there's only one session, but let's make sure it
+ * actually belongs to the user who is asking. If not, better
+ * be safe than sorry. */
+
+ s = hashmap_first(m->sessions);
+ if (s) {
+ unsigned long ul;
+
+ ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), error);
+ if (ul == (unsigned long) -1)
+ return -EIO;
+
+ return s->user->uid != ul;
+ }
+
+ return false;
+}
+
static const BusProperty bus_login_manager_properties[] = {
{ "ControlGroupHierarchy", bus_property_append_string, "s", offsetof(Manager, cgroup_path), true },
{ "Controllers", bus_property_append_strv, "as", offsetof(Manager, controllers), true },
@@ -725,6 +920,7 @@ static const BusProperty bus_login_manager_properties[] = {
{ "IdleHint", bus_manager_append_idle_hint, "b", 0 },
{ "IdleSinceHint", bus_manager_append_idle_hint_since, "t", 0 },
{ "IdleSinceHintMonotonic", bus_manager_append_idle_hint_since, "t", 0 },
+ { "Inhibited", bus_manager_append_inhibited, "s", 0 },
{ NULL, }
};
@@ -1012,6 +1208,56 @@ static DBusHandlerResult manager_message_handler(
if (!dbus_message_iter_close_container(&iter, &sub))
goto oom;
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ListInhibitors")) {
+ Inhibitor *inhibitor;
+ Iterator i;
+ DBusMessageIter iter, sub;
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
+ dbus_message_iter_init_append(reply, &iter);
+
+ if (!dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, "(sssuu)", &sub))
+ goto oom;
+
+ HASHMAP_FOREACH(inhibitor, m->inhibitors, i) {
+ DBusMessageIter sub2;
+ dbus_uint32_t uid, pid;
+ const char *what, *who, *why;
+
+ if (!dbus_message_iter_open_container(&sub, DBUS_TYPE_STRUCT, NULL, &sub2))
+ goto oom;
+
+ what = inhibit_what_to_string(inhibitor->what);
+ who = strempty(inhibitor->who);
+ why = strempty(inhibitor->why);
+ uid = (dbus_uint32_t) inhibitor->uid;
+ pid = (dbus_uint32_t) inhibitor->pid;
+
+ if (!dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &what) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &who) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &why) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_UINT32, &uid) ||
+ !dbus_message_iter_append_basic(&sub2, DBUS_TYPE_UINT32, &pid))
+ goto oom;
+
+ if (!dbus_message_iter_close_container(&sub, &sub2))
+ goto oom;
+ }
+
+ if (!dbus_message_iter_close_container(&iter, &sub))
+ goto oom;
+
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "Inhibit")) {
+
+ r = bus_manager_inhibit(m, connection, message, &error, &reply);
+
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) {
r = bus_manager_create_session(m, message, &reply);
@@ -1022,7 +1268,34 @@ static DBusHandlerResult manager_message_handler(
* see this fail quickly then be retried later */
if (r < 0)
- return bus_send_error_reply(connection, message, &error, r);
+ return bus_send_error_reply(connection, message, NULL, r);
+
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) {
+ const char *name;
+ Session *session;
+
+ if (!dbus_message_get_args(
+ message,
+ &error,
+ DBUS_TYPE_STRING, &name,
+ DBUS_TYPE_INVALID))
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
+
+ session = hashmap_get(m->sessions, name);
+ if (!session)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+ /* We use the FIFO to detect stray sessions where the
+ process invoking PAM dies abnormally. We need to make
+ sure that that process is not killed if at the clean
+ end of the session it closes the FIFO. Hence, with
+ this call explicitly turn off the FIFO logic, so that
+ the PAM code can finish clean up on its own */
+ session_remove_fifo(session);
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) {
const char *name;
@@ -1261,7 +1534,7 @@ static DBusHandlerResult manager_message_handler(
if (!pw)
return bus_send_error_reply(connection, message, NULL, errno ? -errno : -EINVAL);
- r = verify_polkit(connection, message, "org.freedesktop.login1.set-user-linger", interactive, &error);
+ r = verify_polkit(connection, message, "org.freedesktop.login1.set-user-linger", interactive, NULL, &error);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
@@ -1321,7 +1594,7 @@ static DBusHandlerResult manager_message_handler(
if (!path_startswith(sysfs, "/sys") || !seat_name_is_valid(seat))
return bus_send_error_reply(connection, message, NULL, -EINVAL);
- r = verify_polkit(connection, message, "org.freedesktop.login1.attach-device", interactive, &error);
+ r = verify_polkit(connection, message, "org.freedesktop.login1.attach-device", interactive, NULL, &error);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
@@ -1344,7 +1617,7 @@ static DBusHandlerResult manager_message_handler(
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
- r = verify_polkit(connection, message, "org.freedesktop.login1.flush-devices", interactive, &error);
+ r = verify_polkit(connection, message, "org.freedesktop.login1.flush-devices", interactive, NULL, &error);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
@@ -1359,11 +1632,10 @@ static DBusHandlerResult manager_message_handler(
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "PowerOff") ||
dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "Reboot")) {
dbus_bool_t interactive;
- bool multiple_sessions;
+ bool multiple_sessions, inhibit;
DBusMessage *forward, *freply;
- const char *name;
+ const char *name, *action;
const char *mode = "replace";
- const char *action;
if (!dbus_message_get_args(
message,
@@ -1372,48 +1644,43 @@ static DBusHandlerResult manager_message_handler(
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
- multiple_sessions = hashmap_size(m->sessions) > 1;
+ r = have_multiple_sessions(connection, m, message, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
- if (!multiple_sessions) {
- Session *s;
+ multiple_sessions = r > 0;
+ inhibit = !!(manager_inhibit_what(m) & INHIBIT_SHUTDOWN);
- /* Hmm, there's only one session, but let's
- * make sure it actually belongs to the user
- * who is asking. If not, better be safe than
- * sorry. */
+ if (multiple_sessions) {
+ action = streq(dbus_message_get_member(message), "PowerOff") ?
+ "org.freedesktop.login1.power-off-multiple-sessions" :
+ "org.freedesktop.login1.reboot-multiple-sessions";
- s = hashmap_first(m->sessions);
- if (s) {
- unsigned long ul;
+ r = verify_polkit(connection, message, action, interactive, NULL, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+ }
- ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), &error);
- if (ul == (unsigned long) -1)
- return bus_send_error_reply(connection, message, &error, -EIO);
+ if (inhibit) {
+ action = streq(dbus_message_get_member(message), "PowerOff") ?
+ "org.freedesktop.login1.power-off-ignore-inhibit" :
+ "org.freedesktop.login1.reboot-ignore-inhibit";
- multiple_sessions = s->user->uid != ul;
- }
+ r = verify_polkit(connection, message, action, interactive, NULL, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
}
- if (streq(dbus_message_get_member(message), "PowerOff")) {
- if (multiple_sessions)
- action = "org.freedesktop.login1.power-off-multiple-sessions";
- else
- action = "org.freedesktop.login1.power-off";
-
- name = SPECIAL_POWEROFF_TARGET;
- } else {
- if (multiple_sessions)
- action = "org.freedesktop.login1.reboot-multiple-sessions";
- else
- action = "org.freedesktop.login1.reboot";
+ if (!multiple_sessions && !inhibit) {
+ action = streq(dbus_message_get_member(message), "PowerOff") ?
+ "org.freedesktop.login1.power-off" :
+ "org.freedesktop.login1.reboot";
- name = SPECIAL_REBOOT_TARGET;
+ r = verify_polkit(connection, message, action, interactive, NULL, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
}
- r = verify_polkit(connection, message, action, interactive, &error);
- if (r < 0)
- return bus_send_error_reply(connection, message, &error, r);
-
forward = dbus_message_new_method_call(
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
@@ -1422,6 +1689,9 @@ static DBusHandlerResult manager_message_handler(
if (!forward)
return bus_send_error_reply(connection, message, NULL, -ENOMEM);
+ name = streq(dbus_message_get_member(message), "PowerOff") ?
+ SPECIAL_POWEROFF_TARGET : SPECIAL_REBOOT_TARGET;
+
if (!dbus_message_append_args(forward,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_STRING, &mode,
@@ -1442,6 +1712,84 @@ static DBusHandlerResult manager_message_handler(
if (!reply)
goto oom;
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CanPowerOff") ||
+ dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CanReboot")) {
+
+ bool multiple_sessions, challenge, inhibit, b;
+ const char *action, *result;
+
+ r = have_multiple_sessions(connection, m, message, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ multiple_sessions = r > 0;
+ inhibit = !!(manager_inhibit_what(m) & INHIBIT_SHUTDOWN);
+
+ if (multiple_sessions) {
+ action = streq(dbus_message_get_member(message), "CanPowerOff") ?
+ "org.freedesktop.login1.power-off-multiple-sessions" :
+ "org.freedesktop.login1.reboot-multiple-sessions";
+
+ r = verify_polkit(connection, message, action, false, &challenge, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ if (r > 0)
+ result = "yes";
+ else if (challenge)
+ result = "challenge";
+ else
+ result = "no";
+ }
+
+ if (inhibit) {
+ action = streq(dbus_message_get_member(message), "CanPowerOff") ?
+ "org.freedesktop.login1.power-off-ignore-inhibit" :
+ "org.freedesktop.login1.reboot-ignore-inhibit";
+
+ r = verify_polkit(connection, message, action, false, &challenge, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ if (r > 0 && !result)
+ result = "yes";
+ else if (challenge && (!result || streq(result, "yes")))
+ result = "challenge";
+ else
+ result = "no";
+ }
+
+ if (!multiple_sessions && !inhibit) {
+ /* If neither inhibit nor multiple sessions
+ * apply then just check the normal policy */
+
+ action = streq(dbus_message_get_member(message), "CanPowerOff") ?
+ "org.freedesktop.login1.power-off" :
+ "org.freedesktop.login1.reboot";
+
+ r = verify_polkit(connection, message, action, false, &challenge, &error);
+ if (r < 0)
+ return bus_send_error_reply(connection, message, &error, r);
+
+ if (r > 0)
+ result = "yes";
+ else if (challenge)
+ result = "challenge";
+ else
+ result = "no";
+ }
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
+ b = dbus_message_append_args(
+ reply,
+ DBUS_TYPE_STRING, &result,
+ DBUS_TYPE_INVALID);
+ if (!b)
+ goto oom;
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.DBus.Introspectable", "Introspect")) {
char *introspection = NULL;
FILE *f;