logind: factor out polkit checks

Factor out the code to ask polkit for authorization from
method_do_shutdown_or_sleep() into an own function called
verify_shutdown_creds().

This is needed in order to also use the same checks when shutdown
operations are scheduled. For that, it's also necessary to allow
NULL values for that action{,_multiple_sessions,_ignore_inhibit)
arguments, which will suppress the call if no action string is
passed.

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 374e5983702e480c47ef0f2fe2fa1f76cc78be80..f638fe0970d2bb4704f820d6096cfb20d777e5bb 100644 (file)
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1590,49 +1590,25 @@ int bus_manager_shutdown_or_sleep_now_or_later(
         return r;
 }
 
         return r;
 }
 

-static int method_do_shutdown_or_sleep(
+static int verify_shutdown_creds(

                 Manager *m,
                 sd_bus_message *message,
                 Manager *m,
                 sd_bus_message *message,

-                const char *unit_name,

                 InhibitWhat w,
                 InhibitWhat w,

+                bool interactive,

                 const char *action,
                 const char *action_multiple_sessions,
                 const char *action_ignore_inhibit,
                 const char *action,
                 const char *action_multiple_sessions,
                 const char *action_ignore_inhibit,

-                const char *sleep_verb,
-                sd_bus_message_handler_t method,

                 sd_bus_error *error) {
 
         _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
         bool multiple_sessions, blocked;
                 sd_bus_error *error) {
 
         _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
         bool multiple_sessions, blocked;

-        int interactive, r;

         uid_t uid;
         uid_t uid;

+        int r;

 
         assert(m);
         assert(message);
 
         assert(m);
         assert(message);

-        assert(unit_name);

         assert(w >= 0);
         assert(w <= _INHIBIT_WHAT_MAX);
         assert(w >= 0);
         assert(w <= _INHIBIT_WHAT_MAX);

-        assert(action);
-        assert(action_multiple_sessions);
-        assert(action_ignore_inhibit);
-        assert(method);
-
-        r = sd_bus_message_read(message, "b", &interactive);
-        if (r < 0)
-                return r;
-
-        /* Don't allow multiple jobs being executed at the same time */
-        if (m->action_what)
-                return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "There's already a shutdown or sleep operation in progress");
-
-        if (sleep_verb) {
-                r = can_sleep(sleep_verb);
-                if (r < 0)
-                        return r;
-
-                if (r == 0)
-                        return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported");
-        }

 
         r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
         if (r < 0)
 
         r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
         if (r < 0)


@@ -1649,7 +1625,7 @@ static int method_do_shutdown_or_sleep(
         multiple_sessions = r > 0;
         blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
 
         multiple_sessions = r > 0;
         blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
 

-        if (multiple_sessions) {
+        if (multiple_sessions && action_multiple_sessions) {

                 r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, interactive, UID_INVALID, &m->polkit_registry, error);
                 if (r < 0)
                         return r;
                 r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, interactive, UID_INVALID, &m->polkit_registry, error);
                 if (r < 0)
                         return r;


@@ -1657,7 +1633,7 @@ static int method_do_shutdown_or_sleep(
                         return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
         }
 
                         return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
         }
 

-        if (blocked) {
+        if (blocked && action_ignore_inhibit) {

                 r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, interactive, UID_INVALID, &m->polkit_registry, error);
                 if (r < 0)
                         return r;
                 r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, interactive, UID_INVALID, &m->polkit_registry, error);
                 if (r < 0)
                         return r;


@@ -1665,7 +1641,7 @@ static int method_do_shutdown_or_sleep(
                         return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
         }
 
                         return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
         }
 

-        if (!multiple_sessions && !blocked) {
+        if (!multiple_sessions && !blocked && action) {

                 r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, interactive, UID_INVALID, &m->polkit_registry, error);
                 if (r < 0)
                         return r;
                 r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, interactive, UID_INVALID, &m->polkit_registry, error);
                 if (r < 0)
                         return r;


@@ -1673,6 +1649,50 @@ static int method_do_shutdown_or_sleep(
                         return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
         }
 
                         return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
         }
 

+        return 0;
+}
+
+static int method_do_shutdown_or_sleep(
+                Manager *m,
+                sd_bus_message *message,
+                const char *unit_name,
+                InhibitWhat w,
+                const char *action,
+                const char *action_multiple_sessions,
+                const char *action_ignore_inhibit,
+                const char *sleep_verb,
+                sd_bus_error *error) {
+
+        int interactive, r;
+
+        assert(m);
+        assert(message);
+        assert(unit_name);
+        assert(w >= 0);
+        assert(w <= _INHIBIT_WHAT_MAX);
+
+        r = sd_bus_message_read(message, "b", &interactive);
+        if (r < 0)
+                return r;
+
+        /* Don't allow multiple jobs being executed at the same time */
+        if (m->action_what)
+                return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS, "There's already a shutdown or sleep operation in progress");
+
+        if (sleep_verb) {
+                r = can_sleep(sleep_verb);
+                if (r < 0)
+                        return r;
+
+                if (r == 0)
+                        return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported");
+        }
+
+        r = verify_shutdown_creds(m, message, w, interactive, action, action_multiple_sessions,
+                                  action_ignore_inhibit, error);
+        if (r != 0)
+                return r;
+

         r = bus_manager_shutdown_or_sleep_now_or_later(m, unit_name, w, error);
         if (r < 0)
                 return r;
         r = bus_manager_shutdown_or_sleep_now_or_later(m, unit_name, w, error);
         if (r < 0)
                 return r;


@@ -1691,7 +1711,6 @@ static int method_poweroff(sd_bus *bus, sd_bus_message *message, void *userdata,
                         "org.freedesktop.login1.power-off-multiple-sessions",
                         "org.freedesktop.login1.power-off-ignore-inhibit",
                         NULL,
                         "org.freedesktop.login1.power-off-multiple-sessions",
                         "org.freedesktop.login1.power-off-ignore-inhibit",
                         NULL,

-                        method_poweroff,

                         error);
 }
 
                         error);
 }
 


@@ -1706,7 +1725,6 @@ static int method_reboot(sd_bus *bus, sd_bus_message *message, void *userdata, s
                         "org.freedesktop.login1.reboot-multiple-sessions",
                         "org.freedesktop.login1.reboot-ignore-inhibit",
                         NULL,
                         "org.freedesktop.login1.reboot-multiple-sessions",
                         "org.freedesktop.login1.reboot-ignore-inhibit",
                         NULL,

-                        method_reboot,

                         error);
 }
 
                         error);
 }
 


@@ -1721,7 +1739,6 @@ static int method_suspend(sd_bus *bus, sd_bus_message *message, void *userdata,
                         "org.freedesktop.login1.suspend-multiple-sessions",
                         "org.freedesktop.login1.suspend-ignore-inhibit",
                         "suspend",
                         "org.freedesktop.login1.suspend-multiple-sessions",
                         "org.freedesktop.login1.suspend-ignore-inhibit",
                         "suspend",

-                        method_suspend,

                         error);
 }
 
                         error);
 }
 


@@ -1736,7 +1753,6 @@ static int method_hibernate(sd_bus *bus, sd_bus_message *message, void *userdata
                         "org.freedesktop.login1.hibernate-multiple-sessions",
                         "org.freedesktop.login1.hibernate-ignore-inhibit",
                         "hibernate",
                         "org.freedesktop.login1.hibernate-multiple-sessions",
                         "org.freedesktop.login1.hibernate-ignore-inhibit",
                         "hibernate",

-                        method_hibernate,

                         error);
 }
 
                         error);
 }
 


@@ -1751,7 +1767,6 @@ static int method_hybrid_sleep(sd_bus *bus, sd_bus_message *message, void *userd
                         "org.freedesktop.login1.hibernate-multiple-sessions",
                         "org.freedesktop.login1.hibernate-ignore-inhibit",
                         "hybrid-sleep",
                         "org.freedesktop.login1.hibernate-multiple-sessions",
                         "org.freedesktop.login1.hibernate-ignore-inhibit",
                         "hybrid-sleep",

-                        method_hybrid_sleep,

                         error);
 }
 
                         error);
 }