From acf97e213e69a97e63ab8f7fad7ecd53608c757a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 8 Jan 2015 15:23:54 +0100
Subject: [PATCH] machinectl: given that machinectl invokes a number of polkit
 enabled methods, start the polkit agent on terminals

---
 man/machinectl.xml       |  8 +++++++
 src/machine/machinectl.c | 49 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/man/machinectl.xml b/man/machinectl.xml
index baa0e17e3..ebe8e3b9d 100644
--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@@ -108,6 +108,14 @@
                                 </listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--no-ask-password</option></term>
+
+                                <listitem><para>Do not query the user
+                                for authentication for privileged
+                                operations.</para></listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><option>--kill-who=</option></term>
 
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
index 6180de10d..2c29f1495 100644
--- a/src/machine/machinectl.c
+++ b/src/machine/machinectl.c
@@ -38,6 +38,7 @@
 #include "util.h"
 #include "macro.h"
 #include "pager.h"
+#include "spawn-polkit-agent.h"
 #include "bus-util.h"
 #include "bus-error.h"
 #include "build.h"
@@ -65,6 +66,7 @@ static char *arg_host = NULL;
 static bool arg_read_only = false;
 static bool arg_mkdir = false;
 static bool arg_quiet = false;
+static bool arg_ask_password = true;
 static unsigned arg_lines = 10;
 static OutputMode arg_output = OUTPUT_SHORT;
 
@@ -77,6 +79,19 @@ static void pager_open_if_enabled(void) {
         pager_open(false);
 }
 
+static void polkit_agent_open_if_enabled(void) {
+
+        /* Open the polkit agent as a child process if necessary */
+
+        if (!arg_ask_password)
+                return;
+
+        if (arg_transport != BUS_TRANSPORT_LOCAL)
+                return;
+
+        polkit_agent_open();
+}
+
 static OutputFlags get_output_flags(void) {
         return
                 arg_all * OUTPUT_SHOW_ALL |
@@ -911,6 +926,8 @@ static int kill_machine(int argc, char *argv[], void *userdata) {
 
         assert(bus);
 
+        polkit_agent_open_if_enabled();
+
         if (!arg_kill_who)
                 arg_kill_who = "all";
 
@@ -956,6 +973,8 @@ static int terminate_machine(int argc, char *argv[], void *userdata) {
 
         assert(bus);
 
+        polkit_agent_open_if_enabled();
+
         for (i = 1; i < argc; i++) {
                 int r;
 
@@ -1345,6 +1364,8 @@ static int login_machine(int argc, char *argv[], void *userdata) {
                 return -ENOTSUP;
         }
 
+        polkit_agent_open_if_enabled();
+
         r = sd_event_default(&event);
         if (r < 0)
                 return log_error_errno(r, "Failed to get event loop: %m");
@@ -1375,7 +1396,7 @@ static int login_machine(int argc, char *argv[], void *userdata) {
         if (r < 0)
                 return bus_log_create_error(r);
 
-        r = sd_bus_message_set_allow_interactive_authorization(m, true);
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
         if (r < 0)
                 return bus_log_create_error(r);
 
@@ -1434,6 +1455,8 @@ static int remove_image(int argc, char *argv[], void *userdata) {
 
         assert(bus);
 
+        polkit_agent_open_if_enabled();
+
         for (i = 1; i < argc; i++) {
                 r = sd_bus_call_method(
                                 bus,
@@ -1458,6 +1481,8 @@ static int rename_image(int argc, char *argv[], void *userdata) {
         sd_bus *bus = userdata;
         int r;
 
+        polkit_agent_open_if_enabled();
+
         r = sd_bus_call_method(
                         bus,
                         "org.freedesktop.machine1",
@@ -1480,6 +1505,8 @@ static int clone_image(int argc, char *argv[], void *userdata) {
         sd_bus *bus = userdata;
         int r;
 
+        polkit_agent_open_if_enabled();
+
         r = sd_bus_call_method(
                         bus,
                         "org.freedesktop.machine1",
@@ -1510,6 +1537,8 @@ static int read_only_image(int argc, char *argv[], void *userdata) {
                 }
         }
 
+        polkit_agent_open_if_enabled();
+
         r = sd_bus_call_method(
                         bus,
                         "org.freedesktop.machine1",
@@ -1535,6 +1564,8 @@ static int start_machine(int argc, char *argv[], void *userdata) {
 
         assert(bus);
 
+        polkit_agent_open_if_enabled();
+
         r = bus_wait_for_jobs_new(bus, &w);
         if (r < 0)
                 return log_oom();
@@ -1567,7 +1598,7 @@ static int start_machine(int argc, char *argv[], void *userdata) {
                 if (r < 0)
                         return bus_log_create_error(r);
 
-                r = sd_bus_message_set_allow_interactive_authorization(m, true);
+                r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
                 if (r < 0)
                         return bus_log_create_error(r);
 
@@ -1607,6 +1638,8 @@ static int enable_machine(int argc, char *argv[], void *userdata) {
 
         assert(bus);
 
+        polkit_agent_open_if_enabled();
+
         method = streq(argv[0], "enable") ? "EnableUnitFiles" : "DisableUnitFiles";
 
         r = sd_bus_message_new_method_call(
@@ -1619,7 +1652,7 @@ static int enable_machine(int argc, char *argv[], void *userdata) {
         if (r < 0)
                 return bus_log_create_error(r);
 
-        r = sd_bus_message_set_allow_interactive_authorization(m, true);
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
         if (r < 0)
                 return bus_log_create_error(r);
 
@@ -1687,7 +1720,7 @@ static int enable_machine(int argc, char *argv[], void *userdata) {
         if (r < 0)
                 return bus_log_create_error(r);
 
-        r = sd_bus_message_set_allow_interactive_authorization(m, true);
+        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
         if (r < 0)
                 return bus_log_create_error(r);
 
@@ -1709,6 +1742,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "     --version                Show package version\n"
                "     --no-pager               Do not pipe output into a pager\n"
                "     --no-legend              Do not show the headers and footers\n"
+               "     --no-ask-password        Do not ask for system passwords\n"
                "  -H --host=[USER@]HOST       Operate on remote host\n"
                "  -M --machine=CONTAINER      Operate on local container\n"
                "  -p --property=NAME          Show only properties by this name\n"
@@ -1760,6 +1794,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_KILL_WHO,
                 ARG_READ_ONLY,
                 ARG_MKDIR,
+                ARG_NO_ASK_PASSWORD,
         };
 
         static const struct option options[] = {
@@ -1779,6 +1814,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "quiet",           no_argument,       NULL, 'q'                 },
                 { "lines",           required_argument, NULL, 'n'                 },
                 { "output",          required_argument, NULL, 'o'                 },
+                { "no-ask-password", no_argument,       NULL, ARG_NO_ASK_PASSWORD },
                 {}
         };
 
@@ -1853,6 +1889,10 @@ static int parse_argv(int argc, char *argv[]) {
                         }
                         break;
 
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
                 case 'H':
                         arg_transport = BUS_TRANSPORT_REMOTE;
                         arg_host = optarg;
@@ -1938,6 +1978,7 @@ int main(int argc, char*argv[]) {
 
 finish:
         pager_close();
+        polkit_agent_close();
 
         strv_free(arg_property);
 
-- 
2.30.2