-/* SPDX-License-Identifier: LGPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <errno.h>
#include <sys/stat.h>
#include "format-util.h"
#include "fs-util.h"
#include "logind-dbus.h"
+#include "logind-polkit.h"
#include "logind-seat-dbus.h"
#include "logind-session-dbus.h"
#include "logind-user-dbus.h"
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
Manager *m = userdata;
Session *session;
- Iterator i;
int r;
assert(message);
if (r < 0)
return r;
- HASHMAP_FOREACH(session, m->sessions, i) {
+ HASHMAP_FOREACH(session, m->sessions) {
_cleanup_free_ char *p = NULL;
p = session_bus_path(session);
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
Manager *m = userdata;
User *user;
- Iterator i;
int r;
assert(message);
if (r < 0)
return r;
- HASHMAP_FOREACH(user, m->users, i) {
+ HASHMAP_FOREACH(user, m->users) {
_cleanup_free_ char *p = NULL;
p = user_bus_path(user);
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
Manager *m = userdata;
Seat *seat;
- Iterator i;
int r;
assert(message);
if (r < 0)
return r;
- HASHMAP_FOREACH(seat, m->seats, i) {
+ HASHMAP_FOREACH(seat, m->seats) {
_cleanup_free_ char *p = NULL;
p = seat_bus_path(seat);
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
Manager *m = userdata;
Inhibitor *inhibitor;
- Iterator i;
int r;
assert(message);
if (r < 0)
return r;
- HASHMAP_FOREACH(inhibitor, m->inhibitors, i) {
+ HASHMAP_FOREACH(inhibitor, m->inhibitors) {
r = sd_bus_message_append(reply, "(ssssuu)",
strempty(inhibit_what_to_string(inhibitor->what)),
return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT,
"Session %s not on seat %s", session_name, seat_name);
- r = bus_verify_polkit_async(
- message,
- CAP_SYS_ADMIN,
- "org.freedesktop.login1.chvt",
- NULL,
- false,
- UID_INVALID,
- &m->polkit_registry,
- error);
+ r = check_polkit_chvt(message, m, error);
if (r < 0)
return r;
if (r == 0)
if (r < 0)
return r;
- if (sd_device_has_tag(d, "seat") <= 0)
+ if (sd_device_has_current_tag(d, "seat") <= 0)
return -ENODEV;
if (sd_device_get_property_value(d, "ID_FOR_SEAT", &id_for_seat) < 0)
uid_t uid) {
Session *session;
- Iterator i;
assert(m);
/* Check for other users' sessions. Greeter sessions do not
* count, and non-login sessions do not count either. */
- HASHMAP_FOREACH(session, m->sessions, i)
+ HASHMAP_FOREACH(session, m->sessions)
if (session->class == SESSION_USER &&
session->user->user_record->uid != uid)
return true;
m->action_what = w;
/* Make sure the lid switch is ignored for a while */
- manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec);
+ manager_set_lid_switch_ignore(m, usec_add(now(CLOCK_MONOTONIC), m->holdoff_timeout_usec));
return 0;
const char *unit_name) {
int r;
- usec_t timeout_val;
assert(m);
assert(w >= 0);
assert(w < _INHIBIT_WHAT_MAX);
assert(unit_name);
- timeout_val = now(CLOCK_MONOTONIC) + m->inhibit_delay_max;
-
if (m->inhibit_timeout_source) {
- r = sd_event_source_set_time(m->inhibit_timeout_source, timeout_val);
+ r = sd_event_source_set_time_relative(m->inhibit_timeout_source, m->inhibit_delay_max);
if (r < 0)
- return log_error_errno(r, "sd_event_source_set_time() failed: %m");
+ return log_error_errno(r, "sd_event_source_set_time_relative() failed: %m");
r = sd_event_source_set_enabled(m->inhibit_timeout_source, SD_EVENT_ONESHOT);
if (r < 0)
return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
} else {
- r = sd_event_add_time(m->event, &m->inhibit_timeout_source, CLOCK_MONOTONIC,
- timeout_val, 0, manager_inhibit_timeout_handler, m);
+ r = sd_event_add_time_relative(
+ m->event,
+ &m->inhibit_timeout_source,
+ CLOCK_MONOTONIC, m->inhibit_delay_max, 0,
+ manager_inhibit_timeout_handler, m);
if (r < 0)
return r;
}
Manager *m,
sd_bus_message *message,
InhibitWhat w,
- bool interactive,
const char *action,
const char *action_multiple_sessions,
const char *action_ignore_inhibit,
+ uint64_t flags,
sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
- bool multiple_sessions, blocked;
+ bool multiple_sessions, blocked, interactive;
uid_t uid;
int r;
multiple_sessions = r > 0;
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
+ interactive = flags & SD_LOGIND_INTERACTIVE;
if (multiple_sessions && action_multiple_sessions) {
r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
}
- if (blocked && action_ignore_inhibit) {
- r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
- if (r < 0)
- return r;
- if (r == 0)
- return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+ if (blocked) {
+ /* We don't check polkit for root here, because you can't be more privileged than root */
+ if (uid == 0 && (flags & SD_LOGIND_ROOT_CHECK_INHIBITORS))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED,
+ "Access denied to root due to active block inhibitor");
+
+ if (action_ignore_inhibit) {
+ r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+ }
}
if (!multiple_sessions && !blocked && action) {
const char *action_multiple_sessions,
const char *action_ignore_inhibit,
const char *sleep_verb,
+ bool with_flags,
sd_bus_error *error) {
- int interactive, r;
+ uint64_t flags;
+ int r;
assert(m);
assert(message);
assert(w >= 0);
assert(w <= _INHIBIT_WHAT_MAX);
- r = sd_bus_message_read(message, "b", &interactive);
- if (r < 0)
- return r;
+ if (with_flags) {
+ /* New style method: with flags parameter (and interactive bool in the bus message header) */
+ r = sd_bus_message_read(message, "t", &flags);
+ if (r < 0)
+ return r;
+ if ((flags & ~SD_LOGIND_SHUTDOWN_AND_SLEEP_FLAGS_PUBLIC) != 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid flags parameter");
+ } else {
+ /* Old style method: no flags parameter, but interactive bool passed as boolean in
+ * payload. Let's convert this argument to the new-style flags parameter for our internal
+ * use. */
+ int interactive;
+
+ r = sd_bus_message_read(message, "b", &interactive);
+ if (r < 0)
+ return r;
+
+ flags = interactive ? SD_LOGIND_INTERACTIVE : 0;
+ }
/* Don't allow multiple jobs being executed at the same time */
if (m->action_what > 0)
return r;
}
- r = verify_shutdown_creds(m, message, w, interactive, action, action_multiple_sessions,
- action_ignore_inhibit, error);
+ r = verify_shutdown_creds(m, message, w, action, action_multiple_sessions,
+ action_ignore_inhibit, flags, error);
if (r != 0)
return r;
"org.freedesktop.login1.power-off-multiple-sessions",
"org.freedesktop.login1.power-off-ignore-inhibit",
NULL,
+ sd_bus_message_is_method_call(message, NULL, "PowerOffWithFlags"),
error);
}
"org.freedesktop.login1.reboot-multiple-sessions",
"org.freedesktop.login1.reboot-ignore-inhibit",
NULL,
+ sd_bus_message_is_method_call(message, NULL, "RebootWithFlags"),
error);
}
"org.freedesktop.login1.halt-multiple-sessions",
"org.freedesktop.login1.halt-ignore-inhibit",
NULL,
+ sd_bus_message_is_method_call(message, NULL, "HaltWithFlags"),
error);
}
"org.freedesktop.login1.suspend-multiple-sessions",
"org.freedesktop.login1.suspend-ignore-inhibit",
"suspend",
+ sd_bus_message_is_method_call(message, NULL, "SuspendWithFlags"),
error);
}
"org.freedesktop.login1.hibernate-multiple-sessions",
"org.freedesktop.login1.hibernate-ignore-inhibit",
"hibernate",
+ sd_bus_message_is_method_call(message, NULL, "HibernateWithFlags"),
error);
}
"org.freedesktop.login1.hibernate-multiple-sessions",
"org.freedesktop.login1.hibernate-ignore-inhibit",
"hybrid-sleep",
+ sd_bus_message_is_method_call(message, NULL, "HybridSleepWithFlags"),
error);
}
"org.freedesktop.login1.hibernate-multiple-sessions",
"org.freedesktop.login1.hibernate-ignore-inhibit",
"hybrid-sleep",
+ sd_bus_message_is_method_call(message, NULL, "SuspendThenHibernateWithFlags"),
error);
}
} else
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unsupported shutdown type");
- r = verify_shutdown_creds(m, message, INHIBIT_SHUTDOWN, false,
- action, action_multiple_sessions, action_ignore_inhibit, error);
+ r = verify_shutdown_creds(m, message, INHIBIT_SHUTDOWN, action, action_multiple_sessions,
+ action_ignore_inhibit, 0, error);
if (r != 0)
return r;
_cleanup_free_ char *id = NULL;
_cleanup_close_ int fifo_fd = -1;
Manager *m = userdata;
- Inhibitor *i = NULL;
InhibitMode mm;
InhibitWhat w;
pid_t pid;
w == INHIBIT_IDLE ? "org.freedesktop.login1.inhibit-block-idle" :
w == INHIBIT_HANDLE_POWER_KEY ? "org.freedesktop.login1.inhibit-handle-power-key" :
w == INHIBIT_HANDLE_SUSPEND_KEY ? "org.freedesktop.login1.inhibit-handle-suspend-key" :
+ w == INHIBIT_HANDLE_REBOOT_KEY ? "org.freedesktop.login1.inhibit-handle-reboot-key" :
w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" :
"org.freedesktop.login1.inhibit-handle-lid-switch",
NULL,
} while (hashmap_get(m->inhibitors, id));
+ _cleanup_(inhibitor_freep) Inhibitor *i = NULL;
r = manager_add_inhibitor(m, id, &i);
if (r < 0)
return r;
i->why = strdup(why);
i->who = strdup(who);
- if (!i->why || !i->who) {
- r = -ENOMEM;
- goto fail;
- }
+ if (!i->why || !i->who)
+ return -ENOMEM;
fifo_fd = inhibitor_create_fifo(i);
- if (fifo_fd < 0) {
- r = fifo_fd;
- goto fail;
- }
+ if (fifo_fd < 0)
+ return fifo_fd;
r = inhibitor_start(i);
if (r < 0)
- goto fail;
+ return r;
+ TAKE_PTR(i);
return sd_bus_reply_method_return(message, "h", fifo_fd);
-
-fail:
- if (i)
- inhibitor_free(i);
-
- return r;
}
static const sd_bus_vtable manager_vtable[] = {
NULL,,
method_poweroff,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("PowerOffWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_poweroff,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("Reboot",
"b",
SD_BUS_PARAM(interactive),
NULL,,
method_reboot,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("RebootWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_reboot,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("Halt",
"b",
SD_BUS_PARAM(interactive),
NULL,,
method_halt,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("HaltWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_halt,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("Suspend",
"b",
SD_BUS_PARAM(interactive),
NULL,,
method_suspend,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("SuspendWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_suspend,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("Hibernate",
"b",
SD_BUS_PARAM(interactive),
NULL,,
method_hibernate,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("HibernateWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_hibernate,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("HybridSleep",
"b",
SD_BUS_PARAM(interactive),
NULL,,
method_hybrid_sleep,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("HybridSleepWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_hybrid_sleep,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("SuspendThenHibernate",
"b",
SD_BUS_PARAM(interactive),
NULL,,
method_suspend_then_hibernate,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD_WITH_NAMES("SuspendThenHibernateWithFlags",
+ "t",
+ SD_BUS_PARAM(flags),
+ NULL,,
+ method_suspend_then_hibernate,
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("CanPowerOff",
NULL,,
"s",
int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Manager *m = userdata;
Session *session;
- Iterator i;
int b, r;
assert(message);
/* systemd finished reloading, let's recheck all our sessions */
log_debug("System manager has been reloaded, rechecking sessions...");
- HASHMAP_FOREACH(session, m->sessions, i)
+ HASHMAP_FOREACH(session, m->sessions)
session_add_to_gc_queue(session);
return 0;
return r;
/* disable TasksMax= for the session scope, rely on the slice setting for it */
- r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", (uint64_t)-1);
+ r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", UINT64_MAX);
if (r < 0)
return bus_log_create_error(r);
return strdup_job(reply, job);
}
-int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
+int manager_stop_unit(Manager *manager, const char *unit, const char *job_mode, sd_bus_error *error, char **ret_job) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
int r;
assert(manager);
assert(unit);
- assert(job);
+ assert(ret_job);
r = bus_call_method(
manager->bus,
"StopUnit",
error,
&reply,
- "ss", unit, "fail");
+ "ss", unit, job_mode ?: "fail");
if (r < 0) {
- if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
- sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED)) {
+ if (sd_bus_error_has_names(error, BUS_ERROR_NO_SUCH_UNIT,
+ BUS_ERROR_LOAD_FAILED)) {
- *job = NULL;
+ *ret_job = NULL;
sd_bus_error_free(error);
return 0;
}
return r;
}
- return strdup_job(reply, job);
+ return strdup_job(reply, ret_job);
}
int manager_abandon_scope(Manager *manager, const char *scope, sd_bus_error *ret_error) {
NULL,
NULL);
if (r < 0) {
- if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
- sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED) ||
- sd_bus_error_has_name(&error, BUS_ERROR_SCOPE_NOT_RUNNING))
+ if (sd_bus_error_has_names(&error, BUS_ERROR_NO_SUCH_UNIT,
+ BUS_ERROR_LOAD_FAILED,
+ BUS_ERROR_SCOPE_NOT_RUNNING))
return 0;
sd_bus_error_move(ret_error, &error);
if (r < 0) {
/* systemd might have dropped off momentarily, let's
* not make this an error */
- if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
- sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
+ if (sd_bus_error_has_names(&error, SD_BUS_ERROR_NO_REPLY,
+ SD_BUS_ERROR_DISCONNECTED))
return true;
/* If the unit is already unloaded then it's not
* active */
- if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
- sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED))
+ if (sd_bus_error_has_names(&error, BUS_ERROR_NO_SUCH_UNIT,
+ BUS_ERROR_LOAD_FAILED))
return false;
sd_bus_error_move(ret_error, &error);
&reply,
"s");
if (r < 0) {
- if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
- sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
+ if (sd_bus_error_has_names(&error, SD_BUS_ERROR_NO_REPLY,
+ SD_BUS_ERROR_DISCONNECTED))
return true;
if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))