inhibit: add --no-ask-password option and allow interactive polkit auth

It seems entirely reasonable to make a policy which e.g. allows block operations
for interactive users after authentication. The tool should support this, so that
more complicated local policies can be used.

Related to https://github.com/systemd/systemd/pull/30307.

diff --git a/man/systemd-inhibit.xml b/man/systemd-inhibit.xml
index a6dbb06c360d48ac13466039fba7758adae74de4..5299719525443f4f17483498e07b16217987e4ec 100644 (file)
--- a/man/systemd-inhibit.xml
+++ b/man/systemd-inhibit.xml
@@ -114,6 +114,7 @@
         acquiring one.</para></listitem>
       </varlistentry>
 
+      <xi:include href="standard-options.xml" xpointer="no-ask-password" />
       <xi:include href="standard-options.xml" xpointer="no-pager" />
       <xi:include href="standard-options.xml" xpointer="no-legend" />
       <xi:include href="standard-options.xml" xpointer="help" />

diff --git a/src/login/inhibit.c b/src/login/inhibit.c
index 4682830d198a8a73f14b9ad645eb390aedce930f..13ba4b82f46eacbbd59b030ccee23ead989acc02 100644 (file)
--- a/src/login/inhibit.c
+++ b/src/login/inhibit.c
@@ -25,10 +25,11 @@
 #include "terminal-util.h"
 #include "user-util.h"
 
-static const char* arg_what = "idle:sleep:shutdown";
-static const char* arg_who = NULL;
-static const char* arg_why = "Unknown reason";
-static const char* arg_mode = NULL;
+static const char *arg_what = "idle:sleep:shutdown";
+static const char *arg_who = NULL;
+static const char *arg_why = "Unknown reason";
+static const char *arg_mode = NULL;
+static bool arg_ask_password = true;
 static PagerFlags arg_pager_flags = 0;
 static bool arg_legend = true;
 
@@ -42,6 +43,8 @@ static int inhibit(sd_bus *bus, sd_bus_error *error) {
         int r;
         int fd;
 
+        (void) polkit_agent_open_if_enabled(BUS_TRANSPORT_LOCAL, arg_ask_password);
+
         r = bus_call_method(bus, bus_login_mgr, "Inhibit", error, &reply, "ssss", arg_what, arg_who, arg_why, arg_mode);
         if (r < 0)
                 return r;
@@ -145,6 +148,7 @@ static int help(void) {
                "\n%sExecute a process while inhibiting shutdown/sleep/idle.%s\n\n"
                "  -h --help               Show this help\n"
                "     --version            Show package version\n"
+               "     --no-ask-password    Do not attempt interactive authorization\n"
                "     --no-pager           Do not pipe output into a pager\n"
                "     --no-legend          Do not show the headers and footers\n"
                "     --what=WHAT          Operations to inhibit, colon separated list of:\n"
@@ -173,20 +177,22 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_WHY,
                 ARG_MODE,
                 ARG_LIST,
+                ARG_NO_ASK_PASSWORD,
                 ARG_NO_PAGER,
                 ARG_NO_LEGEND,
         };
 
         static const struct option options[] = {
-                { "help",         no_argument,       NULL, 'h'              },
-                { "version",      no_argument,       NULL, ARG_VERSION      },
-                { "what",         required_argument, NULL, ARG_WHAT         },
-                { "who",          required_argument, NULL, ARG_WHO          },
-                { "why",          required_argument, NULL, ARG_WHY          },
-                { "mode",         required_argument, NULL, ARG_MODE         },
-                { "list",         no_argument,       NULL, ARG_LIST         },
-                { "no-pager",     no_argument,       NULL, ARG_NO_PAGER     },
-                { "no-legend",    no_argument,       NULL, ARG_NO_LEGEND       },
+                { "help",             no_argument,       NULL, 'h'                 },
+                { "version",          no_argument,       NULL, ARG_VERSION         },
+                { "no-ask-password",  no_argument,       NULL, ARG_NO_ASK_PASSWORD },
+                { "what",             required_argument, NULL, ARG_WHAT            },
+                { "who",              required_argument, NULL, ARG_WHO             },
+                { "why",              required_argument, NULL, ARG_WHY             },
+                { "mode",             required_argument, NULL, ARG_MODE            },
+                { "list",             no_argument,       NULL, ARG_LIST            },
+                { "no-pager",         no_argument,       NULL, ARG_NO_PAGER        },
+                { "no-legend",        no_argument,       NULL, ARG_NO_LEGEND       },
                 {}
         };
 
@@ -228,6 +234,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_action = ACTION_LIST;
                         break;
 
+                case ARG_NO_ASK_PASSWORD:
+                        arg_ask_password = false;
+                        break;
+
                 case ARG_NO_PAGER:
                         arg_pager_flags |= PAGER_DISABLE;
                         break;
@@ -267,6 +277,8 @@ static int run(int argc, char *argv[]) {
         if (r < 0)
                 return bus_log_connect_error(r, BUS_TRANSPORT_LOCAL);
 
+        (void) sd_bus_set_allow_interactive_authorization(bus, arg_ask_password);
+
         if (arg_action == ACTION_LIST)
                 return print_inhibitors(bus);
         else {