2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2011-06-17 15:59:18 +02:00
|
|
|
#include <errno.h>
|
2015-10-23 18:52:53 +02:00
|
|
|
#include <pwd.h>
|
2011-06-17 15:59:18 +02:00
|
|
|
#include <string.h>
|
2019-03-27 11:32:41 +01:00
|
|
|
#include <sys/stat.h>
|
2011-06-24 18:50:50 +02:00
|
|
|
#include <unistd.h>
|
2011-06-17 15:59:18 +02:00
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
#include "sd-device.h"
|
2013-11-05 01:10:21 +01:00
|
|
|
#include "sd-messages.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "audit-util.h"
|
2018-10-22 20:06:52 +02:00
|
|
|
#include "bootspec.h"
|
2014-12-10 19:00:46 +01:00
|
|
|
#include "bus-common-errors.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "bus-error.h"
|
2018-04-10 13:15:00 +02:00
|
|
|
#include "bus-unit-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "bus-util.h"
|
2018-10-22 18:06:06 +02:00
|
|
|
#include "cgroup-util.h"
|
2018-08-28 09:05:35 +02:00
|
|
|
#include "device-util.h"
|
2015-10-26 20:07:55 +01:00
|
|
|
#include "dirent-util.h"
|
2015-04-03 18:03:06 +02:00
|
|
|
#include "efivars.h"
|
2018-10-22 20:02:25 +02:00
|
|
|
#include "env-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "escape.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "fileio-label.h"
|
2018-11-30 21:07:21 +01:00
|
|
|
#include "fileio.h"
|
2016-11-07 16:14:59 +01:00
|
|
|
#include "format-util.h"
|
2015-10-26 21:16:26 +01:00
|
|
|
#include "fs-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "logind.h"
|
2018-12-04 08:26:09 +01:00
|
|
|
#include "missing_capability.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "mkdir.h"
|
2018-10-22 20:06:52 +02:00
|
|
|
#include "parse-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "path-util.h"
|
2015-04-10 19:10:00 +02:00
|
|
|
#include "process-util.h"
|
2019-03-09 21:30:58 +01:00
|
|
|
#include "reboot-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "selinux-util.h"
|
|
|
|
#include "sleep-config.h"
|
|
|
|
#include "special.h"
|
2018-10-22 20:06:52 +02:00
|
|
|
#include "stdio-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "strv.h"
|
2015-04-10 23:15:59 +02:00
|
|
|
#include "terminal-util.h"
|
2018-11-30 21:05:27 +01:00
|
|
|
#include "tmpfile-util.h"
|
2015-10-23 18:52:53 +02:00
|
|
|
#include "unit-name.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
#include "user-util.h"
|
2015-04-22 17:20:42 +02:00
|
|
|
#include "utmp-wtmp.h"
|
2019-03-09 21:30:58 +01:00
|
|
|
#include "virt.h"
|
2011-05-26 02:21:16 +02:00
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
static int get_sender_session(
|
|
|
|
Manager *m,
|
|
|
|
sd_bus_message *message,
|
|
|
|
bool consult_display,
|
|
|
|
sd_bus_error *error,
|
|
|
|
Session **ret) {
|
2017-10-07 13:24:02 +02:00
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
Session *session = NULL;
|
2017-10-07 13:24:02 +02:00
|
|
|
const char *name;
|
2015-01-09 16:14:19 +01:00
|
|
|
int r;
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
/* Acquire the sender's session. This first checks if the sending process is inside a session itself,
|
|
|
|
* and returns that. If not and 'consult_display' is true, this returns the display session of the
|
|
|
|
* owning user of the caller. */
|
|
|
|
|
|
|
|
r = sd_bus_query_sender_creds(message,
|
|
|
|
SD_BUS_CREDS_SESSION|SD_BUS_CREDS_AUGMENT|
|
|
|
|
(consult_display ? SD_BUS_CREDS_OWNER_UID : 0), &creds);
|
2017-10-07 13:24:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_creds_get_session(creds, &name);
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENXIO)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (consult_display) {
|
|
|
|
uid_t uid;
|
|
|
|
|
|
|
|
r = sd_bus_creds_get_owner_uid(creds, &uid);
|
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENXIO)
|
|
|
|
return r;
|
|
|
|
} else {
|
|
|
|
User *user;
|
|
|
|
|
|
|
|
user = hashmap_get(m->users, UID_TO_PTR(uid));
|
|
|
|
if (user)
|
|
|
|
session = user->display;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
session = hashmap_get(m->sessions, name);
|
2017-10-07 13:24:02 +02:00
|
|
|
|
|
|
|
if (!session)
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SESSION_FOR_PID,
|
|
|
|
consult_display ?
|
|
|
|
"Caller does not belong to any known session and doesn't own any suitable session." :
|
|
|
|
"Caller does not belong to any known session.");
|
2017-10-07 13:24:02 +02:00
|
|
|
|
|
|
|
*ret = session;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
int manager_get_session_from_creds(
|
|
|
|
Manager *m,
|
|
|
|
sd_bus_message *message,
|
|
|
|
const char *name,
|
|
|
|
sd_bus_error *error,
|
|
|
|
Session **ret) {
|
|
|
|
|
2017-10-07 13:24:02 +02:00
|
|
|
Session *session;
|
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
assert(ret);
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
if (SEAT_IS_SELF(name)) /* the caller's own session */
|
|
|
|
return get_sender_session(m, message, false, error, ret);
|
|
|
|
if (SEAT_IS_AUTO(name)) /* The caller's own session if they have one, otherwise their user's display session */
|
|
|
|
return get_sender_session(m, message, true, error, ret);
|
2015-01-09 16:14:19 +01:00
|
|
|
|
|
|
|
session = hashmap_get(m->sessions, name);
|
|
|
|
if (!session)
|
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SESSION, "No session '%s' known", name);
|
|
|
|
|
|
|
|
*ret = session;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-10-07 13:24:02 +02:00
|
|
|
static int get_sender_user(Manager *m, sd_bus_message *message, sd_bus_error *error, User **ret) {
|
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
|
|
|
uid_t uid;
|
2015-01-09 16:14:19 +01:00
|
|
|
User *user;
|
|
|
|
int r;
|
|
|
|
|
2017-10-07 13:24:02 +02:00
|
|
|
/* Note that we get the owner UID of the session, not the actual client UID here! */
|
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_creds_get_owner_uid(creds, &uid);
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENXIO)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
user = NULL;
|
|
|
|
} else
|
|
|
|
user = hashmap_get(m->users, UID_TO_PTR(uid));
|
2017-10-07 13:24:02 +02:00
|
|
|
|
|
|
|
if (!user)
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_USER_FOR_PID,
|
|
|
|
"Caller does not belong to any logged in or lingering user");
|
2017-10-07 13:24:02 +02:00
|
|
|
|
|
|
|
*ret = user;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int manager_get_user_from_creds(Manager *m, sd_bus_message *message, uid_t uid, sd_bus_error *error, User **ret) {
|
|
|
|
User *user;
|
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
assert(ret);
|
|
|
|
|
2017-10-07 13:24:02 +02:00
|
|
|
if (!uid_is_valid(uid))
|
|
|
|
return get_sender_user(m, message, error, ret);
|
2015-01-09 16:14:19 +01:00
|
|
|
|
2015-01-09 16:25:47 +01:00
|
|
|
user = hashmap_get(m->users, UID_TO_PTR(uid));
|
2015-01-09 16:14:19 +01:00
|
|
|
if (!user)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_USER,
|
|
|
|
"User ID "UID_FMT" is not logged in or lingering", uid);
|
2015-01-09 16:14:19 +01:00
|
|
|
|
|
|
|
*ret = user;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
int manager_get_seat_from_creds(
|
|
|
|
Manager *m,
|
|
|
|
sd_bus_message *message,
|
|
|
|
const char *name,
|
|
|
|
sd_bus_error *error,
|
|
|
|
Seat **ret) {
|
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
Seat *seat;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
assert(ret);
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
if (SEAT_IS_SELF(name) || SEAT_IS_AUTO(name)) {
|
2015-01-09 16:14:19 +01:00
|
|
|
Session *session;
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
/* Use these special seat names as session names */
|
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
2015-01-09 16:14:19 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
seat = session->seat;
|
|
|
|
if (!seat)
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "Session '%s' has no seat.", session->id);
|
2015-01-09 16:14:19 +01:00
|
|
|
} else {
|
|
|
|
seat = hashmap_get(m->seats, name);
|
|
|
|
if (!seat)
|
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT, "No seat '%s' known", name);
|
|
|
|
}
|
|
|
|
|
|
|
|
*ret = seat;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-03-11 22:18:29 +01:00
|
|
|
static int return_test_polkit(
|
|
|
|
sd_bus_message *message,
|
|
|
|
int capability,
|
|
|
|
const char *action,
|
|
|
|
const char **details,
|
|
|
|
uid_t good_user,
|
|
|
|
sd_bus_error *e) {
|
|
|
|
|
|
|
|
const char *result;
|
|
|
|
bool challenge;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = bus_test_polkit(message, capability, action, details, good_user, &challenge, e);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (r > 0)
|
|
|
|
result = "yes";
|
|
|
|
else if (challenge)
|
|
|
|
result = "challenge";
|
|
|
|
else
|
|
|
|
result = "no";
|
|
|
|
|
|
|
|
return sd_bus_reply_method_return(message, "s", result);
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
static int property_get_idle_hint(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
2013-11-21 19:34:37 +01:00
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
2011-06-17 15:59:18 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-06-17 15:59:18 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
return sd_bus_message_append(reply, "b", manager_get_idle_hint(m, NULL) > 0);
|
2011-06-17 15:59:18 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
static int property_get_idle_since_hint(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
2013-11-21 19:34:37 +01:00
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
Manager *m = userdata;
|
2015-06-16 01:08:12 +02:00
|
|
|
dual_timestamp t = DUAL_TIMESTAMP_NULL;
|
2011-06-17 15:59:18 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
2011-06-17 15:59:18 +02:00
|
|
|
assert(m);
|
|
|
|
|
|
|
|
manager_get_idle_hint(m, &t);
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return sd_bus_message_append(reply, "t", streq(property, "IdleSinceHint") ? t.realtime : t.monotonic);
|
2011-06-17 15:59:18 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
static int property_get_inhibited(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
2013-11-21 19:34:37 +01:00
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
Manager *m = userdata;
|
2012-04-16 16:47:33 +02:00
|
|
|
InhibitWhat w;
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(m);
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
w = manager_inhibit_what(m, streq(property, "BlockInhibited") ? INHIBIT_BLOCK : INHIBIT_DELAY);
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return sd_bus_message_append(reply, "s", inhibit_what_to_string(w));
|
2012-04-16 16:47:33 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
static int property_get_preparing(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
2013-11-21 19:34:37 +01:00
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
bool b;
|
2012-06-29 19:38:35 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(m);
|
2012-06-29 19:38:35 +02:00
|
|
|
|
|
|
|
if (streq(property, "PreparingForShutdown"))
|
2018-06-11 16:02:03 +02:00
|
|
|
b = m->action_what & INHIBIT_SHUTDOWN;
|
2012-06-29 19:38:35 +02:00
|
|
|
else
|
2018-06-11 16:02:03 +02:00
|
|
|
b = m->action_what & INHIBIT_SLEEP;
|
2012-06-29 19:38:35 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return sd_bus_message_append(reply, "b", b);
|
2012-06-29 19:38:35 +02:00
|
|
|
}
|
|
|
|
|
2015-04-20 15:27:15 +02:00
|
|
|
static int property_get_scheduled_shutdown(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_open_container(reply, 'r', "st");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_message_append(reply, "st", m->scheduled_shutdown_type, m->scheduled_shutdown_timeout);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
return sd_bus_message_close_container(reply);
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction);
|
2018-05-14 03:02:55 +02:00
|
|
|
static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays);
|
2018-10-22 12:41:34 +02:00
|
|
|
static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed);
|
2018-10-22 13:02:50 +02:00
|
|
|
static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power);
|
2018-05-14 03:02:55 +02:00
|
|
|
static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX);
|
|
|
|
static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size);
|
2017-12-07 22:25:26 +01:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_get_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
Manager *m = userdata;
|
|
|
|
const char *name;
|
|
|
|
Session *session;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
p = session_bus_path(session);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "o", p);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2017-09-17 16:49:12 +02:00
|
|
|
/* Get login session of a process. This is not what you are looking for these days,
|
|
|
|
* as apps may instead belong to a user service unit. This includes terminal
|
|
|
|
* emulators and hence command-line apps. */
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_get_session_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *p = NULL;
|
2013-03-05 03:29:54 +01:00
|
|
|
Session *session = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2013-11-05 20:44:27 +01:00
|
|
|
pid_t pid;
|
2013-11-05 01:10:21 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2013-11-05 20:44:27 +01:00
|
|
|
assert_cc(sizeof(pid_t) == sizeof(uint32_t));
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "u", &pid);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2017-10-03 13:05:24 +02:00
|
|
|
if (pid < 0)
|
2015-11-15 22:00:47 +01:00
|
|
|
return -EINVAL;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-11-15 22:00:47 +01:00
|
|
|
if (pid == 0) {
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, NULL, error, &session);
|
2013-11-28 17:50:02 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2015-01-09 16:14:19 +01:00
|
|
|
} else {
|
|
|
|
r = manager_get_session_by_pid(m, pid, &session);
|
2013-11-05 20:44:27 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 20:44:27 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
if (!session)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SESSION_FOR_PID,
|
|
|
|
"PID "PID_FMT" does not belong to any known session", pid);
|
2015-01-09 16:14:19 +01:00
|
|
|
}
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
p = session_bus_path(session);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "o", p);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_get_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
Manager *m = userdata;
|
|
|
|
uint32_t uid;
|
|
|
|
User *user;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "u", &uid);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_user_from_creds(m, message, uid, error, &user);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
p = user_bus_path(user);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "o", p);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_get_user_by_pid(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
Manager *m = userdata;
|
2013-03-05 03:29:54 +01:00
|
|
|
User *user = NULL;
|
2013-11-05 20:44:27 +01:00
|
|
|
pid_t pid;
|
2013-07-02 01:46:30 +02:00
|
|
|
int r;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
2011-06-24 18:50:50 +02:00
|
|
|
assert(m);
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-05 20:44:27 +01:00
|
|
|
assert_cc(sizeof(pid_t) == sizeof(uint32_t));
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "u", &pid);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2017-10-03 13:05:24 +02:00
|
|
|
if (pid < 0)
|
2015-11-15 22:00:47 +01:00
|
|
|
return -EINVAL;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-11-15 22:00:47 +01:00
|
|
|
if (pid == 0) {
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_user_from_creds(m, message, UID_INVALID, error, &user);
|
2013-11-28 17:50:02 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2015-01-09 16:14:19 +01:00
|
|
|
} else {
|
|
|
|
r = manager_get_user_by_pid(m, pid, &user);
|
2013-11-05 20:44:27 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2015-01-09 16:14:19 +01:00
|
|
|
if (!user)
|
2017-10-17 17:03:58 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_USER_FOR_PID,
|
|
|
|
"PID "PID_FMT" does not belong to any logged in user or lingering user",
|
|
|
|
pid);
|
2013-11-05 20:44:27 +01:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
p = user_bus_path(user);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "o", p);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_get_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
Manager *m = userdata;
|
|
|
|
const char *name;
|
|
|
|
Seat *seat;
|
|
|
|
int r;
|
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
assert(message);
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(m);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_seat_from_creds(m, message, name, error, &seat);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
p = seat_bus_path(seat);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "o", p);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_list_sessions(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
Iterator i;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
r = sd_bus_message_new_method_return(message, &reply);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_open_container(reply, 'a', "(susso)");
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
HASHMAP_FOREACH(session, m->sessions, i) {
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
|
|
|
p = session_bus_path(session);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_append(reply, "(susso)",
|
|
|
|
session->id,
|
|
|
|
(uint32_t) session->user->uid,
|
|
|
|
session->user->name,
|
|
|
|
session->seat ? session->seat->id : "",
|
|
|
|
p);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_bus_message_close_container(reply);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:58:30 +02:00
|
|
|
return sd_bus_send(NULL, reply, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_list_users(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
User *user;
|
|
|
|
Iterator i;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
r = sd_bus_message_new_method_return(message, &reply);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_open_container(reply, 'a', "(uso)");
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
HASHMAP_FOREACH(user, m->users, i) {
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
|
|
|
p = user_bus_path(user);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_append(reply, "(uso)",
|
|
|
|
(uint32_t) user->uid,
|
|
|
|
user->name,
|
|
|
|
p);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_bus_message_close_container(reply);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:58:30 +02:00
|
|
|
return sd_bus_send(NULL, reply, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_list_seats(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Seat *seat;
|
|
|
|
Iterator i;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
r = sd_bus_message_new_method_return(message, &reply);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_open_container(reply, 'a', "(so)");
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
HASHMAP_FOREACH(seat, m->seats, i) {
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
|
|
|
p = seat_bus_path(seat);
|
|
|
|
if (!p)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-05 01:20:52 +01:00
|
|
|
r = sd_bus_message_append(reply, "(so)", seat->id, p);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_bus_message_close_container(reply);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:58:30 +02:00
|
|
|
return sd_bus_send(NULL, reply, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_list_inhibitors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Inhibitor *inhibitor;
|
|
|
|
Iterator i;
|
|
|
|
int r;
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
r = sd_bus_message_new_method_return(message, &reply);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_open_container(reply, 'a', "(ssssuu)");
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
HASHMAP_FOREACH(inhibitor, m->inhibitors, i) {
|
|
|
|
|
2013-11-05 17:47:15 +01:00
|
|
|
r = sd_bus_message_append(reply, "(ssssuu)",
|
2013-11-05 01:10:21 +01:00
|
|
|
strempty(inhibit_what_to_string(inhibitor->what)),
|
|
|
|
strempty(inhibitor->who),
|
|
|
|
strempty(inhibitor->why),
|
|
|
|
strempty(inhibit_mode_to_string(inhibitor->mode)),
|
|
|
|
(uint32_t) inhibitor->uid,
|
|
|
|
(uint32_t) inhibitor->pid);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_bus_message_close_container(reply);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:58:30 +02:00
|
|
|
return sd_bus_send(NULL, reply, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_create_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2014-02-05 20:34:11 +01:00
|
|
|
const char *service, *type, *class, *cseat, *tty, *display, *remote_user, *remote_host, *desktop;
|
2018-03-29 12:50:50 +02:00
|
|
|
_cleanup_free_ char *id = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
Session *session = NULL;
|
2018-03-21 19:06:21 +01:00
|
|
|
uint32_t audit_id = 0;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
User *user = NULL;
|
|
|
|
Seat *seat = NULL;
|
2015-11-15 22:00:47 +01:00
|
|
|
pid_t leader;
|
|
|
|
uid_t uid;
|
2013-11-05 01:10:21 +01:00
|
|
|
int remote;
|
|
|
|
uint32_t vtnr = 0;
|
|
|
|
SessionType t;
|
|
|
|
SessionClass c;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2015-11-15 22:00:47 +01:00
|
|
|
assert_cc(sizeof(pid_t) == sizeof(uint32_t));
|
|
|
|
assert_cc(sizeof(uid_t) == sizeof(uint32_t));
|
|
|
|
|
2019-04-07 20:51:44 +02:00
|
|
|
r = sd_bus_message_read(message, "uusssssussbss",
|
|
|
|
&uid, &leader, &service, &type, &class, &desktop, &cseat,
|
|
|
|
&vtnr, &tty, &display, &remote, &remote_user, &remote_host);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-11-15 22:00:47 +01:00
|
|
|
if (!uid_is_valid(uid))
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid UID");
|
2018-03-21 19:06:21 +01:00
|
|
|
if (leader < 0 || leader == 1 || leader == getpid_cached())
|
2013-11-21 19:34:37 +01:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-04-09 22:18:16 +02:00
|
|
|
if (isempty(type))
|
|
|
|
t = _SESSION_TYPE_INVALID;
|
|
|
|
else {
|
|
|
|
t = session_type_from_string(type);
|
|
|
|
if (t < 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Invalid session type %s", type);
|
2013-04-09 22:18:16 +02:00
|
|
|
}
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2012-02-14 21:33:51 +01:00
|
|
|
if (isempty(class))
|
2013-04-09 22:18:16 +02:00
|
|
|
c = _SESSION_CLASS_INVALID;
|
|
|
|
else {
|
2012-02-14 21:33:51 +01:00
|
|
|
c = session_class_from_string(class);
|
2013-04-09 22:18:16 +02:00
|
|
|
if (c < 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Invalid session class %s", class);
|
2013-04-09 22:18:16 +02:00
|
|
|
}
|
2012-02-14 21:33:51 +01:00
|
|
|
|
2014-02-05 20:34:11 +01:00
|
|
|
if (isempty(desktop))
|
|
|
|
desktop = NULL;
|
|
|
|
else {
|
|
|
|
if (!string_is_safe(desktop))
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Invalid desktop string %s", desktop);
|
2014-02-05 20:34:11 +01:00
|
|
|
}
|
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
if (isempty(cseat))
|
|
|
|
seat = NULL;
|
2011-06-24 18:50:50 +02:00
|
|
|
else {
|
2013-03-05 03:29:54 +01:00
|
|
|
seat = hashmap_get(m->seats, cseat);
|
|
|
|
if (!seat)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_SEAT,
|
|
|
|
"No seat '%s' known", cseat);
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (tty_is_vc(tty)) {
|
2011-06-27 22:44:12 +02:00
|
|
|
int v;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
if (!seat)
|
2013-09-17 17:39:59 +02:00
|
|
|
seat = m->seat0;
|
|
|
|
else if (seat != m->seat0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"TTY %s is virtual console but seat %s is not seat0", tty, seat->id);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2011-06-27 22:44:12 +02:00
|
|
|
v = vtnr_from_tty(tty);
|
|
|
|
if (v <= 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Cannot determine VT number from virtual console TTY %s", tty);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2018-03-21 19:06:21 +01:00
|
|
|
if (vtnr == 0)
|
2011-06-27 22:44:12 +02:00
|
|
|
vtnr = (uint32_t) v;
|
|
|
|
else if (vtnr != (uint32_t) v)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Specified TTY and VT number do not match");
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2012-04-22 02:30:13 +02:00
|
|
|
} else if (tty_is_console(tty)) {
|
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
if (!seat)
|
2013-09-17 17:39:59 +02:00
|
|
|
seat = m->seat0;
|
|
|
|
else if (seat != m->seat0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Console TTY specified but seat is not seat0");
|
2012-04-22 02:30:13 +02:00
|
|
|
|
|
|
|
if (vtnr != 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Console TTY specified but VT number is not 0");
|
2012-10-28 17:37:16 +01:00
|
|
|
}
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
if (seat) {
|
2013-09-17 17:40:02 +02:00
|
|
|
if (seat_has_vts(seat)) {
|
2018-03-21 19:06:21 +01:00
|
|
|
if (vtnr <= 0 || vtnr > 63)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"VT number out of range");
|
2011-06-27 22:44:12 +02:00
|
|
|
} else {
|
2012-04-22 02:30:13 +02:00
|
|
|
if (vtnr != 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Seat has no VTs but VT number not 0");
|
2011-06-27 22:44:12 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-04-09 22:18:16 +02:00
|
|
|
if (t == _SESSION_TYPE_INVALID) {
|
|
|
|
if (!isempty(display))
|
|
|
|
t = SESSION_X11;
|
|
|
|
else if (!isempty(tty))
|
|
|
|
t = SESSION_TTY;
|
|
|
|
else
|
|
|
|
t = SESSION_UNSPECIFIED;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (c == _SESSION_CLASS_INVALID) {
|
2014-02-05 20:34:11 +01:00
|
|
|
if (t == SESSION_UNSPECIFIED)
|
2013-04-09 22:18:16 +02:00
|
|
|
c = SESSION_BACKGROUND;
|
2014-02-05 20:34:11 +01:00
|
|
|
else
|
|
|
|
c = SESSION_USER;
|
2013-04-09 22:18:16 +02:00
|
|
|
}
|
|
|
|
|
2015-11-15 22:00:47 +01:00
|
|
|
if (leader == 0) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2013-11-28 17:50:02 +01:00
|
|
|
|
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_creds_get_pid(creds, (pid_t*) &leader);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-06-20 03:45:08 +02:00
|
|
|
}
|
|
|
|
|
2019-04-07 20:51:44 +02:00
|
|
|
/* Check if we are already in a logind session. Or if we are in user@.service
|
|
|
|
* which is a special PAM session that avoids creating a logind session. */
|
2018-03-21 19:06:21 +01:00
|
|
|
r = manager_get_user_by_pid(m, leader, NULL);
|
2018-02-22 21:38:44 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2018-03-21 19:06:21 +01:00
|
|
|
if (r > 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY,
|
|
|
|
"Already running in a session or user slice");
|
2015-07-07 19:38:41 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Old gdm and lightdm start the user-session on the same VT as
|
|
|
|
* the greeter session. But they destroy the greeter session
|
|
|
|
* after the user-session and want the user-session to take
|
|
|
|
* over the VT. We need to support this for
|
|
|
|
* backwards-compatibility, so make sure we allow new sessions
|
2015-07-10 14:53:08 +02:00
|
|
|
* on a VT that a greeter is running on. Furthermore, to allow
|
|
|
|
* re-logins, we have to allow a greeter to take over a used VT for
|
|
|
|
* the exact same reasons.
|
2015-07-07 19:38:41 +02:00
|
|
|
*/
|
2015-07-10 14:53:08 +02:00
|
|
|
if (c != SESSION_GREETER &&
|
|
|
|
vtnr > 0 &&
|
2015-07-07 19:38:41 +02:00
|
|
|
vtnr < m->seat0->position_count &&
|
|
|
|
m->seat0->positions[vtnr] &&
|
|
|
|
m->seat0->positions[vtnr]->class != SESSION_GREETER)
|
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already occupied by a session");
|
2011-06-24 22:55:39 +02:00
|
|
|
|
2016-05-04 18:57:15 +02:00
|
|
|
if (hashmap_size(m->sessions) >= m->sessions_max)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED,
|
|
|
|
"Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.",
|
|
|
|
m->sessions_max);
|
2016-05-04 18:57:15 +02:00
|
|
|
|
2017-07-14 18:42:17 +02:00
|
|
|
(void) audit_session_from_pid(leader, &audit_id);
|
|
|
|
if (audit_session_is_valid(audit_id)) {
|
2013-03-05 03:29:54 +01:00
|
|
|
/* Keep our session IDs and the audit session IDs in sync */
|
2011-06-24 22:55:39 +02:00
|
|
|
|
2014-04-25 13:45:15 +02:00
|
|
|
if (asprintf(&id, "%"PRIu32, audit_id) < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2011-06-24 22:55:39 +02:00
|
|
|
|
2019-04-30 13:47:33 +02:00
|
|
|
/* Wut? There's already a session by this name and we didn't find it above? Weird, then let's
|
|
|
|
* not trust the audit data and let's better register a new ID */
|
|
|
|
if (hashmap_contains(m->sessions, id)) {
|
2018-03-21 19:06:21 +01:00
|
|
|
log_warning("Existing logind session ID %s used by new audit session, ignoring.", id);
|
2017-07-14 18:42:17 +02:00
|
|
|
audit_id = AUDIT_SESSION_INVALID;
|
2015-07-31 19:56:38 +02:00
|
|
|
id = mfree(id);
|
2011-06-24 20:46:22 +02:00
|
|
|
}
|
2013-03-05 03:29:54 +01:00
|
|
|
}
|
2011-06-24 20:46:22 +02:00
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
if (!id) {
|
2011-06-24 20:46:22 +02:00
|
|
|
do {
|
2015-07-31 19:56:38 +02:00
|
|
|
id = mfree(id);
|
2011-06-24 20:46:22 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (asprintf(&id, "c%lu", ++m->session_counter) < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2011-06-24 20:46:22 +02:00
|
|
|
|
2019-04-30 13:47:33 +02:00
|
|
|
} while (hashmap_contains(m->sessions, id));
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
/* The generated names should not clash with 'auto' or 'self' */
|
|
|
|
assert(!SESSION_IS_SELF(id));
|
|
|
|
assert(!SESSION_IS_AUTO(id));
|
|
|
|
|
2019-04-27 02:22:40 +02:00
|
|
|
/* If we are not watching utmp already, try again */
|
2018-08-07 13:49:34 +02:00
|
|
|
manager_reconnect_utmp(m);
|
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
r = manager_add_user_by_uid(m, uid, &user);
|
2013-11-21 19:34:37 +01:00
|
|
|
if (r < 0)
|
2013-03-05 03:29:54 +01:00
|
|
|
goto fail;
|
|
|
|
|
2013-06-20 03:45:08 +02:00
|
|
|
r = manager_add_session(m, id, &session);
|
2013-11-21 19:34:37 +01:00
|
|
|
if (r < 0)
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
|
2013-06-20 03:45:08 +02:00
|
|
|
session_set_user(session, user);
|
2019-02-14 02:59:13 +01:00
|
|
|
r = session_set_leader(session, leader);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
2013-06-20 03:45:08 +02:00
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
session->type = t;
|
2012-02-14 21:33:51 +01:00
|
|
|
session->class = c;
|
2011-06-24 18:50:50 +02:00
|
|
|
session->remote = remote;
|
|
|
|
session->vtnr = vtnr;
|
|
|
|
|
|
|
|
if (!isempty(tty)) {
|
|
|
|
session->tty = strdup(tty);
|
|
|
|
if (!session->tty) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = -ENOMEM;
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
2018-08-07 13:49:34 +02:00
|
|
|
|
|
|
|
session->tty_validity = TTY_FROM_PAM;
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!isempty(display)) {
|
|
|
|
session->display = strdup(display);
|
|
|
|
if (!session->display) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = -ENOMEM;
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isempty(remote_user)) {
|
|
|
|
session->remote_user = strdup(remote_user);
|
|
|
|
if (!session->remote_user) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = -ENOMEM;
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isempty(remote_host)) {
|
|
|
|
session->remote_host = strdup(remote_host);
|
|
|
|
if (!session->remote_host) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = -ENOMEM;
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isempty(service)) {
|
|
|
|
session->service = strdup(service);
|
|
|
|
if (!session->service) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = -ENOMEM;
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-05 20:34:11 +01:00
|
|
|
if (!isempty(desktop)) {
|
|
|
|
session->desktop = strdup(desktop);
|
|
|
|
if (!session->desktop) {
|
|
|
|
r = -ENOMEM;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-03-05 03:29:54 +01:00
|
|
|
if (seat) {
|
|
|
|
r = seat_attach_session(seat, session);
|
2013-11-21 19:34:37 +01:00
|
|
|
if (r < 0)
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2018-04-17 16:42:44 +02:00
|
|
|
r = sd_bus_message_enter_container(message, 'a', "(sv)");
|
|
|
|
if (r < 0)
|
2018-08-06 18:19:45 +02:00
|
|
|
goto fail;
|
2018-04-17 16:42:44 +02:00
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
r = session_start(session, message, error);
|
2018-04-17 16:42:44 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_message_exit_container(message);
|
2013-11-21 19:34:37 +01:00
|
|
|
if (r < 0)
|
2011-06-24 18:50:50 +02:00
|
|
|
goto fail;
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
session->create_message = sd_bus_message_ref(message);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2018-03-21 19:06:21 +01:00
|
|
|
/* Now, let's wait until the slice unit and stuff got created. We send the reply back from
|
2014-12-10 20:00:09 +01:00
|
|
|
* session_send_create_reply(). */
|
2013-07-26 17:32:19 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return 1;
|
2011-06-24 18:50:50 +02:00
|
|
|
|
|
|
|
fail:
|
|
|
|
if (session)
|
|
|
|
session_add_to_gc_queue(session);
|
|
|
|
|
|
|
|
if (user)
|
|
|
|
user_add_to_gc_queue(user);
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_release_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
const char *name;
|
|
|
|
int r;
|
2013-01-25 06:30:23 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-03-15 21:37:39 +01:00
|
|
|
r = session_release(session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_activate_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
const char *name;
|
|
|
|
int r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
2012-04-16 16:47:33 +02:00
|
|
|
assert(m);
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_session_method_activate(message, session, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_activate_session_on_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
const char *session_name, *seat_name;
|
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
Seat *seat;
|
|
|
|
int r;
|
|
|
|
|
2012-04-16 16:47:33 +02:00
|
|
|
assert(message);
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(m);
|
2012-04-16 16:47:33 +02:00
|
|
|
|
logind: make "self" and "auto" magic strings when operating on seats + sessions
Most of the operations one can do on sessions so far accepted an empty
session name as a shortcut for the caller's session. This is quite
useful traditionally, but much less useful than it used to be, since
most user code now (rightfully) runs in --user context, not in a
session.
With this change we tweak the logic a bit: we introduce the two special
session and seat names "self" and "auto". The former refers to the
session/seat the client is in, and is hence mostly equivalent to te
empty string "" as before. However, the latter refers to the
session/seat the client is in if that exists, with a fallback of the
user's display session if not. Clients can hence reference "auto"
instead of the empty string if they really don't want to think much
about sessions.
Why "self" btw? Previously, we'd already expose a special dbus object
with the path /org/freedesktop/login1/session/self (and similar for the
seat), matching what the empty string did for bus calls that took a
session name. With this scheme we reuse this identifier and introduce
"auto" in a similar way.
Of course this means real-life seats and sessions can never be named
"self" or "auto", but they aren't anyway: valid seat names have to start
with "seat" anyway, and sessions are generated server-side as either a
numeric value or "c" suffixed with a counter ID.
Fixes: #12399
2019-04-28 17:55:36 +02:00
|
|
|
/* Same as ActivateSession() but refuses to work if the seat doesn't match */
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "ss", &session_name, &seat_name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-05-05 00:34:48 +02:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, session_name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2012-09-19 13:10:10 +02:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_seat_from_creds(m, message, seat_name, error, &seat);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-01-25 06:30:23 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (session->seat != seat)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT,
|
|
|
|
"Session %s not on seat %s", session_name, seat_name);
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
r = session_activate(session);
|
2012-04-16 16:47:33 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_lock_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
const char *name;
|
|
|
|
int r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_session_method_lock(message, session, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_lock_sessions(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
int r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-02-18 12:55:25 +01:00
|
|
|
r = bus_verify_polkit_async(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.lock-sessions",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2015-02-18 12:55:25 +01:00
|
|
|
false,
|
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return 1; /* Will call us back */
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = session_send_lock_all(m, streq(sd_bus_message_get_member(message), "LockSessions"));
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_kill_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2015-02-18 12:55:25 +01:00
|
|
|
const char *name;
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2015-02-18 12:55:25 +01:00
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_session_method_kill(message, session, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_kill_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
uint32_t uid;
|
|
|
|
User *user;
|
|
|
|
int r;
|
2012-04-16 16:47:33 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2015-02-18 12:55:25 +01:00
|
|
|
r = sd_bus_message_read(message, "u", &uid);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_user_from_creds(m, message, uid, error, &user);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_user_method_kill(message, user, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_terminate_session(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
const char *name;
|
|
|
|
Session *session;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_session_from_creds(m, message, name, error, &session);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_session_method_terminate(message, session, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_terminate_user(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
uint32_t uid;
|
|
|
|
User *user;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "u", &uid);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_user_from_creds(m, message, uid, error, &user);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_user_method_terminate(message, user, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
const char *name;
|
|
|
|
Seat *seat;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &name);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:14:19 +01:00
|
|
|
r = manager_get_seat_from_creds(m, message, name, error, &seat);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
return bus_seat_method_terminate(message, seat, error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2017-09-15 18:35:02 +02:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *cc = NULL;
|
|
|
|
Manager *m = userdata;
|
2016-04-13 04:52:28 +02:00
|
|
|
int r, b, interactive;
|
2013-11-05 01:10:21 +01:00
|
|
|
struct passwd *pw;
|
|
|
|
const char *path;
|
2017-09-15 18:35:02 +02:00
|
|
|
uint32_t uid, auth_uid;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "ubb", &uid, &b, &interactive);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2017-09-15 18:35:02 +02:00
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID |
|
|
|
|
SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2015-01-09 16:14:19 +01:00
|
|
|
|
2017-09-15 18:35:02 +02:00
|
|
|
if (!uid_is_valid(uid)) {
|
|
|
|
/* Note that we get the owner UID of the session or user unit,
|
|
|
|
* not the actual client UID here! */
|
2015-01-09 16:14:19 +01:00
|
|
|
r = sd_bus_creds_get_owner_uid(creds, &uid);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2017-09-15 18:35:02 +02:00
|
|
|
}
|
2015-11-15 22:00:47 +01:00
|
|
|
|
2017-09-15 18:35:02 +02:00
|
|
|
/* owner_uid is racy, so for authorization we must use euid */
|
|
|
|
r = sd_bus_creds_get_euid(creds, &auth_uid);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2015-01-09 16:14:19 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
errno = 0;
|
|
|
|
pw = getpwuid(uid);
|
|
|
|
if (!pw)
|
2016-01-11 18:47:14 +01:00
|
|
|
return errno > 0 ? -errno : -ENOENT;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2014-08-18 17:44:17 +02:00
|
|
|
r = bus_verify_polkit_async(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
2017-09-15 18:35:02 +02:00
|
|
|
uid == auth_uid ? "org.freedesktop.login1.set-self-linger" :
|
|
|
|
"org.freedesktop.login1.set-user-linger",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2014-08-18 17:44:17 +02:00
|
|
|
interactive,
|
2015-02-18 12:55:25 +01:00
|
|
|
UID_INVALID,
|
2014-08-18 17:44:17 +02:00
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
2019-03-27 11:33:50 +01:00
|
|
|
(void) mkdir_p_label("/var/lib/systemd", 0755);
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, MKDIR_WARN_MODE);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
cc = cescape(pw->pw_name);
|
|
|
|
if (!cc)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-02-03 02:05:59 +01:00
|
|
|
path = strjoina("/var/lib/systemd/linger/", cc);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (b) {
|
|
|
|
User *u;
|
|
|
|
|
|
|
|
r = touch(path);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
if (manager_add_user_by_uid(m, uid, &u) >= 0)
|
|
|
|
user_start(u);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
User *u;
|
|
|
|
|
|
|
|
r = unlink(path);
|
|
|
|
if (r < 0 && errno != ENOENT)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -errno;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-01-09 16:25:47 +01:00
|
|
|
u = hashmap_get(m->users, UID_TO_PTR(uid));
|
2013-11-05 01:10:21 +01:00
|
|
|
if (u)
|
|
|
|
user_add_to_gc_queue(u);
|
|
|
|
}
|
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2012-04-16 16:47:33 +02:00
|
|
|
}
|
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
static int trigger_device(Manager *m, sd_device *d) {
|
|
|
|
_cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
|
2011-06-29 03:12:23 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
r = sd_device_enumerator_new(&e);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_device_enumerator_allow_uninitialized(e);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2011-06-29 03:12:23 +02:00
|
|
|
|
2011-07-13 21:49:21 +02:00
|
|
|
if (d) {
|
2018-08-22 07:53:51 +02:00
|
|
|
r = sd_device_enumerator_add_match_parent(e, d);
|
2013-12-18 17:13:42 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2011-07-13 21:49:21 +02:00
|
|
|
}
|
|
|
|
|
2018-08-28 09:05:35 +02:00
|
|
|
FOREACH_DEVICE(e, d) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *t = NULL;
|
2011-06-29 03:12:23 +02:00
|
|
|
const char *p;
|
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
r = sd_device_get_syspath(d, &p);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2011-06-29 03:12:23 +02:00
|
|
|
|
|
|
|
t = strappend(p, "/uevent");
|
2013-12-18 17:13:42 +01:00
|
|
|
if (!t)
|
|
|
|
return -ENOMEM;
|
2011-06-29 03:12:23 +02:00
|
|
|
|
2018-11-06 13:00:07 +01:00
|
|
|
(void) write_string_file(t, "change", WRITE_STRING_FILE_DISABLE_BUFFER);
|
2011-06-29 03:12:23 +02:00
|
|
|
}
|
|
|
|
|
2013-12-18 17:13:42 +01:00
|
|
|
return 0;
|
2011-06-29 03:12:23 +02:00
|
|
|
}
|
|
|
|
|
2011-06-28 20:50:43 +02:00
|
|
|
static int attach_device(Manager *m, const char *seat, const char *sysfs) {
|
2018-08-22 07:53:51 +02:00
|
|
|
_cleanup_(sd_device_unrefp) sd_device *d = NULL;
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_free_ char *rule = NULL, *file = NULL;
|
2011-06-28 21:54:52 +02:00
|
|
|
const char *id_for_seat;
|
2011-06-28 20:50:43 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(seat);
|
|
|
|
assert(sysfs);
|
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
r = sd_device_new_from_syspath(&d, sysfs);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
if (sd_device_has_tag(d, "seat") <= 0)
|
2013-12-18 17:13:42 +01:00
|
|
|
return -ENODEV;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
if (sd_device_get_property_value(d, "ID_FOR_SEAT", &id_for_seat) < 0)
|
2013-12-18 17:13:42 +01:00
|
|
|
return -ENODEV;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-12-18 17:13:42 +01:00
|
|
|
if (asprintf(&file, "/etc/udev/rules.d/72-seat-%s.rules", id_for_seat) < 0)
|
|
|
|
return -ENOMEM;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-12-18 17:13:42 +01:00
|
|
|
if (asprintf(&rule, "TAG==\"seat\", ENV{ID_FOR_SEAT}==\"%s\", ENV{ID_SEAT}=\"%s\"", id_for_seat, seat) < 0)
|
|
|
|
return -ENOMEM;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2018-08-22 07:53:51 +02:00
|
|
|
(void) mkdir_p_label("/etc/udev/rules.d", 0755);
|
2013-04-02 20:31:42 +02:00
|
|
|
r = write_string_file_atomic_label(file, rule);
|
2011-06-28 23:03:56 +02:00
|
|
|
if (r < 0)
|
2013-12-18 17:13:42 +01:00
|
|
|
return r;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-12-18 17:13:42 +01:00
|
|
|
return trigger_device(m, d);
|
2011-06-28 20:50:43 +02:00
|
|
|
}
|
|
|
|
|
2011-06-29 03:12:23 +02:00
|
|
|
static int flush_devices(Manager *m) {
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_closedir_ DIR *d;
|
2011-06-29 03:12:23 +02:00
|
|
|
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
d = opendir("/etc/udev/rules.d");
|
|
|
|
if (!d) {
|
|
|
|
if (errno != ENOENT)
|
2014-11-28 19:29:59 +01:00
|
|
|
log_warning_errno(errno, "Failed to open /etc/udev/rules.d: %m");
|
2011-06-29 03:12:23 +02:00
|
|
|
} else {
|
|
|
|
struct dirent *de;
|
|
|
|
|
2016-12-09 10:04:30 +01:00
|
|
|
FOREACH_DIRENT_ALL(de, d, break) {
|
2011-06-29 03:12:23 +02:00
|
|
|
if (!dirent_is_file(de))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (!startswith(de->d_name, "72-seat-"))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (!endswith(de->d_name, ".rules"))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (unlinkat(dirfd(d), de->d_name, 0) < 0)
|
2014-11-28 19:29:59 +01:00
|
|
|
log_warning_errno(errno, "Failed to unlink %s: %m", de->d_name);
|
2011-06-29 03:12:23 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return trigger_device(m, NULL);
|
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_attach_device(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
const char *sysfs, *seat;
|
|
|
|
Manager *m = userdata;
|
|
|
|
int interactive, r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "ssb", &seat, &sysfs, &interactive);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2019-04-30 13:47:52 +02:00
|
|
|
if (!path_is_normalized(sysfs))
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not normalized", sysfs);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (!path_startswith(sysfs, "/sys"))
|
2013-11-21 19:34:37 +01:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not in /sys", sysfs);
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
if (!seat_name_is_valid(seat))
|
2013-11-21 19:34:37 +01:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Seat %s is not valid", seat);
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2014-08-18 17:44:17 +02:00
|
|
|
r = bus_verify_polkit_async(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.attach-device",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2014-08-18 17:44:17 +02:00
|
|
|
interactive,
|
2015-02-18 12:55:25 +01:00
|
|
|
UID_INVALID,
|
2014-08-18 17:44:17 +02:00
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
|
|
|
r = attach_device(m, seat, sysfs);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_flush_devices(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
int interactive, r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "b", &interactive);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2014-08-18 17:44:17 +02:00
|
|
|
r = bus_verify_polkit_async(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.flush-devices",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2014-08-18 17:44:17 +02:00
|
|
|
interactive,
|
2015-02-18 12:55:25 +01:00
|
|
|
UID_INVALID,
|
2014-08-18 17:44:17 +02:00
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
|
|
|
r = flush_devices(m);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2012-02-11 00:13:10 +01:00
|
|
|
static int have_multiple_sessions(
|
|
|
|
Manager *m,
|
2012-09-21 11:57:48 +02:00
|
|
|
uid_t uid) {
|
2012-02-11 00:13:10 +01:00
|
|
|
|
2012-06-12 09:31:43 +02:00
|
|
|
Session *session;
|
|
|
|
Iterator i;
|
2012-02-11 00:13:10 +01:00
|
|
|
|
|
|
|
assert(m);
|
|
|
|
|
2013-01-14 21:40:38 +01:00
|
|
|
/* Check for other users' sessions. Greeter sessions do not
|
|
|
|
* count, and non-login sessions do not count either. */
|
2012-06-12 09:31:43 +02:00
|
|
|
HASHMAP_FOREACH(session, m->sessions, i)
|
2013-01-14 21:40:38 +01:00
|
|
|
if (session->class == SESSION_USER &&
|
|
|
|
session->user->uid != uid)
|
2012-06-12 09:31:43 +02:00
|
|
|
return true;
|
2012-02-11 00:13:10 +01:00
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-01-25 06:30:23 +01:00
|
|
|
static int bus_manager_log_shutdown(
|
|
|
|
Manager *m,
|
|
|
|
const char *unit_name) {
|
|
|
|
|
2015-09-04 10:34:47 +02:00
|
|
|
const char *p, *q;
|
2013-01-25 06:30:23 +01:00
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(unit_name);
|
|
|
|
|
|
|
|
if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) {
|
2015-09-28 17:44:28 +02:00
|
|
|
p = "MESSAGE=System is powering down";
|
2013-01-25 06:30:23 +01:00
|
|
|
q = "SHUTDOWN=power-off";
|
|
|
|
} else if (streq(unit_name, SPECIAL_REBOOT_TARGET)) {
|
2015-09-28 17:44:28 +02:00
|
|
|
p = "MESSAGE=System is rebooting";
|
2013-01-25 06:30:23 +01:00
|
|
|
q = "SHUTDOWN=reboot";
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
} else if (streq(unit_name, SPECIAL_HALT_TARGET)) {
|
|
|
|
p = "MESSAGE=System is halting";
|
|
|
|
q = "SHUTDOWN=halt";
|
2013-01-25 06:30:23 +01:00
|
|
|
} else if (streq(unit_name, SPECIAL_KEXEC_TARGET)) {
|
2015-09-28 17:44:28 +02:00
|
|
|
p = "MESSAGE=System is rebooting with kexec";
|
2013-01-25 06:30:23 +01:00
|
|
|
q = "SHUTDOWN=kexec";
|
|
|
|
} else {
|
2015-09-28 17:44:28 +02:00
|
|
|
p = "MESSAGE=System is shutting down";
|
2013-01-25 06:30:23 +01:00
|
|
|
q = NULL;
|
|
|
|
}
|
|
|
|
|
2015-09-28 17:44:28 +02:00
|
|
|
if (isempty(m->wall_message))
|
|
|
|
p = strjoina(p, ".");
|
|
|
|
else
|
|
|
|
p = strjoina(p, " (", m->wall_message, ").");
|
2015-08-24 14:54:22 +02:00
|
|
|
|
2014-11-28 02:05:14 +01:00
|
|
|
return log_struct(LOG_NOTICE,
|
tree-wide: add SD_ID128_MAKE_STR, remove LOG_MESSAGE_ID
Embedding sd_id128_t's in constant strings was rather cumbersome. We had
SD_ID128_CONST_STR which returned a const char[], but it had two problems:
- it wasn't possible to statically concatanate this array with a normal string
- gcc wasn't really able to optimize this, and generated code to perform the
"conversion" at runtime.
Because of this, even our own code in coredumpctl wasn't using
SD_ID128_CONST_STR.
Add a new macro to generate a constant string: SD_ID128_MAKE_STR.
It is not as elegant as SD_ID128_CONST_STR, because it requires a repetition
of the numbers, but in practice it is more convenient to use, and allows gcc
to generate smarter code:
$ size .libs/systemd{,-logind,-journald}{.old,}
text data bss dec hex filename
1265204 149564 4808 1419576 15a938 .libs/systemd.old
1260268 149564 4808 1414640 1595f0 .libs/systemd
246805 13852 209 260866 3fb02 .libs/systemd-logind.old
240973 13852 209 255034 3e43a .libs/systemd-logind
146839 4984 34 151857 25131 .libs/systemd-journald.old
146391 4984 34 151409 24f71 .libs/systemd-journald
It is also much easier to check if a certain binary uses a certain MESSAGE_ID:
$ strings .libs/systemd.old|grep MESSAGE_ID
MESSAGE_ID=%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
MESSAGE_ID=%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
MESSAGE_ID=%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
MESSAGE_ID=%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
$ strings .libs/systemd|grep MESSAGE_ID
MESSAGE_ID=c7a787079b354eaaa9e77b371893cd27
MESSAGE_ID=b07a249cd024414a82dd00cd181378ff
MESSAGE_ID=641257651c1b4ec9a8624d7a40a9e1e7
MESSAGE_ID=de5b426a63be47a7b6ac3eaac82e2f6f
MESSAGE_ID=d34d037fff1847e6ae669a370e694725
MESSAGE_ID=7d4958e842da4a758f6c1cdc7b36dcc5
MESSAGE_ID=1dee0369c7fc4736b7099b38ecb46ee7
MESSAGE_ID=39f53479d3a045ac8e11786248231fbf
MESSAGE_ID=be02cf6855d2428ba40df7e9d022f03d
MESSAGE_ID=7b05ebc668384222baa8881179cfda54
MESSAGE_ID=9d1aaa27d60140bd96365438aad20286
2016-11-06 18:48:23 +01:00
|
|
|
"MESSAGE_ID=" SD_MESSAGE_SHUTDOWN_STR,
|
2013-01-25 06:30:23 +01:00
|
|
|
p,
|
2018-06-04 12:59:22 +02:00
|
|
|
q);
|
2013-01-25 06:30:23 +01:00
|
|
|
}
|
|
|
|
|
2014-03-11 22:38:54 +01:00
|
|
|
static int lid_switch_ignore_handler(sd_event_source *e, uint64_t usec, void *userdata) {
|
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
assert(e);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
m->lid_switch_ignore_event_source = sd_event_source_unref(m->lid_switch_ignore_event_source);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int manager_set_lid_switch_ignore(Manager *m, usec_t until) {
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
if (until <= now(CLOCK_MONOTONIC))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* We want to ignore the lid switch for a while after each
|
|
|
|
* suspend, and after boot-up. Hence let's install a timer for
|
|
|
|
* this. As long as the event source exists we ignore the lid
|
|
|
|
* switch. */
|
|
|
|
|
|
|
|
if (m->lid_switch_ignore_event_source) {
|
|
|
|
usec_t u;
|
|
|
|
|
|
|
|
r = sd_event_source_get_time(m->lid_switch_ignore_event_source, &u);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (until <= u)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
r = sd_event_source_set_time(m->lid_switch_ignore_event_source, until);
|
|
|
|
} else
|
2014-03-24 02:49:09 +01:00
|
|
|
r = sd_event_add_time(
|
|
|
|
m->event,
|
|
|
|
&m->lid_switch_ignore_event_source,
|
|
|
|
CLOCK_MONOTONIC,
|
|
|
|
until, 0,
|
|
|
|
lid_switch_ignore_handler, m);
|
2014-03-11 22:38:54 +01:00
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2017-08-24 11:33:24 +02:00
|
|
|
static int send_prepare_for(Manager *m, InhibitWhat w, bool _active) {
|
|
|
|
int active = _active;
|
|
|
|
|
|
|
|
assert(m);
|
2019-01-07 18:43:00 +01:00
|
|
|
assert(IN_SET(w, INHIBIT_SHUTDOWN, INHIBIT_SLEEP));
|
2017-08-24 11:33:24 +02:00
|
|
|
|
|
|
|
return sd_bus_emit_signal(m->bus,
|
|
|
|
"/org/freedesktop/login1",
|
|
|
|
"org.freedesktop.login1.Manager",
|
2019-01-07 18:43:00 +01:00
|
|
|
w == INHIBIT_SHUTDOWN ? "PrepareForShutdown" : "PrepareForSleep",
|
2017-08-24 11:33:24 +02:00
|
|
|
"b",
|
|
|
|
active);
|
|
|
|
}
|
|
|
|
|
2013-01-25 06:30:23 +01:00
|
|
|
static int execute_shutdown_or_sleep(
|
|
|
|
Manager *m,
|
|
|
|
InhibitWhat w,
|
|
|
|
const char *unit_name,
|
2013-11-05 01:10:21 +01:00
|
|
|
sd_bus_error *error) {
|
2013-01-25 06:30:23 +01:00
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
const char *p;
|
|
|
|
int r;
|
2012-05-05 00:34:48 +02:00
|
|
|
|
2013-01-24 04:56:44 +01:00
|
|
|
assert(m);
|
2017-08-24 16:21:21 +02:00
|
|
|
assert(w > 0);
|
2013-01-25 06:30:23 +01:00
|
|
|
assert(w < _INHIBIT_WHAT_MAX);
|
2012-05-08 19:02:25 +02:00
|
|
|
assert(unit_name);
|
2012-05-05 00:34:48 +02:00
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
if (w == INHIBIT_SHUTDOWN)
|
|
|
|
bus_manager_log_shutdown(m, unit_name);
|
2013-01-25 06:30:23 +01:00
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
r = sd_bus_call_method(
|
|
|
|
m->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
"/org/freedesktop/systemd1",
|
|
|
|
"org.freedesktop.systemd1.Manager",
|
|
|
|
"StartUnit",
|
|
|
|
error,
|
|
|
|
&reply,
|
|
|
|
"ss", unit_name, "replace-irreversibly");
|
|
|
|
if (r < 0)
|
2017-08-24 11:33:24 +02:00
|
|
|
goto error;
|
2013-01-24 04:56:44 +01:00
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
r = sd_bus_message_read(reply, "o", &p);
|
|
|
|
if (r < 0)
|
2017-08-24 11:33:24 +02:00
|
|
|
goto error;
|
2013-01-24 04:56:44 +01:00
|
|
|
|
2019-01-07 18:41:15 +01:00
|
|
|
r = free_and_strdup(&m->action_job, p);
|
|
|
|
if (r < 0)
|
2017-08-24 11:33:24 +02:00
|
|
|
goto error;
|
2013-01-24 04:56:44 +01:00
|
|
|
|
2013-01-25 06:30:23 +01:00
|
|
|
m->action_unit = unit_name;
|
|
|
|
m->action_what = w;
|
2013-01-24 04:56:44 +01:00
|
|
|
|
2014-03-03 20:49:33 +01:00
|
|
|
/* Make sure the lid switch is ignored for a while */
|
2015-03-06 14:37:09 +01:00
|
|
|
manager_set_lid_switch_ignore(m, now(CLOCK_MONOTONIC) + m->holdoff_timeout_usec);
|
2014-03-03 20:49:33 +01:00
|
|
|
|
2013-01-24 04:56:44 +01:00
|
|
|
return 0;
|
2017-08-24 11:33:24 +02:00
|
|
|
|
|
|
|
error:
|
|
|
|
/* Tell people that they now may take a lock again */
|
2017-11-27 08:15:07 +01:00
|
|
|
(void) send_prepare_for(m, w, false);
|
2017-08-24 11:33:24 +02:00
|
|
|
|
|
|
|
return r;
|
2012-05-05 00:34:48 +02:00
|
|
|
}
|
|
|
|
|
2015-06-08 22:58:50 +02:00
|
|
|
int manager_dispatch_delayed(Manager *manager, bool timeout) {
|
2015-04-11 18:44:51 +02:00
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
2015-04-11 18:44:51 +02:00
|
|
|
Inhibitor *offending = NULL;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
|
|
|
|
if (manager->action_what == 0 || manager->action_job)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (manager_is_inhibited(manager, manager->action_what, INHIBIT_DELAY, NULL, false, false, 0, &offending)) {
|
|
|
|
_cleanup_free_ char *comm = NULL, *u = NULL;
|
|
|
|
|
2015-06-08 22:58:50 +02:00
|
|
|
if (!timeout)
|
|
|
|
return 0;
|
|
|
|
|
2015-04-11 18:44:51 +02:00
|
|
|
(void) get_process_comm(offending->pid, &comm);
|
|
|
|
u = uid_to_name(offending->uid);
|
|
|
|
|
|
|
|
log_notice("Delay lock is active (UID "UID_FMT"/%s, PID "PID_FMT"/%s) but inhibitor timeout is reached.",
|
|
|
|
offending->uid, strna(u),
|
|
|
|
offending->pid, strna(comm));
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Actually do the operation */
|
|
|
|
r = execute_shutdown_or_sleep(manager, manager->action_what, manager->action_unit, &error);
|
|
|
|
if (r < 0) {
|
2017-08-24 11:33:24 +02:00
|
|
|
log_warning("Error during inhibitor-delayed operation (already returned success to client): %s",
|
|
|
|
bus_error_message(&error, r));
|
2015-04-11 18:44:51 +02:00
|
|
|
|
|
|
|
manager->action_unit = NULL;
|
|
|
|
manager->action_what = 0;
|
2015-06-08 22:58:50 +02:00
|
|
|
return r;
|
2015-04-11 18:44:51 +02:00
|
|
|
}
|
|
|
|
|
2015-06-08 22:58:50 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int manager_inhibit_timeout_handler(
|
|
|
|
sd_event_source *s,
|
|
|
|
uint64_t usec,
|
|
|
|
void *userdata) {
|
|
|
|
|
|
|
|
Manager *manager = userdata;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(manager->inhibit_timeout_source == s);
|
|
|
|
|
|
|
|
r = manager_dispatch_delayed(manager, true);
|
|
|
|
return (r < 0) ? r : 0;
|
2015-04-11 18:44:51 +02:00
|
|
|
}
|
|
|
|
|
2013-01-25 06:30:23 +01:00
|
|
|
static int delay_shutdown_or_sleep(
|
|
|
|
Manager *m,
|
|
|
|
InhibitWhat w,
|
|
|
|
const char *unit_name) {
|
2012-05-05 00:34:48 +02:00
|
|
|
|
2015-04-11 18:44:51 +02:00
|
|
|
int r;
|
|
|
|
usec_t timeout_val;
|
|
|
|
|
2012-05-05 00:34:48 +02:00
|
|
|
assert(m);
|
2012-05-08 19:02:25 +02:00
|
|
|
assert(w >= 0);
|
|
|
|
assert(w < _INHIBIT_WHAT_MAX);
|
2013-01-25 06:30:23 +01:00
|
|
|
assert(unit_name);
|
2012-05-05 00:34:48 +02:00
|
|
|
|
2015-04-11 18:44:51 +02:00
|
|
|
timeout_val = now(CLOCK_MONOTONIC) + m->inhibit_delay_max;
|
|
|
|
|
|
|
|
if (m->inhibit_timeout_source) {
|
|
|
|
r = sd_event_source_set_time(m->inhibit_timeout_source, timeout_val);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_source_set_time() failed: %m");
|
2015-04-11 18:44:51 +02:00
|
|
|
|
|
|
|
r = sd_event_source_set_enabled(m->inhibit_timeout_source, SD_EVENT_ONESHOT);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
|
2015-04-11 18:44:51 +02:00
|
|
|
} else {
|
|
|
|
r = sd_event_add_time(m->event, &m->inhibit_timeout_source, CLOCK_MONOTONIC,
|
|
|
|
timeout_val, 0, manager_inhibit_timeout_handler, m);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2013-01-25 06:30:23 +01:00
|
|
|
m->action_unit = unit_name;
|
|
|
|
m->action_what = w;
|
2012-05-08 19:02:25 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-05-30 15:01:51 +02:00
|
|
|
int bus_manager_shutdown_or_sleep_now_or_later(
|
|
|
|
Manager *m,
|
|
|
|
const char *unit_name,
|
|
|
|
InhibitWhat w,
|
2013-11-05 01:10:21 +01:00
|
|
|
sd_bus_error *error) {
|
2012-05-30 15:01:51 +02:00
|
|
|
|
2018-04-10 13:15:00 +02:00
|
|
|
_cleanup_free_ char *load_state = NULL;
|
2012-05-30 15:01:51 +02:00
|
|
|
bool delayed;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(unit_name);
|
2017-08-24 16:21:21 +02:00
|
|
|
assert(w > 0);
|
2019-01-07 18:40:33 +01:00
|
|
|
assert(w < _INHIBIT_WHAT_MAX);
|
2013-01-24 04:56:44 +01:00
|
|
|
assert(!m->action_job);
|
2012-05-30 15:01:51 +02:00
|
|
|
|
2018-04-10 13:15:00 +02:00
|
|
|
r = unit_load_state(m->bus, unit_name, &load_state);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2018-11-20 23:40:44 +01:00
|
|
|
if (!streq(load_state, "loaded"))
|
|
|
|
return log_notice_errno(SYNTHETIC_ERRNO(EACCES),
|
|
|
|
"Unit %s is %s, refusing operation.",
|
|
|
|
unit_name, load_state);
|
2018-04-10 13:15:00 +02:00
|
|
|
|
2013-01-25 06:30:23 +01:00
|
|
|
/* Tell everybody to prepare for shutdown/sleep */
|
2017-11-27 08:15:07 +01:00
|
|
|
(void) send_prepare_for(m, w, true);
|
2013-01-25 06:30:23 +01:00
|
|
|
|
2012-05-30 15:01:51 +02:00
|
|
|
delayed =
|
|
|
|
m->inhibit_delay_max > 0 &&
|
2013-11-27 02:38:06 +01:00
|
|
|
manager_is_inhibited(m, w, INHIBIT_DELAY, NULL, false, false, 0, NULL);
|
2012-05-30 15:01:51 +02:00
|
|
|
|
|
|
|
if (delayed)
|
|
|
|
/* Shutdown is delayed, keep in mind what we
|
|
|
|
* want to do, and start a timeout */
|
|
|
|
r = delay_shutdown_or_sleep(m, w, unit_name);
|
2013-01-25 06:30:23 +01:00
|
|
|
else
|
2012-05-30 15:01:51 +02:00
|
|
|
/* Shutdown is not delayed, execute it
|
|
|
|
* immediately */
|
2013-01-25 06:30:23 +01:00
|
|
|
r = execute_shutdown_or_sleep(m, w, unit_name, error);
|
2012-05-30 15:01:51 +02:00
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2015-04-20 15:19:26 +02:00
|
|
|
static int verify_shutdown_creds(
|
2012-05-08 19:02:25 +02:00
|
|
|
Manager *m,
|
2013-11-05 01:10:21 +01:00
|
|
|
sd_bus_message *message,
|
2012-05-08 19:02:25 +02:00
|
|
|
InhibitWhat w,
|
2015-04-20 15:19:26 +02:00
|
|
|
bool interactive,
|
2012-05-08 19:02:25 +02:00
|
|
|
const char *action,
|
|
|
|
const char *action_multiple_sessions,
|
|
|
|
const char *action_ignore_inhibit,
|
2013-11-21 19:34:37 +01:00
|
|
|
sd_bus_error *error) {
|
2012-05-08 19:02:25 +02:00
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2012-05-30 15:01:51 +02:00
|
|
|
bool multiple_sessions, blocked;
|
2013-11-05 01:10:21 +01:00
|
|
|
uid_t uid;
|
2015-04-20 15:19:26 +02:00
|
|
|
int r;
|
2012-05-08 19:02:25 +02:00
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
assert(w >= 0);
|
|
|
|
assert(w <= _INHIBIT_WHAT_MAX);
|
2012-10-28 00:49:04 +02:00
|
|
|
|
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
|
2013-11-28 17:50:02 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
|
|
|
r = sd_bus_creds_get_euid(creds, &uid);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-09-21 11:57:48 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = have_multiple_sessions(m, uid);
|
2012-05-08 19:02:25 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-05-08 19:02:25 +02:00
|
|
|
|
|
|
|
multiple_sessions = r > 0;
|
2013-11-27 02:38:06 +01:00
|
|
|
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
|
2012-05-08 19:02:25 +02:00
|
|
|
|
2015-04-20 15:19:26 +02:00
|
|
|
if (multiple_sessions && action_multiple_sessions) {
|
2015-09-05 16:07:16 +02:00
|
|
|
r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
|
2012-05-08 19:02:25 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2014-03-10 13:25:15 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
2012-05-08 19:02:25 +02:00
|
|
|
}
|
|
|
|
|
2015-04-20 15:19:26 +02:00
|
|
|
if (blocked && action_ignore_inhibit) {
|
2015-09-05 16:07:16 +02:00
|
|
|
r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
|
2012-05-08 19:02:25 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2014-03-10 13:25:15 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
2012-05-08 19:02:25 +02:00
|
|
|
}
|
|
|
|
|
2015-04-20 15:19:26 +02:00
|
|
|
if (!multiple_sessions && !blocked && action) {
|
2015-09-05 16:07:16 +02:00
|
|
|
r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
|
2012-05-08 19:02:25 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2014-03-10 13:25:15 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
2012-05-08 19:02:25 +02:00
|
|
|
}
|
|
|
|
|
2015-04-20 15:19:26 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_do_shutdown_or_sleep(
|
|
|
|
Manager *m,
|
|
|
|
sd_bus_message *message,
|
|
|
|
const char *unit_name,
|
|
|
|
InhibitWhat w,
|
|
|
|
const char *action,
|
|
|
|
const char *action_multiple_sessions,
|
|
|
|
const char *action_ignore_inhibit,
|
|
|
|
const char *sleep_verb,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
int interactive, r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
assert(unit_name);
|
|
|
|
assert(w >= 0);
|
|
|
|
assert(w <= _INHIBIT_WHAT_MAX);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "b", &interactive);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
/* Don't allow multiple jobs being executed at the same time */
|
2019-01-07 18:39:31 +01:00
|
|
|
if (m->action_what > 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS,
|
|
|
|
"There's already a shutdown or sleep operation in progress");
|
2015-04-20 15:19:26 +02:00
|
|
|
|
|
|
|
if (sleep_verb) {
|
|
|
|
r = can_sleep(sleep_verb);
|
2018-04-11 08:51:06 +02:00
|
|
|
if (r == -ENOSPC)
|
2018-12-21 11:01:34 +01:00
|
|
|
return sd_bus_error_set(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED,
|
|
|
|
"Not enough swap space for hibernation");
|
2018-04-11 08:51:06 +02:00
|
|
|
if (r == 0)
|
2018-12-21 11:01:34 +01:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED,
|
|
|
|
"Sleep verb \"%s\" not supported", sleep_verb);
|
2015-04-20 15:19:26 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = verify_shutdown_creds(m, message, w, interactive, action, action_multiple_sessions,
|
|
|
|
action_ignore_inhibit, error);
|
|
|
|
if (r != 0)
|
|
|
|
return r;
|
|
|
|
|
2013-11-21 19:34:37 +01:00
|
|
|
r = bus_manager_shutdown_or_sleep_now_or_later(m, unit_name, w, error);
|
2012-05-08 19:02:25 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2012-05-08 19:02:25 +02:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
2012-05-05 00:34:48 +02:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2011-05-26 02:21:16 +02:00
|
|
|
Manager *m = userdata;
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
SPECIAL_POWEROFF_TARGET,
|
|
|
|
INHIBIT_SHUTDOWN,
|
|
|
|
"org.freedesktop.login1.power-off",
|
|
|
|
"org.freedesktop.login1.power-off-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.power-off-ignore-inhibit",
|
|
|
|
NULL,
|
2013-11-21 19:34:37 +01:00
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-07-09 02:58:05 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-07-09 02:58:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
SPECIAL_REBOOT_TARGET,
|
|
|
|
INHIBIT_SHUTDOWN,
|
|
|
|
"org.freedesktop.login1.reboot",
|
|
|
|
"org.freedesktop.login1.reboot-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.reboot-ignore-inhibit",
|
|
|
|
NULL,
|
2013-11-21 19:34:37 +01:00
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-07-09 02:58:05 +02:00
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
static int method_halt(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
SPECIAL_HALT_TARGET,
|
|
|
|
INHIBIT_SHUTDOWN,
|
|
|
|
"org.freedesktop.login1.halt",
|
|
|
|
"org.freedesktop.login1.halt-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.halt-ignore-inhibit",
|
|
|
|
NULL,
|
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-07-09 02:58:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
SPECIAL_SUSPEND_TARGET,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.suspend",
|
|
|
|
"org.freedesktop.login1.suspend-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.suspend-ignore-inhibit",
|
|
|
|
"suspend",
|
2013-11-21 19:34:37 +01:00
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-07-09 02:58:05 +02:00
|
|
|
|
2017-10-02 16:08:49 +02:00
|
|
|
static int method_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
SPECIAL_HIBERNATE_TARGET,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.hibernate",
|
|
|
|
"org.freedesktop.login1.hibernate-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.hibernate-ignore-inhibit",
|
|
|
|
"hibernate",
|
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
SPECIAL_HYBRID_SLEEP_TARGET,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.hibernate",
|
|
|
|
"org.freedesktop.login1.hibernate-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.hibernate-ignore-inhibit",
|
|
|
|
"hybrid-sleep",
|
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
2018-03-28 18:00:06 +02:00
|
|
|
static int method_suspend_then_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2018-03-08 14:17:33 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
return method_do_shutdown_or_sleep(
|
|
|
|
m, message,
|
2018-03-28 18:00:06 +02:00
|
|
|
SPECIAL_SUSPEND_THEN_HIBERNATE_TARGET,
|
2018-03-08 14:17:33 +01:00
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.hibernate",
|
|
|
|
"org.freedesktop.login1.hibernate-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.hibernate-ignore-inhibit",
|
|
|
|
"hybrid-sleep",
|
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
2015-04-23 17:11:28 +02:00
|
|
|
static int nologin_timeout_handler(
|
|
|
|
sd_event_source *s,
|
|
|
|
uint64_t usec,
|
|
|
|
void *userdata) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
log_info("Creating /run/nologin, blocking further logins...");
|
|
|
|
|
2018-02-22 14:21:30 +01:00
|
|
|
m->unlink_nologin =
|
|
|
|
create_shutdown_run_nologin_or_warn() >= 0;
|
2015-04-23 17:11:28 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int update_schedule_file(Manager *m) {
|
2015-09-05 20:24:08 +02:00
|
|
|
_cleanup_free_ char *temp_path = NULL;
|
2015-04-23 17:11:28 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2015-09-05 20:24:08 +02:00
|
|
|
int r;
|
2015-04-23 17:11:28 +02:00
|
|
|
|
|
|
|
assert(m);
|
|
|
|
|
tree-wide: warn when a directory path already exists but has bad mode/owner/type
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
2018-03-22 13:03:41 +01:00
|
|
|
r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, MKDIR_WARN_MODE);
|
2015-04-23 17:11:28 +02:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
|
|
|
|
|
|
|
|
r = fopen_temporary("/run/systemd/shutdown/scheduled", &f, &temp_path);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to save information about scheduled shutdowns: %m");
|
|
|
|
|
|
|
|
(void) fchmod(fileno(f), 0644);
|
|
|
|
|
|
|
|
fprintf(f,
|
|
|
|
"USEC="USEC_FMT"\n"
|
|
|
|
"WARN_WALL=%i\n"
|
|
|
|
"MODE=%s\n",
|
|
|
|
m->scheduled_shutdown_timeout,
|
|
|
|
m->enable_wall_messages,
|
|
|
|
m->scheduled_shutdown_type);
|
|
|
|
|
2015-09-05 20:24:08 +02:00
|
|
|
if (!isempty(m->wall_message)) {
|
|
|
|
_cleanup_free_ char *t;
|
|
|
|
|
|
|
|
t = cescape(m->wall_message);
|
|
|
|
if (!t) {
|
|
|
|
r = -ENOMEM;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-04-23 17:11:28 +02:00
|
|
|
fprintf(f, "WALL_MESSAGE=%s\n", t);
|
2015-09-05 20:24:08 +02:00
|
|
|
}
|
2015-04-23 17:11:28 +02:00
|
|
|
|
2015-07-29 20:31:07 +02:00
|
|
|
r = fflush_and_check(f);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
2015-04-23 17:11:28 +02:00
|
|
|
|
2015-07-29 20:31:07 +02:00
|
|
|
if (rename(temp_path, "/run/systemd/shutdown/scheduled") < 0) {
|
2015-04-23 17:11:28 +02:00
|
|
|
r = -errno;
|
2015-07-29 20:31:07 +02:00
|
|
|
goto fail;
|
2015-04-23 17:11:28 +02:00
|
|
|
}
|
|
|
|
|
2015-07-29 20:31:07 +02:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
(void) unlink(temp_path);
|
|
|
|
(void) unlink("/run/systemd/shutdown/scheduled");
|
|
|
|
|
|
|
|
return log_error_errno(r, "Failed to write information about scheduled shutdowns: %m");
|
2015-04-23 17:11:28 +02:00
|
|
|
}
|
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
static void reset_scheduled_shutdown(Manager *m) {
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
assert(m);
|
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
|
|
|
|
m->wall_message_timeout_source = sd_event_source_unref(m->wall_message_timeout_source);
|
|
|
|
m->nologin_timeout_source = sd_event_source_unref(m->nologin_timeout_source);
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
m->scheduled_shutdown_type = mfree(m->scheduled_shutdown_type);
|
|
|
|
m->scheduled_shutdown_timeout = 0;
|
|
|
|
m->shutdown_dry_run = false;
|
|
|
|
|
|
|
|
if (m->unlink_nologin) {
|
2018-02-16 06:58:33 +01:00
|
|
|
(void) unlink_or_warn("/run/nologin");
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
m->unlink_nologin = false;
|
|
|
|
}
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
(void) unlink("/run/systemd/shutdown/scheduled");
|
|
|
|
}
|
|
|
|
|
2015-04-20 15:27:15 +02:00
|
|
|
static int manager_scheduled_shutdown_handler(
|
|
|
|
sd_event_source *s,
|
|
|
|
uint64_t usec,
|
|
|
|
void *userdata) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
2015-04-20 15:27:15 +02:00
|
|
|
Manager *m = userdata;
|
|
|
|
const char *target;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
if (isempty(m->scheduled_shutdown_type))
|
|
|
|
return 0;
|
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
if (streq(m->scheduled_shutdown_type, "poweroff"))
|
2015-04-20 15:27:15 +02:00
|
|
|
target = SPECIAL_POWEROFF_TARGET;
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
else if (streq(m->scheduled_shutdown_type, "reboot"))
|
2015-04-20 15:27:15 +02:00
|
|
|
target = SPECIAL_REBOOT_TARGET;
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
else if (streq(m->scheduled_shutdown_type, "halt"))
|
|
|
|
target = SPECIAL_HALT_TARGET;
|
|
|
|
else
|
|
|
|
assert_not_reached("unexpected shutdown type");
|
2015-04-20 15:27:15 +02:00
|
|
|
|
2017-08-21 12:49:25 +02:00
|
|
|
/* Don't allow multiple jobs being executed at the same time */
|
2019-01-07 18:39:31 +01:00
|
|
|
if (m->action_what > 0) {
|
2017-08-24 11:33:24 +02:00
|
|
|
r = -EALREADY;
|
2017-08-21 12:49:25 +02:00
|
|
|
log_error("Scheduled shutdown to %s failed: shutdown or sleep operation already in progress", target);
|
2017-08-24 11:33:24 +02:00
|
|
|
goto error;
|
2017-08-21 12:49:25 +02:00
|
|
|
}
|
|
|
|
|
logind: respect "delay" inhibitors in scheduled shutdowns
There is no justification not to wait an extra (default) 5 seconds, for
a more graceful shutdown of user programs. Again, you don't get to ignore
delay inhibitors for unscheduled shutdowns, short of
`systemctl poweroff -f`.
It is simplest if we move the test for `m->shutdown_dry_run` into
manager_scheduled_shutdown_handler().
However we need to not add such delays during a "dry run". Otherwise, we
would still have to be considered "in progress" for some seconds after our
admin has seen the final wall message. If they go to `poweroff`, we would
have blocked them with a misleading error message. Note this `poweroff`
will still process delay inhibitors as needed. If the admin planned to
use a more forceful method... eh. It's their responsibility to assess
whether that's safe.
There is an argument that the alternative behaviour could be used (racily!)
to kludge around them not being able to shutdown to "single user mode". If
we cared about that case, we would have easily preserved non-racy support
for it in `shutdown`.
Additionally, though I think this code does read more easily by reducing
inconsistencies, we didn't come up with any use case for delay inhibitors
v.s. shutdown.[1] The SIGTERM v.s. SIGKILL delay is more general, and we
allow a whole 90 seconds for it, not just 5. So I don't think keeping this
approach bears a risk of significant damage.
[1] https://www.freedesktop.org/wiki/Software/systemd/inhibit/
2017-08-21 18:28:35 +02:00
|
|
|
if (m->shutdown_dry_run) {
|
|
|
|
/* We do not process delay inhibitors here. Otherwise, we
|
|
|
|
* would have to be considered "in progress" (like the check
|
|
|
|
* above) for some seconds after our admin has seen the final
|
|
|
|
* wall message. */
|
|
|
|
|
|
|
|
bus_manager_log_shutdown(m, target);
|
|
|
|
log_info("Running in dry run, suppressing action.");
|
|
|
|
reset_scheduled_shutdown(m);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = bus_manager_shutdown_or_sleep_now_or_later(m, target, INHIBIT_SHUTDOWN, &error);
|
2017-08-24 11:33:24 +02:00
|
|
|
if (r < 0) {
|
|
|
|
log_error_errno(r, "Scheduled shutdown to %s failed: %m", target);
|
|
|
|
goto error;
|
|
|
|
}
|
2015-04-20 15:27:15 +02:00
|
|
|
|
|
|
|
return 0;
|
2017-08-24 11:33:24 +02:00
|
|
|
|
|
|
|
error:
|
|
|
|
reset_scheduled_shutdown(m);
|
|
|
|
return r;
|
2015-04-20 15:27:15 +02:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_schedule_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2015-04-20 15:27:15 +02:00
|
|
|
Manager *m = userdata;
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2015-04-20 15:27:15 +02:00
|
|
|
const char *action_multiple_sessions = NULL;
|
|
|
|
const char *action_ignore_inhibit = NULL;
|
|
|
|
const char *action = NULL;
|
|
|
|
uint64_t elapse;
|
|
|
|
char *type;
|
|
|
|
int r;
|
2017-10-02 16:09:24 +02:00
|
|
|
bool dry_run = false;
|
2015-04-20 15:27:15 +02:00
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "st", &type, &elapse);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2015-09-09 17:05:03 +02:00
|
|
|
if (startswith(type, "dry-")) {
|
|
|
|
type += 4;
|
2017-10-02 16:09:24 +02:00
|
|
|
dry_run = true;
|
2015-09-09 17:05:03 +02:00
|
|
|
}
|
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
if (streq(type, "poweroff")) {
|
|
|
|
action = "org.freedesktop.login1.power-off";
|
|
|
|
action_multiple_sessions = "org.freedesktop.login1.power-off-multiple-sessions";
|
|
|
|
action_ignore_inhibit = "org.freedesktop.login1.power-off-ignore-inhibit";
|
|
|
|
} else if (streq(type, "reboot")) {
|
2015-04-20 15:27:15 +02:00
|
|
|
action = "org.freedesktop.login1.reboot";
|
|
|
|
action_multiple_sessions = "org.freedesktop.login1.reboot-multiple-sessions";
|
|
|
|
action_ignore_inhibit = "org.freedesktop.login1.reboot-ignore-inhibit";
|
|
|
|
} else if (streq(type, "halt")) {
|
|
|
|
action = "org.freedesktop.login1.halt";
|
|
|
|
action_multiple_sessions = "org.freedesktop.login1.halt-multiple-sessions";
|
|
|
|
action_ignore_inhibit = "org.freedesktop.login1.halt-ignore-inhibit";
|
|
|
|
} else
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unsupported shutdown type");
|
|
|
|
|
|
|
|
r = verify_shutdown_creds(m, message, INHIBIT_SHUTDOWN, false,
|
|
|
|
action, action_multiple_sessions, action_ignore_inhibit, error);
|
|
|
|
if (r != 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (m->scheduled_shutdown_timeout_source) {
|
|
|
|
r = sd_event_source_set_time(m->scheduled_shutdown_timeout_source, elapse);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_source_set_time() failed: %m");
|
2015-04-20 15:27:15 +02:00
|
|
|
|
|
|
|
r = sd_event_source_set_enabled(m->scheduled_shutdown_timeout_source, SD_EVENT_ONESHOT);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
|
2015-04-20 15:27:15 +02:00
|
|
|
} else {
|
|
|
|
r = sd_event_add_time(m->event, &m->scheduled_shutdown_timeout_source,
|
|
|
|
CLOCK_REALTIME, elapse, 0, manager_scheduled_shutdown_handler, m);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_add_time() failed: %m");
|
2015-04-20 15:27:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
r = free_and_strdup(&m->scheduled_shutdown_type, type);
|
|
|
|
if (r < 0) {
|
|
|
|
m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
|
|
|
|
return log_oom();
|
|
|
|
}
|
|
|
|
|
2017-10-02 16:09:24 +02:00
|
|
|
m->shutdown_dry_run = dry_run;
|
|
|
|
|
2015-04-23 17:11:28 +02:00
|
|
|
if (m->nologin_timeout_source) {
|
|
|
|
r = sd_event_source_set_time(m->nologin_timeout_source, elapse);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_source_set_time() failed: %m");
|
2015-04-23 17:11:28 +02:00
|
|
|
|
|
|
|
r = sd_event_source_set_enabled(m->nologin_timeout_source, SD_EVENT_ONESHOT);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_source_set_enabled() failed: %m");
|
2015-04-23 17:11:28 +02:00
|
|
|
} else {
|
|
|
|
r = sd_event_add_time(m->event, &m->nologin_timeout_source,
|
|
|
|
CLOCK_REALTIME, elapse - 5 * USEC_PER_MINUTE, 0, nologin_timeout_handler, m);
|
|
|
|
if (r < 0)
|
2015-04-24 21:44:51 +02:00
|
|
|
return log_error_errno(r, "sd_event_add_time() failed: %m");
|
2015-04-23 17:11:28 +02:00
|
|
|
}
|
|
|
|
|
2015-04-20 15:27:15 +02:00
|
|
|
m->scheduled_shutdown_timeout = elapse;
|
|
|
|
|
2015-04-22 17:20:42 +02:00
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_TTY|SD_BUS_CREDS_UID, &creds);
|
|
|
|
if (r >= 0) {
|
2016-01-12 23:27:33 +01:00
|
|
|
const char *tty = NULL;
|
2015-04-22 17:20:42 +02:00
|
|
|
|
|
|
|
(void) sd_bus_creds_get_uid(creds, &m->scheduled_shutdown_uid);
|
|
|
|
(void) sd_bus_creds_get_tty(creds, &tty);
|
|
|
|
|
|
|
|
r = free_and_strdup(&m->scheduled_shutdown_tty, tty);
|
|
|
|
if (r < 0) {
|
|
|
|
m->scheduled_shutdown_timeout_source = sd_event_source_unref(m->scheduled_shutdown_timeout_source);
|
|
|
|
return log_oom();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
r = manager_setup_wall_message_timer(m);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2017-08-22 14:54:21 +02:00
|
|
|
r = update_schedule_file(m);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2015-04-23 17:11:28 +02:00
|
|
|
|
2015-04-20 15:27:15 +02:00
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_cancel_scheduled_shutdown(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2015-04-20 15:27:15 +02:00
|
|
|
Manager *m = userdata;
|
|
|
|
bool cancelled;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
|
|
|
|
cancelled = m->scheduled_shutdown_type != NULL;
|
2015-09-09 17:05:03 +02:00
|
|
|
reset_scheduled_shutdown(m);
|
2015-05-26 18:56:40 +02:00
|
|
|
|
2018-05-07 03:16:04 +02:00
|
|
|
if (cancelled && m->enable_wall_messages) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2018-10-09 17:26:19 +02:00
|
|
|
_cleanup_free_ char *username = NULL;
|
2015-04-22 17:20:42 +02:00
|
|
|
const char *tty = NULL;
|
|
|
|
uid_t uid = 0;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_TTY|SD_BUS_CREDS_UID, &creds);
|
|
|
|
if (r >= 0) {
|
|
|
|
(void) sd_bus_creds_get_uid(creds, &uid);
|
|
|
|
(void) sd_bus_creds_get_tty(creds, &tty);
|
|
|
|
}
|
|
|
|
|
2018-10-09 17:26:19 +02:00
|
|
|
username = uid_to_name(uid);
|
2015-04-22 17:20:42 +02:00
|
|
|
utmp_wall("The system shutdown has been cancelled",
|
2018-10-09 17:26:19 +02:00
|
|
|
username, tty, logind_wall_tty_filter, m);
|
2015-04-22 17:20:42 +02:00
|
|
|
}
|
|
|
|
|
2015-04-20 15:27:15 +02:00
|
|
|
return sd_bus_reply_method_return(message, "b", cancelled);
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
static int method_can_shutdown_or_sleep(
|
|
|
|
Manager *m,
|
|
|
|
sd_bus_message *message,
|
|
|
|
InhibitWhat w,
|
|
|
|
const char *action,
|
|
|
|
const char *action_multiple_sessions,
|
|
|
|
const char *action_ignore_inhibit,
|
2013-11-21 19:34:37 +01:00
|
|
|
const char *sleep_verb,
|
|
|
|
sd_bus_error *error) {
|
2011-07-13 19:58:35 +02:00
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2018-04-10 13:15:00 +02:00
|
|
|
HandleAction handle;
|
2013-11-05 01:10:21 +01:00
|
|
|
bool multiple_sessions, challenge, blocked;
|
|
|
|
const char *result = NULL;
|
|
|
|
uid_t uid;
|
|
|
|
int r;
|
2011-07-13 19:58:35 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(m);
|
|
|
|
assert(message);
|
|
|
|
assert(w >= 0);
|
|
|
|
assert(w <= _INHIBIT_WHAT_MAX);
|
|
|
|
assert(action);
|
|
|
|
assert(action_multiple_sessions);
|
|
|
|
assert(action_ignore_inhibit);
|
2011-07-13 19:58:35 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (sleep_verb) {
|
|
|
|
r = can_sleep(sleep_verb);
|
2018-12-21 11:01:34 +01:00
|
|
|
if (IN_SET(r, 0, -ENOSPC))
|
2018-04-11 08:51:06 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2011-07-13 19:58:35 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-07-13 19:58:35 +02:00
|
|
|
|
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
|
2013-11-28 17:50:02 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
|
|
|
r = sd_bus_creds_get_euid(creds, &uid);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-07-13 19:58:35 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = have_multiple_sessions(m, uid);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-07-13 19:58:35 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
multiple_sessions = r > 0;
|
2013-11-27 02:38:06 +01:00
|
|
|
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
|
2011-07-13 19:58:35 +02:00
|
|
|
|
2018-04-10 13:15:00 +02:00
|
|
|
handle = handle_action_from_string(sleep_verb);
|
|
|
|
if (handle >= 0) {
|
|
|
|
const char *target;
|
|
|
|
|
|
|
|
target = manager_target_for_action(handle);
|
|
|
|
if (target) {
|
|
|
|
_cleanup_free_ char *load_state = NULL;
|
|
|
|
|
|
|
|
r = unit_load_state(m->bus, target, &load_state);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (!streq(load_state, "loaded")) {
|
|
|
|
result = "no";
|
|
|
|
goto finish;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (multiple_sessions) {
|
2015-09-05 16:07:16 +02:00
|
|
|
r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, UID_INVALID, &challenge, error);
|
2011-07-13 19:58:35 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r > 0)
|
|
|
|
result = "yes";
|
|
|
|
else if (challenge)
|
|
|
|
result = "challenge";
|
|
|
|
else
|
|
|
|
result = "no";
|
|
|
|
}
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (blocked) {
|
2015-09-05 16:07:16 +02:00
|
|
|
r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, UID_INVALID, &challenge, error);
|
2011-06-21 19:20:05 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2018-10-23 14:09:13 +02:00
|
|
|
if (r > 0) {
|
|
|
|
if (!result)
|
|
|
|
result = "yes";
|
|
|
|
} else if (challenge) {
|
|
|
|
if (!result || streq(result, "yes"))
|
|
|
|
result = "challenge";
|
|
|
|
} else
|
2013-11-05 01:10:21 +01:00
|
|
|
result = "no";
|
|
|
|
}
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (!multiple_sessions && !blocked) {
|
|
|
|
/* If neither inhibit nor multiple sessions
|
|
|
|
* apply then just check the normal policy */
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2015-09-05 16:07:16 +02:00
|
|
|
r = bus_test_polkit(message, CAP_SYS_BOOT, action, NULL, UID_INVALID, &challenge, error);
|
2011-06-21 19:20:05 +02:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r > 0)
|
|
|
|
result = "yes";
|
|
|
|
else if (challenge)
|
|
|
|
result = "challenge";
|
|
|
|
else
|
|
|
|
result = "no";
|
|
|
|
}
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2018-04-10 13:15:00 +02:00
|
|
|
finish:
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "s", result);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_can_poweroff(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SHUTDOWN,
|
|
|
|
"org.freedesktop.login1.power-off",
|
|
|
|
"org.freedesktop.login1.power-off-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.power-off-ignore-inhibit",
|
2013-11-21 19:34:37 +01:00
|
|
|
NULL,
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_can_reboot(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-06-21 19:20:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SHUTDOWN,
|
|
|
|
"org.freedesktop.login1.reboot",
|
|
|
|
"org.freedesktop.login1.reboot-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.reboot-ignore-inhibit",
|
2013-11-21 19:34:37 +01:00
|
|
|
NULL,
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-21 19:20:05 +02:00
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
static int method_can_halt(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SHUTDOWN,
|
|
|
|
"org.freedesktop.login1.halt",
|
|
|
|
"org.freedesktop.login1.halt-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.halt-ignore-inhibit",
|
|
|
|
NULL,
|
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_can_suspend(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.suspend",
|
|
|
|
"org.freedesktop.login1.suspend-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.suspend-ignore-inhibit",
|
2013-11-21 19:34:37 +01:00
|
|
|
"suspend",
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_can_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2012-01-27 20:48:28 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.hibernate",
|
|
|
|
"org.freedesktop.login1.hibernate-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.hibernate-ignore-inhibit",
|
2013-11-21 19:34:37 +01:00
|
|
|
"hibernate",
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_can_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.hibernate",
|
|
|
|
"org.freedesktop.login1.hibernate-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.hibernate-ignore-inhibit",
|
2013-11-21 19:34:37 +01:00
|
|
|
"hybrid-sleep",
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-06-28 18:16:32 +02:00
|
|
|
|
2018-03-28 18:00:06 +02:00
|
|
|
static int method_can_suspend_then_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2018-03-08 14:17:33 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
|
|
|
|
return method_can_shutdown_or_sleep(
|
|
|
|
m, message,
|
|
|
|
INHIBIT_SLEEP,
|
|
|
|
"org.freedesktop.login1.hibernate",
|
|
|
|
"org.freedesktop.login1.hibernate-multiple-sessions",
|
|
|
|
"org.freedesktop.login1.hibernate-ignore-inhibit",
|
2018-03-28 18:00:06 +02:00
|
|
|
"suspend-then-hibernate",
|
2018-03-08 14:17:33 +01:00
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
2019-03-09 21:30:58 +01:00
|
|
|
static int property_get_reboot_parameter(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
_cleanup_free_ char *parameter = NULL;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(userdata);
|
|
|
|
|
|
|
|
r = read_reboot_parameter(¶meter);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
return sd_bus_message_append(reply, "s", parameter);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_set_reboot_parameter(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
const char *arg;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &arg);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = detect_container();
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r > 0)
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
|
|
|
|
"Reboot parameter not supported in containers, refusing.");
|
|
|
|
|
|
|
|
r = bus_verify_polkit_async(message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-parameter",
|
|
|
|
NULL,
|
|
|
|
false,
|
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
|
|
|
r = update_reboot_parameter_and_warn(arg, false);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_can_reboot_parameter(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = detect_container();
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r > 0) /* Inside containers, specifying a reboot parameter, doesn't make much sense */
|
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
|
|
|
|
|
|
|
return return_test_polkit(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-parameter",
|
|
|
|
NULL,
|
|
|
|
UID_INVALID,
|
|
|
|
error);
|
|
|
|
}
|
|
|
|
|
2015-04-03 18:03:06 +02:00
|
|
|
static int property_get_reboot_to_firmware_setup(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(userdata);
|
|
|
|
|
2018-10-22 20:02:25 +02:00
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_FIRMWARE_SETUP");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
/* EFI case: let's see what is currently configured in the EFI variables */
|
|
|
|
r = efi_get_reboot_to_firmware();
|
|
|
|
if (r < 0 && r != -EOPNOTSUPP)
|
|
|
|
log_warning_errno(r, "Failed to determine reboot-to-firmware-setup state: %m");
|
|
|
|
} else if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP: %m");
|
|
|
|
else if (r > 0) {
|
|
|
|
/* Non-EFI case: let's see whether /run/systemd/reboot-to-firmware-setup exists. */
|
|
|
|
if (access("/run/systemd/reboot-to-firmware-setup", F_OK) < 0) {
|
|
|
|
if (errno != ENOENT)
|
|
|
|
log_warning_errno(errno, "Failed to check whether /run/systemd/reboot-to-firmware-setup exists: %m");
|
|
|
|
|
|
|
|
r = false;
|
|
|
|
} else
|
|
|
|
r = true;
|
|
|
|
}
|
2015-04-03 18:03:06 +02:00
|
|
|
|
|
|
|
return sd_bus_message_append(reply, "b", r > 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_set_reboot_to_firmware_setup(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
2018-10-22 20:02:25 +02:00
|
|
|
bool use_efi;
|
|
|
|
int b, r;
|
2015-04-03 18:03:06 +02:00
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2015-04-07 21:08:07 +02:00
|
|
|
r = sd_bus_message_read(message, "b", &b);
|
2015-04-03 18:03:06 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2018-10-22 20:02:25 +02:00
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_FIRMWARE_SETUP");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
/* EFI case: let's see what the firmware supports */
|
|
|
|
|
|
|
|
r = efi_reboot_to_firmware_supported();
|
|
|
|
if (r == -EOPNOTSUPP)
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Firmware does not support boot into firmware.");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
use_efi = true;
|
|
|
|
|
|
|
|
} else if (r <= 0) {
|
|
|
|
/* non-EFI case: $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP is set to off */
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP: %m");
|
|
|
|
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Firmware does not support boot into firmware.");
|
|
|
|
} else
|
|
|
|
/* non-EFI case: $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP is set to on */
|
|
|
|
use_efi = false;
|
|
|
|
|
2015-04-03 18:03:06 +02:00
|
|
|
r = bus_verify_polkit_async(message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-to-firmware-setup",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2015-04-07 21:08:07 +02:00
|
|
|
false,
|
2015-04-03 18:03:06 +02:00
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
2018-10-22 20:02:25 +02:00
|
|
|
if (use_efi) {
|
|
|
|
r = efi_set_reboot_to_firmware(b);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
} else {
|
|
|
|
if (b) {
|
|
|
|
r = touch("/run/systemd/reboot-to-firmware-setup");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
} else {
|
|
|
|
if (unlink("/run/systemd/reboot-to-firmware-setup") < 0 && errno != ENOENT)
|
|
|
|
return -errno;
|
|
|
|
}
|
|
|
|
}
|
2015-04-03 18:03:06 +02:00
|
|
|
|
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_can_reboot_to_firmware_setup(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
2018-10-22 20:02:25 +02:00
|
|
|
int r;
|
2015-04-03 18:03:06 +02:00
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
2018-10-22 20:02:25 +02:00
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_FIRMWARE_SETUP");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
/* EFI case: let's see what the firmware supports */
|
|
|
|
|
|
|
|
r = efi_reboot_to_firmware_supported();
|
|
|
|
if (r < 0) {
|
|
|
|
if (r != -EOPNOTSUPP)
|
|
|
|
log_warning_errno(r, "Failed to determine whether reboot to firmware is supported: %m");
|
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2018-10-22 20:02:25 +02:00
|
|
|
}
|
2017-11-23 22:02:10 +01:00
|
|
|
|
2018-10-22 20:02:25 +02:00
|
|
|
} else if (r <= 0) {
|
|
|
|
/* Non-EFI case: let's trust $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP */
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP: %m");
|
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2017-11-23 22:02:10 +01:00
|
|
|
}
|
2015-04-03 18:03:06 +02:00
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return return_test_polkit(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-to-firmware-setup",
|
|
|
|
NULL,
|
|
|
|
UID_INVALID,
|
|
|
|
error);
|
2015-04-03 18:03:06 +02:00
|
|
|
}
|
|
|
|
|
2018-10-22 20:06:52 +02:00
|
|
|
static int property_get_reboot_to_boot_loader_menu(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
uint64_t x = UINT64_MAX;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(userdata);
|
|
|
|
|
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
_cleanup_free_ char *v = NULL;
|
|
|
|
|
|
|
|
/* EFI case: returns the current value of LoaderConfigTimeoutOneShot. Three cases are distuingished:
|
|
|
|
*
|
|
|
|
* 1. Variable not set, boot into boot loader menu is not enabled (we return UINT64_MAX to the user)
|
|
|
|
* 2. Variable set to "0", boot into boot loader menu is enabled with no timeout (we return 0 to the user)
|
|
|
|
* 3. Variable set to numeric value formatted in ASCII, boot into boot loader menu with the specified timeout in seconds
|
|
|
|
*/
|
|
|
|
|
|
|
|
r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderConfigTimeoutOneShot", &v);
|
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENOENT)
|
|
|
|
log_warning_errno(r, "Failed to read LoaderConfigTimeoutOneShot variable: %m");
|
|
|
|
} else {
|
|
|
|
uint64_t sec;
|
|
|
|
|
|
|
|
r = safe_atou64(v, &sec);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse LoaderConfigTimeoutOneShot value '%s': %m", v);
|
|
|
|
else if (sec > (USEC_INFINITY / USEC_PER_SEC))
|
|
|
|
log_warning("LoaderConfigTimeoutOneShot too large, ignoring: %m");
|
|
|
|
else
|
|
|
|
x = sec * USEC_PER_SEC; /* return in µs */
|
|
|
|
}
|
|
|
|
|
|
|
|
} else if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU: %m");
|
|
|
|
else if (r > 0) {
|
|
|
|
_cleanup_free_ char *v = NULL;
|
|
|
|
|
|
|
|
/* Non-EFI case, let's process /run/systemd/reboot-to-boot-loader-menu. */
|
|
|
|
|
|
|
|
r = read_one_line_file("/run/systemd/reboot-to-boot-loader-menu", &v);
|
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENOENT)
|
|
|
|
log_warning_errno(r, "Failed to read /run/systemd/reboot-to-boot-loader-menu: %m");
|
|
|
|
} else {
|
|
|
|
r = safe_atou64(v, &x);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse /run/systemd/reboot-to-boot-loader-menu: %m");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return sd_bus_message_append(reply, "t", x);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_set_reboot_to_boot_loader_menu(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
bool use_efi;
|
|
|
|
uint64_t x;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "t", &x);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
uint64_t features;
|
|
|
|
|
|
|
|
/* EFI case: let's see if booting into boot loader menu is supported. */
|
|
|
|
|
|
|
|
r = efi_loader_get_features(&features);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to determine whether reboot to boot loader menu is supported: %m");
|
|
|
|
if (r < 0 || !FLAGS_SET(features, EFI_LOADER_FEATURE_CONFIG_TIMEOUT_ONE_SHOT))
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Boot loader does not support boot into boot loader menu.");
|
|
|
|
|
|
|
|
use_efi = true;
|
|
|
|
|
|
|
|
} else if (r <= 0) {
|
|
|
|
/* non-EFI case: $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU is set to off */
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU: %m");
|
|
|
|
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Boot loader does not support boot into boot loader menu.");
|
|
|
|
} else
|
|
|
|
/* non-EFI case: $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU is set to on */
|
|
|
|
use_efi = false;
|
|
|
|
|
|
|
|
r = bus_verify_polkit_async(message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-to-boot-loader-menu",
|
|
|
|
NULL,
|
|
|
|
false,
|
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
|
|
|
if (use_efi) {
|
|
|
|
if (x == UINT64_MAX)
|
|
|
|
r = efi_set_variable(EFI_VENDOR_LOADER, "LoaderConfigTimeoutOneShot", NULL, 0);
|
|
|
|
else {
|
|
|
|
char buf[DECIMAL_STR_MAX(uint64_t) + 1];
|
|
|
|
xsprintf(buf, "%" PRIu64, DIV_ROUND_UP(x, USEC_PER_SEC)); /* second granularity */
|
|
|
|
|
|
|
|
r = efi_set_variable_string(EFI_VENDOR_LOADER, "LoaderConfigTimeoutOneShot", buf);
|
|
|
|
}
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
} else {
|
|
|
|
if (x == UINT64_MAX) {
|
|
|
|
if (unlink("/run/systemd/reboot-to-loader-menu") < 0 && errno != ENOENT)
|
|
|
|
return -errno;
|
|
|
|
} else {
|
|
|
|
char buf[DECIMAL_STR_MAX(uint64_t) + 1];
|
|
|
|
|
|
|
|
xsprintf(buf, "%" PRIu64, x); /* µs granularity */
|
|
|
|
|
|
|
|
r = write_string_file_atomic_label("/run/systemd/reboot-to-loader-menu", buf);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_can_reboot_to_boot_loader_menu(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
uint64_t features = 0;
|
|
|
|
|
|
|
|
/* EFI case, let's see if booting into boot loader menu is supported. */
|
|
|
|
|
|
|
|
r = efi_loader_get_features(&features);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to determine whether reboot to boot loader menu is supported: %m");
|
|
|
|
if (r < 0 || !FLAGS_SET(features, EFI_LOADER_FEATURE_CONFIG_TIMEOUT_ONE_SHOT))
|
2018-10-23 13:58:41 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2018-10-22 20:06:52 +02:00
|
|
|
|
|
|
|
} else if (r <= 0) {
|
|
|
|
/* Non-EFI case: let's trust $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU */
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU: %m");
|
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2018-10-22 20:06:52 +02:00
|
|
|
}
|
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return return_test_polkit(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-to-boot-loader-menu",
|
|
|
|
NULL,
|
|
|
|
UID_INVALID,
|
|
|
|
error);
|
2018-10-22 20:06:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static int property_get_reboot_to_boot_loader_entry(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
_cleanup_free_ char *v = NULL;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(userdata);
|
|
|
|
|
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
/* EFI case: let's read the LoaderEntryOneShot variable */
|
|
|
|
|
|
|
|
r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderEntryOneShot", &v);
|
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENOENT)
|
|
|
|
log_warning_errno(r, "Failed to read LoaderEntryOneShot variable: %m");
|
|
|
|
} else if (!efi_loader_entry_name_valid(v)) {
|
|
|
|
log_warning("LoaderEntryOneShot contains invalid entry name '%s', ignoring.", v);
|
|
|
|
v = mfree(v);
|
|
|
|
}
|
|
|
|
} else if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY: %m");
|
|
|
|
else if (r > 0) {
|
|
|
|
|
|
|
|
/* Non-EFI case, let's process /run/systemd/reboot-to-boot-loader-entry. */
|
|
|
|
|
|
|
|
r = read_one_line_file("/run/systemd/reboot-to-boot-loader-entry", &v);
|
|
|
|
if (r < 0) {
|
|
|
|
if (r != -ENOENT)
|
|
|
|
log_warning_errno(r, "Failed to read /run/systemd/reboot-to-boot-loader-entry: %m");
|
|
|
|
} else if (!efi_loader_entry_name_valid(v)) {
|
|
|
|
log_warning("/run/systemd/reboot-to-boot-loader-entry is not valid, ignoring.");
|
|
|
|
v = mfree(v);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return sd_bus_message_append(reply, "s", v);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int boot_loader_entry_exists(const char *id) {
|
|
|
|
_cleanup_(boot_config_free) BootConfig config = {};
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(id);
|
|
|
|
|
|
|
|
r = boot_entries_load_config_auto(NULL, NULL, &config);
|
2019-03-12 20:13:29 +01:00
|
|
|
if (r < 0 && r != -ENOKEY) /* don't complain if no GPT is found, hence skip ENOKEY */
|
2018-10-22 20:06:52 +02:00
|
|
|
return r;
|
|
|
|
|
|
|
|
(void) boot_entries_augment_from_loader(&config, true);
|
|
|
|
|
|
|
|
return boot_config_has_entry(&config, id);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_set_reboot_to_boot_loader_entry(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
bool use_efi;
|
|
|
|
const char *v;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "s", &v);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (isempty(v))
|
|
|
|
v = NULL;
|
|
|
|
else if (efi_loader_entry_name_valid(v)) {
|
|
|
|
r = boot_loader_entry_exists(v);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Boot loader entry '%s' is not known.", v);
|
|
|
|
} else
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Boot loader entry name '%s' is not valid, refusing.", v);
|
|
|
|
|
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
uint64_t features;
|
|
|
|
|
|
|
|
/* EFI case: let's see if booting into boot loader entry is supported. */
|
|
|
|
|
|
|
|
r = efi_loader_get_features(&features);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to determine whether reboot into boot loader entry is supported: %m");
|
|
|
|
if (r < 0 || !FLAGS_SET(features, EFI_LOADER_FEATURE_ENTRY_ONESHOT))
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Loader does not support boot into boot loader entry.");
|
|
|
|
|
|
|
|
use_efi = true;
|
|
|
|
|
|
|
|
} else if (r <= 0) {
|
|
|
|
/* non-EFI case: $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY is set to off */
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY: %m");
|
|
|
|
|
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Loader does not support boot into boot loader entry.");
|
|
|
|
} else
|
|
|
|
/* non-EFI case: $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY is set to on */
|
|
|
|
use_efi = false;
|
|
|
|
|
|
|
|
r = bus_verify_polkit_async(message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-to-boot-loader-entry",
|
|
|
|
NULL,
|
|
|
|
false,
|
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
|
|
|
|
|
|
|
if (use_efi) {
|
|
|
|
if (isempty(v))
|
|
|
|
/* Delete item */
|
|
|
|
r = efi_set_variable(EFI_VENDOR_LOADER, "LoaderEntryOneShot", NULL, 0);
|
|
|
|
else
|
|
|
|
r = efi_set_variable_string(EFI_VENDOR_LOADER, "LoaderEntryOneShot", v);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
} else {
|
|
|
|
if (isempty(v)) {
|
|
|
|
if (unlink("/run/systemd/reboot-to-boot-loader-entry") < 0 && errno != ENOENT)
|
|
|
|
return -errno;
|
|
|
|
} else {
|
|
|
|
r = write_string_file_atomic_label("/run/systemd/reboot-boot-to-loader-entry", v);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int method_can_reboot_to_boot_loader_entry(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
Manager *m = userdata;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = getenv_bool("SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY");
|
|
|
|
if (r == -ENXIO) {
|
|
|
|
uint64_t features = 0;
|
|
|
|
|
|
|
|
/* EFI case, let's see if booting into boot loader entry is supported. */
|
|
|
|
|
|
|
|
r = efi_loader_get_features(&features);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to determine whether reboot to boot loader entry is supported: %m");
|
|
|
|
if (r < 0 || !FLAGS_SET(features, EFI_LOADER_FEATURE_ENTRY_ONESHOT))
|
2018-10-23 13:58:41 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2018-10-22 20:06:52 +02:00
|
|
|
|
|
|
|
} else if (r <= 0) {
|
|
|
|
/* Non-EFI case: let's trust $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY */
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "Failed to parse $SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY: %m");
|
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return sd_bus_reply_method_return(message, "s", "na");
|
2018-10-22 20:06:52 +02:00
|
|
|
}
|
|
|
|
|
2018-10-23 13:58:41 +02:00
|
|
|
return return_test_polkit(
|
|
|
|
message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-reboot-to-boot-loader-entry",
|
|
|
|
NULL,
|
|
|
|
UID_INVALID,
|
|
|
|
error);
|
2018-10-22 20:06:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static int property_get_boot_loader_entries(
|
|
|
|
sd_bus *bus,
|
|
|
|
const char *path,
|
|
|
|
const char *interface,
|
|
|
|
const char *property,
|
|
|
|
sd_bus_message *reply,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
_cleanup_(boot_config_free) BootConfig config = {};
|
|
|
|
size_t i;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(bus);
|
|
|
|
assert(reply);
|
|
|
|
assert(userdata);
|
|
|
|
|
|
|
|
r = boot_entries_load_config_auto(NULL, NULL, &config);
|
2019-03-12 20:13:29 +01:00
|
|
|
if (r < 0 && r != -ENOKEY) /* don't complain if there's no GPT found */
|
2018-10-22 20:06:52 +02:00
|
|
|
return r;
|
|
|
|
|
|
|
|
(void) boot_entries_augment_from_loader(&config, true);
|
|
|
|
|
|
|
|
r = sd_bus_message_open_container(reply, 'a', "s");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
for (i = 0; i < config.n_entries; i++) {
|
|
|
|
BootEntry *e = config.entries + i;
|
|
|
|
|
|
|
|
r = sd_bus_message_append(reply, "s", e->id);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
return sd_bus_message_close_container(reply);
|
|
|
|
}
|
|
|
|
|
2015-08-24 14:54:22 +02:00
|
|
|
static int method_set_wall_message(
|
|
|
|
sd_bus_message *message,
|
|
|
|
void *userdata,
|
|
|
|
sd_bus_error *error) {
|
|
|
|
|
|
|
|
int r;
|
|
|
|
Manager *m = userdata;
|
|
|
|
char *wall_message;
|
2018-05-07 03:13:54 +02:00
|
|
|
unsigned enable_wall_messages;
|
2015-08-24 14:54:22 +02:00
|
|
|
|
|
|
|
assert(message);
|
|
|
|
assert(m);
|
|
|
|
|
|
|
|
r = sd_bus_message_read(message, "sb", &wall_message, &enable_wall_messages);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = bus_verify_polkit_async(message,
|
|
|
|
CAP_SYS_ADMIN,
|
|
|
|
"org.freedesktop.login1.set-wall-message",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2015-08-24 14:54:22 +02:00
|
|
|
false,
|
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
if (r == 0)
|
|
|
|
return 1; /* Will call us back */
|
|
|
|
|
2017-01-28 03:50:06 +01:00
|
|
|
r = free_and_strdup(&m->wall_message, empty_to_null(wall_message));
|
|
|
|
if (r < 0)
|
|
|
|
return log_oom();
|
2015-09-04 10:34:47 +02:00
|
|
|
|
2015-08-24 14:54:22 +02:00
|
|
|
m->enable_wall_messages = enable_wall_messages;
|
|
|
|
|
|
|
|
return sd_bus_reply_method_return(message, NULL);
|
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
const char *who, *why, *what, *mode;
|
|
|
|
_cleanup_free_ char *id = NULL;
|
|
|
|
_cleanup_close_ int fifo_fd = -1;
|
|
|
|
Manager *m = userdata;
|
|
|
|
Inhibitor *i = NULL;
|
|
|
|
InhibitMode mm;
|
|
|
|
InhibitWhat w;
|
|
|
|
pid_t pid;
|
|
|
|
uid_t uid;
|
|
|
|
int r;
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2011-06-28 18:16:32 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "ssss", &what, &who, &why, &mode);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-28 18:16:32 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
w = inhibit_what_from_string(what);
|
|
|
|
if (w <= 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Invalid what specification %s", what);
|
2011-06-28 18:16:32 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
mm = inhibit_mode_from_string(mode);
|
|
|
|
if (mm < 0)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Invalid mode specification %s", mode);
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
/* Delay is only supported for shutdown/sleep */
|
|
|
|
if (mm == INHIBIT_DELAY && (w & ~(INHIBIT_SHUTDOWN|INHIBIT_SLEEP)))
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
|
|
|
"Delay inhibitors only supported for shutdown and sleep");
|
2011-06-28 18:16:32 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
/* Don't allow taking delay locks while we are already
|
|
|
|
* executing the operation. We shouldn't create the impression
|
|
|
|
* that the lock was successful if the machine is about to go
|
|
|
|
* down/suspend any moment. */
|
|
|
|
if (m->action_what & w)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, BUS_ERROR_OPERATION_IN_PROGRESS,
|
|
|
|
"The operation inhibition has been requested for is already running");
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2015-02-18 12:55:25 +01:00
|
|
|
r = bus_verify_polkit_async(
|
|
|
|
message,
|
|
|
|
CAP_SYS_BOOT,
|
|
|
|
w == INHIBIT_SHUTDOWN ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-shutdown" : "org.freedesktop.login1.inhibit-delay-shutdown") :
|
|
|
|
w == INHIBIT_SLEEP ? (mm == INHIBIT_BLOCK ? "org.freedesktop.login1.inhibit-block-sleep" : "org.freedesktop.login1.inhibit-delay-sleep") :
|
|
|
|
w == INHIBIT_IDLE ? "org.freedesktop.login1.inhibit-block-idle" :
|
|
|
|
w == INHIBIT_HANDLE_POWER_KEY ? "org.freedesktop.login1.inhibit-handle-power-key" :
|
|
|
|
w == INHIBIT_HANDLE_SUSPEND_KEY ? "org.freedesktop.login1.inhibit-handle-suspend-key" :
|
|
|
|
w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" :
|
|
|
|
"org.freedesktop.login1.inhibit-handle-lid-switch",
|
2015-09-05 16:07:16 +02:00
|
|
|
NULL,
|
2015-02-18 12:55:25 +01:00
|
|
|
false,
|
|
|
|
UID_INVALID,
|
|
|
|
&m->polkit_registry,
|
|
|
|
error);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r == 0)
|
|
|
|
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
|
2011-06-28 03:52:22 +02:00
|
|
|
|
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
|
|
|
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID, &creds);
|
2013-11-28 17:50:02 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
|
|
|
r = sd_bus_creds_get_euid(creds, &uid);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2013-11-28 17:50:02 +01:00
|
|
|
r = sd_bus_creds_get_pid(creds, &pid);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2016-05-04 19:40:05 +02:00
|
|
|
if (hashmap_size(m->inhibitors) >= m->inhibitors_max)
|
2019-04-07 20:51:44 +02:00
|
|
|
return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED,
|
|
|
|
"Maximum number of inhibitors (%" PRIu64 ") reached, refusing further inhibitors.",
|
|
|
|
m->inhibitors_max);
|
2016-05-04 19:40:05 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
do {
|
2015-07-31 19:56:38 +02:00
|
|
|
id = mfree(id);
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (asprintf(&id, "%lu", ++m->inhibit_counter) < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return -ENOMEM;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
} while (hashmap_get(m->inhibitors, id));
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = manager_add_inhibitor(m, id, &i);
|
|
|
|
if (r < 0)
|
2013-11-21 19:34:37 +01:00
|
|
|
return r;
|
2011-06-28 20:50:43 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
i->what = w;
|
|
|
|
i->mode = mm;
|
|
|
|
i->pid = pid;
|
|
|
|
i->uid = uid;
|
|
|
|
i->why = strdup(why);
|
|
|
|
i->who = strdup(who);
|
2011-06-28 03:52:22 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (!i->why || !i->who) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = -ENOMEM;
|
2013-11-05 01:10:21 +01:00
|
|
|
goto fail;
|
|
|
|
}
|
2011-06-29 03:12:23 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
fifo_fd = inhibitor_create_fifo(i);
|
|
|
|
if (fifo_fd < 0) {
|
2013-11-21 19:34:37 +01:00
|
|
|
r = fifo_fd;
|
2013-11-05 01:10:21 +01:00
|
|
|
goto fail;
|
|
|
|
}
|
2011-06-29 03:12:23 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
inhibitor_start(i);
|
2011-06-29 03:12:23 +02:00
|
|
|
|
2013-11-21 01:51:16 +01:00
|
|
|
return sd_bus_reply_method_return(message, "h", fifo_fd);
|
2011-06-29 03:12:23 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
fail:
|
|
|
|
if (i)
|
|
|
|
inhibitor_free(i);
|
2012-02-11 00:13:10 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return r;
|
|
|
|
}
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
const sd_bus_vtable manager_vtable[] = {
|
|
|
|
SD_BUS_VTABLE_START(0),
|
|
|
|
|
2015-04-22 17:20:42 +02:00
|
|
|
SD_BUS_WRITABLE_PROPERTY("EnableWallMessages", "b", NULL, NULL, offsetof(Manager, enable_wall_messages), 0),
|
|
|
|
SD_BUS_WRITABLE_PROPERTY("WallMessage", "s", NULL, NULL, offsetof(Manager, wall_message), 0),
|
|
|
|
|
2013-12-22 02:24:05 +01:00
|
|
|
SD_BUS_PROPERTY("NAutoVTs", "u", NULL, offsetof(Manager, n_autovts), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("KillOnlyUsers", "as", NULL, offsetof(Manager, kill_only_users), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("KillExcludeUsers", "as", NULL, offsetof(Manager, kill_exclude_users), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("KillUserProcesses", "b", NULL, offsetof(Manager, kill_user_processes), SD_BUS_VTABLE_PROPERTY_CONST),
|
2019-03-09 21:30:58 +01:00
|
|
|
SD_BUS_PROPERTY("RebootParameter", "s", property_get_reboot_parameter, 0, 0),
|
2018-10-22 12:47:44 +02:00
|
|
|
SD_BUS_PROPERTY("RebootToFirmwareSetup", "b", property_get_reboot_to_firmware_setup, 0, 0),
|
2018-10-22 20:06:52 +02:00
|
|
|
SD_BUS_PROPERTY("RebootToBootLoaderMenu", "t", property_get_reboot_to_boot_loader_menu, 0, 0),
|
|
|
|
SD_BUS_PROPERTY("RebootToBootLoaderEntry", "s", property_get_reboot_to_boot_loader_entry, 0, 0),
|
|
|
|
SD_BUS_PROPERTY("BootLoaderEntries", "as", property_get_boot_loader_entries, 0, SD_BUS_VTABLE_PROPERTY_CONST),
|
2013-11-05 01:10:21 +01:00
|
|
|
SD_BUS_PROPERTY("IdleHint", "b", property_get_idle_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
|
|
|
SD_BUS_PROPERTY("IdleSinceHint", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
|
|
|
SD_BUS_PROPERTY("IdleSinceHintMonotonic", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
|
|
|
SD_BUS_PROPERTY("BlockInhibited", "s", property_get_inhibited, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
|
|
|
SD_BUS_PROPERTY("DelayInhibited", "s", property_get_inhibited, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
|
2013-12-22 02:24:05 +01:00
|
|
|
SD_BUS_PROPERTY("InhibitDelayMaxUSec", "t", NULL, offsetof(Manager, inhibit_delay_max), SD_BUS_VTABLE_PROPERTY_CONST),
|
2018-08-07 11:02:00 +02:00
|
|
|
SD_BUS_PROPERTY("UserStopDelayUSec", "t", NULL, offsetof(Manager, user_stop_delay), SD_BUS_VTABLE_PROPERTY_CONST),
|
2013-12-22 02:24:05 +01:00
|
|
|
SD_BUS_PROPERTY("HandlePowerKey", "s", property_get_handle_action, offsetof(Manager, handle_power_key), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("HandleSuspendKey", "s", property_get_handle_action, offsetof(Manager, handle_suspend_key), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("HandleHibernateKey", "s", property_get_handle_action, offsetof(Manager, handle_hibernate_key), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("HandleLidSwitch", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch), SD_BUS_VTABLE_PROPERTY_CONST),
|
2018-02-09 17:37:39 +01:00
|
|
|
SD_BUS_PROPERTY("HandleLidSwitchExternalPower", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch_ep), SD_BUS_VTABLE_PROPERTY_CONST),
|
2014-08-26 22:08:02 +02:00
|
|
|
SD_BUS_PROPERTY("HandleLidSwitchDocked", "s", property_get_handle_action, offsetof(Manager, handle_lid_switch_docked), SD_BUS_VTABLE_PROPERTY_CONST),
|
2015-03-06 14:37:09 +01:00
|
|
|
SD_BUS_PROPERTY("HoldoffTimeoutUSec", "t", NULL, offsetof(Manager, holdoff_timeout_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
2013-12-22 02:24:05 +01:00
|
|
|
SD_BUS_PROPERTY("IdleAction", "s", property_get_handle_action, offsetof(Manager, idle_action), SD_BUS_VTABLE_PROPERTY_CONST),
|
|
|
|
SD_BUS_PROPERTY("IdleActionUSec", "t", NULL, offsetof(Manager, idle_action_usec), SD_BUS_VTABLE_PROPERTY_CONST),
|
2013-11-05 01:10:21 +01:00
|
|
|
SD_BUS_PROPERTY("PreparingForShutdown", "b", property_get_preparing, 0, 0),
|
|
|
|
SD_BUS_PROPERTY("PreparingForSleep", "b", property_get_preparing, 0, 0),
|
2015-04-20 15:27:15 +02:00
|
|
|
SD_BUS_PROPERTY("ScheduledShutdown", "(st)", property_get_scheduled_shutdown, 0, 0),
|
2015-06-16 01:02:02 +02:00
|
|
|
SD_BUS_PROPERTY("Docked", "b", property_get_docked, 0, 0),
|
2018-10-22 12:41:34 +02:00
|
|
|
SD_BUS_PROPERTY("LidClosed", "b", property_get_lid_closed, 0, 0),
|
2018-10-22 13:02:50 +02:00
|
|
|
SD_BUS_PROPERTY("OnExternalPower", "b", property_get_on_external_power, 0, 0),
|
2016-05-04 19:22:30 +02:00
|
|
|
SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool, offsetof(Manager, remove_ipc), SD_BUS_VTABLE_PROPERTY_CONST),
|
2018-05-17 04:33:13 +02:00
|
|
|
SD_BUS_PROPERTY("RuntimeDirectorySize", "t", NULL, offsetof(Manager, runtime_dir_size), SD_BUS_VTABLE_PROPERTY_CONST),
|
2016-05-04 19:40:05 +02:00
|
|
|
SD_BUS_PROPERTY("InhibitorsMax", "t", NULL, offsetof(Manager, inhibitors_max), SD_BUS_VTABLE_PROPERTY_CONST),
|
2018-05-14 03:02:55 +02:00
|
|
|
SD_BUS_PROPERTY("NCurrentInhibitors", "t", property_get_hashmap_size, offsetof(Manager, inhibitors), 0),
|
2016-05-04 18:57:15 +02:00
|
|
|
SD_BUS_PROPERTY("SessionsMax", "t", NULL, offsetof(Manager, sessions_max), SD_BUS_VTABLE_PROPERTY_CONST),
|
2018-05-14 03:02:55 +02:00
|
|
|
SD_BUS_PROPERTY("NCurrentSessions", "t", property_get_hashmap_size, offsetof(Manager, sessions), 0),
|
2017-12-07 22:25:26 +01:00
|
|
|
SD_BUS_PROPERTY("UserTasksMax", "t", property_get_compat_user_tasks_max, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("GetSession", "s", "o", method_get_session, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("GetSessionByPID", "u", "o", method_get_session_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("GetUser", "u", "o", method_get_user, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("GetUserByPID", "u", "o", method_get_user_by_pid, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("GetSeat", "s", "o", method_get_seat, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("ListSessions", NULL, "a(susso)", method_list_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("ListUsers", NULL, "a(uso)", method_list_users, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("ListSeats", NULL, "a(so)", method_list_seats, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("ListInhibitors", NULL, "a(ssssuu)", method_list_inhibitors, SD_BUS_VTABLE_UNPRIVILEGED),
|
2014-02-05 20:34:11 +01:00
|
|
|
SD_BUS_METHOD("CreateSession", "uusssssussbssa(sv)", "soshusub", method_create_session, 0),
|
2013-11-05 01:10:21 +01:00
|
|
|
SD_BUS_METHOD("ReleaseSession", "s", NULL, method_release_session, 0),
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("ActivateSession", "s", NULL, method_activate_session, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("ActivateSessionOnSeat", "ss", NULL, method_activate_session_on_seat, SD_BUS_VTABLE_UNPRIVILEGED),
|
2015-02-18 12:55:25 +01:00
|
|
|
SD_BUS_METHOD("LockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("UnlockSession", "s", NULL, method_lock_session, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("LockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("UnlockSessions", NULL, NULL, method_lock_sessions, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("KillSession", "ssi", NULL, method_kill_session, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("KillUser", "ui", NULL, method_kill_user, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat, SD_BUS_VTABLE_UNPRIVILEGED),
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("Reboot", "b", NULL, method_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
SD_BUS_METHOD("Halt", "b", NULL, method_halt, SD_BUS_VTABLE_UNPRIVILEGED),
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
|
2018-03-28 18:00:06 +02:00
|
|
|
SD_BUS_METHOD("SuspendThenHibernate", "b", NULL, method_suspend_then_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot, SD_BUS_VTABLE_UNPRIVILEGED),
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
SD_BUS_METHOD("CanHalt", NULL, "s", method_can_halt, SD_BUS_VTABLE_UNPRIVILEGED),
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("CanHibernate", NULL, "s", method_can_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("CanHybridSleep", NULL, "s", method_can_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED),
|
2018-03-28 18:00:06 +02:00
|
|
|
SD_BUS_METHOD("CanSuspendThenHibernate", NULL, "s", method_can_suspend_then_hibernate, SD_BUS_VTABLE_UNPRIVILEGED),
|
2015-07-11 22:00:26 +02:00
|
|
|
SD_BUS_METHOD("ScheduleShutdown", "st", NULL, method_schedule_shutdown, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("CancelScheduledShutdown", NULL, "b", method_cancel_scheduled_shutdown, SD_BUS_VTABLE_UNPRIVILEGED),
|
2013-12-10 17:41:39 +01:00
|
|
|
SD_BUS_METHOD("Inhibit", "ssss", "h", method_inhibit, SD_BUS_VTABLE_UNPRIVILEGED),
|
2019-03-09 21:30:58 +01:00
|
|
|
SD_BUS_METHOD("CanRebootParameter", NULL, "s", method_can_reboot_parameter, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("SetRebootParameter", "s", NULL, method_set_reboot_parameter, SD_BUS_VTABLE_UNPRIVILEGED),
|
2015-04-03 18:03:06 +02:00
|
|
|
SD_BUS_METHOD("CanRebootToFirmwareSetup", NULL, "s", method_can_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
|
2015-04-07 21:08:07 +02:00
|
|
|
SD_BUS_METHOD("SetRebootToFirmwareSetup", "b", NULL, method_set_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
|
2018-10-22 20:06:52 +02:00
|
|
|
SD_BUS_METHOD("CanRebootToBootLoaderMenu", NULL, "s", method_can_reboot_to_boot_loader_menu, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("SetRebootToBootLoaderMenu", "t", NULL, method_set_reboot_to_boot_loader_menu, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("CanRebootToBootLoaderEntry", NULL, "s", method_can_reboot_to_boot_loader_entry, SD_BUS_VTABLE_UNPRIVILEGED),
|
|
|
|
SD_BUS_METHOD("SetRebootToBootLoaderEntry", "s", NULL, method_set_reboot_to_boot_loader_entry, SD_BUS_VTABLE_UNPRIVILEGED),
|
2015-08-24 14:54:22 +02:00
|
|
|
SD_BUS_METHOD("SetWallMessage", "sb", NULL, method_set_wall_message, SD_BUS_VTABLE_UNPRIVILEGED),
|
2013-11-05 01:10:21 +01:00
|
|
|
|
|
|
|
SD_BUS_SIGNAL("SessionNew", "so", 0),
|
|
|
|
SD_BUS_SIGNAL("SessionRemoved", "so", 0),
|
|
|
|
SD_BUS_SIGNAL("UserNew", "uo", 0),
|
|
|
|
SD_BUS_SIGNAL("UserRemoved", "uo", 0),
|
|
|
|
SD_BUS_SIGNAL("SeatNew", "so", 0),
|
|
|
|
SD_BUS_SIGNAL("SeatRemoved", "so", 0),
|
|
|
|
SD_BUS_SIGNAL("PrepareForShutdown", "b", 0),
|
|
|
|
SD_BUS_SIGNAL("PrepareForSleep", "b", 0),
|
|
|
|
|
|
|
|
SD_BUS_VTABLE_END
|
|
|
|
};
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2014-02-06 21:37:14 +01:00
|
|
|
static int session_jobs_reply(Session *s, const char *unit, const char *result) {
|
|
|
|
assert(s);
|
|
|
|
assert(unit);
|
|
|
|
|
|
|
|
if (!s->started)
|
2018-08-06 21:44:45 +02:00
|
|
|
return 0;
|
2014-02-06 21:37:14 +01:00
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
if (result && !streq(result, "done")) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error e = SD_BUS_ERROR_NULL;
|
2014-02-06 21:37:14 +01:00
|
|
|
|
2019-04-07 20:51:44 +02:00
|
|
|
sd_bus_error_setf(&e, BUS_ERROR_JOB_FAILED,
|
|
|
|
"Start job for unit '%s' failed with '%s'", unit, result);
|
2018-08-06 21:44:45 +02:00
|
|
|
return session_send_create_reply(s, &e);
|
2014-02-06 21:37:14 +01:00
|
|
|
}
|
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
return session_send_create_reply(s, NULL);
|
2014-02-06 21:37:14 +01:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
const char *path, *result, *unit;
|
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
uint32_t id;
|
|
|
|
User *user;
|
|
|
|
int r;
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "uoss", &id, &path, &unit, &result);
|
|
|
|
if (r < 0) {
|
2013-11-21 19:34:37 +01:00
|
|
|
bus_log_parse_error(r);
|
2015-08-06 15:46:16 +02:00
|
|
|
return 0;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (m->action_job && streq(m->action_job, path)) {
|
2015-10-14 22:22:17 +02:00
|
|
|
log_info("Operation '%s' finished.", inhibit_what_to_string(m->action_what));
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
/* Tell people that they now may take a lock again */
|
2017-11-27 08:15:07 +01:00
|
|
|
(void) send_prepare_for(m, m->action_what, false);
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2015-08-06 15:48:17 +02:00
|
|
|
m->action_job = mfree(m->action_job);
|
2013-11-05 01:10:21 +01:00
|
|
|
m->action_unit = NULL;
|
|
|
|
m->action_what = 0;
|
|
|
|
return 0;
|
|
|
|
}
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
session = hashmap_get(m->session_units, unit);
|
2018-08-06 21:44:45 +02:00
|
|
|
if (session) {
|
|
|
|
if (streq_ptr(path, session->scope_job)) {
|
|
|
|
session->scope_job = mfree(session->scope_job);
|
|
|
|
(void) session_jobs_reply(session, unit, result);
|
|
|
|
|
|
|
|
session_save(session);
|
|
|
|
user_save(session->user);
|
|
|
|
}
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
session_add_to_gc_queue(session);
|
|
|
|
}
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
user = hashmap_get(m->user_units, unit);
|
2018-08-06 21:44:45 +02:00
|
|
|
if (user) {
|
|
|
|
if (streq_ptr(path, user->service_job)) {
|
2015-08-06 15:48:17 +02:00
|
|
|
user->service_job = mfree(user->service_job);
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
LIST_FOREACH(sessions_by_user, session, user->sessions)
|
|
|
|
(void) session_jobs_reply(session, unit, NULL /* don't propagate user service failures to the client */);
|
2011-05-26 02:21:16 +02:00
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
user_save(user);
|
|
|
|
}
|
2014-01-08 23:45:38 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
user_add_to_gc_queue(user);
|
2011-05-26 02:21:16 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return 0;
|
2011-05-26 02:21:16 +02:00
|
|
|
}
|
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
int match_unit_removed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
const char *path, *unit;
|
2011-06-24 20:41:56 +02:00
|
|
|
Manager *m = userdata;
|
2013-11-05 01:10:21 +01:00
|
|
|
Session *session;
|
|
|
|
User *user;
|
|
|
|
int r;
|
2011-06-24 20:41:56 +02:00
|
|
|
|
|
|
|
assert(message);
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(m);
|
2011-06-24 20:41:56 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "so", &unit, &path);
|
|
|
|
if (r < 0) {
|
2013-11-21 19:34:37 +01:00
|
|
|
bus_log_parse_error(r);
|
2015-08-06 15:46:16 +02:00
|
|
|
return 0;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
session = hashmap_get(m->session_units, unit);
|
|
|
|
if (session)
|
|
|
|
session_add_to_gc_queue(session);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
user = hashmap_get(m->user_units, unit);
|
|
|
|
if (user)
|
|
|
|
user_add_to_gc_queue(user);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
int match_properties_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
_cleanup_free_ char *unit = NULL;
|
|
|
|
Manager *m = userdata;
|
|
|
|
const char *path;
|
|
|
|
Session *session;
|
|
|
|
User *user;
|
2013-11-21 19:34:37 +01:00
|
|
|
int r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
path = sd_bus_message_get_path(message);
|
|
|
|
if (!path)
|
|
|
|
return 0;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-21 19:34:37 +01:00
|
|
|
r = unit_name_from_dbus_path(path, &unit);
|
2014-12-29 19:08:50 +01:00
|
|
|
if (r == -EINVAL) /* not a unit */
|
|
|
|
return 0;
|
2015-08-06 15:46:16 +02:00
|
|
|
if (r < 0) {
|
|
|
|
log_oom();
|
|
|
|
return 0;
|
|
|
|
}
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
session = hashmap_get(m->session_units, unit);
|
|
|
|
if (session)
|
|
|
|
session_add_to_gc_queue(session);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
user = hashmap_get(m->user_units, unit);
|
|
|
|
if (user)
|
|
|
|
user_add_to_gc_queue(user);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2013-07-10 19:24:03 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
int match_reloading(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
2013-11-05 01:10:21 +01:00
|
|
|
Manager *m = userdata;
|
|
|
|
Session *session;
|
|
|
|
Iterator i;
|
|
|
|
int b, r;
|
2013-07-03 15:12:58 +02:00
|
|
|
|
2015-04-29 18:35:10 +02:00
|
|
|
assert(message);
|
|
|
|
assert(m);
|
2013-07-03 15:12:58 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(message, "b", &b);
|
|
|
|
if (r < 0) {
|
2013-11-21 19:34:37 +01:00
|
|
|
bus_log_parse_error(r);
|
2015-08-06 15:46:16 +02:00
|
|
|
return 0;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
2013-07-03 15:12:58 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
if (b)
|
|
|
|
return 0;
|
2013-07-03 15:12:58 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
/* systemd finished reloading, let's recheck all our sessions */
|
|
|
|
log_debug("System manager has been reloaded, rechecking sessions...");
|
2013-07-10 23:31:40 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
HASHMAP_FOREACH(session, m->sessions, i)
|
|
|
|
session_add_to_gc_queue(session);
|
2013-07-10 23:31:40 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2013-07-03 15:12:58 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
int manager_send_changed(Manager *manager, const char *property, ...) {
|
|
|
|
char **l;
|
2011-06-21 21:46:13 +02:00
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
l = strv_from_stdarg_alloca(property);
|
2011-06-21 21:46:13 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return sd_bus_emit_properties_changed_strv(
|
|
|
|
manager->bus,
|
|
|
|
"/org/freedesktop/login1",
|
|
|
|
"org.freedesktop.login1.Manager",
|
|
|
|
l);
|
2011-06-21 21:46:13 +02:00
|
|
|
}
|
2012-05-05 00:34:48 +02:00
|
|
|
|
2016-01-13 04:02:18 +01:00
|
|
|
static int strdup_job(sd_bus_message *reply, char **job) {
|
|
|
|
const char *j;
|
|
|
|
char *copy;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = sd_bus_message_read(reply, "o", &j);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
copy = strdup(j);
|
|
|
|
if (!copy)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
*job = copy;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2013-07-02 01:46:30 +02:00
|
|
|
int manager_start_scope(
|
|
|
|
Manager *manager,
|
|
|
|
const char *scope,
|
|
|
|
pid_t pid,
|
|
|
|
const char *slice,
|
|
|
|
const char *description,
|
2018-08-06 21:44:45 +02:00
|
|
|
char **wants,
|
|
|
|
char **after,
|
2018-08-08 15:27:49 +02:00
|
|
|
const char *requires_mounts_for,
|
2018-04-17 16:42:44 +02:00
|
|
|
sd_bus_message *more_properties,
|
2013-11-05 01:10:21 +01:00
|
|
|
sd_bus_error *error,
|
2013-07-02 01:46:30 +02:00
|
|
|
char **job) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
|
2018-08-06 21:44:45 +02:00
|
|
|
char **i;
|
2013-11-05 01:10:21 +01:00
|
|
|
int r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(scope);
|
|
|
|
assert(pid > 1);
|
2016-01-13 04:02:18 +01:00
|
|
|
assert(job);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_new_method_call(
|
|
|
|
manager->bus,
|
2014-02-19 23:54:58 +01:00
|
|
|
&m,
|
2013-07-02 01:46:30 +02:00
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
"/org/freedesktop/systemd1",
|
|
|
|
"org.freedesktop.systemd1.Manager",
|
2014-02-19 23:54:58 +01:00
|
|
|
"StartTransientUnit");
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_append(m, "ss", strempty(scope), "fail");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_open_container(m, 'a', "(sv)");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
|
|
|
if (!isempty(slice)) {
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_append(m, "(sv)", "Slice", "s", slice);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!isempty(description)) {
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_append(m, "(sv)", "Description", "s", description);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
STRV_FOREACH(i, wants) {
|
|
|
|
r = sd_bus_message_append(m, "(sv)", "Wants", "as", 1, *i);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-10 23:39:46 +02:00
|
|
|
}
|
|
|
|
|
2018-08-06 21:44:45 +02:00
|
|
|
STRV_FOREACH(i, after) {
|
|
|
|
r = sd_bus_message_append(m, "(sv)", "After", "as", 1, *i);
|
2014-02-07 16:42:03 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2018-08-08 15:27:49 +02:00
|
|
|
if (!empty_or_root(requires_mounts_for)) {
|
|
|
|
r = sd_bus_message_append(m, "(sv)", "RequiresMountsFor", "as", 1, requires_mounts_for);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2018-03-21 19:06:59 +01:00
|
|
|
/* Make sure that the session shells are terminated with SIGHUP since bash and friends tend to ignore
|
|
|
|
* SIGTERM */
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_append(m, "(sv)", "SendSIGHUP", "b", true);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_message_append(m, "(sv)", "PIDs", "au", 1, pid);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2018-04-17 16:42:44 +02:00
|
|
|
/* disable TasksMax= for the session scope, rely on the slice setting for it */
|
|
|
|
r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", (uint64_t)-1);
|
2015-11-13 18:25:02 +01:00
|
|
|
if (r < 0)
|
2018-04-17 16:42:44 +02:00
|
|
|
return bus_log_create_error(r);
|
|
|
|
|
|
|
|
if (more_properties) {
|
|
|
|
/* If TasksMax also appears here, it will overwrite the default value set above */
|
|
|
|
r = sd_bus_message_copy(m, more_properties, true);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
2015-11-13 18:25:02 +01:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_close_container(m);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-21 20:05:49 +01:00
|
|
|
|
|
|
|
r = sd_bus_message_append(m, "a(sa(sv))", 0);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-11-05 01:10:21 +01:00
|
|
|
|
2013-11-11 18:55:34 +01:00
|
|
|
r = sd_bus_call(manager->bus, m, 0, error, &reply);
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2016-01-13 04:02:18 +01:00
|
|
|
return strdup_job(reply, job);
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
int manager_start_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-07-02 01:46:30 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(unit);
|
2016-01-13 04:02:18 +01:00
|
|
|
assert(job);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_call_method(
|
2013-07-02 01:46:30 +02:00
|
|
|
manager->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
"/org/freedesktop/systemd1",
|
|
|
|
"org.freedesktop.systemd1.Manager",
|
|
|
|
"StartUnit",
|
|
|
|
error,
|
2013-11-05 01:10:21 +01:00
|
|
|
&reply,
|
2015-11-16 15:43:18 +01:00
|
|
|
"ss", unit, "replace");
|
2013-11-05 01:10:21 +01:00
|
|
|
if (r < 0)
|
2013-07-02 01:46:30 +02:00
|
|
|
return r;
|
|
|
|
|
2016-01-13 04:02:18 +01:00
|
|
|
return strdup_job(reply, job);
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
int manager_stop_unit(Manager *manager, const char *unit, sd_bus_error *error, char **job) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-07-02 01:46:30 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(unit);
|
2016-01-13 04:02:18 +01:00
|
|
|
assert(job);
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_call_method(
|
2013-07-02 01:46:30 +02:00
|
|
|
manager->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
"/org/freedesktop/systemd1",
|
|
|
|
"org.freedesktop.systemd1.Manager",
|
|
|
|
"StopUnit",
|
|
|
|
error,
|
2013-11-05 01:10:21 +01:00
|
|
|
&reply,
|
|
|
|
"ss", unit, "fail");
|
2013-07-02 01:46:30 +02:00
|
|
|
if (r < 0) {
|
2013-11-05 01:10:21 +01:00
|
|
|
if (sd_bus_error_has_name(error, BUS_ERROR_NO_SUCH_UNIT) ||
|
|
|
|
sd_bus_error_has_name(error, BUS_ERROR_LOAD_FAILED)) {
|
2013-07-10 23:31:40 +02:00
|
|
|
|
2016-01-13 04:02:18 +01:00
|
|
|
*job = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
sd_bus_error_free(error);
|
2013-07-10 23:31:40 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-07-02 01:46:30 +02:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2016-01-13 04:02:18 +01:00
|
|
|
return strdup_job(reply, job);
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
2018-08-06 21:41:54 +02:00
|
|
|
int manager_abandon_scope(Manager *manager, const char *scope, sd_bus_error *ret_error) {
|
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
2014-02-06 18:32:14 +01:00
|
|
|
_cleanup_free_ char *path = NULL;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(scope);
|
|
|
|
|
|
|
|
path = unit_dbus_path_from_name(scope);
|
|
|
|
if (!path)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(
|
|
|
|
manager->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
path,
|
|
|
|
"org.freedesktop.systemd1.Scope",
|
|
|
|
"Abandon",
|
2018-08-06 21:41:54 +02:00
|
|
|
&error,
|
2014-02-06 18:32:14 +01:00
|
|
|
NULL,
|
|
|
|
NULL);
|
|
|
|
if (r < 0) {
|
2018-08-06 21:41:54 +02:00
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
|
|
|
|
sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED) ||
|
|
|
|
sd_bus_error_has_name(&error, BUS_ERROR_SCOPE_NOT_RUNNING))
|
2014-02-06 18:32:14 +01:00
|
|
|
return 0;
|
|
|
|
|
2018-08-06 21:41:54 +02:00
|
|
|
sd_bus_error_move(ret_error, &error);
|
2014-02-06 18:32:14 +01:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
int manager_kill_unit(Manager *manager, const char *unit, KillWho who, int signo, sd_bus_error *error) {
|
2013-07-02 01:46:30 +02:00
|
|
|
assert(manager);
|
|
|
|
assert(unit);
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return sd_bus_call_method(
|
2013-07-02 01:46:30 +02:00
|
|
|
manager->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
"/org/freedesktop/systemd1",
|
|
|
|
"org.freedesktop.systemd1.Manager",
|
|
|
|
"KillUnit",
|
|
|
|
error,
|
2013-11-05 01:10:21 +01:00
|
|
|
NULL,
|
|
|
|
"ssi", unit, who == KILL_LEADER ? "main" : "all", signo);
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
2018-08-06 19:00:49 +02:00
|
|
|
int manager_unit_is_active(Manager *manager, const char *unit, sd_bus_error *ret_error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-07-02 01:46:30 +02:00
|
|
|
_cleanup_free_ char *path = NULL;
|
|
|
|
const char *state;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(unit);
|
|
|
|
|
|
|
|
path = unit_dbus_path_from_name(unit);
|
|
|
|
if (!path)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_get_property(
|
2013-07-02 01:46:30 +02:00
|
|
|
manager->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
path,
|
2013-11-05 01:10:21 +01:00
|
|
|
"org.freedesktop.systemd1.Unit",
|
|
|
|
"ActiveState",
|
2013-07-02 01:46:30 +02:00
|
|
|
&error,
|
2013-11-05 01:10:21 +01:00
|
|
|
&reply,
|
|
|
|
"s");
|
2013-07-02 01:46:30 +02:00
|
|
|
if (r < 0) {
|
2019-03-18 13:49:53 +01:00
|
|
|
/* systemd might have dropped off momentarily, let's
|
2013-11-05 01:10:21 +01:00
|
|
|
* not make this an error */
|
|
|
|
if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
|
|
|
|
sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
|
2013-07-10 23:31:40 +02:00
|
|
|
return true;
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
/* If the unit is already unloaded then it's not
|
|
|
|
* active */
|
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ||
|
|
|
|
sd_bus_error_has_name(&error, BUS_ERROR_LOAD_FAILED))
|
2013-07-10 23:31:40 +02:00
|
|
|
return false;
|
|
|
|
|
2018-08-06 19:00:49 +02:00
|
|
|
sd_bus_error_move(ret_error, &error);
|
2013-07-02 01:46:30 +02:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
r = sd_bus_message_read(reply, "s", &state);
|
|
|
|
if (r < 0)
|
2018-08-06 19:00:49 +02:00
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2018-08-06 19:00:49 +02:00
|
|
|
return !STR_IN_SET(state, "inactive", "failed");
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2018-08-06 19:00:49 +02:00
|
|
|
int manager_job_is_active(Manager *manager, const char *path, sd_bus_error *ret_error) {
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-05 01:10:21 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(manager);
|
|
|
|
assert(path);
|
|
|
|
|
|
|
|
r = sd_bus_get_property(
|
|
|
|
manager->bus,
|
|
|
|
"org.freedesktop.systemd1",
|
|
|
|
path,
|
|
|
|
"org.freedesktop.systemd1.Job",
|
|
|
|
"State",
|
|
|
|
&error,
|
|
|
|
&reply,
|
|
|
|
"s");
|
|
|
|
if (r < 0) {
|
|
|
|
if (sd_bus_error_has_name(&error, SD_BUS_ERROR_NO_REPLY) ||
|
|
|
|
sd_bus_error_has_name(&error, SD_BUS_ERROR_DISCONNECTED))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_OBJECT))
|
|
|
|
return false;
|
|
|
|
|
2018-08-06 19:00:49 +02:00
|
|
|
sd_bus_error_move(ret_error, &error);
|
2013-11-05 01:10:21 +01:00
|
|
|
return r;
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
/* We don't actually care about the state really. The fact
|
|
|
|
* that we could read the job state is enough for us */
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-11-05 01:10:21 +01:00
|
|
|
return true;
|
2013-07-02 01:46:30 +02:00
|
|
|
}
|