systemctl: relax permission checks in halt_main()

Thus we allow (non-interactive) polkit auth to kick in for legacy commands
(halt, poweroff, reboot, telinit) as well.

Fixes (another aspect of) issue #213.

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index bde3607..9822c70 100644 (file)
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -7371,14 +7371,19 @@ static int halt_main(sd_bus *bus) {
                 return r;
 
         if (geteuid() != 0) {
+                if (arg_when > 0 ||
+                    arg_dry ||
+                    arg_force > 0) {
+                        log_error("Must be root.");
+                        return -EPERM;
+                }
+
                 /* Try logind if we are a normal user and no special
                  * mode applies. Maybe PolicyKit allows us to shutdown
                  * the machine. */
-
-                if (arg_when <= 0 &&
-                    arg_force <= 0 &&
-                    (arg_action == ACTION_POWEROFF ||
-                     arg_action == ACTION_REBOOT)) {
+                if (IN_SET(arg_action,
+                           ACTION_POWEROFF,
+                           ACTION_REBOOT)) {
                         r = reboot_with_logind(bus, arg_action);
                         if (r >= 0)
                                 return r;
@@ -7387,9 +7392,6 @@ static int halt_main(sd_bus *bus) {
                                 return r;
                         /* on all other errors, try low-level operation */
                 }
-
-                log_error("Must be root.");
-                return -EPERM;
         }
 
         if (arg_when > 0) {
@@ -7398,6 +7400,8 @@ static int halt_main(sd_bus *bus) {
                 _cleanup_free_ char *m = NULL;
                 const char *action;
 
+                assert(geteuid() == 0);
+
                 if (avoid_bus()) {
                         log_error("Unable to perform operation without bus connection.");
                         return -ENOSYS;
@@ -7473,6 +7477,8 @@ static int halt_main(sd_bus *bus) {
         if (!arg_dry && !arg_force)
                 return start_with_fallback(bus);
 
+        assert(geteuid() == 0);
+
         if (!arg_no_wtmp) {
                 if (sd_booted() > 0)
                         log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");