From 2ac3930f5b5fb06c7bd959c2ea8667554fceccfe Mon Sep 17 00:00:00 2001 From: Ivan Shapovalov Date: Wed, 9 Sep 2015 16:06:49 +0300 Subject: [PATCH] systemctl: relax permission checks in halt_main() Thus we allow (non-interactive) polkit auth to kick in for legacy commands (halt, poweroff, reboot, telinit) as well. Fixes (another aspect of) issue #213. --- src/systemctl/systemctl.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index bde3607..9822c70 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -7371,14 +7371,19 @@ static int halt_main(sd_bus *bus) { return r; if (geteuid() != 0) { + if (arg_when > 0 || + arg_dry || + arg_force > 0) { + log_error("Must be root."); + return -EPERM; + } + /* Try logind if we are a normal user and no special * mode applies. Maybe PolicyKit allows us to shutdown * the machine. */ - - if (arg_when <= 0 && - arg_force <= 0 && - (arg_action == ACTION_POWEROFF || - arg_action == ACTION_REBOOT)) { + if (IN_SET(arg_action, + ACTION_POWEROFF, + ACTION_REBOOT)) { r = reboot_with_logind(bus, arg_action); if (r >= 0) return r; @@ -7387,9 +7392,6 @@ static int halt_main(sd_bus *bus) { return r; /* on all other errors, try low-level operation */ } - - log_error("Must be root."); - return -EPERM; } if (arg_when > 0) { @@ -7398,6 +7400,8 @@ static int halt_main(sd_bus *bus) { _cleanup_free_ char *m = NULL; const char *action; + assert(geteuid() == 0); + if (avoid_bus()) { log_error("Unable to perform operation without bus connection."); return -ENOSYS; @@ -7473,6 +7477,8 @@ static int halt_main(sd_bus *bus) { if (!arg_dry && !arg_force) return start_with_fallback(bus); + assert(geteuid() == 0); + if (!arg_no_wtmp) { if (sd_booted() > 0) log_debug("Not writing utmp record, assuming that systemd-update-utmp is used."); -- 2.7.4