logind/systemctl: introduce SetWallMessage and --message

Enable unprivileged users to set wall message on a shutdown operation. When the message is set via the --message option, it is logged together with the default shutdown message. $ systemctl reboot --message "Applied kernel updates." $ journalctl -b -1 ... systemd-logind[27]: System is rebooting. (Applied kernel updates.) ...
author: Jan Synacek <jsynacek@redhat.com> 2015-08-24 14:54:22 +0200
committer: Jan Synacek <jsynacek@redhat.com> 2015-08-25 13:52:44 +0200
commit: 9ef15026c0e7e6600372056c43442c99ec53746e (patch)
tree: 7b82f423cb3499c100c1d2a2b5540d336d4928f9 /src/login
parent: 72aa2c2a2083362afda9f09805563848d54e31df (diff)
3 files changed, 60 insertions, 1 deletions
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 992a9f5b4a..5b2b36b9c0 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1339,7 +1339,8 @@ static int bus_manager_log_shutdown(
                 InhibitWhat w,
                 const char *unit_name) {
 
-        const char *p, *q;
+        const char *p;
+        const char *q;
 
         assert(m);
         assert(unit_name);
@@ -1364,6 +1365,9 @@ static int bus_manager_log_shutdown(
                 q = NULL;
         }
 
+        if (m->wall_message)
+                p = strjoina(p, " (", m->wall_message, ")", NULL);
+
         return log_struct(LOG_NOTICE,
                           LOG_MESSAGE_ID(SD_MESSAGE_SHUTDOWN),
                           p,
@@ -2282,6 +2286,44 @@ static int method_can_reboot_to_firmware_setup(
         return sd_bus_reply_method_return(message, "s", result);
 }
 
+static int method_set_wall_message(
+                sd_bus_message *message,
+                void *userdata,
+                sd_bus_error *error) {
+
+        int r;
+        Manager *m = userdata;
+        char *wall_message;
+        bool enable_wall_messages;
+
+        assert(message);
+        assert(m);
+
+        r = sd_bus_message_read(message, "sb", &wall_message, &enable_wall_messages);
+        if (r < 0)
+                return r;
+
+        r = bus_verify_polkit_async(message,
+                                    CAP_SYS_ADMIN,
+                                    "org.freedesktop.login1.set-wall-message",
+                                    false,
+                                    UID_INVALID,
+                                    &m->polkit_registry,
+                                    error);
+
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
+        r = free_and_strdup(&m->wall_message, wall_message);
+        if (r < 0)
+                return log_oom();
+        m->enable_wall_messages = enable_wall_messages;
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
 static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error *error) {
         _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
         const char *who, *why, *what, *mode;
@@ -2463,6 +2505,7 @@ const sd_bus_vtable manager_vtable[] = {
         SD_BUS_METHOD("Inhibit", "ssss", "h", method_inhibit, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("CanRebootToFirmwareSetup", NULL, "s", method_can_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("SetRebootToFirmwareSetup", "b", NULL, method_set_reboot_to_firmware_setup, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("SetWallMessage", "sb", NULL, method_set_wall_message, SD_BUS_VTABLE_UNPRIVILEGED),
 
         SD_BUS_SIGNAL("SessionNew", "so", 0),
         SD_BUS_SIGNAL("SessionRemoved", "so", 0),
diff --git a/src/login/org.freedesktop.login1.conf b/src/login/org.freedesktop.login1.conf
index d8deb7bc8b..1662d4c428 100644
--- a/src/login/org.freedesktop.login1.conf
+++ b/src/login/org.freedesktop.login1.conf
@@ -182,6 +182,10 @@
 
                 <allow send_destination="org.freedesktop.login1"
                        send_interface="org.freedesktop.login1.Manager"
+                       send_member="SetWallMessage"/>
+
+                <allow send_destination="org.freedesktop.login1"
+                       send_interface="org.freedesktop.login1.Manager"
                        send_member="AttachDevice"/>
 
                 <allow send_destination="org.freedesktop.login1"
diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in
index 83e7183323..23326bb79f 100644
--- a/src/login/org.freedesktop.login1.policy.in
+++ b/src/login/org.freedesktop.login1.policy.in
@@ -150,6 +150,7 @@
                         <allow_inactive>auth_admin_keep</allow_inactive>
                         <allow_active>yes</allow_active>
                 </defaults>
+                <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.set-wall-message</annotate>
         </action>
 
         <action id="org.freedesktop.login1.power-off-multiple-sessions">
@@ -182,6 +183,7 @@
                         <allow_inactive>auth_admin_keep</allow_inactive>
                         <allow_active>yes</allow_active>
                 </defaults>
+                <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.set-wall-message</annotate>
         </action>
 
         <action id="org.freedesktop.login1.reboot-multiple-sessions">
@@ -300,4 +302,14 @@
                 </defaults>
         </action>
 
+        <action id="org.freedesktop.login1.set-wall-message">
+                <_description>Set a wall message</_description>
+                <_message>Authentication is required to set a wall message</_message>
+                <defaults>
+                        <allow_any>auth_admin_keep</allow_any>
+                        <allow_inactive>auth_admin_keep</allow_inactive>
+                        <allow_active>auth_admin_keep</allow_active>
+                </defaults>
+        </action>
+
 </policyconfig>
author	Jan Synacek <jsynacek@redhat.com>	2015-08-24 14:54:22 +0200
committer	Jan Synacek <jsynacek@redhat.com>	2015-08-25 13:52:44 +0200
commit	9ef15026c0e7e6600372056c43442c99ec53746e (patch)
tree	7b82f423cb3499c100c1d2a2b5540d336d4928f9 /src/login
parent	72aa2c2a2083362afda9f09805563848d54e31df (diff)