summaryrefslogtreecommitdiff
path: root/src/systemctl
diff options
context:
space:
mode:
authorIvan Shapovalov <intelfx100@gmail.com>2015-09-09 16:06:49 +0300
committerIvan Shapovalov <intelfx100@gmail.com>2015-09-10 14:45:00 +0300
commit2ac3930f5b5fb06c7bd959c2ea8667554fceccfe (patch)
treea1bdbbf0e1c532258e5c231c1a4055038955abdc /src/systemctl
parenta9085ea35628fa0bfeb3b48fb53f7b823081ad09 (diff)
systemctl: relax permission checks in halt_main()
Thus we allow (non-interactive) polkit auth to kick in for legacy commands (halt, poweroff, reboot, telinit) as well. Fixes (another aspect of) issue #213.
Diffstat (limited to 'src/systemctl')
-rw-r--r--src/systemctl/systemctl.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index bde3607e21..9822c70a0d 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -7371,14 +7371,19 @@ static int halt_main(sd_bus *bus) {
return r;
if (geteuid() != 0) {
+ if (arg_when > 0 ||
+ arg_dry ||
+ arg_force > 0) {
+ log_error("Must be root.");
+ return -EPERM;
+ }
+
/* Try logind if we are a normal user and no special
* mode applies. Maybe PolicyKit allows us to shutdown
* the machine. */
-
- if (arg_when <= 0 &&
- arg_force <= 0 &&
- (arg_action == ACTION_POWEROFF ||
- arg_action == ACTION_REBOOT)) {
+ if (IN_SET(arg_action,
+ ACTION_POWEROFF,
+ ACTION_REBOOT)) {
r = reboot_with_logind(bus, arg_action);
if (r >= 0)
return r;
@@ -7387,9 +7392,6 @@ static int halt_main(sd_bus *bus) {
return r;
/* on all other errors, try low-level operation */
}
-
- log_error("Must be root.");
- return -EPERM;
}
if (arg_when > 0) {
@@ -7398,6 +7400,8 @@ static int halt_main(sd_bus *bus) {
_cleanup_free_ char *m = NULL;
const char *action;
+ assert(geteuid() == 0);
+
if (avoid_bus()) {
log_error("Unable to perform operation without bus connection.");
return -ENOSYS;
@@ -7473,6 +7477,8 @@ static int halt_main(sd_bus *bus) {
if (!arg_dry && !arg_force)
return start_with_fallback(bus);
+ assert(geteuid() == 0);
+
if (!arg_no_wtmp) {
if (sd_booted() > 0)
log_debug("Not writing utmp record, assuming that systemd-update-utmp is used.");