summaryrefslogtreecommitdiff
path: root/src/systemctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/systemctl.c')
-rw-r--r--src/systemctl.c58
1 files changed, 57 insertions, 1 deletions
diff --git a/src/systemctl.c b/src/systemctl.c
index ffbe4db541..a4b83afcf7 100644
--- a/src/systemctl.c
+++ b/src/systemctl.c
@@ -32,6 +32,7 @@
#include <sys/socket.h>
#include <sys/stat.h>
#include <stddef.h>
+#include <sys/prctl.h>
#include <dbus/dbus.h>
@@ -73,6 +74,7 @@ static bool arg_quiet = false;
static bool arg_full = false;
static bool arg_force = false;
static bool arg_defaults = false;
+static bool arg_ask_password = false;
static char **arg_wall = NULL;
static const char *arg_kill_who = NULL;
static const char *arg_kill_mode = NULL;
@@ -118,6 +120,47 @@ static bool on_tty(void) {
return t;
}
+static void spawn_ask_password_agent(void) {
+ pid_t parent, child;
+
+ /* We check STDIN here, not STDOUT, since this is about input,
+ * not output */
+ if (!isatty(STDIN_FILENO))
+ return;
+
+ if (!arg_ask_password)
+ return;
+
+ parent = getpid();
+
+ /* Spawns a temporary TTY agent, making sure it goes away when
+ * we go away */
+
+ if ((child = fork()) < 0)
+ return;
+
+ if (child == 0) {
+ /* In the child */
+
+ const char * const args[] = {
+ SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH,
+ "--watch",
+ NULL
+ };
+
+ if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
+ _exit(EXIT_FAILURE);
+
+ /* Check whether our parent died before we were able
+ * to set the death signal */
+ if (getppid() != parent)
+ _exit(EXIT_SUCCESS);
+
+ execv(args[0], (char **) args);
+ _exit(EXIT_FAILURE);
+ }
+}
+
static const char *ansi_highlight(bool b) {
if (!on_tty())
@@ -1269,6 +1312,8 @@ static int start_unit(DBusConnection *bus, char **args, unsigned n) {
assert(bus);
+ spawn_ask_password_agent();
+
if (arg_action == ACTION_SYSTEMCTL) {
method =
streq(args[0], "stop") ? "StopUnit" :
@@ -4010,6 +4055,8 @@ static int systemctl_help(void) {
" --global Enable/disable unit files globally\n"
" --no-reload When enabling/disabling unit files, don't reload daemon\n"
" configuration\n"
+ " --no-ask-password\n"
+ " Do not ask for system passwords\n"
" --kill-mode=MODE How to send signal\n"
" --kill-who=WHO Who to send signal to\n"
" -s --signal=SIGNAL Which signal to send\n"
@@ -4146,7 +4193,8 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
ARG_NO_RELOAD,
ARG_DEFAULTS,
ARG_KILL_MODE,
- ARG_KILL_WHO
+ ARG_KILL_WHO,
+ ARG_NO_ASK_PASSWORD
};
static const struct option options[] = {
@@ -4171,6 +4219,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
{ "kill-mode", required_argument, NULL, ARG_KILL_MODE },
{ "kill-who", required_argument, NULL, ARG_KILL_WHO },
{ "signal", required_argument, NULL, 's' },
+ { "no-ask-password", no_argument, NULL, ARG_NO_ASK_PASSWORD },
{ NULL, 0, NULL, 0 }
};
@@ -4179,6 +4228,9 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
assert(argc >= 0);
assert(argv);
+ /* Only when running as systemctl we ask for passwords */
+ arg_ask_password = true;
+
while ((c = getopt_long(argc, argv, "ht:p:aqfs:", options, NULL)) >= 0) {
switch (c) {
@@ -4285,6 +4337,10 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
}
break;
+ case ARG_NO_ASK_PASSWORD:
+ arg_ask_password = false;
+ break;
+
case '?':
return -EINVAL;