From 1b919ca4db1dc71ef53bb8b0b2b2ab697567ade6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Jun 2024 12:07:36 +0200 Subject: [PATCH 1/4] Rename spawn-polkit-agent.c to just polkit-agent.c The functions in the file were *not* using the spawn prefix, and the prefix seems completely unnecessary. --- src/home/homectl.c | 2 +- src/hostname/hostnamectl.c | 2 +- src/import/importctl.c | 2 +- src/locale/localectl.c | 2 +- src/login/loginctl.c | 2 +- src/machine/machinectl.c | 2 +- src/mount/mount-tool.c | 2 +- src/portable/portablectl.c | 2 +- src/run/run.c | 2 +- src/shared/main-func.h | 2 +- src/shared/meson.build | 2 +- src/shared/{spawn-polkit-agent.c => polkit-agent.c} | 2 +- src/shared/{spawn-polkit-agent.h => polkit-agent.h} | 0 src/systemctl/systemctl-util.c | 2 +- src/timedate/timedatectl.c | 2 +- 15 files changed, 14 insertions(+), 14 deletions(-) rename src/shared/{spawn-polkit-agent.c => polkit-agent.c} (98%) rename src/shared/{spawn-polkit-agent.h => polkit-agent.h} (100%) diff --git a/src/home/homectl.c b/src/home/homectl.c index f2a04d5a0ce..25e942bd94d 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -39,13 +39,13 @@ #include "path-util.h" #include "percent-util.h" #include "pkcs11-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "proc-cmdline.h" #include "process-util.h" #include "recurse-dir.h" #include "rlimit-util.h" #include "rm-rf.h" -#include "spawn-polkit-agent.h" #include "terminal-util.h" #include "tmpfile-util.h" #include "uid-classification.h" diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c index 83e53a45607..157ac769cab 100644 --- a/src/hostname/hostnamectl.c +++ b/src/hostname/hostnamectl.c @@ -23,9 +23,9 @@ #include "hostname-util.h" #include "main-func.h" #include "parse-argument.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "socket-util.h" -#include "spawn-polkit-agent.h" #include "terminal-util.h" #include "verbs.h" diff --git a/src/import/importctl.c b/src/import/importctl.c index d81e79e3cdb..3334f37b946 100644 --- a/src/import/importctl.c +++ b/src/import/importctl.c @@ -24,10 +24,10 @@ #include "parse-argument.h" #include "parse-util.h" #include "path-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "signal-util.h" #include "sort-util.h" -#include "spawn-polkit-agent.h" #include "string-table.h" #include "verbs.h" #include "web-util.h" diff --git a/src/locale/localectl.c b/src/locale/localectl.c index 9a2163bcfef..5b00820e5a5 100644 --- a/src/locale/localectl.c +++ b/src/locale/localectl.c @@ -17,10 +17,10 @@ #include "main-func.h" #include "memory-util.h" #include "pager.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "proc-cmdline.h" #include "set.h" -#include "spawn-polkit-agent.h" #include "strv.h" #include "terminal-util.h" #include "verbs.h" diff --git a/src/login/loginctl.c b/src/login/loginctl.c index 36421da0ad2..7ca07c4efe1 100644 --- a/src/login/loginctl.c +++ b/src/login/loginctl.c @@ -25,12 +25,12 @@ #include "pager.h" #include "parse-argument.h" #include "parse-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "process-util.h" #include "rlimit-util.h" #include "sigbus.h" #include "signal-util.h" -#include "spawn-polkit-agent.h" #include "string-table.h" #include "strv.h" #include "sysfs-show.h" diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c index 5572115a547..f49927ae854 100644 --- a/src/machine/machinectl.c +++ b/src/machine/machinectl.c @@ -47,6 +47,7 @@ #include "parse-argument.h" #include "parse-util.h" #include "path-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "process-util.h" #include "ptyfwd.h" @@ -55,7 +56,6 @@ #include "signal-util.h" #include "sort-util.h" #include "spawn-ask-password-agent.h" -#include "spawn-polkit-agent.h" #include "stdio-util.h" #include "string-table.h" #include "strv.h" diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c index fcebdcaf18c..8ac08e95b8d 100644 --- a/src/mount/mount-tool.c +++ b/src/mount/mount-tool.c @@ -28,10 +28,10 @@ #include "parse-argument.h" #include "parse-util.h" #include "path-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "process-util.h" #include "sort-util.h" -#include "spawn-polkit-agent.h" #include "stat-util.h" #include "strv.h" #include "terminal-util.h" diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c index 57b930d6cba..e4eb437b2ec 100644 --- a/src/portable/portablectl.c +++ b/src/portable/portablectl.c @@ -26,9 +26,9 @@ #include "parse-argument.h" #include "parse-util.h" #include "path-util.h" +#include "polkit-agent.h" #include "portable.h" #include "pretty-print.h" -#include "spawn-polkit-agent.h" #include "string-util.h" #include "strv.h" #include "terminal-util.h" diff --git a/src/run/run.c b/src/run/run.c index 5779403b9c5..975b8ddf17b 100644 --- a/src/run/run.c +++ b/src/run/run.c @@ -30,11 +30,11 @@ #include "parse-argument.h" #include "parse-util.h" #include "path-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "process-util.h" #include "ptyfwd.h" #include "signal-util.h" -#include "spawn-polkit-agent.h" #include "special.h" #include "strv.h" #include "terminal-util.h" diff --git a/src/shared/main-func.h b/src/shared/main-func.h index d0689b42d9c..0dd0821ea6f 100644 --- a/src/shared/main-func.h +++ b/src/shared/main-func.h @@ -12,10 +12,10 @@ #include "argv-util.h" #include "hashmap.h" #include "pager.h" +#include "polkit-agent.h" #include "selinux-util.h" #include "signal-util.h" #include "spawn-ask-password-agent.h" -#include "spawn-polkit-agent.h" #include "static-destruct.h" #define _DEFINE_MAIN_FUNCTION(intro, impl, result_to_exit_status, result_to_return_value) \ diff --git a/src/shared/meson.build b/src/shared/meson.build index 46679c1adab..1385172fe8f 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -140,6 +140,7 @@ shared_sources = files( 'pe-binary.c', 'pkcs11-util.c', 'plymouth-util.c', + 'polkit-agent.c', 'pretty-print.c', 'capsule-util.c', 'ptyfwd.c', @@ -160,7 +161,6 @@ shared_sources = files( 'socket-label.c', 'socket-netlink.c', 'spawn-ask-password-agent.c', - 'spawn-polkit-agent.c', 'specifier.c', 'switch-root.c', 'tmpfile-util-label.c', diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/polkit-agent.c similarity index 98% rename from src/shared/spawn-polkit-agent.c rename to src/shared/polkit-agent.c index ce3c5fb9486..a891246156d 100644 --- a/src/shared/spawn-polkit-agent.c +++ b/src/shared/polkit-agent.c @@ -11,8 +11,8 @@ #include "io-util.h" #include "log.h" #include "macro.h" +#include "polkit-agent.h" #include "process-util.h" -#include "spawn-polkit-agent.h" #include "stdio-util.h" #include "time-util.h" diff --git a/src/shared/spawn-polkit-agent.h b/src/shared/polkit-agent.h similarity index 100% rename from src/shared/spawn-polkit-agent.h rename to src/shared/polkit-agent.h diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c index be3b35e6f9d..8e665d60153 100644 --- a/src/systemctl/systemctl-util.c +++ b/src/systemctl/systemctl-util.c @@ -19,11 +19,11 @@ #include "macro.h" #include "path-util.h" #include "pidref.h" +#include "polkit-agent.h" #include "process-util.h" #include "reboot-util.h" #include "set.h" #include "spawn-ask-password-agent.h" -#include "spawn-polkit-agent.h" #include "stat-util.h" #include "systemctl-util.h" #include "systemctl.h" diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c index 46ec6b31bc4..2e19b28a6d5 100644 --- a/src/timedate/timedatectl.c +++ b/src/timedate/timedatectl.c @@ -19,9 +19,9 @@ #include "main-func.h" #include "pager.h" #include "parse-util.h" +#include "polkit-agent.h" #include "pretty-print.h" #include "sparse-endian.h" -#include "spawn-polkit-agent.h" #include "string-table.h" #include "strv.h" #include "terminal-util.h" From a8c3ed5f130ac6b9526b635448f2f29751d59603 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Jun 2024 12:07:36 +0200 Subject: [PATCH 2/4] Rename spawn-ask-password-agent.c to just ask-password-agent.c The functions in the file were *not* using the spawn prefix, and the prefix seems completely unnecessary. --- src/machine/machinectl.c | 2 +- src/shared/{spawn-ask-password-agent.c => ask-password-agent.c} | 2 +- src/shared/{spawn-ask-password-agent.h => ask-password-agent.h} | 0 src/shared/main-func.h | 2 +- src/shared/meson.build | 2 +- src/systemctl/systemctl-util.c | 2 +- 6 files changed, 5 insertions(+), 5 deletions(-) rename src/shared/{spawn-ask-password-agent.c => ask-password-agent.c} (97%) rename src/shared/{spawn-ask-password-agent.h => ask-password-agent.h} (100%) diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c index f49927ae854..d79282f03f4 100644 --- a/src/machine/machinectl.c +++ b/src/machine/machinectl.c @@ -14,6 +14,7 @@ #include "sd-bus.h" #include "alloc-util.h" +#include "ask-password-agent.h" #include "build.h" #include "build-path.h" #include "bus-common-errors.h" @@ -55,7 +56,6 @@ #include "sigbus.h" #include "signal-util.h" #include "sort-util.h" -#include "spawn-ask-password-agent.h" #include "stdio-util.h" #include "string-table.h" #include "strv.h" diff --git a/src/shared/spawn-ask-password-agent.c b/src/shared/ask-password-agent.c similarity index 97% rename from src/shared/spawn-ask-password-agent.c rename to src/shared/ask-password-agent.c index d34cfffa839..75eaa462542 100644 --- a/src/shared/spawn-ask-password-agent.c +++ b/src/shared/ask-password-agent.c @@ -4,10 +4,10 @@ #include #include +#include "ask-password-agent.h" #include "exec-util.h" #include "log.h" #include "process-util.h" -#include "spawn-ask-password-agent.h" static pid_t agent_pid = 0; diff --git a/src/shared/spawn-ask-password-agent.h b/src/shared/ask-password-agent.h similarity index 100% rename from src/shared/spawn-ask-password-agent.h rename to src/shared/ask-password-agent.h diff --git a/src/shared/main-func.h b/src/shared/main-func.h index 0dd0821ea6f..67537555a12 100644 --- a/src/shared/main-func.h +++ b/src/shared/main-func.h @@ -10,12 +10,12 @@ #include "sd-daemon.h" #include "argv-util.h" +#include "ask-password-agent.h" #include "hashmap.h" #include "pager.h" #include "polkit-agent.h" #include "selinux-util.h" #include "signal-util.h" -#include "spawn-ask-password-agent.h" #include "static-destruct.h" #define _DEFINE_MAIN_FUNCTION(intro, impl, result_to_exit_status, result_to_return_value) \ diff --git a/src/shared/meson.build b/src/shared/meson.build index 1385172fe8f..d474757fb09 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -4,6 +4,7 @@ shared_sources = files( 'acl-util.c', 'acpi-fpdt.c', 'apparmor-util.c', + 'ask-password-agent.c', 'ask-password-api.c', 'async.c', 'barrier.c', @@ -160,7 +161,6 @@ shared_sources = files( 'smbios11.c', 'socket-label.c', 'socket-netlink.c', - 'spawn-ask-password-agent.c', 'specifier.c', 'switch-root.c', 'tmpfile-util-label.c', diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c index 8e665d60153..a73fc3afd0c 100644 --- a/src/systemctl/systemctl-util.c +++ b/src/systemctl/systemctl-util.c @@ -6,6 +6,7 @@ #include "sd-bus.h" #include "sd-daemon.h" +#include "ask-password-agent.h" #include "bus-common-errors.h" #include "bus-locator.h" #include "bus-map-properties.h" @@ -23,7 +24,6 @@ #include "process-util.h" #include "reboot-util.h" #include "set.h" -#include "spawn-ask-password-agent.h" #include "stat-util.h" #include "systemctl-util.h" #include "systemctl.h" From a87b7aa1a1c9a02c53d6766fe9a1278deb81a4f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Jun 2024 12:21:05 +0200 Subject: [PATCH 3/4] inhibit: add --no-ask-password option and allow interactive polkit auth It seems entirely reasonable to make a policy which e.g. allows block operations for interactive users after authentication. The tool should support this, so that more complicated local policies can be used. Related to https://github.com/systemd/systemd/pull/30307. --- man/systemd-inhibit.xml | 1 + src/login/inhibit.c | 38 +++++++++++++++++++++++++------------- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/man/systemd-inhibit.xml b/man/systemd-inhibit.xml index a6dbb06c360..52997195254 100644 --- a/man/systemd-inhibit.xml +++ b/man/systemd-inhibit.xml @@ -114,6 +114,7 @@ acquiring one. + diff --git a/src/login/inhibit.c b/src/login/inhibit.c index 4682830d198..13ba4b82f46 100644 --- a/src/login/inhibit.c +++ b/src/login/inhibit.c @@ -25,10 +25,11 @@ #include "terminal-util.h" #include "user-util.h" -static const char* arg_what = "idle:sleep:shutdown"; -static const char* arg_who = NULL; -static const char* arg_why = "Unknown reason"; -static const char* arg_mode = NULL; +static const char *arg_what = "idle:sleep:shutdown"; +static const char *arg_who = NULL; +static const char *arg_why = "Unknown reason"; +static const char *arg_mode = NULL; +static bool arg_ask_password = true; static PagerFlags arg_pager_flags = 0; static bool arg_legend = true; @@ -42,6 +43,8 @@ static int inhibit(sd_bus *bus, sd_bus_error *error) { int r; int fd; + (void) polkit_agent_open_if_enabled(BUS_TRANSPORT_LOCAL, arg_ask_password); + r = bus_call_method(bus, bus_login_mgr, "Inhibit", error, &reply, "ssss", arg_what, arg_who, arg_why, arg_mode); if (r < 0) return r; @@ -145,6 +148,7 @@ static int help(void) { "\n%sExecute a process while inhibiting shutdown/sleep/idle.%s\n\n" " -h --help Show this help\n" " --version Show package version\n" + " --no-ask-password Do not attempt interactive authorization\n" " --no-pager Do not pipe output into a pager\n" " --no-legend Do not show the headers and footers\n" " --what=WHAT Operations to inhibit, colon separated list of:\n" @@ -173,20 +177,22 @@ static int parse_argv(int argc, char *argv[]) { ARG_WHY, ARG_MODE, ARG_LIST, + ARG_NO_ASK_PASSWORD, ARG_NO_PAGER, ARG_NO_LEGEND, }; static const struct option options[] = { - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, ARG_VERSION }, - { "what", required_argument, NULL, ARG_WHAT }, - { "who", required_argument, NULL, ARG_WHO }, - { "why", required_argument, NULL, ARG_WHY }, - { "mode", required_argument, NULL, ARG_MODE }, - { "list", no_argument, NULL, ARG_LIST }, - { "no-pager", no_argument, NULL, ARG_NO_PAGER }, - { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, ARG_VERSION }, + { "no-ask-password", no_argument, NULL, ARG_NO_ASK_PASSWORD }, + { "what", required_argument, NULL, ARG_WHAT }, + { "who", required_argument, NULL, ARG_WHO }, + { "why", required_argument, NULL, ARG_WHY }, + { "mode", required_argument, NULL, ARG_MODE }, + { "list", no_argument, NULL, ARG_LIST }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, + { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, {} }; @@ -228,6 +234,10 @@ static int parse_argv(int argc, char *argv[]) { arg_action = ACTION_LIST; break; + case ARG_NO_ASK_PASSWORD: + arg_ask_password = false; + break; + case ARG_NO_PAGER: arg_pager_flags |= PAGER_DISABLE; break; @@ -267,6 +277,8 @@ static int run(int argc, char *argv[]) { if (r < 0) return bus_log_connect_error(r, BUS_TRANSPORT_LOCAL); + (void) sd_bus_set_allow_interactive_authorization(bus, arg_ask_password); + if (arg_action == ACTION_LIST) return print_inhibitors(bus); else { From 2e4596a0178effae52033942504f9eb02afb0140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 26 Jun 2024 12:27:10 +0200 Subject: [PATCH 4/4] polkit: allow non-local users to block sleep and shutdown We already had 'auth_admin_keep' for org.freedesktop.login1.reboot and similar actions. If a user is allowed to perform an action, I think they should be allowed to _block_ the same action. Guarding this by auth_admin follows the general principle of not allowing fully unprivileged users to have too much say over the machine. --- src/login/org.freedesktop.login1.policy | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy index 012ee144832..226bb4cda43 100644 --- a/src/login/org.freedesktop.login1.policy +++ b/src/login/org.freedesktop.login1.policy @@ -22,7 +22,7 @@ Allow applications to inhibit system shutdown Authentication is required for an application to inhibit system shutdown. - no + auth_admin_keep yes yes @@ -44,7 +44,7 @@ Allow applications to inhibit system sleep Authentication is required for an application to inhibit system sleep. - no + auth_admin_keep yes yes