X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flogind-acl.c;h=eb8a48d191f03189df4ed1a243dc3d0352811780;hb=9cfb57c989b62d11c073c77179df4bb7fa19f35d;hp=7571093d0ef94c56874b38465e283a7f38f34867;hpb=734b933ace7aac5d9c1d7507f9d30f73390ce102;p=elogind.git diff --git a/src/logind-acl.c b/src/logind-acl.c index 7571093d0..eb8a48d19 100644 --- a/src/logind-acl.c +++ b/src/logind-acl.c @@ -27,46 +27,7 @@ #include "logind-acl.h" #include "util.h" - -static int find_acl(acl_t acl, uid_t uid, acl_entry_t *entry) { - acl_entry_t i; - int found; - - assert(acl); - assert(entry); - - for (found = acl_get_entry(acl, ACL_FIRST_ENTRY, &i); - found > 0; - found = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) { - - acl_tag_t tag; - uid_t *u; - bool b; - - if (acl_get_tag_type(i, &tag) < 0) - return -errno; - - if (tag != ACL_USER) - continue; - - u = acl_get_qualifier(i); - if (!u) - return -errno; - - b = *u == uid; - acl_free(u); - - if (b) { - *entry = i; - return 1; - } - } - - if (found < 0) - return -errno; - - return 0; -} +#include "acl-util.h" static int flush_acl(acl_t acl) { acl_entry_t i; @@ -105,7 +66,7 @@ int devnode_acl(const char *path, bool add, uid_t new_uid) { acl_t acl; - int r; + int r = 0; bool changed = false; assert(path); @@ -125,7 +86,7 @@ int devnode_acl(const char *path, } else if (del && old_uid > 0) { acl_entry_t entry; - r = find_acl(acl, old_uid, &entry); + r = acl_find_uid(acl, old_uid, &entry); if (r < 0) goto finish; @@ -144,7 +105,7 @@ int devnode_acl(const char *path, acl_permset_t permset; int rd, wt; - r = find_acl(acl, new_uid, &entry); + r = acl_find_uid(acl, new_uid, &entry); if (r < 0) goto finish; @@ -222,23 +183,23 @@ int devnode_acl_all(struct udev *udev, assert(udev); - if (!seat) + if (isempty(seat)) seat = "seat0"; e = udev_enumerate_new(udev); if (!e) return -ENOMEM; + /* We can only match by one tag in libudev. We choose + * "uaccess" for that. If we could match for two tags here we + * could add the seat name as second match tag, but this would + * be hardly optimizable in libudev, and hence checking the + * second tag manually in our loop is a good solution. */ + r = udev_enumerate_add_match_tag(e, "uaccess"); if (r < 0) goto finish; - if (!streq(seat, "seat0")) { - r = udev_enumerate_add_match_tag(e, seat); - if (r < 0) - goto finish; - } - r = udev_enumerate_scan_devices(e); if (r < 0) goto finish; @@ -254,8 +215,8 @@ int devnode_acl_all(struct udev *udev, goto finish; } - sn = udev_device_get_property_value(d, "SEAT"); - if (!sn) + sn = udev_device_get_property_value(d, "ID_SEAT"); + if (isempty(sn)) sn = "seat0"; if (!streq(seat, sn)) { @@ -265,11 +226,13 @@ int devnode_acl_all(struct udev *udev, node = udev_device_get_devnode(d); if (!node) { + /* In case people mistag devices with nodes, we need to ignore this */ udev_device_unref(d); - r = -ENOMEM; - goto finish; + continue; } + log_debug("Fixing up %s for seat %s...", node, sn); + r = devnode_acl(node, flush, del, old_uid, add, new_uid); udev_device_unref(d);