1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include <acl/libacl.h>
28 #include "logind-acl.h"
33 static int flush_acl(acl_t acl) {
40 for (found = acl_get_entry(acl, ACL_FIRST_ENTRY, &i);
42 found = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) {
46 if (acl_get_tag_type(i, &tag) < 0)
52 if (acl_delete_entry(acl, i) < 0)
64 int devnode_acl(const char *path,
66 bool del, uid_t old_uid,
67 bool add, uid_t new_uid) {
75 acl = acl_get_file(path, ACL_TYPE_ACCESS);
87 } else if (del && old_uid > 0) {
90 r = acl_find_uid(acl, old_uid, &entry);
95 if (acl_delete_entry(acl, entry) < 0) {
104 if (add && new_uid > 0) {
106 acl_permset_t permset;
109 r = acl_find_uid(acl, new_uid, &entry);
114 if (acl_create_entry(&acl, &entry) < 0) {
119 if (acl_set_tag_type(entry, ACL_USER) < 0 ||
120 acl_set_qualifier(entry, &new_uid) < 0) {
126 if (acl_get_permset(entry, &permset) < 0) {
131 rd = acl_get_perm(permset, ACL_READ);
137 wt = acl_get_perm(permset, ACL_WRITE);
145 if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) {
157 if (acl_calc_mask(&acl) < 0) {
162 if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) {
175 int devnode_acl_all(struct udev *udev,
178 bool del, uid_t old_uid,
179 bool add, uid_t new_uid) {
181 struct udev_list_entry *item = NULL, *first = NULL;
182 struct udev_enumerate *e;
192 nodes = set_new(string_hash_func, string_compare_func);
197 e = udev_enumerate_new(udev);
206 /* We can only match by one tag in libudev. We choose
207 * "uaccess" for that. If we could match for two tags here we
208 * could add the seat name as second match tag, but this would
209 * be hardly optimizable in libudev, and hence checking the
210 * second tag manually in our loop is a good solution. */
211 r = udev_enumerate_add_match_tag(e, "uaccess");
215 r = udev_enumerate_scan_devices(e);
219 first = udev_enumerate_get_list_entry(e);
220 udev_list_entry_foreach(item, first) {
221 struct udev_device *d;
222 const char *node, *sn;
224 d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
230 sn = udev_device_get_property_value(d, "ID_SEAT");
234 if (!streq(seat, sn)) {
235 udev_device_unref(d);
239 node = udev_device_get_devnode(d);
241 /* In case people mistag devices with nodes, we need to ignore this */
242 udev_device_unref(d);
247 udev_device_unref(d);
251 log_debug("Found udev node %s for seat %s", n, seat);
252 r = set_put(nodes, n);
257 /* udev exports "dead" device nodes to allow module on-demand loading,
258 * these devices are not known to the kernel at this moment */
259 dir = opendir("/run/udev/static_node-tags/uaccess");
261 for (dent = readdir(dir); dent != NULL; dent = readdir(dir)) {
262 _cleanup_free_ char *unescaped_devname = NULL;
264 if (dent->d_name[0] == '.')
267 unescaped_devname = cunescape(dent->d_name);
268 if (unescaped_devname == NULL) {
274 n = strappend("/dev/", unescaped_devname);
281 log_debug("Found static node %s for seat %s", n, seat);
282 r = set_put(nodes, n);
283 if (0 && r < 0 && r != -EEXIST) {
292 SET_FOREACH(n, nodes, i) {
293 log_debug("Fixing up ACLs at %s for seat %s", n, seat);
294 r = devnode_acl(n, flush, del, old_uid, add, new_uid);
298 udev_enumerate_unref(e);
299 set_free_free(nodes);
~ianmdlvl / elogind.git / blob