X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Flogind-acl.c;h=eb8a48d191f03189df4ed1a243dc3d0352811780;hp=5ea68185bd2fde351aac6a93c9f193df825f81ea;hb=7210bfb3706f8cbb2b35403f916dace1824c516c;hpb=ce0f7c97d2302c73832034aac1107e2378c2eeed diff --git a/src/logind-acl.c b/src/logind-acl.c index 5ea68185b..eb8a48d19 100644 --- a/src/logind-acl.c +++ b/src/logind-acl.c @@ -27,46 +27,7 @@ #include "logind-acl.h" #include "util.h" - -static int find_acl(acl_t acl, uid_t uid, acl_entry_t *entry) { - acl_entry_t i; - int found; - - assert(acl); - assert(entry); - - for (found = acl_get_entry(acl, ACL_FIRST_ENTRY, &i); - found > 0; - found = acl_get_entry(acl, ACL_NEXT_ENTRY, &i)) { - - acl_tag_t tag; - uid_t *u; - bool b; - - if (acl_get_tag_type(i, &tag) < 0) - return -errno; - - if (tag != ACL_USER) - continue; - - u = acl_get_qualifier(i); - if (!u) - return -errno; - - b = *u == uid; - acl_free(u); - - if (b) { - *entry = i; - return 1; - } - } - - if (found < 0) - return -errno; - - return 0; -} +#include "acl-util.h" static int flush_acl(acl_t acl) { acl_entry_t i; @@ -105,7 +66,7 @@ int devnode_acl(const char *path, bool add, uid_t new_uid) { acl_t acl; - int r; + int r = 0; bool changed = false; assert(path); @@ -125,7 +86,7 @@ int devnode_acl(const char *path, } else if (del && old_uid > 0) { acl_entry_t entry; - r = find_acl(acl, old_uid, &entry); + r = acl_find_uid(acl, old_uid, &entry); if (r < 0) goto finish; @@ -144,7 +105,7 @@ int devnode_acl(const char *path, acl_permset_t permset; int rd, wt; - r = find_acl(acl, new_uid, &entry); + r = acl_find_uid(acl, new_uid, &entry); if (r < 0) goto finish; @@ -222,18 +183,20 @@ int devnode_acl_all(struct udev *udev, assert(udev); - if (!seat) + if (isempty(seat)) seat = "seat0"; e = udev_enumerate_new(udev); if (!e) return -ENOMEM; - r = udev_enumerate_add_match_tag(e, "uaccess"); - if (r < 0) - goto finish; + /* We can only match by one tag in libudev. We choose + * "uaccess" for that. If we could match for two tags here we + * could add the seat name as second match tag, but this would + * be hardly optimizable in libudev, and hence checking the + * second tag manually in our loop is a good solution. */ - r = udev_enumerate_add_match_tag(e, seat); + r = udev_enumerate_add_match_tag(e, "uaccess"); if (r < 0) goto finish; @@ -252,8 +215,8 @@ int devnode_acl_all(struct udev *udev, goto finish; } - sn = udev_device_get_property_value(d, "SEAT"); - if (!sn) + sn = udev_device_get_property_value(d, "ID_SEAT"); + if (isempty(sn)) sn = "seat0"; if (!streq(seat, sn)) { @@ -263,11 +226,13 @@ int devnode_acl_all(struct udev *udev, node = udev_device_get_devnode(d); if (!node) { + /* In case people mistag devices with nodes, we need to ignore this */ udev_device_unref(d); - r = -ENOMEM; - goto finish; + continue; } + log_debug("Fixing up %s for seat %s...", node, sn); + r = devnode_acl(node, flush, del, old_uid, add, new_uid); udev_device_unref(d);