X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fuaccess.c;h=786f0ef6418b71e2611e28b7f7b4e659134c39b7;hp=392b51604f38d896184a361167bb78580b38b19c;hb=b636465bc0190448f960791cd059c4dd1fa37717;hpb=0b191e603cc31ef0aff435fe20d49c7df39dfb8c diff --git a/src/uaccess.c b/src/uaccess.c index 392b51604..786f0ef64 100644 --- a/src/uaccess.c +++ b/src/uaccess.c @@ -25,12 +25,14 @@ #include "logind-acl.h" #include "util.h" #include "log.h" +#include "sd-daemon.h" +#include "sd-login.h" int main(int argc, char *argv[]) { int r; - const char *path, *seat; - char *p, *active_uid = NULL; - unsigned long ul; + const char *path = NULL, *seat; + bool changed_acl = false; + uid_t uid; log_set_target(LOG_TARGET_AUTO); log_parse_environment(); @@ -42,46 +44,45 @@ int main(int argc, char *argv[]) { goto finish; } - path = argv[1]; - seat = argc >= 3 ? argv[2] : "seat0"; - - p = strappend("/run/systemd/seats/", seat); - if (!p) { - log_error("Out of memory."); - goto finish; - } + /* Make sure we don't muck around with ACLs the system is not + * running systemd. */ + if (!sd_booted()) + return 0; - r = parse_env_file(p, NEWLINE, - "ACTIVE_UID", &active_uid, - NULL); - free(p); - - if (r < 0) { - if (errno == ENOENT) { - r = 0; - goto finish; - } + path = argv[1]; + seat = argc < 3 || isempty(argv[2]) ? "seat0" : argv[2]; - log_error("Failed to read seat data for %s: %s", seat, strerror(-r)); + r = sd_seat_get_active(seat, NULL, &uid); + if (r == -ENOENT) { + /* No active session on this seat */ + r = 0; goto finish; - } - - r = safe_atolu(active_uid, &ul); - if (r < 0) { - log_error("Failed to parse active UID value %s: %s", active_uid, strerror(-r)); + } else if (r < 0) { + log_error("Failed to determine active user on seat %s.", seat); goto finish; } - r = devnode_acl(path, true, false, 0, true, (uid_t) ul); + r = devnode_acl(path, true, false, 0, true, uid); if (r < 0) { log_error("Failed to apply ACL on %s: %s", path, strerror(-r)); goto finish; } + changed_acl = true; r = 0; finish: - free(active_uid); + if (path && !changed_acl) { + int k; + /* Better be safe that sorry and reset ACL */ + + k = devnode_acl(path, true, false, 0, false, 0); + if (k < 0) { + log_error("Failed to apply ACL on %s: %s", path, strerror(-k)); + if (r >= 0) + r = k; + } + } return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; }