X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=udev-remove.c;h=7ad7c2402a8e05f77d23a1451ab9b891372a8116;hp=6d7e2ad22a9c6d8af3becb485709a05e8d1ab202;hb=eb6c7cd03635ffc28798734f0b87b9e21dae6f9e;hpb=a56ef382869bb76ade6d26cd7e8adc983ca3f89e

diff --git a/udev-remove.c b/udev-remove.c
index 6d7e2ad22..7ad7c2402 100644
--- a/udev-remove.c
+++ b/udev-remove.c
@@ -29,11 +29,11 @@
 #include <errno.h>
 
 #include "udev.h"
+#include "udev_lib.h"
 #include "udev_version.h"
-#include "udev_dbus.h"
+#include "logging.h"
 #include "namedev.h"
 #include "udevdb.h"
-#include "libsysfs/libsysfs.h"
 
 static int delete_path(char *path)
 {
@@ -51,6 +51,8 @@ static int delete_path(char *path)
 
 		/* remove if empty */
 		retval = rmdir(path);
+		if (errno == ENOENT)
+			retval = 0;
 		if (retval) {
 			if (errno == ENOTEMPTY)
 				return 0;
@@ -63,48 +65,89 @@ static int delete_path(char *path)
 	return 0;
 }
 
-static int delete_node(struct udevice *dev)
+/** Remove all permissions on the device node, before
+  * unlinking it. This fixes a security issue.
+  * If the user created a hard-link to the device node,
+  * he can't use it any longer, because he lost permission
+  * to do so.
+  */
+static int secure_unlink(const char *filename)
 {
-	char filename[255];
-	char *symlinks;
-	char *linkname;
 	int retval;
 
-	strncpy(filename, udev_root, sizeof(filename));
-	strncat(filename, dev->name, sizeof(filename));
-
-	dbg("unlinking node '%s'", filename);
+	retval = chown(filename, 0, 0);
+	if (retval) {
+		dbg("chown(%s, 0, 0) failed with error '%s'",
+		    filename, strerror(errno));
+		/* We continue nevertheless.
+		 * I think it's very unlikely for chown
+		 * to fail here, if the file exists.
+		 */
+	}
+	retval = chmod(filename, 0000);
+	if (retval) {
+		dbg("chmod(%s, 0000) failed with error '%s'",
+		    filename, strerror(errno));
+		/* We continue nevertheless. */
+	}
 	retval = unlink(filename);
+	if (errno == ENOENT)
+		retval = 0;
 	if (retval) {
 		dbg("unlink(%s) failed with error '%s'",
 			filename, strerror(errno));
+	}
+	return retval;
+}
+
+static int delete_node(struct udevice *dev)
+{
+	char filename[NAME_SIZE];
+	char linkname[NAME_SIZE];
+	char partitionname[NAME_SIZE];
+	int retval;
+	int i;
+	char *pos;
+	int len;
+
+	strfieldcpy(filename, udev_root);
+	strfieldcat(filename, dev->name);
+
+	info("removing device node '%s'", filename);
+	retval = secure_unlink(filename);
+	if (retval)
 		return retval;
+
+	/* remove partition nodes */
+	if (dev->partitions > 0) {
+		info("removing partitions '%s[1-%i]'", filename, dev->partitions);
+		for (i = 1; i <= dev->partitions; i++) {
+			strfieldcpy(partitionname, filename);
+			strintcat(partitionname, i);
+			secure_unlink(partitionname);
+		}
 	}
 
 	/* remove subdirectories */
 	if (strchr(dev->name, '/'))
 		delete_path(filename);
 
-	if (*dev->symlink) {
-		symlinks = dev->symlink;
-		while (1) {
-			linkname = strsep(&symlinks, " ");
-			if (linkname == NULL)
-				break;
-
-			strncpy(filename, udev_root, sizeof(filename));
-			strncat(filename, linkname, sizeof(filename));
-
-			dbg("unlinking symlink '%s'", filename);
-			retval = unlink(filename);
-			if (retval) {
-				dbg("unlink(%s) failed with error '%s'",
-					filename, strerror(errno));
-				return retval;
-			}
-			if (strchr(dev->symlink, '/')) {
-				delete_path(filename);
-			}
+	foreach_strpart(dev->symlink, " ", pos, len) {
+		strfieldcpymax(linkname, pos, len+1);
+		strfieldcpy(filename, udev_root);
+		strfieldcat(filename, linkname);
+
+		dbg("unlinking symlink '%s'", filename);
+		retval = unlink(filename);
+		if (errno == ENOENT)
+			retval = 0;
+		if (retval) {
+			dbg("unlink(%s) failed with error '%s'",
+				filename, strerror(errno));
+			return retval;
+		}
+		if (strchr(dev->symlink, '/')) {
+			delete_path(filename);
 		}
 	}
 
@@ -116,32 +159,32 @@ static int delete_node(struct udevice *dev)
  * something different from the kernel name.  If we have, us it.  If not, use
  * the default kernel name for lack of anything else to know to do.
  */
-int udev_remove_device(char *path, char *subsystem)
+int udev_remove_device(const char *path, const char *subsystem)
 {
-	struct udevice *dev;
+	struct udevice dev;
 	char *temp;
 	int retval;
 
-	dev = malloc(sizeof(*dev));
-	if (dev == NULL)
-		return -ENOMEM;
-	memset(dev, 0, sizeof(*dev));
+	memset(&dev, 0x00, sizeof(dev));
 
-	retval = udevdb_get_dev(path, dev);
-	if (retval) {
+	retval = udevdb_get_dev(path, &dev);
+	if (retval != 0) {
 		dbg("'%s' not found in database, falling back on default name", path);
 		temp = strrchr(path, '/');
 		if (temp == NULL)
 			return -ENODEV;
-		strncpy(dev->name, &temp[1], sizeof(dev->name));
+		strfieldcpy(dev.name, &temp[1]);
 	}
+	dbg("name='%s'", dev.name);
 
-	dbg("name is '%s'", dev->name);
+	dev.type = get_device_type(path, subsystem);
+	dev_d_send(&dev, subsystem, path);
 	udevdb_delete_dev(path);
 
-	sysbus_send_remove(dev->name, path);
+	if (dev.type == 'b' || dev.type == 'c')
+		retval = delete_node(&dev);
+	else if (dev.type == 'n')
+		retval = 0;
 
-	retval = delete_node(dev);
-	free(dev);
 	return retval;
 }