udev-acl: really fix ACL assignment in CK events

The previous fix for udev-acl was incomplete. The ACL were not properly
assigned to the new user when switching from root's session because of
the test for 'uid != 0'.

Centralize the special handling of root to a single place (in set_facl).

https://bugzilla.redhat.com/show_bug.cgi?id=608712

diff --git a/extras/udev-acl/udev-acl.c b/extras/udev-acl/udev-acl.c
index f2b50051c1121fa4bf80932f0f1a3553d1533f05..31e9991a51dded24a131409e6dac63cba1a35e2c 100644 (file)
--- a/extras/udev-acl/udev-acl.c
+++ b/extras/udev-acl/udev-acl.c
@@ -12,20 +12,18 @@
  * General Public License for more details:
  */
 
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <inttypes.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
+#include <acl/libacl.h>
+#include <sys/stat.h>
 #include <errno.h>
 #include <getopt.h>
-#include <sys/stat.h>
 #include <glib.h>
-#include <acl/libacl.h>
+#include <inttypes.h>
 #include <libudev.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
 static int debug;
 
@@ -45,6 +43,10 @@ static int set_facl(const char* filename, uid_t uid, int add)
        acl_permset_t permset;
        int ret;
 
+       /* don't touch ACLs for root */
+       if (uid == 0)
+               return 0;
+
        /* read current record */
        acl = acl_get_file(filename, ACL_TYPE_ACCESS);
        if (!acl)
@@ -190,8 +192,6 @@ static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, con
                if (s == NULL)
                        return -1;
                u = strtoul(s, NULL, 10);
-               if (u == 0)
-                       return 0;
 
                s = getenv("CK_SEAT_SESSION_IS_LOCAL");
                if (s == NULL)
@@ -205,8 +205,6 @@ static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, con
                if (s == NULL)
                        return -1;
                u = strtoul(s, NULL, 10);
-               if (u == 0)
-                       return 0;
 
                s = getenv("CK_SEAT_OLD_SESSION_IS_LOCAL");
                if (s == NULL)
@@ -331,6 +329,7 @@ int main (int argc, char* argv[])
        };
        int action = -1;
        const char *device = NULL;
+       bool uid_given = false;
        uid_t uid = 0;
        uid_t uid2 = 0;
        const char* remove_session_id = NULL;
@@ -357,6 +356,7 @@ int main (int argc, char* argv[])
                        device = optarg;
                        break;
                case 'u':
+                       uid_given = true;
                        uid = strtoul(optarg, NULL, 10);
                        break;
                case 'd':
@@ -369,8 +369,9 @@ int main (int argc, char* argv[])
                }
        }
 
-       if (action < 0 && device == NULL && uid == 0)
-               consolekit_called(argv[optind], &uid, &uid2, &remove_session_id, &action);
+       if (action < 0 && device == NULL && !uid_given)
+               if (!consolekit_called(argv[optind], &uid, &uid2, &remove_session_id, &action))
+                       uid_given = true;
 
        if (action < 0) {
                fprintf(stderr, "missing action\n\n");
@@ -378,13 +379,13 @@ int main (int argc, char* argv[])
                goto out;
        }
 
-       if (device != NULL && uid != 0) {
+       if (device != NULL && uid_given) {
                fprintf(stderr, "only one option, --device=DEVICEFILE or --user=UID expected\n\n");
                rc = 3;
                goto out;
        }
 
-       if (uid != 0) {
+       if (uid_given) {
                switch (action) {
                case ACTION_ADD:
                        /* Add ACL for given uid to all matching devices. */