diff options
author | Michal Schmidt <mschmidt@redhat.com> | 2010-08-04 11:53:25 +0200 |
---|---|---|
committer | Kay Sievers <kay.sievers@vrfy.org> | 2010-08-04 12:01:53 +0200 |
commit | 9ac90ae153accdfcb56c24c5748690933ad219b2 (patch) | |
tree | fe43631ac71c8c3b57cf3b6dc929f6a8d089f890 /extras | |
parent | 939cc18afc49ee8479572c14c7fa777646fd4add (diff) |
udev-acl: really fix ACL assignment in CK events
The previous fix for udev-acl was incomplete. The ACL were not properly
assigned to the new user when switching from root's session because of
the test for 'uid != 0'.
Centralize the special handling of root to a single place (in set_facl).
https://bugzilla.redhat.com/show_bug.cgi?id=608712
Diffstat (limited to 'extras')
-rw-r--r-- | extras/udev-acl/udev-acl.c | 37 |
1 files changed, 19 insertions, 18 deletions
diff --git a/extras/udev-acl/udev-acl.c b/extras/udev-acl/udev-acl.c index f2b50051c1..31e9991a51 100644 --- a/extras/udev-acl/udev-acl.c +++ b/extras/udev-acl/udev-acl.c @@ -12,20 +12,18 @@ * General Public License for more details: */ -#include <stdio.h> -#include <errno.h> -#include <string.h> -#include <inttypes.h> -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> +#include <acl/libacl.h> +#include <sys/stat.h> #include <errno.h> #include <getopt.h> -#include <sys/stat.h> #include <glib.h> -#include <acl/libacl.h> +#include <inttypes.h> #include <libudev.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> static int debug; @@ -45,6 +43,10 @@ static int set_facl(const char* filename, uid_t uid, int add) acl_permset_t permset; int ret; + /* don't touch ACLs for root */ + if (uid == 0) + return 0; + /* read current record */ acl = acl_get_file(filename, ACL_TYPE_ACCESS); if (!acl) @@ -190,8 +192,6 @@ static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, con if (s == NULL) return -1; u = strtoul(s, NULL, 10); - if (u == 0) - return 0; s = getenv("CK_SEAT_SESSION_IS_LOCAL"); if (s == NULL) @@ -205,8 +205,6 @@ static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, con if (s == NULL) return -1; u = strtoul(s, NULL, 10); - if (u == 0) - return 0; s = getenv("CK_SEAT_OLD_SESSION_IS_LOCAL"); if (s == NULL) @@ -331,6 +329,7 @@ int main (int argc, char* argv[]) }; int action = -1; const char *device = NULL; + bool uid_given = false; uid_t uid = 0; uid_t uid2 = 0; const char* remove_session_id = NULL; @@ -357,6 +356,7 @@ int main (int argc, char* argv[]) device = optarg; break; case 'u': + uid_given = true; uid = strtoul(optarg, NULL, 10); break; case 'd': @@ -369,8 +369,9 @@ int main (int argc, char* argv[]) } } - if (action < 0 && device == NULL && uid == 0) - consolekit_called(argv[optind], &uid, &uid2, &remove_session_id, &action); + if (action < 0 && device == NULL && !uid_given) + if (!consolekit_called(argv[optind], &uid, &uid2, &remove_session_id, &action)) + uid_given = true; if (action < 0) { fprintf(stderr, "missing action\n\n"); @@ -378,13 +379,13 @@ int main (int argc, char* argv[]) goto out; } - if (device != NULL && uid != 0) { + if (device != NULL && uid_given) { fprintf(stderr, "only one option, --device=DEVICEFILE or --user=UID expected\n\n"); rc = 3; goto out; } - if (uid != 0) { + if (uid_given) { switch (action) { case ACTION_ADD: /* Add ACL for given uid to all matching devices. */ |