diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-03-22 14:35:26 +0000 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-03-22 15:31:45 -0400 |
commit | 478c82693c386e7a6e8e4b37cc99fb19b12e7186 (patch) | |
tree | fbf91af1cd927c12863b2f2343eb82051e3959b4 /src | |
parent | 737732a41e5702540f51c760bebd3b8152c04727 (diff) |
build-sys: move acl searching code into libsystemd-acl
This loop over acls is a bit too much to keep inside
of another loop.
Diffstat (limited to 'src')
-rw-r--r-- | src/journal/journalctl.c | 53 | ||||
-rw-r--r-- | src/shared/acl-util.c | 60 | ||||
-rw-r--r-- | src/shared/acl-util.h | 3 |
3 files changed, 67 insertions, 49 deletions
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 4c288f3334..8543adfb8a 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -37,6 +37,7 @@ #ifdef HAVE_ACL #include <sys/acl.h> +#include "acl-util.h" #endif #include <systemd/sd-journal.h> @@ -895,62 +896,18 @@ static int access_check(void) { if (!arg_quiet && geteuid() != 0) { _cleanup_strv_free_ char **g = NULL; bool have_access; - acl_t acl; int r; have_access = in_group("systemd-journal") > 0; - if (!have_access) { + if (!have_access) { /* Let's enumerate all groups from the default * ACL of the directory, which generally * should allow access to most journal * files too */ - - acl = acl_get_file("/var/log/journal/", ACL_TYPE_DEFAULT); - if (acl) { - acl_entry_t entry; - - r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); - while (r > 0) { - acl_tag_t tag; - gid_t *gid; - char *name; - - r = acl_get_tag_type(entry, &tag); - if (r < 0) - break; - - if (tag != ACL_GROUP) - goto next; - - gid = acl_get_qualifier(entry); - if (!gid) - break; - - if (in_gid(*gid) > 0) { - have_access = true; - break; - } - - name = gid_to_name(*gid); - if (!name) { - acl_free(acl); - return log_oom(); - } - - r = strv_push(&g, name); - if (r < 0) { - free(name); - acl_free(acl); - return log_oom(); - } - - next: - r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); - } - - acl_free(acl); - } + r = search_acl_groups(&g, "/var/log/journal/", &have_access); + if (r < 0) + return r; } if (!have_access) { diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c index d1eb6f2268..48bb12f46b 100644 --- a/src/shared/acl-util.c +++ b/src/shared/acl-util.c @@ -3,7 +3,7 @@ /*** This file is part of systemd. - Copyright 2011 Lennart Poettering + Copyright 2011,2013 Lennart Poettering systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -26,6 +26,8 @@ #include <stdbool.h> #include "acl-util.h" +#include "util.h" +#include "strv.h" int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { acl_entry_t i; @@ -66,3 +68,59 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { return 0; } + +int search_acl_groups(char*** dst, const char* path, bool* belong) { + acl_t acl; + + assert(path); + assert(belong); + + acl = acl_get_file(path, ACL_TYPE_DEFAULT); + if (acl) { + acl_entry_t entry; + int r; + + r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); + while (r > 0) { + acl_tag_t tag; + gid_t *gid; + char *name; + + r = acl_get_tag_type(entry, &tag); + if (r < 0) + break; + + if (tag != ACL_GROUP) + goto next; + + gid = acl_get_qualifier(entry); + if (!gid) + break; + + if (in_gid(*gid) > 0) { + *belong = true; + break; + } + + name = gid_to_name(*gid); + if (!name) { + acl_free(acl); + return log_oom(); + } + + r = strv_push(dst, name); + if (r < 0) { + free(name); + acl_free(acl); + return log_oom(); + } + + next: + r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); + } + + acl_free(acl); + } + + return 0; +} diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h index 31fbbcd510..23090d9984 100644 --- a/src/shared/acl-util.h +++ b/src/shared/acl-util.h @@ -21,4 +21,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <stdbool.h> + int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry); +int search_acl_groups(char*** dst, const char* path, bool* belong); |