summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am8
-rw-r--r--src/journal/journalctl.c53
-rw-r--r--src/shared/acl-util.c60
-rw-r--r--src/shared/acl-util.h3
4 files changed, 74 insertions, 50 deletions
diff --git a/Makefile.am b/Makefile.am
index 969f85adfe..93583a686a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -793,7 +793,8 @@ libsystemd_acl_la_CFLAGS = \
$(ACL_CFLAGS)
libsystemd_acl_la_LIBADD = \
- $(ACL_LIBS)
+ $(ACL_LIBS) \
+ libsystemd-shared.la
endif
# ------------------------------------------------------------------------------
@@ -2503,6 +2504,11 @@ journalctl_LDADD = \
libsystemd-id128-internal.la \
libsystemd-logs.la
+if HAVE_ACL
+journalctl_LDADD += \
+ libsystemd-acl.la
+endif
+
if HAVE_QRENCODE
journalctl_SOURCES += \
src/journal/journal-qrcode.c \
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 4c288f3334..8543adfb8a 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -37,6 +37,7 @@
#ifdef HAVE_ACL
#include <sys/acl.h>
+#include "acl-util.h"
#endif
#include <systemd/sd-journal.h>
@@ -895,62 +896,18 @@ static int access_check(void) {
if (!arg_quiet && geteuid() != 0) {
_cleanup_strv_free_ char **g = NULL;
bool have_access;
- acl_t acl;
int r;
have_access = in_group("systemd-journal") > 0;
- if (!have_access) {
+ if (!have_access) {
/* Let's enumerate all groups from the default
* ACL of the directory, which generally
* should allow access to most journal
* files too */
-
- acl = acl_get_file("/var/log/journal/", ACL_TYPE_DEFAULT);
- if (acl) {
- acl_entry_t entry;
-
- r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
- while (r > 0) {
- acl_tag_t tag;
- gid_t *gid;
- char *name;
-
- r = acl_get_tag_type(entry, &tag);
- if (r < 0)
- break;
-
- if (tag != ACL_GROUP)
- goto next;
-
- gid = acl_get_qualifier(entry);
- if (!gid)
- break;
-
- if (in_gid(*gid) > 0) {
- have_access = true;
- break;
- }
-
- name = gid_to_name(*gid);
- if (!name) {
- acl_free(acl);
- return log_oom();
- }
-
- r = strv_push(&g, name);
- if (r < 0) {
- free(name);
- acl_free(acl);
- return log_oom();
- }
-
- next:
- r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
- }
-
- acl_free(acl);
- }
+ r = search_acl_groups(&g, "/var/log/journal/", &have_access);
+ if (r < 0)
+ return r;
}
if (!have_access) {
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index d1eb6f2268..48bb12f46b 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -3,7 +3,7 @@
/***
This file is part of systemd.
- Copyright 2011 Lennart Poettering
+ Copyright 2011,2013 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
@@ -26,6 +26,8 @@
#include <stdbool.h>
#include "acl-util.h"
+#include "util.h"
+#include "strv.h"
int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
acl_entry_t i;
@@ -66,3 +68,59 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
return 0;
}
+
+int search_acl_groups(char*** dst, const char* path, bool* belong) {
+ acl_t acl;
+
+ assert(path);
+ assert(belong);
+
+ acl = acl_get_file(path, ACL_TYPE_DEFAULT);
+ if (acl) {
+ acl_entry_t entry;
+ int r;
+
+ r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
+ while (r > 0) {
+ acl_tag_t tag;
+ gid_t *gid;
+ char *name;
+
+ r = acl_get_tag_type(entry, &tag);
+ if (r < 0)
+ break;
+
+ if (tag != ACL_GROUP)
+ goto next;
+
+ gid = acl_get_qualifier(entry);
+ if (!gid)
+ break;
+
+ if (in_gid(*gid) > 0) {
+ *belong = true;
+ break;
+ }
+
+ name = gid_to_name(*gid);
+ if (!name) {
+ acl_free(acl);
+ return log_oom();
+ }
+
+ r = strv_push(dst, name);
+ if (r < 0) {
+ free(name);
+ acl_free(acl);
+ return log_oom();
+ }
+
+ next:
+ r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
+ }
+
+ acl_free(acl);
+ }
+
+ return 0;
+}
diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h
index 31fbbcd510..23090d9984 100644
--- a/src/shared/acl-util.h
+++ b/src/shared/acl-util.h
@@ -21,4 +21,7 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <stdbool.h>
+
int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry);
+int search_acl_groups(char*** dst, const char* path, bool* belong);