diff options
-rw-r--r-- | Makefile.am | 8 | ||||
-rw-r--r-- | src/journal/journalctl.c | 53 | ||||
-rw-r--r-- | src/shared/acl-util.c | 60 | ||||
-rw-r--r-- | src/shared/acl-util.h | 3 |
4 files changed, 74 insertions, 50 deletions
diff --git a/Makefile.am b/Makefile.am index 969f85adfe..93583a686a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -793,7 +793,8 @@ libsystemd_acl_la_CFLAGS = \ $(ACL_CFLAGS) libsystemd_acl_la_LIBADD = \ - $(ACL_LIBS) + $(ACL_LIBS) \ + libsystemd-shared.la endif # ------------------------------------------------------------------------------ @@ -2503,6 +2504,11 @@ journalctl_LDADD = \ libsystemd-id128-internal.la \ libsystemd-logs.la +if HAVE_ACL +journalctl_LDADD += \ + libsystemd-acl.la +endif + if HAVE_QRENCODE journalctl_SOURCES += \ src/journal/journal-qrcode.c \ diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 4c288f3334..8543adfb8a 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -37,6 +37,7 @@ #ifdef HAVE_ACL #include <sys/acl.h> +#include "acl-util.h" #endif #include <systemd/sd-journal.h> @@ -895,62 +896,18 @@ static int access_check(void) { if (!arg_quiet && geteuid() != 0) { _cleanup_strv_free_ char **g = NULL; bool have_access; - acl_t acl; int r; have_access = in_group("systemd-journal") > 0; - if (!have_access) { + if (!have_access) { /* Let's enumerate all groups from the default * ACL of the directory, which generally * should allow access to most journal * files too */ - - acl = acl_get_file("/var/log/journal/", ACL_TYPE_DEFAULT); - if (acl) { - acl_entry_t entry; - - r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); - while (r > 0) { - acl_tag_t tag; - gid_t *gid; - char *name; - - r = acl_get_tag_type(entry, &tag); - if (r < 0) - break; - - if (tag != ACL_GROUP) - goto next; - - gid = acl_get_qualifier(entry); - if (!gid) - break; - - if (in_gid(*gid) > 0) { - have_access = true; - break; - } - - name = gid_to_name(*gid); - if (!name) { - acl_free(acl); - return log_oom(); - } - - r = strv_push(&g, name); - if (r < 0) { - free(name); - acl_free(acl); - return log_oom(); - } - - next: - r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); - } - - acl_free(acl); - } + r = search_acl_groups(&g, "/var/log/journal/", &have_access); + if (r < 0) + return r; } if (!have_access) { diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c index d1eb6f2268..48bb12f46b 100644 --- a/src/shared/acl-util.c +++ b/src/shared/acl-util.c @@ -3,7 +3,7 @@ /*** This file is part of systemd. - Copyright 2011 Lennart Poettering + Copyright 2011,2013 Lennart Poettering systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -26,6 +26,8 @@ #include <stdbool.h> #include "acl-util.h" +#include "util.h" +#include "strv.h" int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { acl_entry_t i; @@ -66,3 +68,59 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { return 0; } + +int search_acl_groups(char*** dst, const char* path, bool* belong) { + acl_t acl; + + assert(path); + assert(belong); + + acl = acl_get_file(path, ACL_TYPE_DEFAULT); + if (acl) { + acl_entry_t entry; + int r; + + r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); + while (r > 0) { + acl_tag_t tag; + gid_t *gid; + char *name; + + r = acl_get_tag_type(entry, &tag); + if (r < 0) + break; + + if (tag != ACL_GROUP) + goto next; + + gid = acl_get_qualifier(entry); + if (!gid) + break; + + if (in_gid(*gid) > 0) { + *belong = true; + break; + } + + name = gid_to_name(*gid); + if (!name) { + acl_free(acl); + return log_oom(); + } + + r = strv_push(dst, name); + if (r < 0) { + free(name); + acl_free(acl); + return log_oom(); + } + + next: + r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); + } + + acl_free(acl); + } + + return 0; +} diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h index 31fbbcd510..23090d9984 100644 --- a/src/shared/acl-util.h +++ b/src/shared/acl-util.h @@ -21,4 +21,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <stdbool.h> + int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry); +int search_acl_groups(char*** dst, const char* path, bool* belong); |