From 9ac90ae153accdfcb56c24c5748690933ad219b2 Mon Sep 17 00:00:00 2001 From: Michal Schmidt Date: Wed, 4 Aug 2010 11:53:25 +0200 Subject: udev-acl: really fix ACL assignment in CK events The previous fix for udev-acl was incomplete. The ACL were not properly assigned to the new user when switching from root's session because of the test for 'uid != 0'. Centralize the special handling of root to a single place (in set_facl). https://bugzilla.redhat.com/show_bug.cgi?id=608712 --- extras/udev-acl/udev-acl.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) (limited to 'extras/udev-acl') diff --git a/extras/udev-acl/udev-acl.c b/extras/udev-acl/udev-acl.c index f2b50051c1..31e9991a51 100644 --- a/extras/udev-acl/udev-acl.c +++ b/extras/udev-acl/udev-acl.c @@ -12,20 +12,18 @@ * General Public License for more details: */ -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include #include #include -#include #include -#include +#include #include +#include +#include +#include +#include +#include static int debug; @@ -45,6 +43,10 @@ static int set_facl(const char* filename, uid_t uid, int add) acl_permset_t permset; int ret; + /* don't touch ACLs for root */ + if (uid == 0) + return 0; + /* read current record */ acl = acl_get_file(filename, ACL_TYPE_ACCESS); if (!acl) @@ -190,8 +192,6 @@ static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, con if (s == NULL) return -1; u = strtoul(s, NULL, 10); - if (u == 0) - return 0; s = getenv("CK_SEAT_SESSION_IS_LOCAL"); if (s == NULL) @@ -205,8 +205,6 @@ static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, con if (s == NULL) return -1; u = strtoul(s, NULL, 10); - if (u == 0) - return 0; s = getenv("CK_SEAT_OLD_SESSION_IS_LOCAL"); if (s == NULL) @@ -331,6 +329,7 @@ int main (int argc, char* argv[]) }; int action = -1; const char *device = NULL; + bool uid_given = false; uid_t uid = 0; uid_t uid2 = 0; const char* remove_session_id = NULL; @@ -357,6 +356,7 @@ int main (int argc, char* argv[]) device = optarg; break; case 'u': + uid_given = true; uid = strtoul(optarg, NULL, 10); break; case 'd': @@ -369,8 +369,9 @@ int main (int argc, char* argv[]) } } - if (action < 0 && device == NULL && uid == 0) - consolekit_called(argv[optind], &uid, &uid2, &remove_session_id, &action); + if (action < 0 && device == NULL && !uid_given) + if (!consolekit_called(argv[optind], &uid, &uid2, &remove_session_id, &action)) + uid_given = true; if (action < 0) { fprintf(stderr, "missing action\n\n"); @@ -378,13 +379,13 @@ int main (int argc, char* argv[]) goto out; } - if (device != NULL && uid != 0) { + if (device != NULL && uid_given) { fprintf(stderr, "only one option, --device=DEVICEFILE or --user=UID expected\n\n"); rc = 3; goto out; } - if (uid != 0) { + if (uid_given) { switch (action) { case ACTION_ADD: /* Add ACL for given uid to all matching devices. */ -- cgit v1.2.3-54-g00ecf